Privacy Policy

KYC2020 | PRIVACY POLICY

This Privacy Policy governs the manner in which KYC2020 collects, uses, maintains and discloses information collected from users (each, a “User”) of the http://KYC2020.com website (“Site”). This privacy policy applies to the Site and all products and services offered by KYC2020.

At KYC2020, we value your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with applicable laws and regulations, including our alignment with GDPR principles.

KYC2020 holds SSAE 21, SOC 2 Type 2 certification, a Service Organization Control and auditing framework developed by the American Institute of Certified Public Accountants (AICPA) that establishes standards for third-party service providers in securely storing and processing customer data.

SOC-2 Certified company

1. Data Collection

Users may visit our Site anonymously or with a log in. In the case a User uses login, we may collect personal identification information from each User in a variety of ways including but not limited to: direct from the Users (i.e. when Users register an account, using the products and services offered by KYC2020 for processing User provided data, or signing up for a newsletter), publicly available information, and through cookies, and/or similar technology


  • Personal identification information
    We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, fill out a form, process User provided data to deliver intended services, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

  • Non-personal identification information
    When Users interact with our Site, we may track and collect information about your usage and/or visit. Information may include: browser name, the type of computer and technical information about Users means of connection to our Site, (i.e. User’s operating system, Internet service providers utilized and other similar information), User’s unique Internet protocol address, the date and time of your visit, the web page from which you arrived to our Site, the pages you viewed on our Site, searches/queries that you conducted via our Site and/or Product(s).

  • Web browser cookies
    Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

2. Data Usage

Information collected by our Site may be used for the following purposes:

  • To process User provided data to deliver Services
    Information you provide enables us to deliver the intended KYC and screening services.
  • To improve customer service
    Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience
    We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  • To improve our Site and our Product(s)
    We may use feedback you provide to improve our products and services
  • To process payments
    We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
  • To run a promotion, contest, survey or other Site feature
    To send Users information they agreed to receive about topics we think will be of interest to them.
  • To send periodic emails
    We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

3. Data Protection

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.


Sharing your personal information

We will not sell, trade, or lease our mailing lists including personal identification information to others, and we will not share our personal information to any unaffiliated parties, except as follows:

  • To third party service providers who help run our business, the Site or administer activities on our behalf such as sending newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
  • We may share generic aggregated demographic information regarding visitors and users with our business partners, trusted affiliates and advertisers to enhance our Site including our Product(s) provided.
  • We may provide your personal identification information and information about your usage of our Site and products if required by law, in a matter of public safety, as needed in connection with the transfer of our business assets in the case of acquisitions, or to protect our rights or property.

4. Data Storage and International Transfers

  • All personal data collected is securely stored on servers located in the United States. By using our services, you acknowledge and agree that your data may be transferred, stored, and processed in the United States or other jurisdictions where we or our service providers operate.
  • We adhere to industry-standard practices to safeguard data during international transfers. While we are not GDPR-certified at this time, we are actively pursuing GDPR compliance and align our practices with its principles to the extent feasible.
  • KYC2020 is a data processor and NOT the data controller. For providing services in EU and other countries where we do not host local servers, we make best efforts to abide by the principles and provisions for GDPR Compliance as established by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION as summarized by the following principles [click here].

5. Data Subject Rights

If you are a resident of the European Union (EU) or European Economic Area (EEA), you have specific rights under GDPR:

  • Right of Access: Request access to the personal data we hold about you.
  • Right to Rectification: Request corrections to your personal data if inaccurate.
  • Right to Erasure: Request that we delete your personal data, subject to obligations.
  • Right to Restrict Processing: Request that we limit processing under specific conditions.
  • Right to Data Portability: Request your data in a structured format.
  • Right to Object: Object to the processing of your personal data under certain circumstances.

To exercise these rights, please contact us at [email protected]. We will process such requests in accordance with GDPR timelines and requirements.


6. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Your consent, where explicitly provided.
  • The necessity of processing to fulfill a contract with you.
  • Compliance with a legal obligation
  • Our legitimate business interests provided these are not overridden by your rights.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. Upon request, and where legally permissible, we will delete or anonymize personal data.


8. Data Security

We employ industry-standard security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, firewalls, and regular security assessments. While we strive to protect your personal data, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security.


9. Contact Information

For questions, concerns, or to exercise your rights under GDPR, please contact us at:Email: [email protected]


10. No Warranty or Liability

We take reasonable measures to protect your personal data and comply with applicable laws, but we do not warrant that our services are completely error-free or secure against all risks. By using our services, you acknowledge and accept this limitation.


11. Data Processing Location and Cross-Border Data Transfers

By using our services, you acknowledge and agree that personal data you or your end-users provide will be stored, processed, and transferred to our servers located in the United States.

We comply with industry-standard practices to safeguard data during international transfers. While the United States may not have the same data protection laws as your jurisdiction, we take measures to ensure that data is handled securely and in alignment with GDPR principles, including encryption and other appropriate safeguards.


12. Customer Responsibility

If you are using our services to process personal data on behalf of others (e.g., your customers or end-users), you are responsible for ensuring that you have obtained the necessary consents or legal basis to transfer and process personal data on servers located in the United States. By using our services, you represent and warrant that your data collection, use, and sharing practices comply with all applicable data protection laws and regulations, including GDPR if applicable.


13. Changes to this privacy policy

KYC2020 has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.


14. Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.


15. Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.


16. Compliance with children’s online privacy protection act

Protecting the privacy of the very young is very important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.


How to make changes to your personal information, or update your preferences

You can update, amend, or delete your personal information at any time. To do so, go to your profile settings located on our Site.
You can also contact KYC2020 Support.

To update your preferences for email communications, please click the unsubscribe link found on the specific email


Provisions for GDPR Compliance

This section outlines the contractual provisions and principles required to comply with the General Data Protection Regulation (GDPR) for agreements with data processors and controllers. These provisions ensure transparency, accountability, and adherence to GDPR requirements.

  1. Scope and Purpose of Data Processing
    • The data processor agrees to process personal data only as necessary for the specific purposes outlined in the agreement.
    • The processing activities, types of data, and categories of data subjects must be clearly specified.
  2. Obligations of the Data Processor
    • Process personal data only on documented instructions from the data controller.
    • Ensure that persons authorized to process personal data have committed to confidentiality.
    • Implement appropriate technical and organizational measures to ensure data security.
    • Assist the data controller in responding to data subject requests.
    • Notify the data controller without undue delay in the event of a data breach.
  3. Sub-Processing
    • The data processor must obtain prior written authorization from the data controller before engaging sub-processors.
    • A written agreement must be in place with each sub-processor, imposing the same data protection obligations.
    • The data processor remains fully liable for the actions of sub-processors.
  4. International Data Transfers
    • The data processor must not transfer personal data outside the European Economic Area (EEA) without explicit instructions from the data controller.
    • Appropriate safeguards (e.g., Standard Contractual Clauses, Binding Corporate Rules) must be implemented for such transfers.
  5. Data Security
    • The data processor must implement measures such as encryption, access controls, and regular security assessments.
    • Maintain a record of processing activities as required by GDPR.
  6. Data Subject Rights
    • Assist the data controller in fulfilling obligations related to data subject rights (e.g., access, correction, deletion, portability).
    • Respond promptly to any requests from the data controller related to data subject rights.
  7. Data Breach Notification
    • The data processor must notify the data controller without undue delay after becoming aware of a data breach.
    • Provide sufficient information to enable the data controller to comply with breach notification obligations under GDPR.
  8. Termination and Data Deletion
    • Upon termination of the agreement, the data processor must return or delete all personal data at the data controller's request.
    • Certify the deletion of data, unless legal requirements mandate retention.
  9. Audit Rights
    • The data controller has the right to conduct audits or inspections of the data processor's facilities, systems, and records.
    • The data processor must provide reasonable assistance and access for such audits.
  10. Liability and Indemnity
    • The data processor must indemnify the data controller for damages resulting from non-compliance with GDPR obligations.
    • Liability limitations must be clearly defined in the agreement.
  11. Governing Law and Dispute Resolution
    • The agreement must specify the governing law and the jurisdiction for resolving disputes.
    • For GDPR-related disputes, EU law may be applicable.
Loader
Please Wait