Privacy Policy

KYC2020 | PRIVACY POLICY

Last Updated: 22-May-2025

This Privacy Policy outlines how KYC2020 ("we", "our", or "us") collects, uses, maintains, and discloses information from individuals ("Users") who visit, interact with, or use our website at https://kyc2020.com (the "Site"), as well as any related services, features, or content we provide. This includes information collected directly from Users (referred to as “you” or “your”), automatically through their use of the Site (e.g., via cookies or analytics tools), or from third-party sources where permitted by law. The term “you” or “your” also includes individuals who may not be direct users of our Site or services, but whose personal information we collect from publicly available sources such as news articles or watchlists in our role as a data controller. By accessing or using the Site, Users agree to the terms of this Privacy Policy.

At KYC2020, we treat privacy as an important part of our product and service design. Our goal is to comply with data protection laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) and provide meaningful transparency into how we handle personal information where we act as the controller of Users personal information. KYC2020 holds SSAE 21, SOC 2 Type 2 certification, which are part of the Service Organization Control framework developed by the American Institute of Certified Public Accountants (AICPA). These certifications establish rigorous standards for auditing, securely storing, and processing Users data by third-party service providers on behalf of Users.

SOC-2 Certified company
For the purposes of applicable data regulation

I . KYC2020 is a Data Processor where we receive Personal Information from Users to process personal data on behalf of the Users for the purposes of providing Anti-Money Laundering and related services to the Users. These instances are:

  • processing data that contains the personal information of Users’ end-users, or otherwise any information provided by Users for processing on their behalf through our products and services.

We are not responsible for the data privacy practices of our Users, which may differ from ours. If you have any questions about our Users’ data privacy practices, we encourage you to contact them directly.

We are neither informed nor responsible for actions, practices, or decisions of the Users as it relate to the use of our services to accept or deny an individual or entity. Use of our services is only upon acceptance by Users of our end-users license agreement and terms of our service with disclaimers that include: 1) The search technologies as well as the Data we aggregate are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. 2) The news Data we process and read is done via Natural Language Processing (NLP), including models for sentiment and context analysis, and name/entity recognition. These models are prone to false positives where articles with negative keywords may not actually be a negative or crime related article, the name screened may not be the prime actor or even associated with the news article, or other failures in our use of NLP, and 3) It is the responsibility of the Users (Customer) to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. If you have any issues with a Users’ use of our services or feel that you have been unfairly denied or profiled, we encourage you to contact them directly.

II . KYC2020 is a Data Controller where we receive Personal Information directly from you/with your permission. These instances are:

  • From individuals who visit, use, or interact with the Site(s)
  • business contacts who represent KYC2020 employees, current and prospective Users, vendors, and partners (collectively, “GDPR Data Subjects”).

III . KYC2020 is a Data Controller where we collect and process Personal Information directly from public, government, and news sources to build our anti-money laundering, sanctions, and adverse media watchlist data. These instances are:

  • Sanctions, warnings, fitness & probity. Information available on public government lists covering sanctions, the prevention and detection of unlawful acts, and other protective functions
  • Politically exposed persons. Information publicly available relating to individuals in prominent public positions, and their family members, close associates, and business interests.
  • Adverse media. News articles available in public domain with keywords that may indicate connection with financial crime, terrorist financing, other relevant unlawful acts, improper conduct, dishonesty, news on PEPs/RCAs, etc.
  • Corporate registry information. Information publicly available via corporate registries or from third parties, relating to individuals’ shareholdings and directorships.

From time to time, we will update this Privacy Policy to include additional information about our privacy practices related to a specific activities KYC2020 undertakes.

Information We Collect and Use

We may collect or receive personal information from the following categories of individuals or sources:

  • Job applicants and employees of KYC2020
  • Individuals who provide information by completing forms on our website
  • Visitors to our website (KYC2020.com)
    • To process Users provided data to deliver Services
      Information Users provide enables us to deliver the intended Product(s) and Services (e.g. KYC, KYB, and Listed Person or Entity screening services).
    • To improve customer service
      Information Users provide helps us respond to their customer service requests and support those needs more efficiently
    • To personalize users experience
      We may use information in the aggregate to understand how our Users as a group use the services and resources provided by our Site.
    • To improve our Site
      We continually strive to improve our website offerings based on the information and feedback we receive from Users.
    • To improve our Site and our Product(s)
      We may use feedback that Users provide to improve our products and services.
    • To process payments
      We may use the information Users provide about themselves when placing an order solely to provide service for that order. We do not share this information with outside parties, except to the extent necessary to provide the service.
    • To run a promotion, contest, survey or other Site feature
      To send Users information they agreed to receive about topics we think will be of interest to them.
    • To send periodic emails
      We may use the email address to send Users information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If a User’s decides to opt-in to our mailing list, they will receive emails that may include company news, updates, and related product or service information. If at any time a User’s would like to unsubscribe from receiving future emails, they can follow the detailed unsubscribe instructions provided at the bottom of each email or contact us through our Site.
  • Users of our anti-money laundering (AML), sanctions, and adverse media screening services for publicly available sources, including government records and open databases
  • Business partners, Users, vendors, and other professional contacts
  • Personal data available from Public, Government, Regulatory, and News sources to create our Sanction, PEP, and Negative News Watchlist Database to help our Users meet anti-money laundering (AML) compliance obligations.

Following section provides the details on the data we collect, purpose, legal basis for processing, and access.

Job Applicants

We collect and use your personal data to contact you and assess your application:
Activity Description Data Collected
Data Collected During the recruitment process, we gather few details. Name, CV/Resumes, References.
Purpose of Use This data is used for some purposes
  • Reach out regarding the application process.
  • Evaluate candidate qualifications for the role applied for
Legal Basis for Processing We rely on Consent as the legal ground. Where you voluntarily provide us with personal information, we process it based on your consent. You may withdraw your consent at any time.
Data Access We do share the data internally. Accessible internally to authorized members of the KYC2020 recruitment team.

Employees

We collect employment-related data to manage payroll, benefits, performance, and meet legal obligations:
Activity Description Data Collected
Data Collected We manage employment data including:
  • Payroll details
  • Regulatory compliance information
  • Personnel records
Purpose of Use This data is used for some purposes
  • Handle compensation and benefits
  • Maintain employment records
  • Perform reviews and support HR operations
  • Ensure workplace safety and legal compliance
Legal Basis for Processing We rely on Contractual Necessity as the legal ground. Data is handled to fulfil obligations in the employment contract and for operational HR needs.
Data Access We do share the data internally. Information is shared only within the internal KYC2020 HR and operations teams.

Information Provided Voluntarily by Users

We collect personal data when users provide it to us by completing forms, subscribing to email updates, or requesting product demonstrations. This data is used to process users requests and provide the relevant information or services.
Activity Description Data Collected
Data Collected When users submit information via forms or service inquiries, we collect:
  • Identification details (e.g., name, contact info, DOB)
  • Work history and qualifications
  • Government-issued IDs
  • Bank details
  • Emergency contacts
Purpose of Use This data is used for some purposes
  • Respond to specific requests
  • Contact users based on interest
  • Provide requested updates or services
Legal Basis for Processing We rely on Consent as the legal ground. Processing is based on user consent for communications or marketing. Consent can be withdrawn via email or unsubscribe link or by contacting us directly at [email protected]
Data Access We do share the data internally and externally.
  • Internal: Accessible to KYC2020 team members for necessary tasks
  • External: May be stored with secure cloud service providers and customer databases

Visitors to KYC2020.com

When users browse our website, we may collect certain information automatically.
Activity Description Data Collected
Data Collected Data Collected Automatically
  • Browsing activity (e.g., page views, duration, navigation patterns)
  • Device and browser specifications
  • IP address and cookie identifiers
Purpose of Use This data is used for some purposes This data is analyzed to improve the site's functionality, structure, and relevance for visitors.
Legal Basis for Processing We rely on Consent as the legal ground. Users provide consent via the cookie banner. Settings can be adjusted anytime.
Data Access We do share the data internally. Handled by the internal web and analytics team at KYC2020.

AML, Sanctions, News & Risk Intelligence Data

We collect publicly available data to create our global watchlist database to help clients meet anti-money laundering (AML) and compliance obligations:
Activity Description Data Collected
Data Collected Data is collected from public and official sources
  • Sanction list data (name, DOB, nationality, reason for listing)
  • Politically Exposed Persons (PEP) details
  • News articles with possible link to financial crime
  • Corporate registry data (ownership, directorships, affiliations)
Purpose of Use This data is used for some purposes
  • To build complete profiles for compliance screening.
  • To allow users to assess potential risks during searches on our platform.
Legal Basis for Processing We rely on Legal Requirement as the legal ground. Data processing is essential for compliance with AML and sanctions regulations.
Data Access We do share the data internally and externally.
  • Authorized users of the KYC2020 platform
  • Internal staff
  • Third-party hosting and storage providers

Vendors, Business Partners & Contacts

We collect contact and company details to manage relationships, support business operations, and conduct marketing outreach
Activity Description Data Collected
Data Collected Data is collected from public and official sources
  • Names, email addresses, phone numbers
  • Company details and websites
Purpose of Use This data is used for some purposes
  • To manage sales outreach and partnerships
  • To track communication and enhance marketing and relationship strategies
Legal Basis for Processing We rely on Consent and Contract Performance as the legal ground.

Consent: For prospects and marketing communications.

Contract Performance: For existing vendors and clients as part of business agreements

Data Access We do share the data internally and externally. Shared internally with relevant KYC2020 staff involved in sales, vendor management, and service delivery.

Our Data Processing Activities

Processing Activity Role of KYC2020 Lawful Basis Data Subject Rights
Prospect and Client Data through KYC2020 Website Controller Consent Not applicable, as the data processed relates to business entities rather than individuals.
Watchlist Database Controller Legal Obligation (AML Compliance) Right of Access is applicable. Other rights are limited under GDPR Article 23 due to AML regulations.
Screening Engine Data Processor (under Contract/EULA) Performance of Contract under the KYC2020 EULA with acceptance of our Service Disclaimers. Not applicable, as KYC2020 acts on behalf of clients and processes business-related data.

Where the processing is based on Users’ consent, they have the right to withdraw their consent at any point in time. Please note that the withdrawal of consent result in us not being able to continue offering our services to Users. We reserve the right to withdraw or cease our services to Users upon your withdrawal. Users may withdraw consent by contacting us with a written request to the contact details specified below in the ‘Contact Us’ section.

Where we collect and process data from public sources to create our Global Watchlist Database for Sanction, PEP, and Adverse Media Screening, the following section provides the GDPR Rights Applicability.

Watchlist Database: GDPR Rights Applicability

GDPR Right Applicability
Right of Access (Art. 15) Yes – Subject to limitations (e.g., anti-tipping-off). Ensures transparency and accountability even for AML-related processing.
Right to Rectification (Art. 16) Not applicable – Data originates from official public sources; KYC2020 is not responsible for its accuracy and is not required to modify third-party data.
Right to Erasure (Art. 17) Generally overridden by legal obligations under AML regulations.
Right to Object (Art. 21) Not applicable – Processing is based on legal obligation.
Right to Restrict Processing (Art. 18) Not applicable – Restriction must not conflict with AML laws.
Right to Data Portability (Art. 20) Not applicable – Data is not processed on the basis of consent or a contract with the data subject.

As a data processor, we are not responsible for responding directly to data subject requests that come from the User’s end-user. However, in accordance with applicable data protection laws, we are required to assist the User in responding to such requests, to the extent reasonably possible and appropriate to the nature of our processing activities.

To exercise your rights per GDPR, please contact us at [email protected]. We will process such requests in accordance with GDPR timelines and requirements.

You may also contact KYC2020 Support at [email protected].Users may update their preferences for email communications, by clicking the unsubscribe link found in the specific email from us.

For questions or issues with how Users use our data or screening services in conjunction with other data and services, or review and clear false positives from technologies that are prone to errors, or make decisions to accept or deny for any purpose, please directly contact the User.

Data Protection

We adopt appropriate data collection, storage, and processing practices, as well as security, measures to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over an SSL-secured communication channel and is encrypted and protected with digital signatures.

Sharing Users personal information

We do not sell, trade, or lease our mailing lists including personal identification information to others, and we will not share Users personal information to any unaffiliated parties, except as follows:

  • To third party service providers who help run our business, the Site or administer activities on our behalf such as sending newsletters or surveys. We may share Users information with these third parties for those limited purposes provided that the Users have given us their permission.
  • We may share generic aggregated demographic information regarding visitors and Users with our business partners, trusted affiliates, and advertisers to enhance our Site including those related to the Product(s) and Service(s) provided.
  • We may provide Users personal identification information and information about their usage of our Site and offerings if required by law, in a matter of public safety, as needed in connection with the transfer of our business assets in the case of acquisitions, or to protect our rights or property.

Cookies

For the purposes of the Services, we use automated data collection tools such as Cookies to collect certain information. “Cookies” are small text files that are placed on Users’ devices by a Web server when they access our Services.

The categories of cookies used are:

  • Necessary cookies: These cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
  • Performance cookies: We may use analytics cookies on our website. We may use both session Cookies and persistent Cookies to identify that Users have logged in to the Services and to tell us how and when they interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when Users log off from the Services and close their browser.
  • Targeting Cookies: We may use small files stored on browser that track online activity and are used to identify users across different websites, enabling personalized advertising and marketing efforts.

Users have the option of blocking or not allowing cookies, which is provided for by our cookie banner asking Users which type of cookie they wish to enable.

For more details about how we use these technologies, please see our Cookie Policy.

Data Location and International Transfers

  • All personal data collected is securely stored on servers located in the United States. By using our services, Users acknowledge and agree that their data may be transferred, stored, and processed in the United States or other jurisdictions where we or our service providers operate.
  • These international transfers of Users personal information are made pursuant to the appropriate safeguards such as the standard data protection clauses and Data Privacy Framework (DPF) adopted by the European Commission. These clauses are contractual commitments between parties transferring personal data (for example, between KYC2020 and its Clients, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.
  • KYC2020 is a data processor and NOT the data controller for processing Users’ end-user personal data. For providing services in EU and other countries where we do not host local servers, we make best efforts to abide by the principles and provisions for GDPR Compliance as established by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION as summarized by the following principles [click here].

Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws. Upon request, and where legally permissible, we will delete or anonymize personal data.

Compliance with children's online privacy protection act

Protecting the privacy of the very young is very important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Data Security

We employ industry-standard security measures to protect Users’ personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, firewalls, and regular security assessments. While we strive to protect Users’ personal data, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security.

Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

Customer Responsibility

If Users are using our services to process personal data on behalf of others (e.g., their customers or end-users), they are responsible for ensuring that they have obtained the necessary consents or legal basis to transfer and process personal data on servers located in the United States. By using our services, Users represent and warrant that their data collection, use, and sharing practices comply with all applicable data protection laws and regulations, including GDPR if applicable.

Additionally, per our End-Users License Agreement (EULA), the Users using our services acknowledge and accept the KYC2020 Service Disclaimer that A PASS, FAIL, CLEAR, VERIFY, HIT, NO HIT, or any other designation, recommendation, or outcome from a KYC2020 service or software is simply an identification as to whether the search subject has likely appeared in the lists or news identified by KYC2020. The search technologies as well as the Data are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020. It is the responsibility of the Customer to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity. A subject’s inclusion on or removal from any of the searched lists is not in the control and is not the responsibility or liability of KYC2020.

Contact Information

For questions, concerns, or to exercise Users rights under privacy laws, including GDPR, please contact us via email at: [email protected]

No Warranty or Liability

We take reasonable measures to protect Users’ personal data and comply with applicable laws, but we do not warrant that our services are completely error-free or secure against all risks. By using our services, Users’ acknowledge and accept this limitation.

Changes to this privacy policy

KYC2020 has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Loader
Please Wait
Customize Consent Preference