KYC2020 | PRIVACY POLICY
This Privacy Policy outlines how KYC2020 (“we”, “our”, or “us”) collects, uses, maintains, and discloses information from individuals (“Users”) who visit, interact with, or use our website at https://www.kyc2020.com (the “Site”), as well as any related services, features, or content we provide.
At KYC2020, we treat privacy as an important part of our product and service design. Our goal is to comply with data protection laws such as GDPR and CCPA. KYC2020 holds the SOC 2 Type 2 certification, establishing rigorous standards for auditing, secure storage, and processing.
Data Privacy Framework Certification & Compliance Notice
KYC2020 LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. KYC2020 LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. KYC2020 LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Independent Recourse Mechanism
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, KYC2020 LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
FTC Enforcement
KYC2020 LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Disclosure of Personal Information
KYC2020 LLC may disclose personal information to trusted third-party service providers, contractors, affiliates, cloud hosting providers, compliance and identity verification providers, analytics providers, infrastructure providers, payment processors, and customer support providers for purposes related to identity verification, AML/KYC compliance, fraud prevention, security, analytics, platform operations, payment processing, and service delivery.
KYC2020 LLC may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Individual Rights and Choices
Individuals may request access to personal information that KYC2020 LLC maintains about them and may request correction, amendment, deletion, or limitation of use of their personal information where such information is inaccurate or processed in violation of the applicable Data Privacy Framework Principles.
KYC2020 retains personal data only for as long as instructed by the Data Controller or as necessary to fulfil legal obligations. Individuals in the EU, UK, and Switzerland with inquiries or complaints regarding our handling of personal data should first contact KYC2020 at: [email protected].
Accountability for Onward Transfers
KYC2020 LLC remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless KYC2020 LLC proves that it is not responsible for the event giving rise to the damage.
Binding Arbitration
Under certain conditions, individuals may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Additional information regarding binding arbitration may be found in Annex I of the Data Privacy Framework Principles.
For the purposes of applicable data regulation
I. KYC2020 is a Data Processor
When we process personal data on behalf of Users for AML/CTF services:
- Processing data containing personal information of Users’ end-users.
II. KYC2020 is a Data Controller (Direct Collection)
When we collect information directly from you:
- Individuals visiting the Site.
- Business contacts, employees, vendors, and partners.
III. KYC2020 is a Data Controller (Public Sources)
When collecting public data for watchlists:
- Sanctions, warnings, fitness & probity
- Politically exposed persons (PEPs)
- Adverse media
- Corporate registry information
Information We Collect and Use
Job Applicants
| Description | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Contact & assess candidates | Name, CV/Resumes, References | Evaluate application | Consent |
Website Visitors
| Description | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Collect browsing data via cookies | Page views, IP address, device specs | Analyze traffic, improve UX | Consent (Cookie Banner) |
AML/CTF Screening Data
| Description | Data Collected | Purpose | Legal Basis |
|---|---|---|---|
| Public data from official sources | Sanctions, PEPs, Adverse Media, Corporate Registry | Build watchlists for compliance screening | Legal Obligation (AML/CTF) |
GDPR Rights Applicability (Watchlist Database)
| GDPR Right | Applicability |
|---|---|
| Right of Access | Yes (Subject to anti-tipping-off limitations) |
| Right to Rectification | Not applicable (Data from official public sources) |
| Right to Erasure | Generally overridden by legal obligations |
To exercise your rights per GDPR, please contact us at [email protected].
Data Security
We implement appropriate technical and organizational measures to safeguard Users’ personal data. Sensitive data exchange happens over HTTPS/SSL secured channels.
Data Retention
We retain personal data only for as long as instructed by the Data Controller or as necessary to fulfil legal obligations.
Cookies
We use Necessary, Performance, and Targeting cookies. Users have the option of blocking cookies via our banner.
Contact Information
For questions or concerns, please contact us via email at:
[email protected]
KYC2020 has the discretion to update this privacy policy at any time. We encourage Users to frequently check this page for any changes.