Privacy Policy

I. KYC2020 is a Data Processor where we receive Personal Information from Users to process personal data on behalf of the Users for the purposes of providing Anti-Money Laundering / Counter Terrorism Financing (AML/CTF) and related services to the Users. These instances are:

• processing data that contains the personal information of Users’ end-users, or otherwise any information provided by Users for processing on their behalf through our products and services.

We are not responsible for the data privacy practices of our Users, which may differ from ours. If you have any questions about our Users’ data privacy practices, we encourage you to contact us directly.

We are neither informed nor responsible for actions, practices, or decisions of the Users as it relates to the use of our services to accept or deny an individual or entity. Use of our services is only upon acceptance by Users of our end-user’s license agreement and terms of our service with disclaimers that include:

• The search technologies as well as the Data we aggregate are prone to error and may result in false positives and false negatives depending on many factors that may not be in the control of KYC2020.
• The News Data we process and read is done via Natural Language Processing (NLP), including models for sentiment and context analysis, and name/entity recognition. These models are prone to false positives where articles with negative keywords may not actually be a negative or crime related article, the screened name may not be the prime actor or even associated with the news article, or other failures in our use of NLP, and
• It is the responsibility of the Users (Customer of KYC2020) to review all outcomes and be solely responsible for making decisions to include or deny any individual or entity.If you have any issues with a Users’ use of our services or feel that you have been unfairly denied or profiled, we encourage you to contact them directly.

II. KYC2020 is a Data Controller where we receive Personal Information directly from you/with your permission. These instances are:

• From individuals who visit, use, or interact with the Site(s);
• business contacts who represent KYC2020 employees, current and prospective Users, vendors, and partners (collectively, “GDPR Data Subjects”).

III. KYC2020 is a Data Controller where we collect and process Personal Information directly from public, government, and news sources to build our anti-money laundering/counter terrorism financing, sanctions, criminal, regulatory, and adverse media watchlist data. These instances are:

• Sanctions, warnings, fitness & probity. Information available on public government lists covering sanctions, the prevention and detection of unlawful acts, and other protective functions
• Politically exposed persons. Information publicly available relating to individuals in prominent public positions, and their family members, close associates, and business interests.
• Adverse media. News articles available in public domain with keywords that may indicate connection with financial crime, terrorist financing, other relevant unlawful acts, improper conduct, dishonesty, news on individuals in prominent public positions, and their family members, close associates, business interests, etc.
• Corporate registry information. Information publicly available via corporate registries or from third parties, relating to individuals’ shareholdings and directorships.
• Identity information. . Information provided by individuals to Users for ascertaining identity to comply with regulatory obligations, identity check, and/or other AML/CTF purposes.

From time to time, we will update this Privacy Policy to include additional information about our privacy practices related to a specific activities KYC2020 undertakes.

We may collect or receive personal information from the following categories of individuals or sources:

• Job applicants and employees of KYC2020
• Individuals who provide information by completing forms on our website.
• Visitors to our website (kyc2020.com)
  • To process data provided by Users to deliver Services
    Information Users provide enables us to deliver the intended Product(s) and Services (e.g. KYC, KYB, and Listed Person or Entity screening services).
  • To improve customer service
    Information Users provide helps us respond to their customer service requests and support those needs more efficiently.
  • To personalize user’s experience
    We may use information in the aggregate to understand how our Users as a group use the services and resources provided by our Site.
  • To improve our Site and our Product(s)
    We may use feedback that Users provide to improve our products and services.
  • To process payments
    We may use the information Users provide about themselves when placing an order solely to provide service for that order. We do not share this information with outside parties, except to the extent necessary to provide the service.
  • To run a promotion, contest, survey or other Site feature
    To send Users information they agreed to receive about topics we think will be of interest to them.
  • To send periodic emails
    We may use the email address to send Users information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If a User’s decides to subscribe (opt-in) to our mailing list, they will receive emails that may include company news, updates, and related product or service information. If at any time a User’s would like to unsubscribe (opt-out) from receiving future emails, they can follow the detailed unsubscribe instructions provided at the bottom of each email or contact us through our Site.
• Users of our AML/CTF, sanctions, criminal, regulatory, and/or adverse media screening services from publicly available sources, including government records and open databases.
• Business partners, Users, vendors, and other professional contacts.
• Personal data available from Public, Government, Regulatory, and News sources to create our Sanction, individuals in prominent public positions, and their family members, close associates, business interests, and Negative News Watchlist Database to help our Users meet AML/CTF obligations.

We collect and use your personal data to contact you and assess your application:

We collect employment-related data to manage payroll, benefits, performance, and meet legal obligations:

We collect personal data when users provide it to us by completing forms, subscribing to email updates, or requesting product demonstrations. This data is used to process users requests and provide the relevant information or services.

When users browse our website, we may collect certain information automatically.

We collect publicly available data to create our global watchlist database to help our clients meet AML/CTF obligations.

We collect contact and company details to manage relationships, support business operations, and conduct marketing outreach.

We handle data related to various Data Processing Activities.

As a data processor, we are not responsible for responding directly to data subject requests that come from the User’s end-user. However, in accordance with applicable data protection laws, we are required to assist our Users in responding to such requests, to the extent reasonably possible and appropriate to the nature of our processing activities.

To exercise your rights per GDPR, please contact us at [email protected]. We will process such requests in accordance with GDPR timelines and requirements.

For questions or issues with how Users use our data or screening services in conjunction with other data and services, or review and clear false positives from technologies that are prone to errors, or make decisions to accept or deny for any purpose, please directly contact the User.

We adopt appropriate data collection, storage, and processing practices, as well as security, measures to protect against unauthorized access, alteration, disclosure or destruction of personal information, username, password, transaction information and data stored on our Site. Sensitive and private data exchange between the Site and its Users happens over a HTTPS / sFTP / SSL secured communication channel and is encrypted and protected with digital signatures.

We do not sell, trade, or lease our mailing lists including personal identification information to others, and we will not share Users’ personal information to any unaffiliated parties, except as follows:

• To third party service providers who help run our business, the Site or administer activities on our behalf such as sending newsletters or surveys. We may share Users information with these third parties for those limited purposes provided that the Users have given us their permission.
• We may share generic aggregated demographic information regarding visitors and Users with our business partners, trusted affiliates, and advertisers to enhance our Site including those related to the Product(s) and Service(s) provided.
• We may provide Users’ personal identification information and information about their usage of our Site and offerings if required by law, in a matter of public safety, as needed in connection with the transfer of our business assets in the case of acquisitions, or to protect our rights or property.
• KYC2020 may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• In cases of onward transfer to third parties of data received under the Data Privacy Framework, liability may arise if such personal data is processed in a manner inconsistent with the DPF Principles, unless it can be demonstrated that KYC2020 was not responsible for the event giving rise to the damage.

For the purposes of the Services, we use automated data collection tools such as Cookies to collect certain information. “Cookies” are small text files that are placed on Users’ devices by a Web server when they access our Services.

The categories of cookies used are:

• Necessary cookies: These cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
• Performance cookies: We may use analytics cookies on our website. We may use both session Cookies and persistent Cookies to identify that Users have logged in to the Services and to tell us how and when they interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when Users log off from the Services and close their browser.
• Targeting Cookies: We may use small files stored on browser that track online activity and are used to identify Users across different websites, enabling personalized advertising and marketing efforts.

Users have the option of blocking or not allowing cookies, which is provided for by our cookie banner asking Users which type of cookie they wish to enable. For more details about how we use these technologies, please see our Cookie Policy.

• All personal data collected is securely stored on servers located in the United States. By using our services, Users acknowledge and agree that their data may be transferred, stored, and processed in the United States or other jurisdictions where we or our service providers operate.
• These international transfers of Users’ personal information are made pursuant to the appropriate safeguards. These clauses are contractual commitments between parties transferring personal data (for example, between KYC2020 and its Clients, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.
• KYC2020 is a Data Processor and NOT the Data Controller for processing Users’ end-user personal data. For providing services in EU and other countries where we do not host local servers, we make best efforts to abide by the principles and provisions for GDPR Compliance as established by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF THE EUROPEAN UNION as summarized by the following principles [click here].

We retain personal data only for as long as instructed by the Data Controller or as necessary to fulfil legal obligations, including AML/CTF, and other applicable regulatory requirements. Where permissible and upon written request from the Data Controller, we will delete or anonymize personal data that is no longer required for lawful processing.

We do not knowingly collect or maintain personal data from individuals under the age of 13, in compliance with the U.S. Children’s Online Privacy Protection Act (COPPA). Our services and website are not intended for or directed to children under 13. Where required by applicable laws in other jurisdictions, we take appropriate steps to obtain verifiable parental consent when processing personal data of minors.

We implement appropriate technical and organizational measures to safeguard Users’ personal data against unauthorized access, disclosure, alteration, or destruction. These include, where applicable, encryption, firewalls, access controls, and periodic security assessments. While we follow best practices to secure data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. As a Data Processor, we act under the instructions of the Data Controller and will promptly notify the Controller of any personal data breach, as required under applicable laws including the GDPR.

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

If Users are using our services to process personal data on behalf of others (e.g., their customers or end-users), they are responsible for ensuring that they have obtained the necessary consents or legal basis to transfer and process personal data on servers located in the United States. By using our services, Users represent and warrant that their data collection, use, and sharing practices comply with all applicable data protection laws and regulations, including GDPR if applicable.

As outlined in our EULA, Users acknowledge and accept that designations such as PASS, FAIL, CLEAR, VERIFY, HIT, or NO HIT provided by any KYC2020 service or software are simply identifications as to whether the search subject has likely appeared in the lists or news sources identified by KYC2020. These outcomes are generated using automated search technologies and are subject to limitations, including the risk of false positives or false negatives due to factors beyond KYC2020’s control.

It is the sole responsibility of the User to review all results and make final determinations regarding acceptance, rejection, or further due diligence. KYC2020 does not control or influence the inclusion or removal of individuals or entities on the underlying lists and assumes no liability for reliance on these outcomes.

For questions, concerns, or to exercise Users rights under privacy laws, including GDPR, please contact us via email at: [email protected]

We take reasonable measures to protect Users’ personal data and comply with applicable laws, but we do not warrant that our services are completely error-free or secure against all risks. By using our services, Users’ acknowledge and accept this limitation.

KYC2020 is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). This means that the FTC has the authority to enforce our compliance with the DPF Principles, including the handling of personal data transferred from the EU, UK, or Switzerland under the DPF program.

KYC2020 has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the top of this Privacy Policy. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.