Know Your Customer Limited (“KYC”) is subject to the BD Data Protection Regulation (“GDPR”) and the BD (Privacy) Ordinance, and amendments thereto (“PDPO”).
This Privacy Statement explains how, applying the applicable data protection principles under the GDPR and PDPO, we collect and process personal data for third parties (“KYC Client” or “KYC Clients”) and for our business. For the purposes of the GDPR KYC Clients are deemed data controllers and for the purposes of PDPO they are deemed data users.
The KYC Clients have engaged the services of KYC to provide identity verification services and assist in the collation of due diligence documentation on the KYC Clients prospective and existing customers (the “Customer” or “Customers”), when the KYC Clients Customers provide their personal data to us through the submission of information, forms or documents (in whatever format) through an upload to our website, use of our mobile application or otherwise.
Personal Data we process enables us to identify the Customers either directly or indirectly by reference to an identifier. Examples of identifiers we process are name, identification number, location data, an online identifier or one or more factors relating specifically to the economic, cultural or social identity of the natural person (“Personal Data”).
KYC is a data processor which means that we process Personal Data on behalf of the KYC Clients. Dependent upon the checks that KYC has been engaged by the KYC Client to undertake, KYC may use sub-processors. Prior to working with any sub-processor, KYC ensures that they comply with the GDPR, the PDPO or any other relevant data protection legislation that may be applicable.
The result of the Customer’s verification process, as well as all details and documents provided by Customers to the KYC Clients via the KYC website, mobile application or otherwise are available solely to the KYC Client with whom the Customer is engaging and the Personal Data is provided as part of the KYC Client’s collation and evaluation of due diligence documentation on potential new and existing Customers to comply with applicable International Anti Money Laundering legislation. KYC does not have access to any Customer Personal Data.
For Customers who are not resident within the EEA, you should note that if the KYC Client you are engaged with is resident in a country other than your country of residence, there is a possibility your Personal Data will be transferred outside your country of residence. You should consult with the relevant contact at the KYC Client for further details in relation to jurisdictions used for the transfer of your Personal Data.
Individuals (individually a “Subscriber” and collectively the “Subscribers”) may also sign up for news and marketing updates about our business via our website and other marketing tools such as marketing automation platforms. In these instances, KYC is acting as a data controller and data processor. The Personal Data collected enables us to identify Subscribers through a combination of the information provided during the sign-up process. The Personal Data is stored and retained by us for use as part of our marketing activities.
The Personal Data provided by Customers will be used by KYC for the purposes of processing for any one or more of the following purposes:
Personal Data provided by Subscribers will be used by KYC to provide marketing information and news updates to the Subscribers about our business and industry news.
KYC undertakes to adhere to best practice in terms of security of the Personal Data collected. All systems use a Role Based Access Control with enforced multi-factor authentication. All data at rest is secured using 256 bit AES encryption as well as SSL/TLS is used for data in transit.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tells a web site when the user has returned.
on this website. This can be done by consulting the help section of your browser or taking a look at www.aboutcookies.org which offers guidance for all modern browsers.
GDPR provides data subjects with the following rights:
For Customers, these rights are exercisable against the KYC Client and any queries should be directed to the relevant contact as per the privacy statement of the KYC Client.
Subscribers may exercise these rights by sending a request to the Data Protection Officer at KYC at DataProtection@protvnow.com
Alternatively requests may be made in writing and sent to:
The Data Protection Officer
Know Your Customer Limited
15, Golden Street ,
Ring Road, Shayamoli
Please note that by downloading, installing or using our mobile application for the upload of Personal Data, or by uploading Personal Data via a KYC webpage, or a marketing automation platform, you are accepting the practices described in this Privacy Statement and agree to the processing of your Personal Data by KYC as described in this document. For Subscribers who are a resident of the EEA, in acceptance of these terms you are providing explicit consent to KYC for the processing of the Personal Data to comply with GDPR and that in giving your consent, and uploading the Personal Data, you are agreeing to the processing of the Personal Data by KYC for the purposes as set out in the sign-up form submitted to KYC, and that in giving such consent, your Personal Data may be transferred outside of the EEA to other companies within the KYC group for marketing purposes.
KYC reserves full rights to amend or update this Privacy Statement unilaterally from time to time as it sees fit or necessary to meet any change in any of the relevant laws or the regulatory environment, or business needs, or to satisfy the needs of stakeholders in the business. Updated versions will be posted to the KYC website and date stamped so that you are always aware of when the Privacy Statement was last updated. The whole content of this Privacy Statement will then be construed accordingly in conjunction with such amended or updated versions.