The Data Controller connected with this Privacy Notice is KYC Global Technologies Limited (KYC Global or we, our or us) a company incorporated in Jersey, Channel Islands and registered with the Jersey Office of the Information Commissioner (JOIC) and all its wholly owned subsidiaries.
KYC Global owns and operates the products known as “kyc360.com”, “RiskScreen” and “Panoptic”. This notice applies across all websites that we own and operate and all of the products and/or services we provide. For the purpose of this notice, we’ll just call them our ‘services’.
KYC Global collects personal data from two sources for the purpose of communicating with prospective customers:
The collection of personal data for this purpose is under the Lawful Basis of Legitimate Interest. Having conducted a Legitimate Interest Assessment, we have concluded that either because the information comes from public sources that the data subjects have decided to make aspects of their personal data publicly available, or they have chosen to subscribe to a free service provided by KYC Global, in which case, we must process their data so that we may communicate with them. In these instances, given the nature of the personal data being processed, we have determined that any risk to the data subject’s personal data is outweighed by the benefit the data subject receives from communicating with KYC Global.
The personal data we may collect and process about you in connection with this purpose is:
Under the Lawful Basis referenced in paragraph 1.1, your data will be retained for 5 years from the date of our last communication with you or our last review of the market. This is so we may keep our business intelligence current as well as continuing to send information of interest to those who have subscribed to one of our information services.
In the event that you or the organisation you represent either requests a proposal or commissions a service from KYC Global we will process your data in order to fulfil that request or service delivery.
The collection and processing of your data for the purpose outlined in paragraph 2 is under the Lawful Basis of Contract, because we need to process this data in order manage a potential contract or contract with the organisation you represent.
The personal data we may collect and process about you in connection with this purpose is:
Under the Lawful Basis referenced in paragraph 2.1, your data will be retained until the end of the financial year in which your contract ceases and then for a further 7 years thereafter, in accordance with Revenue Jersey advice.
At the end of the relevant retention period outlined for each purpose above, your data will be destroyed using an approved method, unless prevented by Court order.
KYC Global only uses this personal data for its own purposes and only shares it with third parties so that they may assist KYC Global in the data’s processing. Where KYC Global shares data with a processor, this is done for specific purposes, under the control of KYC Global and is subject to appropriate contractual clauses or a separate data sharing agreement. Personal data covered by this Privacy Notice is shared with the following organisations:
Should you have any concerns regarding the way an organisation is processing your personal data, the JOIC recommends that in the first instance you contact the organisation concerned. If the organisation does not address those concerns in an appropriate manner, you then have the option to escalate the issue to the JOIC. If you wish to contact us because you have concerns about our use of your personal data, please contact us using the details provided in paragraph 5.2.
This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 25th January 2023.
There may be circumstances where as a Data Subject, you find that your personal data has been processed using a RiskScreen service. Please be aware that in such circumstances it is likely that RiskScreen will not be processing your data in the capacity of Controller, but as a Processor acting on the instructions of another party. (The terms Controller and Processor having the meanings given in both the Data Protection (Jersey) Law 2018 and Regulation (EU) 2016/679 (GDPR) Article 4 (7) and (8)).
The RiskScreen applications process personal data whilst acting as a technological interface between databases compiled and controlled by third parties (‘Databases’) and organisations who wish to access the Databases because they have a statutory or regulatory obligation to carry out “know your client,” (KYC) and / or anti-money laundering (AML) checks. The Databases contain profiles of individuals and legal persons that are:
The third parties who compile the Databases do so from the public record. Whilst they aim to ensure that their databases are accurate and they do consider requests for rectification under Article 16 of the GDPR, they normally request evidence to show that the public record is factually incorrect.
RiskScreen’s clients, who use the RiskScreen service to search the Databases, include leading financial institutions and providers of professional services. If you are a customer of an organization which uses the RiskScreen service, that organization is likely to be the Controller of any personal data of yours which it holds. It is therefore best placed to assist you if you wish to exercise any of your data subject rights under Articles 16-22 of the GDPR in relation to data which it holds.
RiskScreen itself does not undertake any automated decision-making based on the personal data we process. RiskScreen’s clients may use a RiskScreen report, possibly in combination with other sources of information, to inform their own independent decision-making processes. Therefore, should you, as a data subject, have any issues with regards to the decision that an organisation may have taken in relation to you, we would recommend that you address your concerns directly with the organisation concerned.
As noted, the RiskScreen applications are a technological interface between databases controlled by others and organisations who wish to access the Databases. So, RiskScreen does not itself have the ability to amend the Databases or alter decisions taken by RiskScreen’s clients, acting in reliance on the information contained within the Databases.
Requests to exercise your rights of rectification or erasure in relation to the Databases should be made to the database(s) controller(s). Their contact details are:
If you still wish to raise any data-related issues directly with us, in particular with connection to any personal data we control, we ask that you read the corresponding Privacy Notice and direct your enquiry to our Data Protection Officer using the email address – [email protected].
RiskScreen’s award-winning platform can be taken in modules or installed as a fully integrated solution.
At RiskScreen we work with hundreds of companies around the world from a wide range of sectors – both regulated and unregulated.
Any screening technology is only as good as its underlying data. That’s why we work to find the best providers, ensuring you get screening matches you can trust.
The latest news, commentary and events from RiskScreen. For industry insight, visit our AML insight hub, KYC360.
Used by over 30,000 compliance professionals for AML news & analysis. Free CPD wallet.
RiskScreen was founded by experts in financial crime. It’s because of this unrivalled subject matter expertise that companies choose to partner with us.
