The Data Controller connected with this Privacy Notice is KYC Global Technologies Limited (KYC Global or we, our or us) a company incorporated in Jersey, Channel Islands and registered with the Jersey Office of the Information Commissioner (JOIC) and all its wholly owned subsidiaries.

KYC Global owns and operates the products known as “kyc360.com”, “RiskScreen” and “Panoptic”. This notice applies across all websites that we own and operate and all of the products and/or services we provide. For the purpose of this notice, we’ll just call them our ‘services’.

1. Purpose

KYC Global collects personal data from two sources for the purpose of communicating with prospective customers:

1. KYC Global collects business intelligence regarding organisations and key personnel within those organisations, in order to better understand the market in which it operates. Any personal data collected for this purpose comes from publicly available sources.
2. KYC Global also interacts with data subjects who have an interest in Anti-Money Laundering (AML) offering them the opportunity to sign up to newsletters, events and webinars produced by KYC Global.

1.1. Lawful Basis

The collection of personal data for this purpose is under the Lawful Basis of Legitimate Interest. Having conducted a Legitimate Interest Assessment, we have concluded that either because the information comes from public sources that the data subjects have decided to make aspects of their personal data publicly available, or they have chosen to subscribe to a free service provided by KYC Global, in which case, we must process their data so that we may communicate with them. In these instances, given the nature of the personal data being processed, we have determined that any risk to the data subject’s personal data is outweighed by the benefit the data subject receives from communicating with KYC Global.

1.2. Information Collected

The personal data we may collect and process about you in connection with this purpose is:

• 1.2.1. Name
• 1.2.2. Job Title
• 1.2.3. Email Address
• 1.2.4. Telephone number(s)

1.3. Retention

Under the Lawful Basis referenced in paragraph 1.1, your data will be retained for 5 years from the date of our last communication with you or our last review of the market. This is so we may keep our business intelligence current as well as continuing to send information of interest to those who have subscribed to one of our information services.

2. Purpose (Prospective Customer and Current Customers)

In the event that you or the organisation you represent either requests a proposal or commissions a service from KYC Global we will process your data in order to fulfil that request or service delivery.

2.1. Lawful Basis

The collection and processing of your data for the purpose outlined in paragraph 2 is under the Lawful Basis of Contract, because we need to process this data in order manage a potential contract or contract with the organisation you represent.

2.2. Information Collected

The personal data we may collect and process about you in connection with this purpose is:

• 2.2.1. Name
• 2.2.2. Organisation and Job Title
• 2.2.3. Email Address
• 2.2.4. Telephone Number(s)
• 2.2.5. Address
• 2.2.6. Depending upon the procurement methodology, we may take payment details.

2.3. Retention

Under the Lawful Basis referenced in paragraph 2.1, your data will be retained until the end of the financial year in which your contract ceases and then for a further 7 years thereafter, in accordance with Revenue Jersey advice.

3. Destruction

At the end of the relevant retention period outlined for each purpose above, your data will be destroyed using an approved method, unless prevented by Court order.

4. Data Sharing

KYC Global only uses this personal data for its own purposes and only shares it with third parties so that they may assist KYC Global in the data’s processing. Where KYC Global shares data with a processor, this is done for specific purposes, under the control of KYC Global and is subject to appropriate contractual clauses or a separate data sharing agreement. Personal data covered by this Privacy Notice is shared with the following organisations:

• 4.1 Microsoft Inc. for the purposes of providing an email facility.
• 4.2 Millbridge Systems Ltd. in their provision of IT support.
• 4.3 Salesforce UK Limited for the purposes of CRM.
• 4.4 SalesLoft, Inc. for the purposes of sales support and data enrichment.
• 4.5 Cognism Ltd for the purpose of database analysis and update.
• 4.6 Olark, for the purposes of a live chat function.

5. Rights of a Data Subject

• 5.1. Under the General Data Protection Regulation (GDPR) and Data Protection (Jersey) Law 2018, a data subject has certain rights regarding the control and processing of personal data. Details regarding these rights can be found on the Jersey Office of the Information Commissioner’s (JOIC) website.
• 5.2. Should you wish to contact KYC Global in order to exercise any of these rights, please email our Data Protection Manager using the following email address: [email protected]

6. Security

• 6.1. Recognising the importance of information security to our business and clientele, KYC Global is an ISO 27001 certified organisation. Within our information security strategy, KYC Global recognises the importance of personal data to our prospective and current customers. So, we endeavour to put in place appropriate organisational and technical measures to protect that data.
• 6.2. Personal data we hold on electronic media is encrypted and stored on secured servers.
• 6.3. Personal data held on paper is secured in locked cabinets with access only to appropriately authorised personnel.
• 6.4. Data Subjects should be aware that not all electronic communications are secure. We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government advice. However, if your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
• 6.5. Prospective and current customers should also be aware that we will monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

7. Data Protection Concerns

Should you have any concerns regarding the way an organisation is processing your personal data, the JOIC recommends that in the first instance you contact the organisation concerned. If the organisation does not address those concerns in an appropriate manner, you then have the option to escalate the issue to the JOIC. If you wish to contact us because you have concerns about our use of your personal data, please contact us using the details provided in paragraph 5.2.

8. Updates

This Privacy Notice is kept under review and it is updated as appropriate. It was last updated on 25th January 2023.