Privacy Statement
Last updated: 27 July 2025
1. Introduction
Know Your Customer Limited (KYC, we, us, our) is subject to:
– the EU General Data Protection Regulation (GDPR),
– Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), and
– Singapore’s Personal Data Protection Act (PDPA).
This Statement explains how we collect, use, disclose and safeguard personal data as both a data processor (for KYC Clients’ Customers) and a data controller (for our own subscribers).
2. Roles & Scope
For KYC Clients’ Customers: We act solely as a processor/data user. All personal data (e.g. names, ID numbers, location data) is collected on behalf of, and remains accessible only to, the engaging KYC Client.
For Subscribers (marketing, newsletters): We act as controller/data controller, collecting names, emails, phone numbers, etc., to send marketing updates.
3. Personal Data We Collect
– Identity & Contact Data: name, title, company, job role, email, telephone, postal address.
– Technical & Usage Data: IP address, browser type, device identifiers, pages visited, support requests.
– Sources: Directly from you (forms, uploads), or automatically via cookies and analytics.
4. Purposes of Processing
KYC Clients’ Customers:
– Verify identity to comply with AML regulations;
– Share results with KYC Clients via restricted access;
– Perform any KYC Client–specified processing;
– Meet legal/regulatory obligations of KYC Clients.
Subscribers:
– Deliver news, marketing updates and industry insights;
– Improve our offerings;
– Obtain and manage consent for marketing.
5. Legal Bases
GDPR (EEA data subjects): consent; contract necessity; legal obligation; legitimate interests.
PDPO & PDPA (HK/Singapore/other): consent; contract necessity; compliance with legal obligations.
6. Data Retention
We keep personal data only as long as necessary for the above purposes, in line with statutory requirements and our internal retention policies.
7. Data Transfers & Security
– International transfers: Data may be transferred to and stored in Ireland, Hong Kong, Singapore, UK, China, etc., under EU Standard Contractual Clauses or equivalent safeguards.
– Security measures: Role-based access controls with MFA; 256-bit AES encryption at rest; SSL/TLS in transit; regular audits.
8. Cookies
We use cookies for analytics and to enable pseudonymous identifiers (e.g. IP addresses) as part of our identity-verification services.
On first visit you’ll be asked to consent. You may withdraw consent by emailing our DPO or disabling cookies in your browser. Guidance at www.aboutcookies.org.
9. Rights of Data Subjects
Depending on your jurisdiction, you may have the right to:
– access, correct or erase your data;
– restrict or object to processing;
– data portability;
– withdraw consent (without affecting prior lawful processing).
Customers: exercise rights via the KYC Client.
Subscribers: exercise rights by emailing our DPO or writing to us at the address below.
10. Acceptance of Terms
By uploading data via our website/mobile app or subscribing to communications, you accept the practices in this Statement and consent to cross-border transfers within the KYC group for the stated purposes.
11. Contact Our Data Protection Officer
If you have any queries, requests or complaints, please reach out:
Data Protection Officer
Know Your Customer Limited
Hong Kong Office:
Spaces, 8 Queen’s Rd East, Wan Chai, Hong Kong
Tel: +852 5803 0898
Singapore Office:
26 Eng Hoon Street, Singapore 169776
Tel: +65 3158 2539
Email: dataprotection@knowyourcustomer.com
12. Amendments & Updates
We may revise this Statement to reflect changes in law, regulation or business practices. Updated versions will be posted here with a “Last updated” date.