The present policy regulates the processing of personal data by KYC Center Ltd. (hereinafter – KYC Center). KYC Center implements all necessary measures for the provision of the secure processing of personal data, obtained during activities of KYC Center.
You can review the current personal data processing policy on the permanent URL https://kyc-center.com/en/processing
KYC Center may change the present policy unilaterally. The new edition of the policy becomes effective from the moment of its publication on the website of KYC Center Ltd. unless otherwise provided in the latest version of the document.
The personal data is processed in accordance with this policy and the “General terms and conditions of KYC Center”.
Personal data - any information related to an identified or identifiable natural person (“data subject”).
Identifiable natural person – a person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Client – a natural or a legal person successfully verified in the system of KYC Center and issued with a unique personal KYC-code.
Business-partner – a legal person, that signed an agreement on the access to the database and the Application Programming Interface of KYC Center, that is granted with the right to identify a client on the basis of 1) the provision of the KYC-code to the business-partner by the client; 2) the client’s confirmation of the consent to provide data via KYC Center.
Account – a record which contains a data set that a client or a business-partner sends to the KYC Center by filling in the online-form in the system of KYC Center or by other means and that is stored in the system of KYC Center.
Processing of personal data in KYC Center - any automated or non-automated operation or set of operations that are connected with the collection of personal data, their systematization, accumulation structuring, recording, storage, clarification, alteration, monitoring, sending, dissemination (disclosure by transmission, transfer or by providing access), alignment or restriction, erasure or destruction.
Trustworthiness – a set of characteristics and/or transactions that is related to a client in the understanding of the Directive №2015/849 of the European Parliament and the Council.
Person’s profile analysis – a processing of personal data of a subject in KYC Center that includes a usage of personal data for an assessment of particular personal aspects, which are related to a natural person, inter alia, for an analysis and a determination of person’s risk level (low, medium, high) in accordance with the criteria, established in the “General terms and conditions of KYC Center” and with an analysis of aspects related to economic situation, trustworthiness, place of residence and actions of a person.
Person’s verification – a process of person’s identification and a determination of his level of risk in KYC Center following the requirements, stipulated in the Directive of the European Parliament and the Council №2015/849 of 15.05.2015.
KYC-code – a unique personal code, which is issued to a person, who has successfully passed the process of verification in the system of KYC Center. Possession of a KYC-code by a person means that personal data were processed in the system of KYC Center in such way, that a part of personal data was encrypted on a name of a responsible person and was placed in an archive (on a server without the Internet connection). The other part of the information is unavailable to the third parties, it is stored separately and is accessible only to the business-partners, connected to the system of KYC Center.
Encryption of personal data – processing of person’s data, which involves encoding of data by the use of the certificate of the Estonian identity card.
KYC Center – the controller (operator) and the processor that independently defines means and purposes of the processing, as well as carries out processing directly.
Client’s consent – means a freely given, specific, informed and unambiguous indication that a client does wish to agree to the processing of personal data, given by a statement or by clear affirmative action.
Informational notification – notification of a client for informational purposes about new opportunities of the system and business-partners of KYC Center.
Notification about events in the account – notification directed to the client in order to ensure the security of the system of KYC Center, which takes place in the following cases: an activation of the account, a login, a KYC-code generation, an inclusion of a business-partner, a request from a business-partner, unusual activity of a client.
Recommended limit – an annual transaction limit requested by the client and verified by KYC Center, which depends on the country of residence, the scope of activity and professional status of the client.
Risk level - a probability of occurrence of money-laundering and terrorist financing risks in transactions with business-clients, due to the absence of previous business relations with a particular client or due to the uncertainty of the development of a financial transaction with the client at the time of its commitment. KYC Center sets the level of risk by analyzing the client's personal data, as well as publicly available information, and automatically encodes it in the KYC code. The assessment of the risk level shall be made manually by an employee of a KYC Center, taking into account requirements of the Directive of the European Parliament and the Council №2015/849 of 15.05.2015 and in strict compliance with “Procedural rules of person’s identification and risk level assessment”.
In accordance with provisions of Regulation of the European Parliament and the Council №2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the client has the following rights:
Address: Väike-Ameerika 19, Tallinn 10129
E-mail: [email protected]
Telephone: +372 627 4135
KYC Center guarantees that the processing of personal data in the system of KYC Center is conducted on a legal and fair basis, in strict compliance with the purposes and principles, which are indicated in the “General terms and conditions of KYC Center”. The collected data is not processed for reasons, which are not listed in the “General terms and conditions of KYC Center”.
The person provides only specific personal data for the verification procedure, which is needed for KYC Center to achieve the goals outlined in the “General terms and conditions of KYC Center”. The excessive processing in relation to the purposes, which are declared in the “General terms and conditions of KYC Center”, is not permitted.
KYC Center partially uses the system for the automated processing of personal data but doesn’t make decisions based solely on automated means.
KYC Center excludes consolidation of databases that contain personal data, processing of which is carried out for incompatible purposes.
KYC Center ensures accuracy, sufficiency and relevancy of personal data with regard to the purposes of their processing in the most accessible and reasonable way.
The registration of the account on the website www.kyc-center.com confirms person’s free will, intended to accept conditions of this agreement.
The client ticks the boxes and confirms the following facts, before registration in the system of KYC Center and prior to the provision of his data:
The consent to the processing shall remain in force indefinitely, but could be withdrawn by the data subject by sending of an individual written application submitted to the legal address of KYC Center Ltd. via registered mail return receipt or by filling in of the appropriate form in the account or by sending of the application at the e-mail address [email protected] with the subsequent client’s identification;
Prior to applying for KYC-code, the client can permit to send him informational notifications or notifications about events in the account in the form of SMS-messages or e-mails. He should indicate it by ticking the appropriate box “Accept notifications”.
The option of applying for KYC-code does not depend on consent mentioned above. The consent on receiving of informational notifications can also be provided later by turning on the notification function in the account. The permission to the processing shall remain in force indefinitely but could be withdrawn by the data subject by turning off the notification feature in the account.
By accepting the terms of this policy, the subject agrees his data to be processed by KYC Center. A person consents as indicated in this policy on the processing of his personal data in the following ways: collection, systematisation, accumulation, storage, clarification (updating or alteration), usage, dissemination (under this policy), depersonalization, blocking, destruction and the transmission, including cross-border transfer (under this policy).The processing may take place by automated means, as well as without them.
By accepting this agreement the person also gives consent for analysis and verification of personal data submitted by him with the help of publicly available resource.
By accepting this agreement, the person agrees that some of his personal data (para 7 of section 7 of this policy) will be provided to the business-partners within the terms stipulated in this policy and in the “General terms and conditions of KYC Center”.
By accepting this agreement the person acknowledges and reaffirms, that in cases specified by the “General terms and conditions of KYC Center”, KYC Center is entitled to disclose his personal data, following the written request of public authorities. During disclosure of personal data to a public authority KYC Center is guided by requirements of Money Laundering and Terrorist Financing Prevention Act of the Estonian Republic and the Directive №2015/849 of the European Parliament and of the Council of 20.05.2015 or other legal act, which is binding for KYC Center or for business-partners, which are connected to him.
KYC Center is obliged to disclose and share personal data in order to carry out legal demands of public authorities or with an aim to achieve security of business-partners or other persons against fraudulent activities and to prevent the financing of terrorist activity. Further details can be found at the following link: ###
KYC Center Ltd. gathers only those personal data that are necessary for the practical achievement of the goals outlined in the “General terms and conditions of KYC Center”. In pursuit of these objectives, KYC Center Ltd. collects data that are related to the development and operation of the system of KYC Center, the opening and administration of an account, the performance of contracts with business-partners. Identified or identifiable person directly provides his personal data to the system of KYC Center by filling in the online form or by reporting of further details about himself.
Information that is collected and processed shall include:
The collection and processing of data subject’s personal data are meant for the following purposes:
KYC Center determines person’s risk level on the basis of personal data supplied to the system of KYC Center by the client and according to “Procedural rules of person’s identification and risk level assessment”. KYC Center relies on three levels of risks:
The principal place of storage of personal data is the territory of the European Union. KYC Center is also entitled to maintain personal data outside the European Union, and this also applies to states and territories, whose legislation requires the storage of their citizens’ personal data within territories of those states. The storage of data outside the European Union is intended to provide a backup. There is a transfer of data between the jurisdictions (territories) mentioned above in the course of its creation.
By accepting this agreement the client acknowledges his awareness of potential risks of transfer of personal data to third countries, that are located outside the European Union, including countries for which there is no decision of European Commission on an adequate level of protection of personal data within the meaning of the Article 45 of the Regulation of the European Parliament and the Council №2016/679 of 27 April 2016 „On the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, More information about the adequate level of data protection can be found here.
If a person is not a European Union citizen, by accepting this policy he voluntarily and consciously consents to the cross-border transfer of personal data. In case, wherein the state of client’s residency there is the requirement to collect personal data exclusively on the territory of such state, the KYC Center is obliged to transfer personal data of these individuals outside the European Economic Area for lawful data acquisition and processing.
KYC Center applies procedures and protective measures to prevent unauthorized access, unlawful processing, accidental loss, destruction or damage of data. They are applied to all personal data of clients and business-partners, which were received through the system of KYC Center by filling in the online-form.
After processing of personal data provided by the client and issuing of individual personal KYC-code for him, the part of personal data is achieved, encrypted through the use of digital technologies and is sent for storage purposes to the archive on a hard drive without access to the Internet. The remainder of the information is securely protected from unauthorized access of third parties.
The data that is moved to the archive include:
The data is provided to the connected to the system of KYC Center business-partner within the framework of the “General terms and conditions of KYC Center” with the consent of the client, which is given by acceptance of the conditions of the present agreement, and also by reaffirming the consent to the transfer of the data listed below separately to a specific business-partner.
This data includes:
KYC Center observes the principle of confidentiality of personal data of identified or identifiable persons and provides data to business-partners only in those amount and ways, that are specified by this policy and set out in the “General terms and conditions of KYC Center”, as well as to authorized public authorities on the grounds of a written request to KYC Center.
KYC Center Ltd. retains personal data throughout the period of subscription to the system of KYC Center, and 5 (five) years after termination of the contractual relationships.
The KYC Center company has developed internal procedural rules for the protection of personal data, which are compulsory for all employees of KYC Center.
came into force on 01.06.2018