Effective from: 1st June 2024
This Privacy Policy describes how KYC.ME ("we", "us", "our") collect, use, and disclose personal information when our client's user/s interact with our technology, services, and platform, across our various features and functionalities, including technology updates, end-user verification processes, client interactions, and marketing activities. We are committed to protecting your privacy and safeguarding your personal information.
KYC.ME provide technology solutions to our clients focused on identity verification. This Privacy Policy describes the types of Information we collect in connection with the Services, the purpose for which we process that information, the parties with whom we may share it, and the measures we take to protect its security.
To provide our Identity Services to a client, we collect certain personal information about the client's users. We may collect personal information about a user from the client, from the user, or third-party data providers ("Data Provider").
The following paragraphs provide details of the personal information we collect on behalf of a client depending on which of our Identity Services the client chooses to use. If you are in the EEA or UK, our client is responsible for identifying a legal basis that permits your personal information to be used for the purposes described below; you should review the privacy policy for further details.
KYC.ME document check is a comprehensive system designed to verify the authenticity of identity documents from around the world. Through image or video analysis and security chip scanning, the system ensures that the documents are genuine and have not been tampered with. Additionally, it compares the document with information on compromised identities to maintain security.
Information collected: personal information extracted from a user's identity document such as name, document number, date of birth, nationality, type of document, issuing country, expiration date, information embedded in barcodes, QR codes, security chips, and the image metadata associated with the image or video of the document.
The Identity Services require users to provide image or video biometric checks of their face and a reference image, such as an identity document. Two scans of the user's face are generated from the selfie and the reference image and compared to determine if they match. The service also evaluates the authenticity of the images, videos, and identity documents, including detecting signs of tampering or coercion.
When conducting biometric checks, we do not retain the extracted face scans post-verification. However, upon a client's request for authentication services, we retain a reference image chosen by the client for each relevant user. The retention period for this image is determined by the client and complies with any maximum retention periods stipulated by KYC.ME or relevant laws. During user authentication, we compare a new image with the stored reference image, and confirmation is granted upon a match.
Information collected: images or videos of a user and/or of their identity document, metadata extracted from those images or videos, and data extracted from those images or videos that may be construed as a scan of face geometry or a voiceprint and which may be considered to be biometric information.
KYC.ME provides clients with data verification services through a network of trusted Data Providers and internal checks, enabling them to verify their users. This includes comparing personal information provided by the client or user with information from various sources such as voter and driving license registers, government databases, police databases, consumer credit agencies, sanction and PEP lists, adverse media sources, utility companies, and mobile network providers. These services can be provided on an ongoing basis for clients with regulatory obligations that require continuous monitoring against sanctions and PEP lists.
Information collected: the information collected will vary depending on the availability of checks in the user's location and Identity Services selected by KYC.ME's clients. It may include contact details such as an address, email address, telephone number, social security number, or another national identity number, information extracted from a utility bill a user uploads, or other information provided by the Data Provider like the user's mobile network operator, publicly available information from media searches, sanctions, and PEP lists.
We are dedicated to retaining your trust by being transparent about how we share your personal information. Your information may be shared with entities necessary for verifying your account and providing our services. Additionally, third-party service providers may have access to assist us, subject to confidentiality requirements. Legal requests, court orders, or order legal processes may necessitate disclosing your information to establish or protect our legal rights. We may also share aggregated or anonymized data for research, analysis and marketing. In the event of a corporate transaction, your personal information may be shared.
We utilize standard security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. However, it is important to acknowledge that no data storage system or data transmission over the Internet or any other public network can be guaranteed to be entirely secure. Additionally, information gathered by third parties may not have the same security protections as the information you provide to us, and we cannot guarantee the security of such information.
We store your personal information on secure servers and databases located in various jurisdictions. These servers may be located outside your country of residence. By using our services, you consent to the transfer and storage of your personal information in these locations.
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention period may vary depending on the type of information and the purposes for which it is processed.
Your personal information may be transferred to, and processed in, countries other than your own. These countries may have data protection laws that are different from those in your jurisdiction. However, we will take appropriate measures to ensure that your personal information remains protected by this Privacy Policy and applicable law.
The rights provided hereunder apply to You according to the data protection laws of the country on which You are based.
Right to Information: you have the right to receive information about the processing of your data, before processing as well as during the processing, upon request.
Right to Access/Know: you have the right to request access to your data and obtain information from us regarding the purpose of processing, what categories of personal data are processed, to whom we transfer or disclose your data, and for what period we process your data.
Right to Delete/Erasure: you have the right to request that we delete the personal data that we have collected from you, subject to certain exceptions.
Right to Correct/Rectification: you have the right to request that we correct any inaccurate personal data we have collected about you. We may request documentation from you in connection with your request. Upon receipt of a verifiable request to correct inaccurate personal data, we will use commercially reasonable efforts to correct the personal data.
Right to Object: you have the right to contact us to let us know that you object to the further use or disclosure of your data for certain purposes, such as for direct marketing purposes.
Your Opt-Out Rights: you have the right to opt out of receiving marketing communications from us by following the unsubscribe instructions provided in our communications.
Right to Withdraw Consent: you have the right to withdraw your consent at any time. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Right to Contact a Supervisory Authority: you may complain to the supervisory authority.
Please note that we may verify your identity and request before taking further action on your request.
This Privacy Policy is constantly reviewed and amended to comply with the relevant data protection laws.
KYC.ME may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any changes by email or by posting the updated Privacy Policy on our website or through other appropriate channels.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
KYC.ME (Trading Name: IQGP LTD)
Dimostheni Severi 12, 6th Floor, Office 601
Nicosia, 1080, Cyprus
[email protected]