Updated on 21st July 2022
In this Policy the following terms shall have the following meanings:
Our Site is owned and operated by KYC AVC UK LTD, a Limited Company registered in England & Wales under company number 12050874. Email address: [email protected] Postal address: KYC AVC UK LTD, 206 Brickfields Business Centre, 37 Cremer Street, London, England, E2 8HD. We are regulated by the Information Commissioner's Office: 12050874 / ZA529836
4.1. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. 4.2. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
6.1. Depending upon your use of Our Site, we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. You may also interact with other 3rd party providers who process additional data outside that which is listed within the ‘Data Collected (Content Uploader)’ table below. Where this is the case your data is not processed or seen by KYC AVC UK LTD.
7.1. Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we will use your personal data, and our lawful bases for doing so:
7.2. With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or telephone or text message or post with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time. 7.3. We use the following automated systems for carrying out certain kinds of decision-making and profiling. If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ (i.e. have someone review the action themselves, rather than relying only on the automated method), the Data Protection Legislation gives you the right to do so. Please contact us to find out more using the details in Part 14. • The following automated decision-making method(s) may be used: ⚬ using facial biometrics and/or ⚬ scanning and authenticating government issued identification • The following non automated profiling may take place: ⚬ From time to time - we and third parties may perform manual verification methods for compliance purposes, these methods include: ⊡ Evaluating government issued identification and/or ⊡ Evaluating facial biometrics 7.4. We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 14. 7.5. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so. 7.6. In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
8.1. We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:
Type of Data
Content Uploader Identity Information:
Email address. Telephone number. Date of birth. Your image. Images of & pertinent information on government-issued identification. Vendor website ID. IP address
Device Information (Anonymous):
model, browser, version, operating system,
Business name, full name, full address (business), company registration information, VAT number, telephone number, email address, vendor website ID, bank details, payment information
*SLA = (Since the date of Last Verification) 8.2. Where we believe you are a minor and you have submitted data to us, we will delete it as soon as we are able to do so. 8.3 If we are able to verify your identity, for certain details you share with us, we may encode them using a highly secure one-way cryptographic hash, to use for future verification requests, and store for up to 4 years from the date of your last identity verification check.
11.1. In addition to your rights under the Data Protection Legislation, set out in Part 5, when you submit personal data via Our Site, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
13.1. If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. 13.2. All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 14. 13.3. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. 13.4. We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Any questions? Let's chat. Our dedicated team are always on-hand to discuss identity and content verification.