PLATFORM
The controller within the meaning of the General Data Protection Regulation and other national data protection laws and regulations that determine the purposes and means of processing personal data is:
Eurospider Information Technology AG
Winterthurerstrasse 92
8006 Zürich
Schweiz
The data protection officer / data protection coordinator of the controller can be contacted at:
Telephone Number: +41 43 255 25 25
E-Mail-Address: contact@kyc.ch
We only process personal data if this is necessary to provide a functional website as well as our contents and services. The processing of our users' personal data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of personal data is permitted by law.
If the data subject has given his/her consent to the processing of personal data, art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, art. 6 (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary for compliance with legal obligation to which our company is subject, art. 6 (1) (c) GDPR serves as the legal basis for the processing.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, article 6 (1) (d) GDPR serves as the legal basis for the processing.
If the processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject which require protection of personal data, art. 6 (1) (f) GDPR serves as the legal basis for the processing.
The personal data of the data subject will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, personal data may be stored if this has been required by regulations, laws or other provisions to which our company is subject. The personal data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
If using our platform, you will have access to our toolbox, which provides you a complete solution for the implementation of your KYC Compliance process. You will have access to different tools for example:
You find a detailed description of our KYC Toolbox in the [Factsheet].
In case you would like us to perform the KYC process of your customers, suppliers, etc., we will use our toolbox and all necessary Tools for you.
You find a detailed description of our KYC Expert offer in the [Factsheet].
A distinction is made in this privacy policy between two different types of data:
If you are interested to create a test account, buy a subscription or ask for an offer, you will be redirected to our platform for registration. In order to open a test account, buy a subscription or ask for an offer, the following data (requested and entered by you) will be collected and stored:
In the course of the registration process, the user's consent to the processing of the data is obtained. Furthermore, it will be referred to this privacy policy and our terms and conditions.
Regarding the sharing on of data with third parties, please see item VI below.
The legal basis for the processing of data is art. 6 (1) (a) GDPR if the user has given his consent.
If registration serves to perform a contract to which the user is party or to implement pre-contractual measures, the additional legal basis for the processing of the data is art. 6 (1) (b) GDPR.
The registration of the user is necessary for the performance of a contract between KYC and the user or for the implementation of pre-contractual measures within the scope of the services rendered by KYC.
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data collected during the registration process to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data in order to meet contractual or legal obligations.
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
Data of KYC-Customer:
In the course of the usage of the platform, the above-mentioned data in item IV (data of KYC-customers) will be stored.
Regarding the transmission of data to third parties, please see item VI below.
Data of Entity to be checked (Data of Customers of KYC-Customers):
Furthermore, the results (reports) with regard to the persons/organisations checked may be stored. In the course of the usage of the individual Tools, the following data, among others, will be collected:
Regarding the transmission of data with third parties, please see item VI below.
Data of KYC-Customer:
The legal basis for the processing of data is art. 6 (1) (a) GDPR if the user has given his consent.
If registration serves to perform a contract to which the user is party or to implement pre-contractual measures, the additional legal basis for the processing of the data is art. 6 (1) (b) GDPR.
Data of Entity to be checked (Data of Customers of KYC-Customers):
You are solely responsible for the transmission of the data to us resp. entering the data and checking of persons/organisations as well as for lawfulness thereof and the compliance with all corresponding data protection transparency obligations. KYC Spider AG assumes no liability in this regard. In the event of any violation of this provision, you will indemnify KYC Spider AG against any third-party claims (in particular those of the data subject).
The Platform is an instrument for checking a person or organization on relevant information regarding money laundering. For this purpose, KYC provides the KYC Records [KYC Records Description]. With the access to / search in KYC Records, the extended identification obligations of the financial intermediary according to the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA as of 1st January 2016) are fulfilled. The financial intermediary detects client relationships with sanctioned persons/organisations (i.e. data pursuant to Art. 22a AMLA) and PEP background (i.e. qualification characteristics pursuant to art. 2a para. 2 AMLA). In addition, KYC Records shows references to further detectable and clarification-relevant information. Finally, KYC Records enable traceable documentation of the corresponding clarification.
Data of KYC-Customer:
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data collected are needed to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data in order to meet contractual or legal obligations.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of the entity to be checked will be deleted after four weeks. You (customer) are responsible to download all documents and data and store them for possible audit purposes.
However, we offer an option to store every document and data in our Toolbox (Tool "Document Store"). You are welcome to contact us in this matter.
Data of KYC-Customer:
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The entity to be checked has the possibility to ask for access, erasure, changing etc. of the data stored in our KYC Records at any time. In this regard we refer to our "KYC Records Policy" or the below mentioned in item VII.
For the operation of our platform we use, among others, the following third-party providers:
1. Scope of processing of personal data
We use Hubspot for our Customer Relationship Management System (CRM) and Inbound Marketing System. For this purpose, the following data (among others) of KYC-customers will be shared and stored on Hubspot:
2. Legal basis of processing
The legal basis for processing users' personal data is art. 6 (1) (a) (if consent of customer is available), (b) and (f) GDPR.
3. Purpose of processing
The processing and storage of users' personal data in the CRM, hosted by the third-party provider Hubspot, is necessary, among other things, to perform the contract between KYC and the user or to carry out pre-contractual measures within the scope of services of KYC. The creation of internal overviews and evaluations of subscriptions and the usage of our tools helps us to continuously improve our services. This is also our legitimate interest in data processing.
This data will only be used for these purposes and will not be transmitted to other third parties.
4. Period of storage
Data of KYC-Customer:
The data will be deleted as soon as it is no longer needed for our recording purposes.
Consequently, the personal data collected during the registration process to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of a person/organization to be checked are not stored in the CRM (hosted by HubSpot).
5. Possibility of objection and erasure
Data of KYC-Customer:
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of a person/organization to be checked are not stored in the CRM (hosted by HubSpot).
Information about the third-party Hubspot:
Address:
Hubspot (Headquarters) 25 First Street, 2nd Floor, Cambridge, MA 02141, United States
Description regarding Cookies and Privacy Policy:
https://legal.hubspot.com/privacy-policy?_ga=2.24711800.313185516.1545026838-191162758.1544774747
https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser
1. Scope of processing of personal data
BitRank is a service provider for transaction screenings. We are using the services of BitRank for the verification of a Blockchain Address to receive a risk rating on this specific Blockchain Crypto Property (BCP).
Please find here more information about BitRank:
https://bitrankverified.com/about
If you would like to use our Tool BCP Check, the following data of the entity to be checked will be stored:
2. Legal basis of processing
The legal basis for processing users' personal data is art. 6 (1) (a) (if consent of customer is available) and (b)GDPR.
3. Purpose of processing
The processing and storage of user data is necessary, among other things, for the fulfilment of the contract between KYC and the user or for the provision of the KYC services (verification of blockchain addresses). This is also our legitimate interest in data processing.
This data will only be used for these purposes and will not be transmitted to other third parties.
4. Period of storage
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of the entity to be checked will be deleted after four weeks. You (customer) are responsible to download all documents and data and store them for possible audit purposes.
5. Possibility of objection and erasure
Data of Entity to be checked (Data of Customers of KYC-Customers):
The entity to be checked has the possibility to ask for access, erasure, changing etc. of the data stored in our KYC Records at any time. In this regard we refer to our "KYC Records Policy" or the below mentioned in item VII.
Information about the third-party BitRank:
Address:
BitRank, Suite 114-990 Beach Avenue, Vancouver, Britsh Columbia, V6Z 2N9
Terms of Service:
https://bitrankverified.com/terms
Privacy Policy:
https://bitrankverified.com/privacy
1. Scope of processing of personal data
Eurospider Information Technology AG is a computer science company which develops and offers software as well as other products. Eurospider supports KYC, among others, in IT matters as well as develops and operates the platforms and software and prepares the necessary data for the KYC Records.
Please find here more information about Eurospider:
https://www.eurospider.com/en/about-us/eurospider
All data entered above (KYC customers and customers of KYC customers) can be accessed and viewed by Eurospider.
2. Legal basis of processing
The legal basis for processing users' personal data is art. 6 (1) (a) (if consent of customer is available) and (b)GDPR.
3. Purpose of processing
The processing and storage of users' personal data in the Platform, hosted by the third-party provider Eurospider, is necessary, among other things, to perform the contract between KYC and the user or to carry out pre-contractual measures within the scope of services of KYC. This is also our legitimate interest in data processing.
This data will only be used for these purposes and will not be transmitted to other third parties.
4. Period of storage
Data of KYC-Customer:
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data collected which are needed to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data in order to meet contractual or legal obligations.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of the entity to be checked will be deleted after four weeks. You (customer) are responsible to download all documents and data and store them for possible audit purposes.
However, we offer an option to store every document and data in our Toolbox (Tool "Document Store"). You are welcome to contact us in this matter.
5. Possibility of objection and erasure
Data of KYC-Customer:
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The entity to be checked has the possibility to ask for access, erasure, changing etc. of the data stored in our KYC Records at any time. In this regard we refer to our "KYC Records Policy" or the below mentioned in item VII.
Information regarding the third party provider Eurospider Information Technology AG:
Address:
Eurospider Information Technology AG, Schaffhauserstrasse 18, 8006 Zürich, Schweiz
Privacy Policy:
https://www.eurospider.com/en/data-protection
1. Scope of processing of personal data
Intrum AG is a company that offers services in the sector of Credit Management Services. Among other things, Intrum offers an Identity Platform in cooperation with IDnow, which covers the identification requirements for an onboarding of a customer. The cooperation consists in offering the video identification process via Intrum.
Please find here more information about Intrum:
https://www.intrum.ch/de/losungen-fur-unternehmen/unsere-dienstleistungen/
Only the data that will be passed to Intrum and that are given during the identification process via video can be viewed by Intrum.
2. Legal basis of processing
The legal basis for processing users' personal data is art. 6 (1) (a) (if consent of customer is available) and (b)GDPR.
3. Purpose of processing
The processing and storage of user data is necessary, among other things, for the fulfilment of the contract between KYC and the user or for the provision of the KYC services (Video Identification). This is also our legitimate interest in data processing.
4. Period of storage
Data of KYC-Customer:
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data collected which are needed to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data in order to meet contractual or legal obligations.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The data of the entity to be checked will be deleted after four weeks. You (customer) are responsible to download all documents and data and store them for possible audit purposes.
However, we offer an option to store every document and data in our Toolbox (Tool "Document Store"). You are welcome to contact us in this matter.
5. Possibility of objection and erasure
Data of KYC-Customer:
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
Data of Entity to be checked (Data of Customers of KYC-Customers):
The entity to be checked has the possibility to ask for access, erasure, changing etc. of the data stored in our KYC Records at any time. In this regard we refer to our "KYC Records Policy" or the below mentioned in item VII.
Information regarding the third party provider Intrum AG:
Address:
Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Schweiz
Privacy Policy and General Terms and Conditions:
https://www.intrum.ch/de/losungen-fur-unternehmen/uber-intrum/datenschutz-und-geschaftsbedingungen/
If personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights:
You can ask the controller to confirm whether personal data concerning you is being processed by us.
Is that the case, you can request the following information from the controller:
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.
You have the right to obtain from the controller the rectification and/or completion of incorrect or incomplete personal data concerning you. The controller shall make the correction/completion without delay.
Under the following conditions, you have the right to request the restriction of processing of personal data concerning you:
Where processing of personal data concerning you has been restricted, such personal data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4.1. Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:
4.2. Information to third parties
Where the controller has made the personal data public and is obliged pursuant to art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, the personal data.
4.3. Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
If you have exercised your right of rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to obtain from the controller the information about those recipients.
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.
The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
The data controller no longer processes the personal data concerning you, unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of the personal data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of object in the context with the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions may not be based on special categories of personal data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 let. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in points a) and c), the controller implements suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.
We reserve the right to change this privacy policy at any time without prior notice. We will inform you of any changes by publishing the updated privacy policy on our website. Any changes we make will be effective from the date of publishing on our website.
This agreement is issued and made available to the Parties an English and a German language version [German Version]. In case of conflict between the English and the German language version of this agreement, the provisions of the German language version shall prevail.
Our representative in the EU (according to Art. 27 DSGVO) can be reached as follows:
Eurospider SRL
Str. Frumoasa 41
RO-010986 Bucuresti S1
Romania
Address
Eurospider Information Technology AG
Winterthurerstrasse 92
8006 Zürich
Phone
Contact
Eurospider offers all the necessary compliance services relevant not only for finance intermediaries, banks and insurance, but also for fintechs, casinos and industrial corporations: Embargo, sanctions screening, PEP and crime check and compliance documentation.
Eurospider Information Technology AG
Winterthurerstrasse 92
8006 Zürich
Schweiz