Privacy Policy

KYC Management Limited (“KYC Management”) and/or their related entities (together “us”, “our” or “we”) respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data and your privacy rights. This Privacy Policy aims to give you information on how KYC Management collects and processes your personal data through your use of this website.

This policy applies across all websites that we own and operate and all services we provide, including our Know your client (“KYC”) solution products, and any other websites or services we may offer to the professionals firms, including but not limited to accounting firms, company secretarial firms and law firms (collectively, “Professional Firms”) and the clients of the Professional Firms (“End-clients”). For the purpose of this Privacy Policy, we’ll just call them our ‘services’.

By using our services, you acknowledge and agree that this Privacy Policy may be updated or amended from time to time, and at any time, at the sole discretion of KYC Management. You agree to be bound by the terms and provisions under this Privacy policy as the same may be amended from time to time. KYC Management will provide prior electronic notice to you in the case of an amendment to this Privacy Policy. Use of our services following any such amendments will be deemed to be confirmation that you accept those amendments.

We use cookies on this website. Information on our cookie policy is set out below.

Applicable Data Protection Laws

Where KYC Management is the “processor” or “data processor” (as the case may be) of your personal data, it is subject to applicable data protection laws and regulations, which may include, but not be limited to, the European Union Regulation 2016/679 and the Personal Data Privacy Ordinance (Chapter 486 of the laws of Hong Kong) (“Ordinance”, and collectively, the “Applicable Data Protection Laws”). You may wish to visit the official website of the Office of the Privacy Commissioner for Personal Data for more information about this Ordinance.

How to contact us

In case of any question or comment in respect of this Privacy Policy, please contact:

By post:

Privacy Officer
KYC Management Limited
Unit 1601, 16/F, 118 Connaught Road West
Sheung Wan
Hong Kong

By email:

privacy@kyc.management

By telephone:

+852 6551 2538

Your personal data

It is our policy to protect the privacy of users of this website (our “Website”). When you visit our websites or use our service, we collect your personal data (by “personal data”, we mean information about you or which can be used to ascertain your identity). For example, we may collect some information about you when you visit the website because your internet provider address needs to be recognised by our server. You will also be invited to provide some information about yourself on various pages of the website.

Collection and use of your personal data

Any personal data collected from you on the website will only be used for the specific purposes mentioned at the time of collection or for the purposes of providing you with any services you’ve requested, or for purposes directly related to those specific purposes and/or in the below Personal Information Collection Statement.

How we collect your data

We may collect your personal data in a number of ways, for example:

  1. From the information you provide to us and/or the Professional Firms;
  2. From information about you provided to us and/or the Professional Firms by your company or an intermediary;
  3. When you communicate with us and/or the Professional Firms by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
  4. When you complete (or the Professional Firms complete on your behalf) client on-boarding or application or other forms;
  5. From your authorised persons, agents, advisers, intermediaries, and custodians of your assets;
  6. From publicly available sources or from third parties, most commonly where we and/or the Professional Firms need to conduct searches, background check and screening about you for regulatory purposes;
  7. During the recruitment process, you (as job applicant) may be required to provide sufficient personal data so that we may, as appropriate and/or applicable, assess your suitability for the position being applied for; and
  8. From the information you provide to us when you contact us or when you make a job application with us.

The categories of personal data we collect

We may collect the following categories of personal data about you:

  1. Your name and contact information such as your home or business address, email address and telephone number;
  2. Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
  3. Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of funds and wealth, as well as your bank account details;
  4. An understanding of your goals and objectives in procuring services with the Professional Firms;
  5. Information about your employment, education, family or personal circumstances, and interests, where relevant;
  6. Information to assess whether you may represent a politically exposed person or money laundering risk; and
  7. Such other categories of personal data as may be the case.

The basis for processing your personal data (other than with your consent)

(i) Performance of a contract

We may process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

In this respect, we may use your personal data for the following:

  1. To provide you with the services as set out in our Terms of Use or as otherwise agreed with you from time to time;
  2. To provide the Professional Firms with the services as set out in our cloud service agreement or terms of engagement with the Professional Firms or as otherwise agreed with the Professional Firms from time to time;
  3. To deal with any complaints or feedback you may have;
  4. For any other purpose for which you provide us with your personal data;
  5. For searches, background check and screening, including but not limited to screening on sanction lists and the terrorist or terrorist associates lists and politically exposed person check; and
  6. For background checks and pre-employment screenings, including conducting such checks and screenings on job applicants and employees.

(ii) Legal obligations

We may also process your personal data for our compliance with a legal obligation which we are under, or for compliance with a legal obligation which the Professional Firms are under.

In this respect, we may use your personal data for the following:

  1. To meet the legal, compliance and regulatory obligations of both KYC Management and the Professional Firms, such as compliance with anti-money laundering laws;
  2. As required by tax authorities or any competent court or legal authority;
  3. Conducting searches, background check and screening for compliance with the regulatory obligations of both KYC Management and the Professional Firms; and
  4. For the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.

Personal Information Collection Statement

For End-clients:

  1. It is often necessary for individual End-clients or (where End-clients are businesses, incorporated or otherwise) their individual representatives (including without limitation directors, other officers, employees and staff members of End-clients businesses) (in this statement these individual representatives will, for the sake of brevity, also be referred to generally as “End-clients” and, in the “Important Notes” section of paragraph 4.7 below, as “Representatives”) to supply KYC Management with data about themselves in connection with KYC Management’ provision of services to those End-clients and the Professional Firms. These data may include copies, and other details, of identity documents, proof of address, other contact details, and proof of authority to appoint the Representatives.
  2. Failure to supply such data may result in KYC Management being unable to provide End-clients and the Professional Firms with the services.
  3. It is also the case that KYC Management collects data from End-clients and the Professional Firms in the ordinary course of the client-software provider relationship on an ongoing basis.
  4. The purposes for which personal data relating to the End-clients and the Professional Firms may be used are as follows:

    Obligatory purposes

    If the End-clients and/or the Professional Firms do not want KYC Management to use his personal data for any of the purposes listed in paragraphs 4.1 to 4.6 below (inclusive), KYC Management will not be able to provide the services requested. All kinds of personal data about the End-clients and the Professional Firms will be used for:

    4.1 the provision of services to the End-clients and the Professional Firms in accordance with the instructions of the End-clients and the Professional Firms and as KYC Management may otherwise deem appropriate or necessary;

    4.2 designing services or related products for the use of the End-clients and the Professional Firms;

    4.3 collection of outstanding fees from the Professional Firms;

    4.4 meeting the requirements of the Professional Firms in accordance with applicable laws and regulations in Hong Kong to conduct client identification and verification and to make disclosure under the requirements of any law, guideline, code of practice or practice direction binding on, or applicable to, the Professional Firms or any of its branches or associated firms or offices including, but not limited to, any such law, guideline, code or practice direction relating to anti-money laundering and anti-terrorism;

    4.5 purposes specifically provided for in any particular service offered by KYC Management;

    4.6 purposes directly related to any of the above;

    Voluntary purpose

    The name and contact details (including but not limited to office address, telephone number and email address) provided by the End-client and the Professional Firm to KYC Management will be used for:

    4.7 marketing KYC Management’ own services and/or related products.

If an End- client and/or the Professional Firm does not want KYC Management to use his/its personal data for the purposes mentioned in paragraph 4.7 above, he/it may write to or email the contact details at the end of this statement, indicating his/its decision and/or return a copy of this statement to us.

IMPORTANT NOTES about KYC Management marketing:

All marketing in relation to KYC Management services and related products to Representatives is sent to them in their official capacity as representatives of the client business for whom they work or represent and not in their individual capacity.

  1. Data held by KYC Management relating to the End-clients and the Professional Firms will generally be kept confidential but KYC Management may provide such information for the above purposes to:

    5.1 any other branch or associated firm or office of KYC Management;

    5.2 a government agency such as the Hong Kong Police, the Hong Kong Customs and Excise Service, the Hong Kong Immigration Service and the Independent Commission against Corruption, if KYC Management knows or suspects that any person is engaged in drug trafficking, terrorism or any other serious crime or handling the proceeds of crime or that any property constitutes terrorist property; in this case, the obligation to report to the authorities may override KYC Management’ confidentiality obligations;

    5.3 any actual or proposed assignee of KYC Management or transferee of KYC Management’ rights in respect of the End-clients and the Professional Firms or any company which takes over, or is negotiating the take-over of, the business of KYC Management or into which KYC Management is merged;

    5.4 to third party service providers which provide administrative, technology, marketing or other services to KYC Management in relation to its business operations.

    KYC Management will not transfer data relating to a client to a third person for that person’s marketing activities.

  2. KYC Management will retain clients’ personal data only for so long as is necessary to fulfil the purpose for which they were collected. After that time, their personal data will be erased.
  3. Under and in accordance with the Applicable Data Protection Laws and guidelines issued pursuant thereto, any individual may:

    7.1 check whether KYC Management holds data about him/her and may request access to such data;

    7.2 request KYC Management to correct any data relating to him/her which are inaccurate;

    7.3 request KYC Management to specify its policies and practices in relation to data and to be informed of the kind of personal data held by KYC Management;

    7.4 request KYC Management to cease using his/her personal data for its marketing purposes.

  4. In accordance with the Applicable Data Protection Laws, KYC Management has the right to charge a reasonable fee for the processing of any data access request.
  5. Requests
  6. 9.1 for access to data or correction of data;

    9.2 for information regarding policies and practices and kinds of data held are to be addressed IN WRITING to our Privacy Officer via the communication methods as set out in the section headed “How to contact us”.

  7. Nothing in this Statement shall limit the rights of clients under the Applicable Data Protection Laws.

Data Sharing

We may share your personal data with or transfer it to the following parties:

  1. Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
  2. Third parties whom we and/or the Professional Firms engage to assist in delivering the services to you;
  3. Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
  4. Competent authorities in order to comply with our legal and/or regulatory obligations; and
  5. Our hosting partner and (cloud or server based) data storage providers.

Direct marketing

We would like to use your name and contact details to send you marketing materials about our services and/or related products but we must obtain the consent (or an indication of no objection) of people who become our clients or staff before we can do so. If you do not want to receive our marketing materials, please send an email stating this to privacy@kyc.management. More information about this can be found in the above Personal Information Collection Statement.

Retention of your personal data

We will retain your personal data for as long as is considered necessary for the purpose for which it was collected (including as required by the Applicable Data Protection Laws). In particular:

  1. where we have collected your personal data as required by anti-money laundering and counter-terrorist financing legislation, including for identification, screening and reporting, we will normally retain that personal data for five (5) years after the termination of our relationship with the relevant Professional Firms, unless we are required to retain this information by another law or for the purposes of court proceedings;
  2. we will in most cases retain your personal data for a period of seven (7) years after the termination of our contractual or other relationship with the relevant Professional Firms in case any claims arise out of the provision of our services to you and/or the Professional Firms.

Use of Website

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connects may allow third parties to collect or share data about you. We do not control these websites, plug-ins or applications and are not responsible for any breach of their privacy policies or the Applicable Data Protection Laws. We encourage you to read the privacy policies of every website you visit when you go to those websites, plug-ins or applications.

Disclosure

Your personal data will generally be kept confidential and will not be disclosed to any other person without your consent. However, your data will be used (and disclosed) to third parties for the purposes for which they were collected. Your personal data may also be disclosed where we are required to do so by law. Please also refer to the above Personal Information Collection Statement as appropriate, for details.

Security

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. We have implemented an information security program that contains administrative, technical, and physical controls that are designed to safeguard your personal data and to ensure your personal data are not subject to unauthorised access.

Your rights

KYC Management would like to make sure you are fully aware of all of your data protection rights under the Applicable Data Protection Laws. Every user is entitled to the following:

The right to access - You have the right to request us for copies of your personal data. We may charge you a small fee for this service.

The right to rectification - You have the right to require us to correct any personal data we hold about you that you believe is inaccurate. You also have the right to request us to complete the personal data you believe is incomplete.

The right to erasure - You have the right to require us to erase your personal data, under certain conditions.

The right to restrict processing - You have the right to require us to restrict the processing of your personal data, under certain conditions.

The right to object to processing - You have the right to object to us relating to the processing of your personal data, under certain conditions.

The right to data portability - You have the right to require us to transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

The right to cease processing your data - To require that we cease processing your personal data if the processing is causing you damage or distress.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

To find out more about your rights, please refer to the relevant data protection governmental body or regulatory authority (as the case may be) in the place where you are located.

If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us via any of the contact details listed above.

If you are not satisfied with how we are processing your personal data, you can make a complaint with us directly via the contact details above, and/or to the relevant data protection governmental body or regulatory authority (as the case may be) in the place where you are located.

Transfer and processing of your personal data cross-border

We may transfer, store, or process your personal information in locations outside the jurisdiction in which you are based (“Jurisdiction”). Where the countries to which your personal information is transferred do not offer an equivalent level of protection for personal information to the laws of the Jurisdiction, we will ensure that appropriate and reasonable safeguards and security measures are put in place.

Where we transfer your personal information from the Jurisdiction, we will only do so in compliance with any applicable data protection laws and regulations.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where we have approved transfer mechanisms in place to protect your personal data.

To find out more about transfers by us of your personal data outside the Jurisdiction or any countries concerned, please contact our Privacy Officer via any of the contact details as set out in the above section headed “How to contact us”.

Cookie usage policy

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device for authentication purposes. Further, we may monitor the traffic data and the location data of our users.

We place strictly necessary cookies on your browser to ensure that our website delivers you information speedily, securely and optimally. You must accept these cookies to be able to access our website.

You may refuse the use of cookies or withdraw your consent at any time by selecting the appropriate settings on your browser. Please note that removal of cookies may affect your use and experience of our website.

By continuing to use our website without changing your privacy settings, you are agreeing to our use of cookies.

For further information on cookies generally, including how to control and manage them, visit the guidance on cookies published in www.aboutcookies.org or www.allaboutcookies.org.