Privacy Notice

KYC LABS LTD and its affiliates (hereinafter, “KYC Labs”, "we", "us" or "our") is committed to protecting and respecting privacy of its business partners representatives and the visitors of our website ( and the Users of our application (Identance).

This Privacy Notice (together with effective agreements between KYC Labs and its Business Partners) governs collection, processing and the use of Business Partners Contacts by KYC Labs and the Users of Identance application.

Basic Definitions

  • KYC Labs affiliates - subsidiaries, parent companies, and companies under common control.
  • Identance Application – solution designed by KYC Labs for the purposes of Users` identity, address verification, proof of funds.
  • Business Partner – legal entity or private entrepreneur who KYC Labs have or intend to have legal relationship with within its business activities.
  • Personal Information (personal data) is any information which identifies you personally or which may help us to identify you (e.g. your name, address, e-mail address etc.).
  • Data subject is an identified or identifiable person.
  • Business Partner Contact – data subject related to Business Partner (authorized representative, official or beneficial owner of the Business Partner, employee, other Individual authorized to represent Business Partner in business relationship with the KYC Labs or prior to entering into business relationship with the Controller).
  • Data controller is a company which determines purposes and means of personal data processing.
  • Data processor is a company which processes personal data on behalf and upon instructions of the Data controller.
  • Personal data processing is any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).

Other capitalized terms, not defined above, have the meanings as defined in the agreements with our Business Partners and the applicable data protection legislation (namely, the General Data Protection Regulation 2016/679 as of April 27, 2016, further – the GDPR).

Who is KYC Labs

KYC Labs Ltd is a company registered in the United Kingdom. Our registered office is at Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX.

The Categories of Personal Data We Process

We may process the following Personal Information of Business Partners Contacts:

  • Name;
  • Employment details (in particular, employer, job position);
  • Work contact details (work email, work telephone number);
  • Other Personal Information needed for entering or performing the contract or voluntary provided by Business Partner Contact via phone or via email.

We may process the following Personal Information of Identance Application Users:

  • your name;
  • your photographic identification;
  • details from your identity documents (such as driver license, passport), number of the document, date of issue and expiration, photographic identification, address etc.;
  • your address;
  • your phone number;
  • your e-mail address;
  • your date of birth;
  • your employment details;
  • information on sources of your funds.

Purposes of Processing

We may process Personal Information of our Business Partners Contacts for the following purposes:

  • Communication with Business Partners within carrying out business activities of KYC Labs (responding to and sending requests, negotiating on proposals etc.);
  • Establishment, performance or management of contractual relationships with Business Partners;
  • Ensuring compliance with applicable laws and regulations and KYC Labs Ltd internal policies and procedures;
  • Identity/address/ source of funds verification;
  • Dispute resolution, establishment, exercise or defence of legal claims.

Legal Basis of Personal Data Processing

We process Personal Information of our Business Partner Contacts only if we have a legal basis for that.

Processing of Personal Data of our Business Partner Contacts for the purposes indicated above may be carried out based on one of the following legal grounds prescribed by the GDPR:

  • Article 6 (1) (b) of the GDPR – when entering into legal relationship or performing contract between KYC Labs Ltd. and Business Partner;
  • Article 6 (1) (c) of the GDPR – if processing is necessary for compliance with a legal obligation KYC Labs Ltd. is subject to;
  • Article 6 (1) (a) of the GDPR (data subject consent) - in some cases, if Personal Information is provided by Business Partners Contacts;
  • Article 6 (1) (f) of the GDPR – if processing is based on our legitimate interest;

Our legitimate interest of data processing lies in transfer and obtaining information necessary for carrying out KYC Labs Ltd. business activities, establishing and developing business relationships with our Business Partners.

Where We Receive Personal Information from

We may collect Personal Information of our Business Partners from:

  • Directly from Business Partner Contacts
  • Other Business Partners
  • From the Users of our Identance Application directly.

Rights of Business Partners Contacts with Respect to Personal Data Processing

We are committed to ensuring the following rights of Business Partners Contacts provided by the GDPR:

  • Right to be informed on the processing of Personal Information by KYC Labs Ltd;
  • Right to request from us access to your Personal Information;
  • Rectification or erasure of personal data;
  • Restriction of processing concerning the data subject and
  • Right to object to processing;
  • Right to data portability;
  • Right to withdraw consent at any time if data processing is based on point (a) of Article 6(1) of the GDPR
  • Right to Through this automated processing, we carry out an analysis of your identification,
  • Right to request human intervention or challenge a decision on verification in cases of automated decision making. We may carry our automated decision-making, with respect to processing of our Application Users’ for the purposes of their identity/address verification.

To exercise your rights prescribed by the GDPR you may contact us on{' '} [email protected]

Disclosure of Personal Information

We may transfer Personal Information of our Business Partners Contacts and/ or the Users of our Application to:

  • Our affiliates, agents and representatives;
  • Our contractors providing software for identity verification purposes.

Disclosure of Personal Information to third parties is carried out without prejudice to provisions indicated in the effective non-disclosure contractual obligations with our Business Partners.

International Data Transfer

Our contractors and affiliates are situated at different locations (including countries located outside the EU). We strive to ensure adequate level of personal data protection wherever our contractor is located. We may transfer Personal Information of our Business Partners Contacts only in the following cases:

  • If the country where we transfer Personal Information to provides the adequate level of personal data protection (based on the relevant decision of European Commission (click here to see the list of such countries);
  • If we take appropriate safeguards to ensure that data subject rights are protected;
  • If any derogations for specific situations apply (for instance, if is such transfer is necessary for the establishment, exercise or defence of legal claims or for important reason of public interest).

Period of Processing

In accordance with record keeping activities for Anti-Money Laundering, Tax and Company legal obligations and considering the period during which legal claims may be brought against us under the laws of the UK, we retain Personal Information of our Business Partner Contacts for a maximum period of six years after we terminate legal relationships with our Business Partner or for six years from the end of the tax period of the last financial transaction related to our Business Partner.

Personal Data of Identance Application Users shall be stored until the respective decision on verification is made.

Our Data Protection Officer

Our Data Protection Officer is the person in charge of ensuring our company adheres to this privacy policy. This person is also the main contact for our Data Protection Supervisory Authority, the Information Commissioner’s Office ( ). The Data Protection Officer may be contacted on [email protected].

Data Protection Supervisory Authority

Our Data Protection Supervisory Authority in terms of data protection is the UK Information Commissioner’s Office (ICO). You may contact the authority if you wish to discuss with them any instance where you feel we may not be adhering to the terms within this Privacy Policy or to raise a complaint.


This current version of the Privacy Policy has last been amended on the June 6, 2019.

We use cookies to optimize site functionality and give you the best possible experience.Learn more.