Our
Privacy Policy
KYC Checks B.V.
Last updated: February 27th, 2026
1. Who We Are
KYC Checks B.V.
Linnaeuslaan 26
3903GS Veenendaal
The Netherlands
Chamber of Commerce (KvK): 95274545
Email: info@kyc-checks.nl
Phone: +31 6 57323454
KYC Checks B.V. (“we”, “us”, “our”) is the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
2. Scope of This Privacy Policy
This Privacy Policy explains how we collect, use, process, and protect personal data when:
You visit our website
You request a KYC or due diligence report
You contact us
We conduct screenings on companies and individuals
You interact with our services
Our services are intended exclusively for business and professional use.
3. Categories of Personal Data We Process
A. Client Data (Requesting Party)
When you request a verification or contact us, we may process:
Full name
Business email address
Company name
Chamber of Commerce / registration number
Telephone number
Billing details
Payment information
IP address
Communication records
B. Data of Screened Individuals (Third Parties)
In the course of providing KYC/AML and due diligence services, we may process personal data relating to directors, shareholders, ultimate beneficial owners (UBOs), or representatives of target entities, including:
Full name
Date of birth (where publicly available)
Nationality
Politically Exposed Person (PEP) status
Sanctions list entries (EU, OFAC, UN, etc.)
Adverse media reports
Corporate registry information
Publicly available compliance-related information
We process only data that is:
Publicly available
Lawfully accessible via official registries
Obtained from licensed compliance databases
Necessary for AML, fraud prevention, and risk assessment
Where criminal or sanctions-related information is processed, this is done in accordance with Article 10 GDPR and applicable Dutch and EU legislation.
4. Legal Basis for Processing
We process personal data based on:
Article 6(1)(b) GDPR – Performance of a contract
Article 6(1)(c) GDPR – Legal obligation
Article 6(1)(f) GDPR – Legitimate interest (fraud prevention, compliance, risk mitigation)
Article 10 GDPR – Processing of criminal and sanctions-related data where legally permitted
Our legitimate interest includes protecting financial systems, preventing fraud, and enabling compliant international trade.
5. Purpose of Processing
We process personal data for:
Conducting KYC and AML screenings
Producing audit-ready due diligence reports
Meeting EU and international compliance standards
Identity and risk verification
Invoicing and financial administration
Fraud prevention and misuse detection
Website security and performance optimization
6. Data Retention
We retain personal data only as long as necessary:
KYC and due diligence reports: up to 5 years
Financial and accounting records: 7 years (Dutch tax law)
Contact inquiries (without contract): up to 12 months
Website logs: as necessary for security monitoring
After expiration of retention periods, data is securely deleted or anonymized.
7. Data Sharing
We may share personal data with:
EU-based hosting providers
Licensed compliance and intelligence data providers
Payment service providers
Professional legal and accounting advisors
Regulatory authorities where legally required
We do not sell personal data.
All third-party processors are contractually bound by data processing agreements in accordance with GDPR.
8. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, including:
EU Standard Contractual Clauses (SCCs)
Transfers to countries with an adequacy decision
Additional contractual and technical safeguards where necessary
9. Data Security
We implement appropriate technical and organizational measures, including:
SSL/TLS encryption
Secure EU-based servers
Access control and role-based permissions
Logging and monitoring systems
Encrypted storage of reports
Confidentiality obligations for personnel
10. Website Hosting and Infrastructure
Our website is developed and hosted by:
Webplace4u
Webplace4u acts as a data processor on our behalf and may process limited technical data such as:
IP addresses
Server logs
Website usage data
Security logs
A data processing agreement is in place to ensure GDPR compliance.
Hosting services are provided within the European Union unless explicitly stated otherwise.
11. Cookies
Our website uses:
Functional cookies necessary for website operation
Analytical cookies
Optional marketing cookies (subject to consent where required)
For detailed information, please refer to our separate Cookie Policy.
12. Rights of Data Subjects
Under GDPR, individuals have the right to:
Access their personal data
Request correction
Request deletion (where legally permissible)
Restrict processing
Object to processing
Data portability
Withdraw consent (where applicable)
Requests may be submitted to:
We respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
13. Minors
Our services are intended exclusively for professional and business users aged 18 years or older. We do not knowingly collect personal data from minors.
14. Compliance Statement
Given the nature of our services (including sanctions screening, PEP identification, UBO analysis, and adverse media research), we operate in alignment with:
EU Anti-Money Laundering Directives
FATF recommendations
International banking compliance standards
Our services are designed to support lawful due diligence and risk management processes.
15. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time. The most current version will always be available on our website.