Our
Privacy Policy

KYC Checks B.V.
Last updated: June 15th, 2026

1. Who we are

KYC Checks B.V.
Linnaeuslaan 26
3903 GS Veenendaal
The Netherlands

Chamber of Commerce (KvK): 95274545
Email: info@kyc-checks.nl / info@kycchecks.com
Phone: +31 6 57323454

KYC Checks B.V. (“we”, “us”, “our”) is the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Scope of this privacy policy

This privacy policy explains how we collect, use, process and protect personal data when:

  • You visit our website
  • You request a KYC or due diligence report
  • You contact us
  • We carry out screenings of companies and individuals
  • You use our services

Our services are intended exclusively for business and professional use.

3. Categories of personal data we process

A. Customer data (requesting party)

When you request a verification or contact us, we may process:

  • Full name
  • Business email address
  • Company name
  • Chamber of Commerce / registration number
  • VAT number (where provided)
  • Phone number
  • Billing details
  • Payment information
  • IP address
  • Communication data

B. Data of screened individuals (third parties)

In the course of providing KYC/AML and due diligence services, we may process personal data relating to directors, shareholders, ultimate beneficial owners (UBOs) or representatives of target entities, including:

  • Full name
  • Date of birth (where publicly available)
  • Nationality
  • Politically exposed person (PEP) status
  • Sanctions list entries (EU, OFAC, UN, etc.)
  • Adverse media coverage
  • Company registration details
  • Publicly available compliance information

We only process data that is:

  • Publicly available
  • Lawfully accessible through official registers
  • Obtained from licensed compliance databases
  • Necessary for AML, fraud prevention and risk assessment

Where criminal or sanctions-related information is processed, this is done in accordance with Article 10 GDPR and applicable Dutch and EU law.

4. Legal basis for processing

We process personal data on the basis of:

  • Article 6(1)(b) GDPR – Performance of a contract
  • Article 6(1)(c) GDPR – Legal obligation
  • Article 6(1)(f) GDPR – Legitimate interest (fraud prevention, compliance, risk mitigation)
  • Article 10 GDPR – Processing of criminal and sanctions-related data where legally permitted

Our legitimate interest includes protecting financial systems, preventing fraud and enabling compliant international trade.

5. Purpose of processing

We process personal data to:

  • Carry out KYC and AML screenings
  • Produce audit-ready due diligence reports
  • Comply with EU and international compliance standards
  • Verify identity and assess risk
  • Handle invoicing and financial administration
  • Prevent fraud and detect abuse
  • Maintain website security and performance

6. Data retention

We retain personal data only for as long as necessary:

  • KYC and due diligence reports: up to 5 years
  • Financial and accounting records: 7 years (Dutch tax law)
  • Contact requests (without a contract): up to 12 months
  • Website logs: as needed for security monitoring

After the retention periods expire, data is securely deleted or anonymised.

7. Sharing of data

We may share personal data with the following categories of processors and recipients, all located within the EU or covered by appropriate safeguards:

  • Hosting and infrastructure providers (see section 10)
  • Payment service provider: Mollie
  • Email and productivity services: Microsoft 365
  • Workflow and automation services used to process and route requests (n8n)
  • Licensed compliance and intelligence data providers
  • VAT validation via the European Commission VIES service
  • Professional legal and accounting advisers
  • Regulatory authorities where legally required

We do not sell personal data.

All third-party processors are contractually bound by data processing agreements in accordance with the GDPR.

8. International data transfers

Where personal data is transferred outside the European Economic Area (EEA) — for example when screening against non-EU sanctions lists such as OFAC (United States) — we ensure appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs)
  • Transfers to countries with an adequacy decision
  • Additional contractual and technical safeguards where necessary

9. Data security

We implement appropriate technical and organisational measures, including:

  • SSL/TLS encryption
  • Secure servers within the EU
  • Access control and role-based permissions
  • Logging and monitoring systems
  • Encrypted storage of reports
  • Confidentiality obligations for staff

10. Website hosting and infrastructure

Our website is developed and hosted by:

Webplace4u

Webplace4u acts as a data processor on our behalf and may process limited technical data, such as:

  • IP addresses
  • Server logs
  • Website usage data
  • Security logs

A data processing agreement has been concluded to ensure GDPR compliance. Hosting services are provided within the European Union unless explicitly stated otherwise.

11. Cookies

Our website uses:

  • Functional cookies necessary for the operation of the website
  • Analytical cookies
  • Optional marketing cookies (subject to consent where required)

For detailed information, please refer to our separate cookie policy.

12. Rights of data subjects

Under the GDPR, individuals have the right to:

  • Access their personal data
  • Request correction
  • Request erasure (where legally permitted)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)

Requests can be submitted to:

📩 info@kyc-checks.nl / info@kycchecks.com

We respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

13. Minors

Our services are intended exclusively for professional and business users aged 18 or over. We do not knowingly collect personal data from minors.

14. Compliance statement

Given the nature of our services (including sanctions screening, PEP identification, UBO analysis and adverse media research), we operate in accordance with:

  • EU Anti-Money Laundering Directives
  • FATF Recommendations
  • International banking compliance standards

Our services are designed to support lawful due diligence and risk management processes.

15. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time. The most recent version is always available on our website.