Personal Data Processing Notification

Last updated October 17, 2025

By accepting this You hereby acknowledge and agree that your personal data which you provide or have provided to the Company – the organisation with which you wish to establish a business relationship after completion of KYC, will be processed by Kycaid Company (hereinafter - the “Service Provider or Kycaid”), in order to verify your identity for the Company’s purposes of carrying out customer due diligence procedures in accordance with internal procedures and policies of the Company. Please refer to the Privacy Policy for details about the identity and contact details of Kycaid. You hereby confirm on your own behalf that:

1. My name and other identifiers required for the purposes of this Notification, shall be verified during the processing of my personal data as described herein.

2. I confirm and accept that my personal data will be processed for the Company’s legitimate purposes, which may cover compliance with applicable AML/CFT requirements, anti-fraud obligations, age restriction regulations, and other relevant legal frameworks, as well as the Company’s customer due diligence duties under the laws governing the intended business relationship. In addition, processing may also take place for other lawful and compatible purposes carried out by the Service Provider acting as an independent data controller. Such compatible purposes include service improvement, prevention of fraud and criminal activity, “litigation hold” requirements, and statutory duties of the Service Provider, all of which are further explained in the Privacy Policy accessible here. The categories of personal data used by the Service Provider for these purposes, including biometric data, are listed below.

3. I recognize and accept that the Company may delegate the processing of my personal data as follows:

3.1. I understand and acknowledge that I am aware of the Company’s details (including its address), which acts as the Data Controller. The Company is solely responsible for setting the purposes of processing, issuing orders or instructions related to such processing, and determining the scope of personal data to be processed.

3.2. I acknowledge and agree that the Company may assign the processing of my personal data to third-party data processors (e.g., the Service Provider) when required for the purposes described above. Personal data may also be shared with entities affiliated with Kycaid, provided they are obliged to apply appropriate technical and organizational safeguards to ensure the security of the data in line with this Notification. Depending on the Company’s requirements for data storage, the Service Provider stores personal data within Google Cloud.

3.3. I acknowledge and agree that my personal data may also be disclosed to affiliates of the Service Provider, as necessary to fulfill the purposes described in this Notification. The Service Provider ensures that such affiliates, as well as any other data processors with whom personal data is shared, adopt adequate technical and organizational measures to maintain data security.

Data processing methods

I acknowledge and consent that my personal data may be processed through automated means, including text extraction, validation of authenticity/validity, and other automated methods applied to photographs and scanned copies of documents.

This Notification includes, but is not limited to, the following operations: collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission to the Company, Service Provider, or other designated data processors, dissemination or making data otherwise available for tasks carried out in the public interest or under official authority, transfer (including cross-border transfers when required), alignment or combination, restriction, deletion, and destruction.

My personal data may be screened against various databases such as international Politically Exposed Persons (PEPs) lists, global and country-specific Sanctions Lists, as well as other relevant monitoring lists. In addition, reviews may include publicly available media sources.

In cases where personal data is transferred outside of the EEA, the Company will ensure that appropriate safeguards are applied, as required by law, either through reliance on EU adequacy decisions (or UK adequacy regulations) or by the use of standard contractual clauses. Third-party processors are also obliged to apply suitable safeguards, which may include binding corporate rules, standard contractual clauses, or other legally recognized mechanisms. Cross-border transfers of personal data from the UK to EU/EEA jurisdictions are permitted under UK Government regulations.

I further acknowledge and consent that both the Company and the Service Provider may process my biometric data using automated techniques such as identity document authentication, liveness checks, video selfies or video identification, biometric authorisation, and face comparison between the image on an identity document and a captured facial image. These processes, as described in the Privacy Policy available here, also include detection of multiple identity creation, fraud prevention, and the operation and development of fraud control networks designed to mitigate and prevent fraudulent or criminal activities.

Personal data types to processing

General personal information: full name, gender, personal identification number or code, date of birth, nationality and citizenship, legal capacity, and residential location (street, city, postal code, country).

Facial image data: photographs of the individual’s face (including selfies), images or scans of the face as it appears on official identification documents, video recordings, and audio files.

Biometric information: facial scan(s).

Identity document details: type of document, issuing authority or country, document number, expiration date, machine-readable zone (MRZ), information contained within barcodes (depending on the document type), and visible security features.

Banking-related data: name of the cardholder, expiration date, first six and last four digits of the payment card number, and data extracted from documents provided as evidence of source of funds or wealth.

Contact information: residential address, email address, telephone number, and IP address.

Technical information: records of service usage such as date, time, and user activity; IP address and domain name; device attributes including hardware and software (e.g., type and name of camera); and general location data (such as city or country) as obtained from the user’s device.

Unique identifier: a specific Applicant ID generated solely for linking the individual (Data Subject) with their personal data within the Information System.

Relevant publicly available information: records indicating whether the person is classified as a Politically Exposed Person (PEP) or appears on sanctions lists.

Personal data received from the Controller: for instance, contact details.

Additional information provided by the Data Subject: such as details gathered through their direct communication with the Data Processor (e.g., inquiries, messages, or reports).

I hereby acknowledge and agree that facial images of myself are processed to confirm the liveliness of my face and/or to confirm that a given identity document is presented by me, its legitimate owner and real and it’s not artificially disguised or concealed and confirm that your the person from the photos from submitted by you document.

The Company’s objective is to combat online fraud. To achieve this, the personal data categories analysed include information that helps detect patterns commonly associated with various types of suspicious online activities. This includes basic user identification details as well as technical information from devices and networks involved in the verification process. The personal data categories used in Kycaid’s profiling are critical for understanding online fraud and providing reliable assessments to clients. These include:

  • Full name, age, date of birth, residential address;
  • Facial images and biometric data (facial scans);
  • Identity or passport documents, including document type, language, issuing country, extracted data, and document number;
  • IP address, geolocation, and browser information.

The above personal data is processed for two primary purposes: (a) profiling and (b) making decisions based on the profile generated. Through this profiling process, Sumsub provides its clients with valuable insights to determine whether users should be granted access to their services. Sumsub creates a profile that is shared with client companies, enabling them to make informed decisions regarding access.

The outcome of this processing is a risk label assigned to each individual, which is then evaluated by the clients. It is important to note that the final decision always rests with the client, not Kycaid. This ensures that human review is part of the process and that decisions are not made solely through automated means.

Data subject rights

  • withdraw previously given consent to the processing of personal data, where such processing relies on consent and not on another legal ground (in which case only notification is required);
  • request access to and correction of personal data;
  • submit a justified written request to temporarily suspend the processing of personal data for specific reasons;
  • raise an objection to the processing of personal data;
  • oppose the transfer of personal data, including the right to object to the involvement of third parties in the processing of such data;
  • contest being subject to decisions based solely on automated processing or profiling;
  • submit a justified written request for the deletion of personal data, subject to the limitations imposed by applicable laws and regulations

that may be exercised by contacting the Kycaid or the Service Provider by notice at [email protected].

I acknowledge that I have the right to submit a complaint to the relevant supervisory authority. For matters concerning the processing activities of the Company, please follow the procedures outlined in its privacy policy. For concerns related to the processing activities carried out by Kycaid, further information can be found here.

I confirm that I have been informed that my personal data will be retained and stored by both the Company and the Service Provider, and will be permanently deleted in accordance with the Company’s instructions once the initial purpose or the statutory retention period has expired. In cases where the Service Provider determines compatible processing purposes independently, personal data will be retained and stored as indicated in the Privacy Policy.

I declare that I have thoroughly reviewed all of the above provisions, including the Privacy Policy, and I voluntarily and unambiguously consent to them.

The website uses cookies

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

Privacy Preference Center

We use cookies to improve the functionality of our site, while personalizing content and ads. You can enable or disable optional cookies as desired. For more detailed information about the cookies we use, see our Cookie Policy

Menage cookies