1
Who We Are
KYCifi is a compliance consultancy providing KYC, AML and Source of Funds support to individuals and businesses. We trade under the name KYCifi and act as the data controller for all personal information you provide to us.
Address: No 1 Spinningfields, Manchester M3 3EB
Email: [email protected]
This Privacy Policy applies to information collected through our website, by email, by telephone, and in the course of providing our services. It is written in plain English so you can clearly understand how we handle your data.
2
What Data We Collect
Depending on the services you engage us for, we may collect and process the following categories of personal data:
- Identity data: full name, date of birth, nationality, and copies of identity documents such as a passport or driving licence
- Contact data: email address, telephone number, and postal address
- Business data: company name, company registration number, corporate structure, ultimate beneficial owner (UBO) details, and directorship information
- Financial data: bank statements, source of funds documentation, source of wealth information, and transaction records provided to support your compliance response
- Correspondence: emails, letters, and messages you send us, including instructions and any information shared during the course of your engagement
- Technical data: IP address, browser type, and basic usage data when you visit our website
We collect data directly from you, from documents you provide, and occasionally from publicly available sources such as Companies House or public registers where relevant to your case.
3
How We Use It
We use your personal data only for legitimate purposes connected to our work with you. Specifically, we use it to:
- Provide the compliance support services you have engaged us for
- Prepare documentation, response packs, and written submissions on your behalf
- Communicate with you about your case and respond to your queries
- Send you service-related updates or relevant information where you have requested this
- Comply with our own legal and regulatory obligations, including anti-money laundering requirements
- Maintain accurate records of the work we have carried out
- Understand how our website is used, in order to improve it
We do not use your personal data for automated decision-making or profiling, and we do not use it for direct marketing without your explicit consent.
4
Legal Basis
We process your personal data on the following legal bases under the UK General Data Protection Regulation (UK GDPR):
- Contract performance (Article 6(1)(b)): processing is necessary to fulfil our agreement with you and to deliver the services you have requested
- Legal obligation (Article 6(1)(c)): processing is necessary for us to comply with legal obligations applicable to us, including record-keeping and anti-money laundering requirements under the Money Laundering Regulations 2017
- Legitimate interests (Article 6(1)(f)): processing is necessary for our legitimate business interests — such as maintaining records, improving our services, and running our operations — where those interests are not overridden by your rights and freedoms
- Consent (Article 6(1)(a)): where you have given explicit consent for a specific purpose, such as receiving marketing communications, which you may withdraw at any time
5
Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our standard retention periods are:
- Client engagement records: retained for 6 years following the end of an engagement, in line with the Limitation Act 1980
- Identity documents and AML records: retained for 5 years following the end of the business relationship, in compliance with the Money Laundering Regulations 2017
- General correspondence not forming part of a client file: retained for 3 years
- Website analytics data: retained for 12 months
When personal data is no longer required, we securely delete or irreversibly anonymise it. If you request erasure of your data, we will do so unless we are required to retain it by law.
6
Who We Share With
We do not sell your personal data, and we do not share it with third parties for their own marketing purposes. We may share your information in the following limited circumstances:
- IT and cloud service providers: we use reputable providers for email, secure document storage, and business software; all are contractually required to handle your data securely and in accordance with UK GDPR as data processors
- Professional advisers: solicitors, accountants, or other professionals where their input is required in connection with your matter, and only with your knowledge
- Regulatory or law enforcement authorities: where we are required by law to disclose your information, including under the Proceeds of Crime Act 2002 or the Terrorism Act 2000
Where we engage third-party processors, we ensure appropriate data processing agreements are in place. We do not transfer personal data outside the UK or European Economic Area (EEA) without ensuring adequate protections are in place as required by UK GDPR.
7
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at [email protected].
- Right of access (Subject Access Request): you may request a copy of the personal data we hold about you, free of charge
- Right to rectification: you may ask us to correct personal data that is inaccurate or incomplete
- Right to erasure ("right to be forgotten"): in certain circumstances, you may ask us to delete your personal data, subject to our legal retention obligations
- Right to restriction: you may ask us to restrict how we process your data while a complaint or accuracy challenge is resolved
- Right to data portability: where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format
- Right to object: you may object to processing based on our legitimate interests; we will stop unless we can demonstrate compelling legitimate grounds that override your interests
- Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal
We will respond to all requests within one calendar month. If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8
Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:
- Encrypted email and secure file transfer when sharing sensitive documents
- Secure cloud storage with access restricted to authorised personnel only
- Password-protected systems with multi-factor authentication where available
- Regular review of data handling practices and IT security arrangements
- A data breach response procedure to ensure prompt identification and notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO without undue delay and within 72 hours of becoming aware of it, in accordance with our obligations under UK GDPR.
Please be aware that the transmission of data over the internet is never completely secure. While we take every reasonable step to protect your data, we cannot guarantee the security of information you send to us electronically before it is received.
9
Cookies
Our website uses a small number of cookies to ensure it functions correctly and to understand how it is being used. We do not use advertising or third-party tracking cookies.
- Essential cookies: required for the website to function correctly, such as maintaining session preferences. These cannot be disabled without affecting how the site works and do not require consent under PECR.
- Analytics cookies: where analytics tools are in use, these collect anonymised, aggregated information about how visitors use our website (such as pages visited and time on page). This data is not used to identify individuals and is used solely to improve our website.
By continuing to use our website, you acknowledge our use of essential cookies. You can manage or delete cookies at any time through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling cookies may affect your experience on our site.