Privacy Policy

Privacy Policy - last updated 16 July 2024

This Privacy Policy applies to any websites and applications owned by Bear Cart Limited (referred to as “Bear Cart Limited” or “UBO Service” or “AML HQ" or “we” or “us”) and this page (together with our Terms and Conditions & Cookies Policy) provides information regarding the collection, use and disclosure of personal data we receive from users of our website/applications.

This Privacy Policy is designed to provide you with the information relevant to the processing of your personal data, including what and why it is processed and what lawful basis we are relying upon, while accessing our services. We are committed to protecting and respecting your privacy. We are fully committed to the principles of data protection, as set out in the General Data Protection Regulation (EU 2016/679) (GDPR).

This Privacy Policy provides specific information relating to the following categories of data subjects whose personal data we process while providing our services:

  1. Visitors to any of our websites;
  2. Individual / Private End Users who access our services;
  3. Individual clients who contract us directly for use of and access to our services and their authorised representatives;
  4. Commercial / Corporate clients who contract us directly for use of and access to our services and their employees or authorised representatives;

This policy together with our terms and conditions (“our Terms”) and any other document referred to in our Terms sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

Please read this policy carefully.  By using our websites, you agree to the terms of this policy and consent to the practices outlined in this policy.

This Privacy Policy document is only available in the English Language.

ABOUT US   

We specialise in providing AML Services that include Corporate Verification, Client Risk Assessments, Firm-Wide Risk Assessments, Policies, Controls & Procedures, ID Verifications, AML Training and AML Guidance.

We operate the websites [www.amlhq.com , www.amlhq.ie, www.amlhq.eu, www.amlhq.co.uk and www.uboservice.com.] These services and brands are wholly owned and controlled by Bear Cart Limited t/a AML HQ, a company registered in Ireland under company number 671681 and with our registered address at:

ArcLabs Research Centre,  
WIT Campus,  
Carriganore,  
Waterford. Ireland
X91 P20H 

DEFINITIONS

Agreement: The service agreement entered into between Bear Cart Limited t/a AML HQ and Clients, including service agreements for trials and partnership agreements.

Clients: Corporate or individuals who contract us directly for use of and access to our Services.

Representative: Natural person representing the Client, including any natural person with whom we communicate (I) as the representative of a potential Client prior to conclusion of the Agreement, (ii) during the Agreement term as the representative of our Client, and (iii) after the Agreement term as a representative of former Client, as relevant.

Data Controller: A legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Except as otherwise provided in this Privacy Policy, Client are Data Controllers for End-User Personal Data and give instructions regarding processing to AML HQ.

Data Processor: A legal person, public authority, agency, or other body which processes personal data on behalf of a Data Controller. Except as otherwise provided in this Privacy Policy, AML HQ is the Data Processor for End-User Personal Data.

Data Providers: Entities such as public authorities and third-party suppliers from whom we may collect Personal Data for verification purposes. For example, we may check the End-User-provided information against the official public registry or other fraud prevention services.

Data Subject: A natural person or individual about whom we have Personal Data, including End User, Client Representatives, Website Visitors and other natural persons whose Personal Data we may process.

EEA: European Economic Area (the European Union Member States, Norway, Iceland and Liechtenstein).

End User: The natural person regarding whom we provide the Service at the request of the Client or any other natural person accessing or using the Service.

Personal Data or Personal Information: Any information relating to an identified or identifiable natural person (the Data Subject), subject to applicable data protection laws; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Anonymized data is de-identified and not Personal Data.

Privacy Policy: This privacy Policy, made available at: https://www.amlhq.com

Service(s): Personal identity verification service and connected services (such as any ongoing authentication services, assisting services, fraud prevention and other similar services) and other AML services as provided by us to Clients.

DATA COLLECTED ABOUT YOU

We act in accordance with the EU GDPR, Data Protection Acts 1988 and 2003 (the “DPA”). You may provide us with information when you register for our services or complete online forms on our websites or engage in correspondence with us, by email, telephone or otherwise. This may include information about you and may include your name, address, e-mail address and phone number, financial and credit card information and other personal information.

When we process the information of End Users, we do so in accordance with the instructions of our Clients whereby we act as the Data Processor. If you are an End User, our Client is the Data Controller of your information.
  
We may also automatically collect non-personal technical data about you when you visit our website including but not limited to: technical information; IP addresses; login information; and web browser information. We do not make any attempt to associate any technical information with any individual and the information is only used for statistical and other administrative purposes. For additional details please see our Cookies Policy

Under data protection law, we ensure that we have an appropriate lawful basis for the processing of your personal data and let you know what that lawful basis is.

The lawful basis we rely upon to process your data are:

  1. Consent of the End User;
  2. Processing is necessary for the performance of a contract to which the End User is a party or in order to take steps at the request of the End User prior to entering into a contract;
  3. Compliance with a legal obligation; and
  4. For the purpose of the legitimate interest pursued by AML HQ.

PERSONAL DATA WE COLLECT

Personal data means any information relating to you, which allows us to identify you, such as your name, date of birth and contact details. While using our service, we may collect the following types of personal data:  

  1. End User identification documents (e.g., Passports; Driver Licenses; National Identity cards);
  2. Proof of Address documents (e.g., Utility bills; Bank Statements);
  3. Commercial/Corporate Identity Information (e.g., Articles of Association; Company Register Certificates);
  4. Commercial/Corporate financials (e.g., audited financial statements);
  5. End User credentials (e.g., email address; phone number and other identifiers) required to securely enable End Users to login to AML HQ;
  6. Biometric Data (facial recognition for identity verification checks to prevent identity fraud); and
  7. Any other personal data requested by the Client.

HOW COLLECTED INFORMATION IS USED

We will only use personal data for the purpose of our processing activities to deliver a requested Service between a specific End User and a specific Client. Personal data will not be shared with any other Clients. The End User will be asked to provide certain information, and we will explicitly seek the consent of the End User before sharing each piece of information and documentation with a Client.

In the following circumstances we may disclose information to third parties:

  1. Business partners for the performance of any contract including, payment processors, data aggregators and hosting service providers;
  2. Our insurers and/or professional advisers insofar as reasonably necessary for the purpose of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes;
  3. Analytics and search engine providers that assist us in the improvement and optimisation of our website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
  4. If we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;
  5. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
  6. To protect our rights, property, or safety, or that of yours or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection;
  7. As required by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements. We will disclose your personal data if this is necessary to:
  8. Comply with a legal obligation;
  9. Protect or defend our rights, interests or property or that of a third party;
  10. Prevent or investigate possible wrongdoing in connection with our services;
  11. Act in urgent circumstances to protect the personal safety of one or more individuals; and
  12. Protect against legal liability.

When we engage another organisation to perform services for us, we may provide them with information including personal data, in connection with their performance of those functions. Where we do share your personal data with a third party, we have taken steps to ensure that those parties comply with data protection laws to the same extent we do.

The information received from you will only be disclosed to such third parties as may be necessary in order to provide you with the services requested through our website and in order to arrange delivery of same. By registering with us, by your use of our website, and the acceptance of our Terms you hereby authorise us to convey your information to such third parties. 

We may also use your information to: 

  1. carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
  2. to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
  3. to notify you about changes to our service;
  4. to ensure that content from our website is presented in the most effective manner for you and for your computer;
  5. to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  6. to improve our website to ensure that content is presented in the most effective manner for you;
  7. to allow you to participate in interactive features of our service, when you choose to do so;
  8. as part of our efforts to keep our website safe and secure; and
  9. to make suggestions and recommendations to you and other users of our website about services that may interest you or them.

No other information will be divulged to any other third party unless we receive your prior authorisation and/or we are required to do so by law or in order to enforce or apply our Terms. 

We will take reasonable precautions to prevent the loss, misuse or alteration of your information. Agents or contractors who have access to information, you give us, in the course of providing services to us are required to keep that information confidential and are not permitted to use it for any purpose other than to carry out the services which they are performing for us.

DATA RENTENTION

We retain your End User personal data for as long as we are instructed to do so by our Clients, who are the Data Controller. With regard to our clients, we retain your personal data for no longer than is necessary with regard to the purposes for which it was collected or lawfully further processed.

Our website visitor’s personal data will be retained on our contact database for as long as you are our business contact and wish to receive information about us.

SECURITY

We are committed to implementing robust security controls, maintaining compliance with relevant regulations, and continually improving our security posture to protect client data from unauthorised access, disclosure, alteration, and destruction.

Our IT Security Policies are designed to safeguard the confidentiality, integrity, and availability of our systems and the sensitive client data that we manage as a service provider. They serve as a foundation for establishing a secure IT environment and guides our employees in adhering to best practices for information security.

We have selected Microsoft as our infrastructure and hosting service provider, and we utilise the Microsoft Azure platform. Our servers and all data are stored within the EU region (Ireland).

The AML HQ Portal and API is secured using Transport Layer Security (TLS). TLS protects the information sent to and received from calls by encrypting messages while they are in transit. Data is encrypted at rest.

The AML HQ system components are actively secured and hardened by Microsoft and go through vigorous compliance checks on a continuous basis to make sure that:

  1. AML HQ resources are secured from the other client resources.
  2. VM instances and runtime software are regularly updated to address newly discovered vulnerabilities.
  3. 24-hour threat management protects the infrastructure and platform against malware, distributed denial-of-service (DDoS), man-in-the-middle (MITM), and other threats.

Our IT Security Policies define the measures taken to secure our IT systems and data. A copy of our IT Security Policies will be provided as appropriate on request.

TRANSFERS OUTSIDE THE EEA

We do not transfer personal data outside the European Economic Area (“EEA”). If at any time it becomes necessary for us to transfer personal data outside the EEA, it will only be transferred outside the area using legally approved transfer mechanisms, such as the European Commission’s standard contractual clauses or an adequacy decision.

YOUR RIGHTS UNDER GDPR

If you are in the EEA, you have several rights under the GDPR.  These rights are as follows:

Rights of Access: You have the right to know what personal data we hold on you, why we hold the data for how we are processing your personal data;

Right to Rectification: You have a right to request that the personal data held in relation to you is up to date and accurate and where it is inaccurate have it corrected;

Right to Erasure: You have the right to request the deletion of your personal data provided that there are no overriding reasons to retain that data;

Right to Restriction: You have the right to restrict the extent for which your personal data is processed;

Right to Data Portability: You have the right to have your personal data transferred to another service provider;

Right to Object: You have the right to object to the processing of your personal data where the processing is based on our legitimate interest;

Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time, where the processing is based on your consent; and

Right to Object to Automated Process: You have the right not to be subject to a decision based solely on automated processing where a decision would have a significant impact on you.

If you have given us information about yourself and would like copies of your information, or you would like us to correct any factual inaccuracies in your information, or if you would like that information deleted from our records, then please contact us. We will use reasonable efforts to supply, correct or delete information about you on our files. 

If you wish to exercise any of your rights regarding personal data or ask questions about this Privacy Policy, please submit a corresponding request to us via info@amlhq.com. We will respond to your request by email as a rule no later than within one month or sooner if required by applicable law.

If you are unhappy with our response to your rights request, you have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, work or where you think an infringement of data protection law took place.

GENERAL

This policy will be the subject of change and the use of information that we gather shall be subject to the Privacy Policy. It shall be your responsibility to check our website frequently to see recent changes. We will post any changes on the website and when doing so will change the updated date at the top of this Privacy Policy. If you are not happy with any changes that we have made you should cease using our services. In some cases, we may provide you with additional notice of changes to this Privacy Policy via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material.

Please contact us if you have any questions about this Privacy Policy, or about any information we hold about you via email at:  info@amlhq.com

Data Protection Officer: Richard Wood

ArcLabs Research Centre,  
WIT Campus,  
Carriganore,  
Waterford. Ireland  
X91 P20H