Privacy Policy Axis KYC Compliance Solution
Axis respects your privacy and is committed to protecting your Personal Data. This Privacy Notice outlines how we process personal data and provide the framework through which effective management of data protection matters can be achieved while providing our Services. This Privacy Notice does not cover how Axis Clients may treat Users' personal data. Clients provide this information in their privacy statements which are not subject to Axis’s control.
Please use the Definitions below to understand the meaning of some of the terms used in this Privacy Policy. Unless specifically defined, any capitalized terms used throughout this Privacy Policy (but not defined herein) shall have the same meaning attributed to it in Axis’s General Terms and Conditions. Please read this Privacy Policy carefully before using the Platform (and/or Services) or submitting any information to us. If you do not agree to any part of this Privacy Policy, you shall immediately cease accessing our Platform or using any of our Services.
processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
personal and non-personal User’s data that is submitted, generated, featured and displayed through the Platform, collected from the use of the Service and stored on Axis’s servers.
the interest of our business in conducting and managing our Services to enable us to give you the best Service and the best and most secure experience. We consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests.
all of the terms, conditions and notices contained or referenced in Axis’s General Terms and Conditions and all other Axis rules, policies available at http://www.axiskyc.ae, as amended from time to time.
processing your Data where it is necessary for the performance of our Services.
information that specifically identifies an individual (such as a name, address, photo, telephone number, mobile number, e-mail address, birthday, office location, professional and personal interests, company name, title department, spoken languages) or information about that individual that is directly linked to personally identifiable information.
any online tool provided, processed and/or maintained by Axis (including, but not limited to, all subpages and subdomains, all content, Services and products available at or through Axis’s website located at http://www.axiskyc.ae and/or its mobile application, and/or any other related domain offering access to, or facilitating the provision of, the Services);
all of the privacy policies, practices and notices contained or referenced in this document (as amended from time to time) and all other Axis rules, policies available on the Platform that may be published from time to time on the Platform.
the online and/or offline services provided by Axis for the provision and use of the technology that Axis has developed to facilitate the acquisition of the Vendor Goods;
all eligible goods and/or services of a Vendor that can be purchased by Customers using the Services;
the person, company, or organization that has visited or is using the Platform and/or the Service. A User may be a Customer, a Vendor, both or neither.
any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
a breach of data security leading to unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their personal data;
a system that allows Users to have a real-time interaction with Axis’s support team in a chatbox on the Website page in the browser;
the process and rules established by the Client in line with applicable regulations, including the requirements for identifying its customers, related risks and checking they are who they say they are (may be referred to as ‘KYC’ in this Notice);
standard sets of contractual terms and conditions adopted by the European Commission (or UK-designated authorities) and ensuring appropriate safeguards for data transfers from the EEA and the UK to third countries, which the Controller and the Processor both sign up to, where necessary;
European Economic Area (the European Union Member States, Norway, Iceland and, Liechtenstein);
Anti-Money Laundering / Combating the Financing of Terrorism legal rules and standards as envisaged in FATF recommendations, EU regulations, and national legislation;
individuals who are or have been entrusted with prominent public functions (e.g., heads of state or government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials), as well as their relatives and close associates;
This Privacy Policy aims to give you information on how Axis collects and processes your Personal Data through your use of the Platform, including any Data you may provide through the Platform when you register an Account, use any Service and/or sign up to our newsletter, as well as installing and signing up to any Axis mobile application.
Axis may process the personal data of children, understood as individuals under the age of majority under the national laws of the Client’s country of incorporation, only when the Client ensures that the person with parental responsibility for the child has consented to such processing. Otherwise, if a child’s personal data is accidentally submitted to Axis, it will be deleted without undue delay.
This Privacy Policy applies to the Platform and all information we collect through our Services from our Users. By clicking on the “Accept” button in the Axis sign up flow, you (i) agree irrevocably and without condition to this Privacy Policy, (ii) consent to your Personal Data being collected, used and disclosed as set out in this Privacy Policy; and (iii) agree that we may provide notices to you electronically on the terms and conditions set forth in this Privacy Policy and Axis’s General Terms and Conditions.
This Privacy Policy supplements any other privacy notices we may provide to you from time to time and is not intended to override them.
You agree that Axis may amend this Privacy Policy from time to time, and in Axis’s sole discretion. Although we will use our best endeavors to notify you of any amendment to this Privacy Policy, we will not be required to provide you with prior notification of such amendments or changes to this Privacy Policy.
Upon any amendment or change to this Privacy Policy, we will publish the amended Privacy Policy on the dedicated link available at our Platform. Your continued use of the Platform and/or the Service after the publication date of a revised version of this Privacy Policy constitutes your acceptance of its terms. You are invited to review this Privacy Notice at any time to stay informed about updates.
Please note that it is crucial to the Performance of our Services and functionality of the Platform that the Personal Data we hold about you is accurate and current. Please keep us informed and updated if your Personal Data changes during your relationship with us. You can review and update your Personal Data in your Account settings at any time by logging in to your Account.
Our Platform may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Data about you. This Privacy Policy does not apply to Data and/or Personal Data submitted or collected through websites maintained by third-party companies or organizations to which we may link or which may link to us, unless and until such Data and/or Personal Data is shared with us. We do not control these third-party websites, plug-ins and applications, whether or not they operate on top of the Platform or on an external website, and are not responsible for their privacy statements. When you engage such third-party website, plug-in or application, whether or not you have left our Platform, we encourage you to read the privacy policy of each website, plug-in or application you visit or engage. The Vendors that you buy the Vendor Goods from or contract with (even if such Vendor Services are purchased using our Services) have their own privacy policies, and we are not responsible for their actions, including their information protection practices. Similarly, data and payment API providers that we may work with from time to time have their own privacy policies. We are not responsible for any such provider’s actions, including their information protection practices.
2.1.1 Depending on which of our Services you use and how you interact with our Platform, we collect different kinds of information from or about you. We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
We also collect, use and share aggregated Data such as statistical or demographic Data for any purpose. Aggregated data may be derived from your Personal Data but is not considered Personal Data as this Data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of Users accessing a specific Platform feature.
We do not collect any Personal Data about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, and genetic. Nor do we collect any information about criminal convictions and offenses.
We receive and store any information you enter on our Platform or that you provide us with in any other way. The types of Personal Data collected may include your name, address, telephone number, mobile number, e-mail address, birthday, office location, residential address, professional and personal interests, company name, title department, your biography and specialist topics, use information regarding your use of our Service and Platform, and browser information.
The Personal Data you provide is used for the purposes such as allowing you to set up an Account, improving the content of the Service, generating Data products and services including pricing calculators, recommended listings, answering to customer support or technical questions, customizing the advertising and content you see, and communicating with you about the Vendor Goods and our new features. We may also draw upon this Personal Data in order to adapt the Services of our community to your needs, to research the effectiveness of our network and Services, and to develop new tools for the community.
When you use the Service, Axis automatically receives and records information on our server logs from your browser or mobile platform, including your location, IP address, cookie information, and the page you requested. We treat this data as non-Personal Data, except where we are required to do otherwise under applicable law. Axis only uses this Data in aggregate form. We may provide aggregate information to our partners about how our Users, collectively, use our site, so that our partners may also understand how often Users use their services and our Service.
We may also collect Personal Data about you from third parties such as data and payment API providers and/or credit bureaus.
Where we need to collect Personal Data by law, or under the terms of a contract we have with you or with a third-party service Provider and you fail to provide that Personal Data when requested, we may not be able to perform our Services. In this case, we may have to cancel the Service which you have with us, provided that we will notify you if this is the case at the time.
We use different methods to collect Data from and about you including through:
We may publicly share some of your Data such as your reviews on the Platform.
If you use our Platform (creating an Account through our Platform or otherwise), we may share your aggregated Data, reviews and any other Data as may reasonably be required by Vendors to help Vendors perform and improve their Vendor Services.
We enter into relationships with a variety of businesses and work closely with them. We may share your Personal Data with our service providers and affiliates who help with our business operations, including but not limited to, fraud prevention, account maintenance, customer service, marketing and technology services. In certain situations, these businesses may sell items or provide promotions to you through Axis’s Service.
In the event that Axis is involved in a merger, acquisition, reorganization, sale of assets or bankruptcy, your information may be sold or transferred as part of that transaction. The promises in this Privacy Policy will apply to your information as transferred to the new entity.
We may release Personal Data when we believe in good faith that release is necessary to comply with the applicable laws; enforce or apply Axis Terms and Conditions and other agreements; or protect the rights, property, or safety of Axis, our employees, our Users, or others.
We may share your Personal Data with other third parties with your consent or at your direction to do so, including if you authorize an account connection with a third-party account or platform. For the purposes of this Privacy Policy, an "account connection" with a third party is a connection you authorize or enable between your Axis Account and a non-Axis account or platform that you lawfully control or own. When you authorize such a connection, we may receive information from the third-party about you and your use of the third-party’s service and we may share your Personal Data and other information, to be used in accordance with such third party’s privacy policy. Examples of account connections include, without limitation, linking your Axis account to an API provider, social media account or social messaging service. Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third-party that will gain access to your Personal Data as part of the account connection.
5.1 We will only use your Personal Data when the law allows us to.
5.2 Most commonly, we will use your Personal Data in the following circumstances:
We process your Personal Data because it is necessary for the performance of our Services. In this respect, we use your Personal Data for the following:
In this respect, we may share your Personal Data with or transfer it to the following:
We also process your Personal Data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person. In this respect, we use your Personal Data for:
We also process your Personal Data for our compliance with a legal obligation which we are under. In this respect, we will use your Personal Data for the following:
We may send you marketing about the Services we provide which may be of interest to you, as well as other information in the form of alerts, newsletters and invitations to the events or functions which we believe might be of interest to you or in order to update you with information (such as legal or commercial news) which we believe may be relevant to you. We may communicate this to you in a number of ways including by post, telephone, email or other digital channels.
You have the right to withdraw/unsubscribe your consent to marketing emails/newsletters at any time by contacting us.
We may use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Services, and offers may be relevant for you. You may receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your Personal Data with any company outside Axis for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the Platform and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time at info@axiskyc.ae.
Our website uses web technologies such as cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
We use the following cookies:
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Axis provides multiple types of automated processing, including, but not limited to, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination (if so legally binding), or otherwise making available, alignment or combination, restriction, erasure or destruction.
For fraud detection, Axis subjects personal data from photos and scanned copies of documents to automated reading and verification of authenticity by conducting different checks, such as completeness of records, screenshots detection, or cross-checking of all data from all submitted documents (e.g., name, date, and place of birth, signature). We also check the document's security features, including the embedded security chip, machine-readable zone (MRZ), barcodes, QR codes and other security components used for genuine data validation. The Axis system analyses the results of the above to make an inference regarding the document’s trustworthiness.
Axis may process biometrics to verify whether provided facial images are likely to match depending on the service chosen by a particular Client. The processing of biometrics means extracting facial features from uploaded or recorded facial images on government-issued identity documents submitted by the User and comparing them. We store this biometric data for a period our Client instructs.
There are several reasons why Clients ask for such biometrics processing. Generally, Clients may wish to check whether an identity document genuinely belongs to the User by comparing a provided facial image to the facial image contained in the identity document.
In addition, Clients may ask us to check whether a User is alive and genuine. To do this, we use our Liveness check to determine if the User isn’t holding a mobile phone, showing any signs of constraint, or attempting to defraud the system using emulators, static images, or ‘deep fakes’. As a rule, the User is prompted to blink, smile, or move their device while passing Liveness. During such checks, we may also detect signs of fraud or other spoofing attacks by comparing the User's facial features to those of known masks. Simultaneously, we may also check whether the User may be generating multiple identities by inspecting whether we have previously verified him/her on behalf of a particular Client. To determine if the User is known to a specific Client, we compare the User's facial image to the facial images of other Users previously verified on behalf of that particular Client.
When required by the Client, we assist in the authentication process. For this, the Client may ask the User to pass liveness. During this process, the User’s face is recognized, and the result is compared with the biometric data records of the said User obtained previously.
For each authentication attempt, we will compare the new liveness facial image with the biometrics of the said User obtained previously.
Usually, video identification is a process where the person who is to be identified and the employee-operator sit opposite one another "face to face" in video transmission and communicate with one another. The process is carried out if the Client has a legal obligation to do so (for example, due to AML / CFT regulation). To perform video identification, we provide the Client with functionality so that they can conduct a video interview with Users during onboarding. If the Client prefers, the video identification interview can be provided by Axis operators. The content of the video interview and its nature are also completely dependent on the Client’s requirements.
These data validation checks enable Clients to verify data against databases of third-party data providers and detect whether the User is involved in illicit activities, money laundering or terrorism financing. To do this, we will check the data extracted from the uploaded documents or provided by the User against a database of third-party data providers. The data providers we may use depend on the Client’s needs and the User’s location and may include ID registers, proof of address checks, the Social Security Administration and other government or commercial sources and databases, consumer credit agencies, PEP lists, global and country-specific sanctions lists, and adverse media sources.
Throughout the course of the Client’s relationship with the User, we may assist the Client in periodically screening the User’s data against databases to help prevent, detect, and investigate fraud and money laundering.
Sometimes Clients ask us to conduct phone or email risk scoring. When we do it, we screen User’s email address or phone number with the combination of IP address, where available, together with the publicly available information provided by the third-party processors or data providers, based on the data mentioned above and get the risk labels based on its registrations on the web, domain name, delivery option and other parameters.
KYT or “Know Your Transaction” is a check that analyses transaction data relating to senders and recipients. It enables Clients to detect and report unusual/uncharacteristic behaviour and patterns that are characteristic of money laundering, terrorist financing, fraud, or other illicit activity.
If the Client subscribes to the KYB check, it requires us to verify the existence, details, ownership, and control structure (e.g., ultimate beneficial owner(s)) of a legal entity through analysis of corporate documents and review of corporate registries, where available.
The Client may order this check for compliance with their legal obligations under the AML/CFT legislation. This mandates the Virtual Asset Service Provider, or VASP, which could be our Client, to obtain, verify, hold and exchange the particular transaction sender and recipient information with their counterparty VASPs during or before the transaction. When carrying out this check, we verify the user's identity and transfer to/ receive from the Client's counterparty VASP particular user's data using special messaging protocols, such as Travel Rule Protocol (TRP), Axis API protocol, and platforms providing encrypted messages and data flows.
Axis implements a fraud detection and control network based on the anti-fraud checks required by our Clients and those included in our Services by default (e.g., Photoshop use or risk triggers calculation). Such checks require collecting, analysing, and re-using recorded User data.
Generally, Axis verifies whether the User’s attributes—geolocation (IP address), device signature (operating system and camera name), email address, or mobile phone—have previously been involved in or related to any fraudulent activity or may currently signal suspicious behaviour patterns and otherwise point out that the User is fake. At the Client’s order, we may check information with our Data Providers on AML/CFT regulations requirements, such as screening through adverse media mentions match or checking for residency in high-risk countries. Besides, we check whether the User creates multiple identities by inspecting whether we have previously verified a User on behalf of a particular Client using biometric data comparison techniques.
All these checks are designed to help us and Clients assess the likelihood of customer trustworthiness, flag potentially fraudulent activities and assign a relevant risk score when the Client needs to acknowledge cases when Users generate multiple identities, compromise their data, or manipulate device or network information. The Client may consult with the fraud detection and control network on the fraud-related level of risk of the User under the onboarding process without accessing any personal data.
We conduct identity verification checks on behalf of the Client, however, we do not make any final decisions. Our role is to provide the Client with reports containing information about the identity verification process and results (with the reasoning behind them reflecting the level of fraud or another risk if any. The reasons are derived from the work of our system and its algorithms, including those based on a symbiosis of machine learning models and human supervision and intervention. The final decision on User onboarding is made by a human on the Client’s side when the checks' result is transmitted to the particular Client. The Clients consider this information while deciding to accept or decline a User application, request further checks, or continue to service that User following their risk assessment and investigations.
The checks are either automated, semi-automated, or done by humans. When we carry out checks, we implement a complicated verification system that includes human presence and machine work. A human will be involved if the system cannot reach a verdict on its own or recheck the system verdict. Such may occur when the data is uncertain or the system faces some other difficulty in analysing information during the verification session. Thus, we contribute to ensuring that the verification process is fair and safe for Users.
Certain Axis checks may be fully automated due to simplicity, using machine learning, or the Client's request. When Clients use check results to make final decisions regarding Users undergoing verification, the final decision-making process may or may not be automated by the Client. When the Client makes automated decisions, including those based on our check results, they shall inform you of the legal grounds and, if necessary, obtain your consent. Any User can appeal automated decisions by going through the methods provided on the Client's side.
As a service provider, we may have different verification steps for some Clients which require full supervision by a human.
All required checks have been successfully completed. This means that the data you've provided is genuine and compliant with the requirements of the particular Client and approved by them. Now you are allowed to use the service for which you were passing the verification process.
Some of the checks need to be more precise. It means that some of the data provided by Users do not comply with the Client's requirements by posing some risk or seeming potentially suspicious or fraudulent (e.g., the device you took the photo from is different from that you passed the whole verification process or the data presented are inconsistent). In this case, we return results to the Client for further consideration by tagging them with the relevant theme (e.g., 'WRONG_ADDRESS' or 'INCOMPLETE_DOCUMENT'). Then, the service for which you passed the verification check will consider and evaluate the results and ask for additional information from you to clarify your application. The Client may reject or freeze your application following its risk procedures or other internal policies.
Our Clients use our services to detect whether a real person is passing the identity verification process, as well as any impersonation or spoofing attempts, to prevent money laundering, terrorist financing, fraud, and other activities that are considered a matter of public interest. That is why we, as a service provider, are responsible for providing the highest quality services. For this reason, where we have the authorisation of our Clients, and it is not prohibited by applicable law, we as a data controller use personal data to develop and improve our services by building and enhancing algorithms and developing and testing new verification options, products and services to verify a User's identity better and detect fraud.
We do this in two ways. We deploy a system of recognising specific patterns in the information and making predictions about new data sets based on those patterns by training our computers or so-called 'machine learning.’ Machine learning helps create models based on the information provided by the Users, such as signs of potential fake data, and selects the best models to be integrated into our system. The development of services also includes continuous improvement and assessment. We review our service delivery methods to ensure that we comply with Clients’ requirements and work appropriately by testing and correcting new features and functions. We implement initial and ongoing training for our human analysts to perform those tasks to prevent machine learning models' automatic judgement. It is also beneficial while machine learning models are in the stage of development and aren't adequately suited to perform such tasks.
In this model, our Clients may partner with each other to simplify and speed up verification for mutual Users that have already passed KYC once via Axis. For this, Clients ask Axis to create a data flow that exchanges previously verified Axis KYC data between two different services. Axis provides such functionality only after confirmation that these Clients have all necessary legal arrangements. Before sharing the data, the User is asked for consent to such actions.
We have put in place appropriate security measures to limit the possibility of your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.