Your Privacy is Our Priority

1. Introduction

Veridaq ApS ("Veridaq", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance platform.

As a provider of compliance solutions, we handle sensitive personal data with the highest standards of security and in full compliance with GDPR, EU AMLR 2027, and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Identification Information

For KYC verification purposes, we may collect:

• Full name, date of birth, nationality
• Government-issued identification documents (passport, national ID, driver's license)
• Proof of address documents
• Biometric data (facial recognition for identity verification)
• Contact information (email, phone number, address)

2.2 Business Information

For corporate clients and their customers:

• Company registration details
• Ultimate beneficial ownership (UBO) information
• Business address and contact details
• Financial information relevant to AML screening

2.3 Transaction Data

For AML monitoring purposes:

• Transaction history and patterns
• Source and destination of funds
• Risk assessment data
• Sanctions and PEP (Politically Exposed Persons) screening results

2.4 Technical Information

• IP addresses and device information
• Browser type and version
• Usage data and analytics
• Cookies and similar tracking technologies

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your data based on:

• Legal obligation: Compliance with AML/KYC regulations and EU AMLR 2027
• Contractual necessity: To provide our verification and monitoring services
• Legitimate interests: Fraud prevention and platform security
• Consent: Where explicitly obtained for specific purposes

3.2 Purposes of Processing

• Identity verification and customer due diligence
• AML screening and transaction monitoring
• Risk assessment and fraud detection
• Regulatory reporting and compliance
• Service improvement and analytics
• Customer support and communication

4. Data Security

We implement bank-grade security measures to protect your data:

• Encryption: AES-256 encryption at rest and TLS 1.3 in transit
• Access controls: Role-based access with multi-factor authentication
• Infrastructure: ISO 27001 certified data centers in the EU
• Monitoring: 24/7 security monitoring and incident response
• Audits: Regular third-party security audits and penetration testing
• Data minimization: We only collect and retain data necessary for our services

5. Data Sharing and Disclosure

5.1 When We Share Data

We may share your information with:

• Our clients: Businesses using our platform for KYC/AML compliance
• Regulatory authorities: When required by law or to report suspicious activities
• Service providers: Trusted partners who assist in our operations (under strict data processing agreements)
• Legal proceedings: When necessary to comply with legal obligations or protect our rights

5.2 International Transfers

Your data is stored in EU data centers. Any transfers outside the EU are protected by:

• EU Standard Contractual Clauses
• Adequacy decisions by the EU Commission
• Other GDPR-compliant transfer mechanisms

6. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Limit how we use your data in certain circumstances
• Data portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent
• Lodge a complaint: With your local data protection authority

To exercise these rights, contact us at privacy@veridaq.com

7. Data Retention

We retain your data only as long as necessary:

• KYC records: 5 years after the end of the business relationship (EU AMLR requirement)
• Transaction records: 5 years from the date of transaction
• Suspicious activity reports: As required by local regulations
• Technical logs: 12 months for security purposes
• Marketing data: Until consent is withdrawn or 2 years of inactivity

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Analyze platform usage and improve our services
• Detect and prevent fraud

You can manage cookie preferences through your browser settings. However, disabling essential cookies may affect platform functionality.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Information

12. Supervisory Authority

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Danish Data Protection Agency: