What does this privacy statement cover

This is a privacy statement. It explains how RZOLUT (“RZOLUT,” “we,” “us,” or “our”) collects, manages, discloses, stores, and safeguards personal information within the context of our products (RZOLUT Screening, Diligence, Monitor, ContentStream), data processing and services associated with it. Additionally, it provides information about personal rights and how one can reach out to us if one has questions concerning the handling of personal information.

Who RZOLUT holds information about

RZOLUT maintains information that aids financial institutions, corporations, professional services firms, governments, law enforcement agencies, regulators, and other users of RZOLUT, (“RZOLUT Users”). This information supports due diligence and screening activities in accordance with legal or regulatory obligations, risk management procedures conducted in the public interest, including but not limited to anti-money laundering, ‘know personal customer,’ anti-bribery, anti-corruption checks, human rights checks, sustainability checks, supply chain tracking and/or for the prevention, investigation, detection, or prosecution of financial crime, fraud, serious misconduct, dishonesty, or other criminal or unlawful activities (e.g., modern slavery, illegal trafficking, environmental crimes, etc.), and unethical conduct (“Checks”).

RZOLUT products and services are not designed for children. In rare instances where we collect and use personal information about children (e.g., children of politically exposed persons), we adhere to industry guidelines and applicable laws. Personal information is included in RZOLUT product suite only when Public Domain Data (as defined below) indicates the need for such information to support Checks.

The inclusion of personal information in RZOLUT product suite does not obstruct personal ability to engage in business with RZOLUT Users, such as financial institutions.

What personal information we process

As part of the RZOLUT product suite, we may collect and process information derived from Public Domain Data when it is relevant for Checks.

RZOLUT’s product suite may contain following types of information:

  • Information facilitating identification (e.g., name, alias, age, date of birth, gender, country of residence, passport details, citizenship).
  • Personal identification numbers (e.g., social security numbers, national insurance numbers) available in the Public Domain Data.
  • Family circumstances information (e.g., marital status and dependents) for politically exposed persons or close associates.
  • Employment, role, and education details (e.g., organization, public roles, job title, education history).
  • Professional and personal affiliations (e.g., organizations, individuals associated with one professionally or personally).
  • Relevant financial information (e.g., bankruptcy or insolvency filings).
  • Inclusion on sanctions lists or public lists of disqualified directors or positions of responsibility.
  • Public Domain Data related to actual or alleged money laundering, terrorist financing, predicate offenses (e.g., financial crime, illegal trafficking, environmental offenses), or personal postings on websites, blogs, or social media applications.

In some cases, the personal information in RZOLUT’s product suite may include “sensitive” or “special categories” of personal information, depending on specific jurisdictions and as per the applicable data protection laws. Examples include information related to political opinions, sexual orientation, religious beliefs, racial or ethnic origin, trade union membership, or criminal offences. This sensitive data or personal data is collected from news article(s) and may include specific details about an individual’s personal life, health, or other sensitive information, and can be linked back to that individual.

We have robust controls in place to ensure the accuracy, relevance, and non-excessiveness of information in RZOLUT’s product suite. We follow detailed research and screening processes when sourcing information for RZOLUT’s product suite.

How we use information about you

We use information to facilitate Checks conducted via RZOLUT’s Users, comply with regulatory requests, and for other purposes related to the proper management and protection of RZOLUT’s product suite and our rights. More details on these purposes are outlined below.

If personal information is present in RZOLUT’s product suite, it is processed (e.g., collected, used, shared, and retained) for the following purposes:

  • Facilitating Checks by RZOLUT’s Users.
  • Addressing personal requests and inquiries when someone contacts us.
  • Meeting requests from courts, law enforcement agencies, regulatory bodies, and other public and government authorities, even if they are outside personal country of residence.
  • Exercising our rights, defending against claims, and complying with applicable laws and regulations affecting RZOLUT or third parties we collaborate with.
  • Supporting services provided by our professional advisors, such as lawyers, accountants, consultants, or information security professionals.
  • Protecting our rights.
  • Sustaining the operation of RZOLUT’s product suite.

What legal grounds do we use to process personal information

Certain laws require us to clarify the lawful basis for processing personal information. We process standard personal information based on our legitimate interests or the legitimate interests of others.

In accordance with European laws, we specify the legal grounds on which we rely to process personal information in this privacy statement. We process standard personal information because it is in the legitimate interests of RZOLUT’s Users to conduct Checks, fulfill legal and regulatory obligations, and protect the public from financial crime, fraud, serious misconduct, or dishonesty. It is also in our legitimate interests to operate a business that facilitates these Checks, and there is a significant public interest in the execution of Checks.

Additionally, RZOLUT’s clients/ partners may onboard end clients/ users that may require processing/ screening/ diligence on them. In such cases it is the responsibility of RZOLUT’s clients/ partners to obtain individuals’ consent before carrying out any such screening, processing, or due diligence on them, as required under applicable law.

RZOLUT does not require consent to collect sensitive data or personal data since it is collected from government/ regulatory websites/ enforcement agencies, NEWS and social media, which may include specific details about an individual’s personal life, health, or other sensitive information, and can be linked back to that individual.

Example: Consent may be required/ collected by RZOLUT’s clients/ partners while onboarding a new customer, vendor, or third party.

We process special category information under the following circumstances:

  • One has publicly disclosed the information.
  • In all other cases, processing is necessary due to substantial public interest reasons, as required by applicable law(s).

We process information related to actual or alleged criminal offenses based on the authorization of applicable law(s).

Who we disclose personal information to

We make RZOLUT’s product suite information available to RZOLUT Users, needing RZOLUT’s product suite data for their use cases, products or services, third parties providing advice and services to us (including professional advisors), business partners collaborating with us to make RZOLUT’s product suite data accessible for Checks, and as mandated or desirable for compliance with the law.

If personal information is included in RZOLUT’s product suite, it is shared with RZOLUT’s Users, where we provide information only to users with a legitimate need for it, and we require them to use it solely for conducting Checks or complying with the law. If a RZOLUT’s product suite user misuses this information, we may terminate their access.

Third-Party Service Providers, Professional Advisors, and Business Partners: We grant limited access to certain third-party service providers (e.g., IT systems providers, hosting providers, technical support providers) to information in RZOLUT’s product suite to support its maintenance. We also allow select business partners to access RZOLUT’s product suite data for co-branded services or content delivery. In some instances, we disclose personal information to professional advisors (e.g., lawyers, accountants, consultants, information security professionals) for purposes outlined in the “How we use information about one” section.

  • Authorities, Courts, and Tribunals: We disclose personal information to competent authorities (national and/or international regulatory or enforcement bodies, courts, or other tribunals) when required by law or at their request.
  • Business Transfers: Information about one may be shared with prospective buyers, sellers, advisers, or partners in connection with any business sale, merger, acquisition, restructure, joint venture, assignment, transfer, or similar transaction involving our business assets or stock.

As our business evolves, we may include information collected about someone, or control of that personal information, as a business asset in any such sale. In rare cases where we or a significant portion of our assets are acquired, information about one may become one of the transferred assets.

How we secure personal information

We prioritize information security and employ physical, electronic, and managerial measures to ensure the security, accuracy, and relevance of personal information. These measures and our information security policies align with widely accepted international standards and are periodically reviewed and updated to meet our business requirements, technology changes, and regulatory demands.

Our information security policies and measures encompass:

  • Robust controls for including and maintaining RZOLUT’s product suite information, ensuring its accuracy and relevance.
  • Training and education for staff members to ensure their awareness and compliance with our policies, procedures, and controls designed to maintain the security, accuracy, and relevance of information.
  • Administrative and technical controls to restrict staff access to RZOLUT product suite information.
  • Monitoring compliance with our policies, procedures, and controls.

Why information may be transferred abroad

RZOLUT is global data & diligence organization. Personal information may be transferred to recipients in multiple jurisdictions, stored, and processed outside personal home country, including in countries with differing levels of personal information protection compared to personal home country. These transfers are subject to appropriate safeguards in accordance with data protection laws (e.g., Articles 44 to 50 of the GDPR), often involving contractual safeguards.

How long we keep personal information

The retention period of personal data in RZOLUT’s product suite depends on the type of information we hold about one. The criteria for determining retention periods include:

  • The relevance of personal information to Checks.
  • The reasonable duration for retaining records to demonstrate fulfillment of duties and obligations.
  • Limitation periods within which claims might be made.
  • Retention periods prescribed by law, recommended by regulators, professional bodies, associations, or inter-governmental bodies (e.g., the Financial Action Task Force).
  • The existence of relevant proceedings.

Post deletion based on above scenarios, a backup of the deleted data is stored for a maximum of 30 days

Personal rights

One may have rights under European and other laws to access personal information, request rectification, erasure, or restriction of use, object to processing, and withdraw consent. Detailed information on how to exercise these rights is provided below.

Subject to specific exceptions, we will respect personal rights under applicable data protection laws. Under European laws, one have the following rights concerning personal information in RZOLUT’s product suite, and similar rights may apply in other countries:

  • Right of subject access: One can make a written request for details of personal information and a copy of the personal information we hold about one.
  • Right to rectification: One have the right to correct or remove inaccurate information about one.
  • Right to erasure (‘right to be forgotten’): One can request the erasure of specific personal information about one.
  • Right to restriction of processing: One can request that personal information be used for restricted purposes.
  • Right to object: One can object to the processing of personal information, especially if it is performed for public interest tasks or legitimate interests of us or third parties.
  • Right to withdraw consent: The right to withdraw any consent one has previously given to our clients/ partners to handle ones personal information. If Someone withdraws their consent, it will not affect the lawfulness of our use of their personal information prior to the withdrawal of their consent.

We do not impose a fee for exercising personal rights, but we may require identification evidence to verify personal identity, ensuring the protection of personal privacy. Any identification evidence one provides will be used solely for the purpose of verifying personal identity for personal requests.

There are limitations to personal rights concerning personal information, and in some situations, we may not be required or able to fulfill personal request or may only partially comply. In such cases, we will provide an explanation for not fully addressing personal requests.

Changes to this privacy statement

We may update or amend this privacy statement as needed. Any future changes or additions to how personal information is processed, as described in this privacy statement, will be communicated through appropriate channels based on our standard communication methods with one.

For any additional details please write to privacy@staging.rzolut.com