Privacy Statement for Penneo KYC

Penneo provides the service Penneo KYC, which is an identity validation service related to helping our customers perform and document their Know Your Customer and anti-money laundering obligations.

When Penneo retrieves and, if applicable, stores data from the external source, it acts as a data processor on behalf of our customer (Company). Penneo’s customer is the data controller.

This responsibility is regulated by an agreement, including a data processing agreement (DPA), between Penneo and its customer. End users are managed by the customer (Company) that acts as a data controller.

Purpose and processing

The controllers and responsible entities for such content are Penneo’s customers. As the data processor, Penneo enters a data processor agreement with the customer as data controller. The data processor agreement establishes the framework for Penneo’s personal data processing activities.

The purpose of Identity validation is to perform anti-money laundering and attribute validation services. These services can retrieve or periodically monitor person or company information from central registries, determine roles and verify the authority to sign, and check details against PEP/sanction lists.

Data is retrieved from an external source and loaded into the Penneo KYC application. The data is stored in the respective customer’s Penneo KYC profile for 5 years (from the date which the client relationship is created), in accordance with the Danish Accounting Act. If a shorter storage period is required, the customer can at any time configure the different profiles and delete the data in accordance with their own retention policies. If a client has questions about when their specific information will be deleted, they should contact the customer.

Penneo’s customers can add and remove or edit the access to the information within Penneo KYC, for any user at any time.

Categories of data subjects

End users of the Controller: End users of the Controller’s solutions or Processor’s solutions used by Controller

The following types of personal data may be processed for end users/clients of the controller:

  • Names
  • Identity numbers
  • Date of birth
  • Date of death
  • Gender
  • Addresses
  • Nationality
  • Compliance/risk rating information
  • Roles in an organization
  • Organizational ownership details

The processed data is retrieved from external sources both public and commercial registers, as well as entered manually by client and customer users. All retrieved is based on the instruction of the Controller.


Back to top

Penneo Sign

Få dokumenter signert raskere. Innsamle alle nødvendige informasjoner, og administrer dokumenter og workflows på en enkel og compliant måte.

Penneo KYC

Automatiser din onboarding av nye klienter og AML-prosessen. Samle klient-dokumentasjon og utfør risikovurderinger på en sikker og effektiv måte.