Privacy Policy

1. Introduction

EasyPEPCheck ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PEP and sanctions screening service.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Account Information

When you register, we collect:

• Email address
• First and last name
• Organization name
• Password (encrypted)

3.2 Screening Data

When you perform screenings, we process:

• Names of individuals or entities you screen
• Optional: date of birth, country, place of birth
• Screening results and timestamps

3.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe's privacy policy applies to payment data.

3.4 Usage Data

We automatically collect:

• IP address
• Browser type and version
• Pages visited and time spent
• Device information

4. How We Use Your Information

We use your information to:

• Provide and maintain our screening service
• Process your transactions and manage your subscription
• Generate audit-ready screening reports
• Maintain your screening history for compliance purposes
• Send service-related communications
• Improve our service and develop new features
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract performance: To provide the screening service you requested
• Legitimate interests: To improve our service and ensure security
• Legal obligation: To comply with applicable laws and regulations
• Consent: For marketing communications (where applicable)

6. Data Retention

We retain your data as follows:

• Account data: Until you delete your account, plus 30 days
• Screening history: 5 years (to meet compliance audit requirements)
• Payment records: 7 years (legal requirement)
• Usage logs: 12 months

7. Data Sharing

We share your data only with:

• Stripe: For payment processing
• Cloud infrastructure providers: For hosting (EU-based servers)
• Legal authorities: When required by law

We do not sell your personal data to third parties.

8. Data Security

We implement appropriate security measures including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security updates
• Access controls and audit logging

9. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to certain processing activities
• Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@easypepcheck.com.

10. Cookies

We use cookies for:

• Essential cookies: Required for the service to function
• Analytics cookies: Google Analytics to understand usage patterns

You can control cookies through your browser settings.

11. International Transfers

Your data is primarily stored on servers located in the European Union. If any data is transferred outside the EU, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

You also have the right to lodge a complaint with your local data protection authority.