Privacy Policy

Regulatory DataCorp Inc

Effective Date: April 30, 2018

Regulatory DataCorp, Inc., its affiliates and subsidiaries (“RDC”, “we”, “us”, or “our”) respect your privacy. RDC is committed to safeguarding the Personal Data it receives from its Subscribers, Business Partners and Vendors; as well as what is on our website (www.rdc.com)  and in publicly available sources which are incorporated into our product database (“GRID”) as well as our regulatory compliance services (altogether “Services”).

We receive Personal Data and other data from financial institutions and other entities with regulatory compliance requirements that have entered into subscription agreements with RDC (“Subscribers”).  Some of the customers identified by Subscribers are companies or other legal entities and some are individual consumers. We process such Personal Data on behalf of the Subscribers. Our Subscribers are responsible for the Personal Data processing that we carry out on their behalf. For more information on our processing of Personal Data on behalf of our Subscribers, please refer to the privacy policy of the relevant Subscriber.

This Privacy Policy applies to the processing of Personal Data collected in the context of your use of our  Services and in connection with our Subscriber, Business Partner, and Vendor relationships. This Privacy Policy describes the types of Personal Data we collect, the purposes for which we collect that Personal Data, the other parties with whom we may share it, and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Data, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.

This privacy policy covers the following sections:

  1. Personal Data We May Collect
  2. How We May Use Your Personal Data
  3. How We Share Your Personal Data
  4. Your Rights and Choices
  5. How We Protect Your Personal Data
  6. Data Transfers & Privacy Shield
  7. Features and Links to Other Websites
  8. Updates to This Privacy Policy
  9. How to Contact Us

1. Personal Data We May Collect

For the purpose of this Privacy Policy, “Personal Data” means any information relating to an identified or identifiable individual. We obtain Personal Data relating to you from various sources described below.

Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with the service or if we are legally required to collect it.

  • Personal Data Provided by You: You may provide us with your Personal Data (e.g. your name and address as part of a request for information) via our website www.rdc.com.
  • Personal Data Provided in the Context of our Contractual Relationship: We may receive contact information (e.g., name, professional email address) of employees of Subscribers, Business Partners and Vendors in the context of our contractual relationship with such entities. Our Business Partners may also provide us with Personal Data from their customers.  For example, some of our Business Partners resell our Services as part of their own products.  In those situations, our Business Partners may provide us with Personal Data (i.e., name, address, date of birth).  We also maintain the emails or other communications that our Subscribers may send us, such as customer support inquiries, and their content.
  • Personal Data Obtained from Subscribers: Subscribers provide us with Personal Data (i.e., name, address, date of birth) of individuals who we check against our Services, upon our Subscribers’ requests.
  • Personal Data Obtained from Your Interaction with our Services: When you visit our Services, they automatically log certain technical information, including: your IP address, the date and time of your visit to the RDC site, and information about the browser you use. We collect information via  cookies and similar technologies. You can read more about how we use these technologies in our Cookie Policy, which is incorporated by reference into this Privacy Policy.
  • Personal Data Obtained from Public Source: RDC may collect Personal Data from public records databases (“Public Records”) and reputable publicly available sources (“Publicly Available Data”), and from third parties, in order to build out GRID and make our Services available to the requesting Subscriber. This includes individuals’ names and information relating to their jobs, companies, political affiliations, religious beliefs, sanctions, political exposure, and unlawful activities including terrorism and other criminal activities.  Subscribers use such Personal Data as part of their compliance with their legal and regulatory obligations related to preventing and detecting money laundering, terrorism, and other criminal activity.

2. How We May Use Your Personal Data

We may use the Personal Data we obtain about you to:

  • Create and manage subscription agreements, provide our Services, and respond to inquiries from Subscribers.
  • Communicate with you, including by periodically emailing you service-related announcements.
  • Promote our Services and send you marketing communications about products, services, offers, programs and promotions of RDC, and partners.
  • Aggregate or anonymize your Personal Data for the purpose of analyzing and reporting the effectiveness of and any trends in corporate ethics and compliance programs according to industry, company size, country, geographic region or other relevant classification or for other uses as RDC may decide (as permitted by our subscription agreements, where relevant, and as permitted by applicable law).
  • Operate, evaluate and improve our business (including by developing new products and services; managing our communications; determining the effectiveness of our advertising; analyzing how the Services are being accessed and used; tracking performance of the Services; facilitating the use of our Services).
  • Ensure the security of our Services.
  • Manage our vendor and partner relationships.
  • Enforce our subscription agreements and our other legal rights.
  • Comply with applicable legal requirements, industry standards and our policies.
  • Perform auditing, research and analysis in order to maintain, protect and improve our Services.

We may process your Personal Data for the above purposes when:

  • We or a third party (e.g, Business Partners or Subscribers) have a legitimate interest in using your Personal Data. In particular, in line with the EU General Data Protection Regulation which recognizes fraud prevention as a legitimate interest, our Subscribers have a legitimate interest in the processing of your Personal Data for managing their financial risks, protecting against fraud, knowing who they are doing business with, and meeting compliance and regulatory obligations. Also, we have a legitimate interest in using your Personal Data to ensure and improve the safety, security, and performance of our Services and better understand organisations, industries, and markets.
  • You have consented to the use of your Personal Data;
  • We need your Personal Data to provide you with services and products requested by you, or to respond to your inquiries;
  • We have a legal obligation to use your Personal Data.

3. How We Share Your Personal Data

We do not sell or otherwise disclose Personal Data we collect about you, except as described in this Privacy Policy or otherwise disclosed to you by us or our Subscribers at the time the data is collected.

  • Affiliates and Business Partners (e.g., reseller). We may share the Personal Data we collect or receive with our headquarters and affiliates, and Business Partners to whom it is reasonably necessary or desirable for us to disclose your Personal Data to operate our business and to perform Services for our Subscribers or for our Business Partners or their customers.
  • Service Providers. We may share Personal Data with our service providers who perform services on our behalf and in relation to the purposes described in this Privacy Policy. For example, we may use third parties to help us analyze data as part of the Services, help us provide customer support, manage our Services, and build out GRID. We contractually require these Service Providers to only process Personal Data in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements. By way of further example, we use third parties to host and store GRID and Personal Data; however we do not share Personal Data with these data hosting providers.

We do not share marketing data gathered via our website or through our subscriber agreements with anyone.

  • Following the Law. We may disclose your Personal Data to third parties if we determine that such disclosure is reasonably necessary to comply with the law, respond to valid legal process, establish, assert or defend our legal rights, or prevent fraud or abuse of RDC or our users. In particular, we may disclose your Personal Data in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
  • Business Transfers. If we’re involved in a reorganization, merger, acquisition or sale of our assets, your Personal Data may be transferred as part of that deal. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Data you have provided to us in a manner that is consistent with this Privacy Policy.

4. Your Rights and Choices

In certain jurisdictions you have the right to request access and receive information about the Personal Data we maintain about you, to update and correct inaccuracies in your Personal Data, to restrict or object to the processing of your Personal Data, to have the information blocked, anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. Those rights may be limited in some circumstances by local law requirements. In addition to the above-mentioned rights, you also have the right to lodge a complaint with a competent supervisory authority, including in your country of residence, place of work or where an incident took place, subject to applicable law.

Where required by law, we obtain your consent for the processing of certain Personal Data collected by cookies or similar technologies, or used to send you direct marketing communications, or when we carry out other processing activities for which consent may be required. If we rely on consent for the processing of your Personal Data, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

To update your preferences, ask us to remove your information from our mailing lists, delete your account or submit a request to exercise your rights under applicable law, please contact us as specified in the “How to Contact Us” section below. If you would like to alter your marketing communications subscription preferences, or opt out, you can do so at anytime by visiting our communications preference center.

For information about our processing of your Personal Data on behalf of your financial institution for its legal and regulatory compliance purposes, please contact your financial institution.

5. How We Protect Your Personal Data

We maintain administrative, technical and physical safeguards that are intended to appropriately protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. In particular, RDC uses proven security methods and procedures designed to safeguard Personal Data during transmission and storage.

We also take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of the Services or when you request their deletion, unless we are required by law to keep the information for a longer period. RDC performs periodic reviews of our databases, and have established specific time limits for data retention, based on the criticality of the Personal Data and the purposes of the data processing.  Personal Data that is collected through our website will be retained for 3 years.  Personal Data obtained from our Subscribers and Business Partners will be maintained for the length of the associated agreement and the required time after the termination to meet any contractual audit or regulatory obligations or to otherwise comply with applicable law.

6. Data Transfers & Privacy Shield

RDC is a global business. As a result, the Personal Data that we collect may be transferred to, and stored at, any of our locations which may be inside or outside the European Economic Area (“EEA”) and Switzerland, including the United States. Data may also be processed by people around the world who work for RDC or for one of our Suppliers/Vendors. These people may be engaged in, among other things, the fulfillment of your information requests, answering enquiries about our Services and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing. Your Personal Data may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Data to other countries, we will protect that information as described in this Privacy Policy.

Individuals Located in the EEA or Switzerland

If you are located in the EEA or Switzerland, we comply with applicable legal requirements for the transfer of Personal Data to countries outside of the EEA or Switzerland.  In particular, RDC has put in place a number of measures designed to protect Personal Data which is transferred from Europe (including Switzerland) to the US, India, Bangladesh, South America, China, Canada and the Asia Pacific. RDC maintains a network of specific agreements to require contracting parties to observe data protection legislation, such as the European Commission’s Standard Contractual Clauses. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of these agreements.  We may also transfer Personal Data to countries for which the EU Commission has issued an adequacy decision, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable.

Regulatory DataCorp Limited and Regulatory DataCorp, Inc. have certified their compliance with both the EU-U.S. Privacy Shield Framework and Swiss U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from European Union member countries and Switzerland to the United States, respectively. You can find out more about Privacy Shield here https://www.privacyshield.gov/Program-Overview. We adhere to the Privacy Shield Framework and Principles regarding the collection, use, and retention of Personal Data from the EEA and Switzerland. We have certified that we adhere to the Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. We are committed to following the Privacy Shield Principles. We are also committed to supervising third parties where we have transferred data to them after a Privacy Shield data transfer to us and we accept our liability in cases of onward transfer of data to third parties. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. You can find our certification here.

We commit to subject to the Privacy Shield Principles all Personal Data received from the EEA in reliance on the Privacy Shield. This Privacy Policy describes (i) the types of Personal Data we collect, (ii) the purposes for which we collect and use Personal Data, (iii) how we may share your Pesonal Information, and (iv) your rights and choices with regard to your Personal Data.

The Personal Data provided by RDC to its Subscribers consists exclusively of “public record information” within the meaning of the Privacy Shield Frameworks. You may obtain a copy of this information from its public source.

We take commercially reasonable steps to ensure that Personal Data is reliable, accurate, complete, and current for its intended purpose, primarily by accessing Public Records and Publicly Available Data from reputable sources only.

Our accountability for Personal Data we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we may use third parties to process data on our behalf as described in this Privacy Policy, and we remain liable if they do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

If you believe we maintain your Personal Data within the scope of the Privacy Shield Framework, you may direct any of your enquiries or concerns concerning our Privacy Shield compliance to privacyofficer@rdc.com, or using the contact details in the “How to Contact Us” section below. We commit to resolve complaints about our collection or use of your Personal Data. We will respond within 30 days. In the unlikely event that we fail to respond within 30 days, or if our response does not address your concern, we will undertake to refer the concern to our Data Protection Officer who will investigate the matter and communicate with you within 14 days.

We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. You can also follow that link for a description of the range of potential remedies. There are more details on the arbitration requirements of the Privacy Shield Frameworks at https://www.privacyshield.gov/.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We will continue to adhere to the Privacy Shield Principles for as long as we retain your Personal Data.

Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

7. Features and Links to Other Websites

You may choose to use certain features for which we partner with other entities, or click on links to other websites for your convenience and information. These features, which may include social networking sites or apps, such as LinkedIn and Twitter, may operate independently from RDC. They may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by RDC, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.

8. Updates to This Privacy Policy

We may modify this Privacy Policy from time to time, and will post the most current version on our site and indicate at the bottom of the policy when it was most recently updated.

9. How to Contact Us

Privacy Policy: If you have any questions or comments regarding RDC’s Privacy Policy, please contact our Data Protection Officer via telephone at +1 484.688.5207; via email at privacyofficer@rdc.com; or write to us at

Regulatory DataCorp, Inc
211 S. Gulph Road #125
King of Prussia, PA 19406

Regulatory Datacorp Limited is the entity responsible for the processing of Personal Information that is subject to EEA or Swiss data protection law.  You can write to us at:

Citypoint
One Ropemaker Street, Level 16
KingLondon EC2Y 9AW United Kingdom

Attn: Data Protection Officer

GDPR: Any GDPR related requests for information on whether or not your personal data is available through RDC products and services as well as any request for deletion or corrections to that personal data must be made by submitting this Request Form via email to GDPRRequests@rdc.com, or mailed to:

Regulatory DataCorp, Inc
211 S. Gulph Road #125
King of Prussia, PA 19406

RDC will need to have the information required in the Request Form before we can begin our research. You should receive all the information that has been located and can be released in accordance with the law, along with an explanation for any information that cannot be provided within 30 days. RDC does not release information held about individuals without their consent, unless there is a legally supported reason to do so. Therefore if information held about you also contains information related to a third party, RDC will make every effort to anonymize the information. If this is not possible, and RDC has been unable to secure the relevant consent, RDC reserves the right not to release the information.

Where possible, RDC will act on requests from individuals including right to erasure and accuracy of data. However, if RDC determines that retaining such personal data is necessary for its intended business purposes, RDC will provide the information and reasoning for the retention.

Last updated April 2018