Professional Documents
Culture Documents
World-Check - GDPR Product Information May 2022
World-Check - GDPR Product Information May 2022
World-Check - GDPR Product Information May 2022
business of Thomson
Reuters is now Refinitiv
World-Check
(including Screening Online and Screening Deployed)
World-Check holds information that helps financial In order to safeguard individuals’ privacy, and the
institutions, corporates, professional service firms, integrity of the World-Check database, WC
governments, law enforcement agencies, regulators Customers are not able to amend personal data on
and other World-Check customers (“WC the World-Check database.
Customers” or “You/Your Staff”) to perform due
diligence and other screening activities in More detailed information about how personal data
accordance with their legal or regulatory obligations is used in World-Check (and on the types of
and risk management procedures which are carried information held in World-Check) can be found in
out in the public interest (“Checks”). the World-Check Privacy Statement available
online: https://www.refinitiv.com/en/products/world-
How is personal data used in check-kyc-screening/privacy-statement
common of any personal data. WC Customers are compliance processes to assist You with
solely responsible for ensuring their compliance performing due diligence and other screening
with data protection laws. activities that are necessary for reasons of
substantial public interest on the basis of, or as
authorized by EU Law/applicable law, for
How can customers use World- example in connection with Your legal or
regulatory obligations connected to preventing
Check? or detecting unlawful acts (such as money
laundering, terrorist financing or fraud)
Some of the personal data contained in World-
Check is special category data that attracts extra not to use World-Check to make automated
protection under EU data protection laws. For decisions about an individual or his/her
example, World-Check holds public domain data business
about actual or alleged financial crime.
not to allow Your Staff who have not reviewed
World-Check User Training made available to
Therefore, all WC customers must respect the You by Refinitiv to use World-Check
following commitments and restrictions when
using World-Check. not to use the Watchlist function to upload
or compile a list of individuals, entities or other
persons that You do not wish to do business
Commitments with
✓ to bring the World-Check Privacy Statement to Where are the data centers for
the attention of individuals that You search
against on World-Check so they are aware that World-Check located?
You use World-Check and understand how we
handle their personal data. The World-Check The primary data centers for World-Check are
Privacy Statement can be found at: located in the United Kingdom and data is also held
in the Amazon Web Services Cloud, with a primary
https://www.refinitiv.com/en/products/world- data center in Ireland, and secondary location in the
check-kyc-screening/privacy-statement United Kingdom.
✓ to carry out Your own investigation into any Can personal data be accessed
circumstances flagged by World-Check
✓ to assume that individuals deny any allegations
from outside of the EEA?
made about them World-Check is a global service and Refinitiv is a
✓ if You have purchased the World-Check data global organization that provides 24/7 solutions to
file, datafeed or API to implement any updates customers around the world. In order to do this, it
(including deletions) we send to you uses a global team to provide services, support and
promptly – this helps to keep data accurate and maintenance.
to stop it being retained for excessive periods
This means that personal data on World-Check may
✓ to keep access to World-Check, and the World- be accessed from countries outside of the
Check database (if you have a copy), secure –
European Economic Area (“EEA”) in accordance
you should take advice from Your information
technology security team on how to do this with applicable laws. For more information on these
countries, please see the World-Check Privacy
✓ if you have purchased the World-Check data Statement:
file, datafeed or API, identify to us a named
person who is responsible for the security of https://www.refinitiv.com/en/products/world-check-
World-Check data kyc-screening/privacy-statement
✓ complete and return any questionnaires we When we transfer personal data from the EEA to
send to you about the use of World-Check
other countries whose laws do not offer the same
promptly – this helps us to check that World-
level of data protection, we will ensure that there
Check is being used in a way that provides
adequate protection for individuals’ personal are adequate safeguards in place to protect the
data personal data that comply with our legal obligations.
2
September 2020
PRODUCT INFORMATION WORLD-CHECK
When personal data reaches the end of its retention We do not agree bespoke security and data
period or Refinitiv otherwise identifies that it is no protection specifications for customers as the
longer relevant - Refinitiv securely deletes or stability and integrity of the World-Check solution
destroys it from the World-Check database. rely on the standardization of our security and data
protection methodologies.
Where WC Customers have purchased the World-
Check data file, data feed or API, Refinitiv provides Annual privacy assurance and
them with daily updates and deletions of data in the
World-Check database. This is to ensure that the WC Customer training
World-Check data held by such WC Customers
continues to reflect the World-Check database Refinitiv conducts annual privacy assurances with
maintained by Refinitiv. If You hold a copy of the its WC Customers to check that World-Check is
World-Check database on Your own systems, You being used by WC Customers in accordance with
must implement all updates and deletions promptly. the terms and conditions applying to it. This will
include obtaining an acknowledgment that the WC
Customer and its users are only using World-Check
How is personal data secured? for the limited purposes permitted by Refinitiv and
Securing personal data is a priority at Refinitiv and demonstrating that Your Staff understand such
a key aspect of protecting privacy. Our security purposes and have been provided with appropriate
organization applies policies, standards and privacy guidance and/or completed any privacy
supporting security controls at the level appropriate training applying to World-Check.
to the risk level and the service provided. In You agree that Your Staff will complete any such
addition, appropriate security controls are privacy training and that on request by Refinitiv,
communicated to application owners and You will complete the World-Check annual privacy
technology teams across the business to support assurance (including, where You purchase the
secure development of products and a secure
World-Check data file, providing evidence of the
operating environment. World-Check is also subject
acknowledgements outlined in the paragraph
to an ongoing audit and assessment programme
above). Where You purchase a hosted version of
and has received independent assurance against
World-Check, Refinitiv will obtain these
the ISAE 3000, Type II standard.
acknowledgments bi-annually from Your staff when
We pay specific attention to the protection of they log in to World-Check.
personal data and the risks associated with
processing this data in World-Check. In particular, Security of World-Check data file
the security infrastructure applying to World-Check
includes:
Refinitiv requires WC Customers that purchase the
• robust controls around the inclusion and World-Check data file to establish and maintain an
maintenance of information in World-Check adequate accreditation e.g. ISO 27001 or
which are designed to ensure the accuracy equivalent, that is acceptable to Refinitiv) for the
and relevance of information in World-Check people, processes and IT systems that they use to
• education and training to relevant Refinitiv process World-Check data.
staff on the proper handling of personal data;
3
September 2020
PRODUCT INFORMATION WORLD-CHECK
Individual rights
Under data protection laws, individuals may have
certain rights in relation to information held about
them (e.g. a right to request a copy of their personal
data or to request inaccuracies in such data to be
corrected). If You receive a request from an
individual seeking to exercise a right in relation to
information about them in World-Check, You agree
to promptly forward this request to Refinitiv as data
controller. Refinitiv shall respond to this request,
unless we expressly agree otherwise. You agree to
provide reasonable cooperation to enable us to
formulate that response.
4
September 2020