Privacy Policy

1. Introduction

AML Meter ("we", "our", "us") is a compliance technology platform designed to support the following –

• Name and Watchlist screening including sanctions and PEP screening
• KYC and Customer Due Diligence workflows and reports
• Risk scoring and profiling of customers
• Assistance in Regulatory Reporting (GoAML)

AML Meter operates through registered entities in the United Arab Emirates and Bangladesh. This Privacy Policy explains how AML Meter processes personal data in accordance with:

• EU General Data Protection Regulation 2016/679 (GDPR)
• UK General Data Protection Regulation (UK GDPR)
• UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL)
• Other applicable data protection laws

This Privacy Policy explains how AML Meter collects, processes, stores, and protects information when you:

• Use the AML Meter platform
• Access our website
• Register for an account
• Submit customer screening and KYC data
• Communicate with us

2. Data Protection Roles

AML Meter processes personal data in two capacities.

2.1 AML Meter as Data Processor (Article 28 GDPR)

AML Meter acts as a Data Processor when processing:

• Client customer data
• Client’s client identification details
• CDD documentation
• Screening inputs and results
• Risk scoring outputs
• Case investigation records
• UBO and beneficial ownership information

In this context:

• The client organization acts as the Data Controller
• AML Meter processes data only on documented instructions
• AML Meter does not determine the purposes or legal basis of processing

AML Meter complies with Article 28 GDPR obligations, including:

• Processing only under written instruction
• Ensuring confidentiality of personnel
• Implementing appropriate technical and organizational measures
• Assisting controllers with data subject rights
• Supporting breach notification obligations

2.2 AML Meter as Data Controller (Article 24 GDPR)

AML Meter acts as a Data Controller for:

• Client organization account data
• Authorized platform user data
• Contractual and onboarding information
• Billing and subscription data
• Website visitor data
• Marketing preferences

Legal basis for such processing includes:

• Contractual necessity (Article 6(1)(b) GDPR
• Legal obligation (Article 6(1)(c))
• Legitimate interest (Article 6(1)(f))
• Consent where applicable (Article 6(1)(a))

3. Categories of Personal Data

3.1 Client Organization and User Data

• Company name
• Registration number
• Contact name
• Official email address
• Telephone number
• User credentials and access roles
• Billing and payment details

3.2 Client Customer Data (Processed Under Instruction)

• Full name
• Date of birth
• Nationality
• Identification numbers
• Passport or ID details
• Corporate registration data
• Beneficial ownership information
• Screening results
• Risk ratings
• Investigation notes
• Audit logs

AML Meter does not originate or independently collect this data.

3.3 Technical and Log Data

• IP addresses
• Device identifiers
• Login timestamps
• System activity records
• Audit trail data

This data is necessary for system security, integrity, and regulatory traceability.

4. GDPR Principles Applied

AML Meter adheres to GDPR Article 5 principles:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

5. International Data Transfers

AML Meter's data centers are located exclusively in the United Arab Emirates. If you are accessing our services from the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data will be transferred to and processed in the UAE. The UAE has not been recognised by the European Commission or UK Government as providing an adequate level of data protection equivalent to that in the EEA or UK. To ensure your data is protected to GDPR standards, AML Meter relies on the following safeguards:

• Standard Contractual Clauses (SCCs): For transfers from the EEA, AML Meter has implemented the European Commission's Standard Contractual Clauses (2021/914) for the transfer of personal data to third countries.
• UK International Data Transfer Addendum: For transfers from the United Kingdom, AML Meter has implemented the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

Copies of these safeguards are available upon request by contacting trustandsafety@amlmeter.com. By using our services, you acknowledge that your data will be transferred to and processed in the UAE under these safeguards.

6. Data Retention

Data is retained:

• For the duration of the service agreement
• According to client-defined retention settings
• As required by legal or regulatory obligations

Upon termination:

• Data may be returned to the client
• Data may be securely deleted in accordance with contractual terms

If a client does not specify retention settings or fails to retrieve their data upon termination of the service agreement, AML Meter will securely delete all Client Data ninety (90) days after the end of the contract, unless a longer retention period is required by applicable law for AML Meter's own compliance (e.g., tax, audit, or anti-money laundering record-keeping obligations). Where required by law, data may be retained in a restricted, archived form for the legally mandated period.

7. Data Security Measures

AML Meter implements appropriate technical and organizational measures under Article 32 GDPR, including:

• Encrypted data transmission
• Secure authentication mechanisms
• Role-based access controls
• Logical data segregation
• Audit logging and traceability
• Controlled administrative access
• Periodic access review

8. Data Subject Rights (GDPR)

Where applicable, data subjects may have rights under GDPR, including:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restrict (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)

For client customer data, requests must be directed to the relevant client organization acting as Data Controller. AML Meter will assist controllers in responding to lawful requests.

9. Personal Data Breach Notification

In the event of a personal data breach:

• AML Meter will notify the relevant client without undue delay
• AML Meter will provide necessary information to support regulatory reporting
• Corrective measures will be implemented

Controllers remain responsible for notifying supervisory authorities and affected individuals where required.

10. Subprocessors

AML Meter may engage subprocessors to assist in providing the Services. A current list of subprocessors, including their name, purpose, and location, is maintained at: www.amlmeter.com/subprocessors Before engaging any new subprocessor, AML Meter will:

• Update the list at the above URL;
• Notify affected Clients via the email address associated with their account at least fourteen (14) days in advance.

If a Client objects to a new subprocessor on reasonable grounds relating to the protection of personal data, the Client may terminate the affected services without penalty by providing written notice within fourteen (14) days of the notification. All subprocessors are contractually bound to comply with data protection obligations equivalent to those imposed on AML Meter under this Privacy Policy.

11. Cookies and Website Tracking

11.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, understand how you use the site, and deliver targeted content.

11.2 Types of Cookies We Use

11.3 Consent and Control

When you first visit our website, you will see a cookie banner asking for your consent. You may:

• Accept All – consent to all cookie types;
• Decline – accept only essential cookies;
• Customize – select which cookie categories to accept.

You can change your preferences at any time by clicking the "Cookie Settings" link in the website footer.

11.4 Managing Cookies via Browser

Most browsers allow you to control cookies through settings. You can:

• Delete all cookies;
• Block specific cookies;
• Set preferences for certain websites.

Instructions for common browsers:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

11.5 Do Not Track Signals

Our website does not currently respond to "Do Not Track" (DNT) signals. We will continue to monitor industry standards and update this policy as practices evolve.

11.6 Consequences of Disabling Cookies

If you disable essential cookies, certain parts of our website may not function properly. Disabling analytics or marketing cookies will not affect website functionality but may result in less personalized content.

11.7 Updates to This Cookie Policy

We may update this Cookie Policy from time to time. The latest version will always be available on our website with an updated effective date.

12. Changes to This Policy

AML Meter may update this Privacy Policy periodically. The updated version will be published with a revised effective date.

13. Contact Details

AML Meter
Data Protection Enquiries: trustandsafety@amlmeter.com
Legal Enquiries: legal@amlmeter.com
Location: United Arab Emirates

If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or your national data protection authority).