Data protection policy

This policy describes the organisational and technical safeguards Trapets has implemented to protect personal data as processor for our customers.

A tall building with a curved glass facade reflecting the sky and clouds.

Data policy

Purpose

Trapets provides services and systems to the global finance industry for monitoring of transactions, KYC, customer due diligence and fraud prevention.

This policy describes the organizational and technical safeguards Trapets has implemented to protect Personal Data processed by Trapets within our service delivery, as processor for our customers (the controllers). 

Data protection policy

Definitions

  • Personal data

    Any information relating to an identified or identifiable natural person (data
    subject).

  • Processing

    Any operation or sets of operations performed on personal data, such as
    collection, recording, organization, structuring, storage, adaptation or
    alteration, retrieval, consultation, use, disclosure by transmission, dissemination
    or otherwise making available, alignment or combination, restriction, erasure or
    destruction.

  • Controller

    The natural or legal person, public authority or other body, who determines the
    purposes and means of the processing of personal data, in this case Trapets’
    customer(s) or their affiliate(s).

  • Processor (or sub-processor)

    The natural or legal person, public authority or other body that processes
    personal data on behalf of the data controller, in this case Trapets, including
    Trapets affiliates and sub-processor(s).

  • Data subject

    An identified or identifiable natural person.

  • KYC Screening data

    Content in the agreed and specified screening lists included in the agreed
    InstantWatch KYC services. Such lists can be company information and
    beneficial ownership lists, sanctions lists, PEP lists or other lists, as specified in
    the applicable customer agreement.

General privacy principles

Personal data shall always be:

  • processed fairly and lawfully (“lawfulness, fairness and transparency”);
  • collected and processed for specific and legitimate purposes (“purpose limitation”);
  • adequate, relevant and limited to what is necessary for the purpose (“data minimisation”);
  • accurate and kept up to date (“accuracy”);
  • kept for no longer than is necessary for the purpose (“storage limitation”);
  • processed using appropriate technical and organizational measures to protect against unauthorized alteration, accidental loss, destruction or damage (“integrity and confidentiality”).

Lawfulness, fairness, and transparency

Trapets as a processor does not determine the scope or purposes for the processing we perform for its customers as controllers.

Purpose limitation

All personal data processed by Trapets as processor for our customers is processed in accordance with the agreement, including Data Processing Agreement and applicable instructions, with each customer.

Data minimisation

Trapets may assist customers by providing an overview of the data or categories of data that our products or services require to perform their intended functionality. The data or categories of data that are finally processed for each customer are defined by the customer.

Accuracy

The Controller should take necessary steps to ensure that the information and Personal Data sent to Trapets is correct and up to date.

Trapets provides KYC Screening Data "as is", it is therefore incumbent on the Customer to check that the KYC Screening Data is of high enough quality for its use of the Customer.

Stage limitation

Depending on the product, Trapets offers a standard configuration and/or the possibility for each Controller to define customized deletion routines or to request deletion on an ad hoc basis in accordance with the Controllers’ internal retention policies.

Integrity and confidentiality

Trapets uses a data classification system that ensures integrity and confidentiality. All personal data processed by Trapets as a Processor is subject to the highest level of security and access is restricted to employees with a need for such access for the performance of Trapets’ services.

Categories of personal data

In the course of service delivery for its customers, Trapets will process personal data of the following categories of data subjects (Category A Data subjects).

  • End customers Instantwatch TM/CDD/Fraud
  • End customers Instantwatch Screening
  • Persons listed on Instantwatch KYC Screening Lists
  • Users in the Instantwatch platform
  • Beneficial owners and representatives with connection to end customers
  • End customers and trading participants in Instantwatch Market and Trade Surveillance.


A categorization of each data field has been made if it contains personal data or not in the indata specification for the data being processed for the following categories of data subjects:

  • End customers Instantwatch TM/CDD/Fraud
  • End customers Instantwatch Screening
  • Persons listed on Instantwatch KYC Screening Lists
A smiling woman with blonde hair, holding a laptop.

Data protection

Security measures

Trapets has technical and organisational measures in place, including but not limited to information security policies and regular training in secure handling of personal data. Trapets is certified according to ISO 27001 Standard in Information Security Management, which confirms Trapets ability to uphold a high level of information safety and security. 

A person’s hands writing in a notebook with a pen.

Data protection policy

Full documentation

Find the full documentation for the Data protection policy and read more here.

Trust centre

Discover more

  • A person going past a window with colorful reflections.

    Information security and privacy

    We understand that security and customer data are crucial to our solutions and adhere to the highest information security management standards.

  • A modern office setting with a group of people seated around a wooden conference table.

    Code of conduct

    We must observe high ethical principles in all our activities. Each individual is critical in defining and protecting our most valuable asset - trust.