Privacy Policity

Privacy statement BlueMonks BV, 2023


We are BlueMonks. An International Financial and Economic crime boutique based in the Netherlands with a focus on all aspects of the Know Your Customer (KYC) and Anti Money Laundering (AML) standards. This includes money laundering, funding of terrorism, tax evasion and other forms of FEC (Financial Economic Crime). Supervisory bodies expect financial institutions to take measures in order to prevent FEC and BlueMonks helps financial institutions to find the best approach to do so. For more information about our services, you can read more about us here.


The objective of this privacy statement is to provide more information about the way in which personal data is handled by BlueMonks when our services are utilised. We only process personal data in a lawful way and give high priority to the protection of these data. We consider personal data to be data that are given to us, but also any data that we may collect from or about you. It applies to products and services for which we collect your personal data, and all personal information that is processed by or on behalf of BlueMonks. As a data controller, we act reasonably in order to protect your privacy. This statement explains how we intend to do this.


This online privacy statement might be updated periodically, for example in the event of changes in the law or changes in our privacy practices. When changes are made, the ‘latest update’ will be revised. If the changes are significant, we will notify you of this through a post on our website.


Processing Personal Information

We process your personal data in order to provide our services. BlueMonks’ main expertise lies in providing services regarding the implementation of FEC – related laws and regulations at financial institutions. Furthermore, BlueMonks also offers support in optimising existing processes, systems and policies. This means that we may, for example, collect personal data through automated processing, but also when you freely provide information by, for example, completing our (contact) forms or sending us an e-mail. This means that we can offer services, but also, for example, can target EU residents with advertising cookies and store your IP addresses in our log files.  


We operate in the following areas and offer services that are related to:


  • Systematic Integrity Risk Analysis (SIRA)
  • Know Your Customer (KYC)
  • Customer Due Diligence (CDD)
  • Ongoing Due Diligence
  • Client Activity Monitoring
  • Transaction filtering and monitoring, Client filtering
  • Onboarding specialists


Personal data that we, as a data controller, may collect from you for purposes of this privacy statement, include your name, e-mail address, information about your company and phone number. We will only use this data to inform you via BlueMonks newletter and for the specific reason for which it was provided. If you do not want your personal data to be collected, please notify us and we exclude your data. If you do not want to receive the BlueMonks newsletter, you can easily unsubscribe via the link in the footer of the newsletter.

As is the case with the majority of websites, certain information is collected automatically. This information may include:


  • Internet protocol (IP) addresses
  • Browser type
  • Internet service provider (ISP)
  • Referring/exit pages
  • The files viewed on our site (e.g., HTML pages, graphics, etc.)
  • Operating system
  • Date/time stamp
  • Clickstream data to analyse trends in the aggregate and administer the site.



We collect personal information from the following general sources:

  • From you directly
  • Information generated about you when you use our products and services
  • From other sources such as publicly available information (for example social media, internet, news articles)

How do we use your personal data and what are the legal grounds for our processing?

We use your personal data for the following purposes:

  • Contacting you to provide more information about our services.
  • Managing the projects and services signed for.
  • To perform and/or test the performance of our services and internal processes.
  • To improve the operation of our business.
  • For management and auditing of our business operations including accounting.
  • To monitor and to keep records of our communications with you and our staff.
  • For market research and analysis.
  • To comply with legal and regulatory obligations, requirements and guidance

Legal Grounds

We rely on the following legal bases for the use of your personal data:

Where it is needed to provide you with our services or a contractual obligation: all activities that are relevant to manage the service including enquiry, application, administration and management.

Where it is in our legitimate interests to do so.

  • To comply with our legal obligations.
  • With your consent or explicit consent: where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
  • To protect a vital interest of an individual.
  • With your explicit consent.
  • Sharing your personal information with other organisations.

We may share information with the following third parties for the purposes listed above:

  • Business partners.
  • Governmental and regulatory bodies.
  • Other organisations and businesses who provide services, such as IT software and maintenance providers, document storage providers and suppliers of other backoffice functions.
  • Market research organisations that help us to develop and improve our products and services.

Retention period

Unless explained otherwise to you, we will hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations.
  • Retention periods in line with legal and regulatory requirements or guidance.


We do not intend to collect any personal data from children under the age of 16 since we don’t provide any services that might concern children. If we become aware that we have unknowingly collected personal data from a child under the age of 16, without having a parent or guardian consent on file, we will delete such personal data from our records.


What are your rights under data protection laws?

Listed below are the rights of all individuals under the data protection law and regulations. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they apply or not.

  • The right to be informed about the processing of your personal information.
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
  • The right to object to processing.
  • The right to restrict processing.
  • The right to have your personal information erased(the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it.
  • The right to move, copy or transfer your personal information(“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), which enforces the data protection laws. You can contact us using the details below.

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us to exercise these rights.

Privacy Officer

We have a dedicated Privacy Officer who you can contact using the details on our Contact Us form.

Contact us

If you have any questions about this privacy statement, or if you wish to exercise your rights please fill in our Contact Form.