Privacy Policy

Last updated: 15 April 2026

AML Watchtower is committed to protecting personal data and processing it in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.

1. Who We Are

AML Watchtower provides AML outsourcing and compliance support services, including KYC / CDD / EDD, transaction monitoring and investigations, and ongoing due diligence (ODD / EODD).

For general website enquiries, AML Watchtower acts as the data controller. When we process personal data on behalf of our business clients as part of AML service delivery, we typically act as a data processor, unless applicable law or contractual arrangements state otherwise.

Contact details:
AML Watchtower, MB
J. Lebedžio str. 1, Vilnius LT-08353, Lithuania
Email: contact@amlwatchtower.eu
Phone: +370 644 66615

2. What Personal Data We Collect

Website enquiries

• First name and last name
• Work email address
• Company name
• Phone number, if provided
• Message or enquiry details

AML outsourcing services

Depending on the scope of services, we may process categories of personal data such as:

• Identification data
• Contact information
• Customer due diligence information
• Beneficial ownership and control information
• Customer risk assessment data
• Sanctions, PEP, and adverse media screening results
• Transaction and account-related information
• Source of funds or source of wealth information
• Case handling, alert review, and investigation notes

3. Purposes of Processing

We process personal data for the following purposes:

• To respond to enquiries submitted via our website or email
• To provide AML outsourcing services to our clients
• To conduct KYC, CDD, EDD, and re-KYC reviews
• To perform transaction monitoring, alert handling, and investigations
• To support suspicious activity reporting workflows
• To perform ongoing due diligence and periodic customer reviews
• To maintain records, quality assurance, and audit trails
• To meet contractual, legal, and regulatory obligations

4. Legal Bases for Processing

We rely on one or more of the following legal bases under GDPR:

• Contractual necessity – where processing is required to provide services or take steps before entering into a contract
• Legitimate interests – for business communications, service improvement, and handling enquiries
• Legal obligation – where processing is required under applicable AML/CFT, accounting, tax, or regulatory requirements
• Consent – where this is required by law, for example for certain cookies or optional communications

5. Data Sharing

We may share personal data only where necessary and appropriate, including with:

• Our clients, where we provide AML services on their behalf
• IT, cloud hosting, and secure software providers
• Sanctions, PEP, identity verification, or screening solution providers
• Professional advisers, auditors, or insurers
• Competent authorities, regulators, law enforcement, or courts where disclosure is required by law

We do not sell personal data.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area, we take steps to ensure an adequate level of protection, including the use of European Commission adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms where required.

7. Data Retention

We keep personal data only for as long as necessary for the relevant purpose, including:

• Enquiry data: typically up to 24 months after the last contact, unless a business relationship begins sooner
• Client service data: for the duration of the engagement and thereafter in line with contractual, legal, and regulatory retention requirements
• AML-related records: for the period required by applicable law or client instructions, which may commonly range from 5 to 10 years

8. Data Security

We use appropriate technical and organisational security measures designed to protect personal data, including:

• Access controls and least-privilege access
• Use of secure systems and protected environments
• Confidentiality obligations
• Documented internal handling procedures
• Measures intended to prevent unauthorised access, alteration, disclosure, or loss

9. Your Rights

Subject to applicable law, individuals may have the right to:

• Request access to their personal data
• Request correction of inaccurate or incomplete data
• Request deletion of personal data
• Request restriction of processing
• Object to certain processing
• Request data portability
• Withdraw consent, where processing is based on consent
• Lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at contact@amlwatchtower.eu.

10. Cookies and Website Data

Our website may use cookies or similar technologies to support functionality, security, and analytics. Where required by law, we will request consent before placing non-essential cookies.

You can manage cookies through your browser settings. A separate Cookie Policy may be provided where applicable.

11. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the content, privacy practices, or security of those third-party websites.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our business operations. The latest version will always be published on this page together with the updated revision date.

13. Contact Us

If you have questions about this Privacy Policy or the processing of personal data, please contact:

AML Watchtower, MB
J. Lebedžio str. 1, Vilnius LT-08353, Lithuania
Email: contact@amlwatchtower.eu
Phone: +370 644 66615