This privacy notice contains important information on who we are, how and why we collect, store, use and make personal information available, details of an individual’s rights in relation to the personal data we hold, how to contact us and what to do if you have a complaint regarding the way we process personal information. We ask that you read it carefully.
Note that this Privacy Notice governs the information that forms part of the OpenCorporates corporate data set (i.e. the database of information about companies, including their ownership and activities, that OpenCorporates makes available). For information on the way in which OpenCorporates processes personal information collected through use of the OpenCorporates website or services please see here.
OpenCorporates exists to make information about companies more accessible, more discoverable, and more usable for the public benefit.
We do this by maintaining an archive of information about companies, including their ownership and activities, that we collect from a variety of sources, and organising this information in such a way that can be used for the broader public benefit, including by increasing corporate transparency, creating a more trusted business environment, helping individuals engage with companies on a global basis and assisting in tackling the use of companies for criminal or anti-social purposes (for example for identifying and exposing corruption, money laundering and organised crime).
For more information on our public mission and, the corporate structure we have put in place to support this, please see here.
Who we are
OpenCorporates is a trading name of OpenCorporates Ltd, which is a company incorporated in England and Wales (Company Registration Number 07444723).
In order to provide our services, we collect, use and make available certain personal information. We do this in accordance with the principles set out in this Privacy Notice, and in compliance with the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom).
For the purposes of the GDPR, we are a “controller” of personal information.
The personal information we collect and how we use it
Most countries publish some information about companies as part of the official public record. This often includes information about the ownership of the company, together with details of certain individuals and officers associated with the company. As the owners and officers of a company are often (though not always) individuals, this means that much of this information will consist of personal information.
The information that we collect will vary from territory to territory depending on the information contained on the official public record for that territory. In addition to an individual’s name, it is common for the official public record to contain:
- an official address for that individual (not least to ensure that legal redress can be obtained); and
- other information about that individual, including nationality, occupation, or even occasionally date of birth.
We aim to be completely open and transparent about the source of information we collect and wherever possible we publish a link to the source of the data we have collected.
Who can access the information collected by OpenCorporates
A fundamental aspect of our public mission is that that everyone should have easy access to the information we collect and maintain. In delivering this public mission, we therefore make our services available to individuals and organisations:
- via the OpenCorporates website ;
- via the OpenCorporates API; and
- via bulk download to users and customers on a case-by-case basis.
We will also share information with law enforcement or other authorities if required by applicable law.
How long does OpenCorporates keep personal information
The information we collect forms part of our historical archive of company information.
Maintaining this on an on-going basis is fundamental to our public interest mission, and is particularly important for those using our services for investigative purposes. Accordingly, we do not automatically delete or remove information after a certain period of time (as the European Court of Justice has ruled, “matters requiring the availability of personal data in the companies register may arise for many years after a company has ceased to exist”).
Our grounds for processing personal information
We collect, store, use and make personal information available in order to further our public interest mission – namely to maintain an accessible record of company data. We rely on Article 89 of the GDPR which covers archiving purposes in the public interest.
In the vast majority of cases, the personal information we collect will also have been made public by the data subject themselves through the submission of such information to a public register.
Under the General Data Protection Regulations, you have a number of important rights. For the corporate archive information we hold, these include:
- The right to fair processing of your information and transparency over how we use your personal information; and
- The right to lodge a complaint with a supervisory authority.
To ensure that our collection and processing of your information is fair, we also give you the right to:
- obtain any information as to the source(s) of information that we hold about you;
- access personal information that we hold about you; and
- require us to correct any mistakes in information we hold about you; and
Note that our legitimate interest in providing a comprehensive and accessible record of information about companies means that we do not give individuals the right to have information about them erased other than as set out Redacting information, below.
Transfer of your information out of the EEA
The nature of a web-based service means that information will be available to persons all over the world. Whilst OpenCorporates does not routinely transfer the information it holds outside the EEA, it is possible for the information contained in the OpenCorporates corporate database to be accessed from anywhere in the world. Making such information available to all without restriction is consistent with our public interest mission.
Keeping personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or accessed in an unauthorised way.
We also have procedures in place to deal with any suspected data security breach and will issue a public notification of any security breaches in accordance with our obligations under applicable law (including under the GDPR).
If we are informed that a public company register has removed (or limited access to) certain information about a person concerned with a company due to exceptional circumstances (for example, because of a serious risk to personal safety), we will:
- update the OpenCorporates records in a timely manner; and
- institute a procedure for temporarily removing the relevant information from the OpenCorporates records while this is being carried out.
In keeping with our public mission to maintain a historical archive of corporate information, we will normally only redact information when a company register has redacted it due to exceptional circumstances (such as a serious risk to personal safety). We do not deal with reputation management companies.
You can inform us of any application made to a public company register to remove or limit access to your information by sending an email to firstname.lastname@example.org. The email should contain full details of the reasons for requesting such removal or limitation. Note that requests for redaction of personal information must be made by the individual concerned or their legal representatives (including in the case of minors, their parents or guardians).
Other Specific Issues
Public interest – Free speech v Privacy
As discussed above, most countries publish information about the ownership of companies together with details of the directors and officers of such companies. This will result in personal data about individuals forming part of the public record which can, in certain cases, lead to a conflict between the right to know, the right to free speech and the right to privacy. Particular sensitivities can be felt where, for example, directors or companies choose to submit a residential address to the relevant public register. Where the balance is drawn between these potential conflicts is not always clear and varies from country to country.
Our approach is that OpenCorporates shouldn’t seek to be an arbiter in this regard. We strive to accurately reflect the information that is published in the public records and we will defer to the official company register on what information is published about the individuals connected with companies, especially the owners, officers and directors.
Information regarding minors
Where information in the public record clearly relates to minors, for example where there is a name and date of birth, OpenCorporates will restrict access to the record by allowing access only to logged in users (registration is free), and additionally adding a no-index tag to the page(s) concerned.
How to complain
We hope our data team would be able to resolve any query or concern you raise about our use of your information (see Contact us below).
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
If you have any questions about this Privacy Notice, or the information we hold about you, please contact our data team via email at email@example.com
If you wish to contact us for any other reason, we can be contacted:
By Email: firstname.lastname@example.org
By Post: OpenCorporates Ltd, Aston House, Cornwall Avenue, London, N3 1LF, United Kingdom
Changes to this privacy notice
This privacy notice was published on 25 May 2018 and last updated on 25 May 2018.
We may change this privacy notice from time to time by posting an updated version of this privacy notice at this address.