This Privacy Notice contains important information on who we are, how and why we collect, store, use and make personal information available, details of an individual’s rights in relation to the personal data we hold, how to contact us and what to do if you have a complaint regarding the way we process personal information. We ask that you read it carefully.
Note that this Privacy Notice governs the information that forms part of the OpenCorporates corporate data set (i.e. the database of information about companies, including their ownership and activities, that OpenCorporates makes available). We use the terms "company" and "companies" in this Privacy Notice, and when we do, we mean any corporate organisation or business entity that is registered in a territory's official public record.
For information on the way in which OpenCorporates processes personal information collected through use of the OpenCorporates website or services please see here.
OpenCorporates exists to make information about companies more accessible, more discoverable, and more usable for the public benefit.
We do this by maintaining an archive of information about companies, including their ownership and activities, that we collect from a variety of sources, and organising this information in such a way that can be used for the broader public benefit, including by increasing corporate transparency, creating a more trusted business environment, helping individuals engage with companies on a global basis and assisting in tackling the use of companies for criminal or anti-social purposes (for example for identifying and exposing corruption, money laundering and organised crime).
For more information on our public mission and, the corporate structure we have put in place to support this, please see here.
OpenCorporates is a trading name of OpenCorporates Ltd, which is a company incorporated in England and Wales (Company Registration Number 07444723).
In order to provide our services, we collect, use and make available certain personal data. We do this in accordance with the principles set out in this Privacy Notice, and in compliance with the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.
For the purposes of the UK GDPR, we are a “controller” of personal data.
We have appointed a Data Protection Officer who oversees OpenCorporates data processing activities. You can contact our Data Protection Officer using the contact details at the end of this policy.
Most countries publish some information about companies as part of the official public record. This often includes information about the ownership of the company, together with details of certain owners and officers associated with the company. As the owners and officers of a company are often (though not always) individuals, this means that much of this information will consist of personal data.
The information that we collect will vary from territory to territory depending on the information contained on the official public record for that territory. We aim to be completely open and transparent about the source of information we collect and wherever possible we publish a link to the source of the data we have collected.
In the vast majority of cases, the personal data we collect will have been made public by the individual themselves through the submission of such information to a public register.
If you are or were an officer, shareholder or ultimate beneficial owner of a company, or a sole trader registered with a company registry, we may collect and process the following information about you in our public records register (dependant on what the official public record requires):
If you are the registered owner of a trade mark, license or trading/”doing business as” name related to a company held by OpenCorporates, we may collect and process your name and address in our public records register.
A fundamental aspect of our public mission is that everyone should have easy access to the information we collect and maintain. In delivering this public mission, we therefore make our services available to individuals and organisations:
We will also share information, including personal data, with law enforcement or other authorities if required by applicable law.
Whilst we make our services available to everyone, the OpenCorporates website, API and bulk download is not designed for access or use by minors.
The information we collect forms part of our historical archive of company information.
Maintaining this on an on-going basis is fundamental to our public interest mission, and is particularly important for those using our services for investigative purposes. Accordingly, we do not automatically delete or remove information from our public records register after a certain period of time (as the European Court of Justice has ruled, “matters requiring the availability of personal data in the companies register may arise for many years after a company has ceased to exist”).
The lawful basis that we rely on for processing personal information in our public records register is that the processing is necessary for our legitimate interests which are not outweighed by the rights and freedoms of the individual (Article 6(1)(f) of the UK GDPR). Our legitimate interests include the fulfilment of our mission as set out above; namely, to increase and promote transparency of the corporate and business world, including the existence, ownership and activities and entities and people connected with them, by maintaining our public register.
The nature of a web-based service means that information will be available to persons all over the world. Whilst OpenCorporates does not routinely transfer the information it holds outside the UK, it is possible for the information contained in the OpenCorporates public records register to be accessed from anywhere in the world. Making such information available to all without restriction is consistent with our public interest mission.
We have appropriate security measures in place to prevent personal information from being accidentally lost or accessed in an unauthorised way.
We also have procedures in place to deal with any suspected data security breach that we suffer and will issue a public notification of any security breaches that we suffer in accordance with our obligations under applicable law (including under the UK GDPR).
Under the UK GDPR, individuals have a number of important rights. These include:
To ensure that our collection and processing of your information is fair, we also give you the right to:
However, please be aware that not all of these rights are available to everyone all of the time. There may be exceptions that apply meaning that some of these rights do not apply to the personal information that we process about you.
Most notably in the case of our public records register, there is an exception to the "right to be forgotten" where processing is necessary for exercising the right of freedom of expression and information. We process personal information in the context of providing journalistic functions, disclosing personal information to the public for public interests purposes and our exercising of our fundamental right to freedom of expression and information under Article 10 of the European Convention on Human Rights and Article 11 of the European Charter of Fundamental Rights and Freedoms. We therefore do not routinely give individuals the right to have information that we process about them erased other than as set out below.
If we are informed that a public company register has removed (or limited access to) certain information about a person concerned with a company due to exceptional circumstances (for example, because of a serious risk to personal safety), we will:
In keeping with our public mission as further explained above, we will normally only redact information when a company register has redacted it due to exceptional circumstances (such as a serious risk to personal safety). We do not deal with reputation management companies.
You can inform us of any application made to a public company register to remove or limit access to your information by sending an email to email@example.com. The email should contain the relevant URLs, your position in the company and full details of the reasons for requesting such removal or limitation. We may require further information from you in order to fully consider your request. Note that requests for redaction of personal information must be made by the individual concerned or their legal representatives (including in the case of minors, their parents or guardians).
We decide requests to remove or limit access to personal data on a case by case basis and our decisions are not precedential.
As discussed above, most countries publish information about the ownership of companies together with details of the directors and officers of such companies. This will result in personal data about individuals forming part of the public record which can, in certain cases, lead to a conflict between the right to know, the right to free speech and the right to privacy. Particular sensitivities can be felt where, for example, directors or companies choose to submit a residential address to the relevant public register. Where the balance is drawn between these potential conflicts is not always clear and varies from country to country.
Our approach is that OpenCorporates shouldn't seek to be an arbiter in this regard. We strive to accurately reflect the information that is published in the public records and we will defer to the official company register on what information is published about the individuals connected with companies, especially the owners, officers and directors.
We do not set out to process personal data about minors, however on rare occasions there may be information in public records that relates to minors. Where OpenCorporates becomes aware that information in a public record clearly relates to minors, for example where there is a name and date of birth, OpenCorporates will restrict access to the record by allowing access only to logged in users (registration is free). We will also add a no-index tag to the web page(s) concerned which stops the webpage(s) from appearing in a Google search.
We hope our data team would be able to resolve any query or concern you raise about our use of your information (see Contact us below).
The UK GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
If you have any questions about this Privacy Notice, or the information we hold about you, please contact our Data Protection Officer via email at firstname.lastname@example.org
If you wish to contact us for any other reason, we can be contacted:
By Email: email@example.com
By Post: OpenCorporates Ltd, Aston House, Cornwall Avenue, London, N3 1LF, United Kingdom
This privacy notice was published on 25 May 2018 and last updated on 4 Oct 2021.
We may change this privacy notice from time to time by posting an updated version of this privacy notice at this address.