Learn how to leverage transparent company data at scale. Subscribe to our emails
The Open Database Of The Corporate World

Public Records Privacy Notice

This Privacy Notice contains important information on who we are, how and why we collect, store, use and make personal information available, details of an individual’s rights in relation to the personal data we hold, how to contact us and what to do if you have a complaint regarding the way we process personal information. We ask that you read it carefully.

Note that this Privacy Notice governs the information that forms part of the OpenCorporates corporate data set (i.e. the database of information about companies, including their ownership and activities, that OpenCorporates makes available). We use the terms "company" and "companies" in this Privacy Notice, and when we do, we mean any corporate organisation or business entity that is registered in a territory's official public record.

For information on the way in which OpenCorporates processes personal information collected through use of the OpenCorporates website or services please see here.

Our mission

OpenCorporates exists to make information about companies more accessible, more discoverable, and more usable for the public benefit.

We do this by maintaining an archive of information about companies, including their ownership and activities, that we collect from a variety of sources, and organising this information in such a way that can be used for the broader public benefit, including by increasing corporate transparency, creating a more trusted business environment, helping individuals engage with companies on a global basis and assisting in tackling the use of companies for criminal or anti-social purposes (for example for identifying and exposing corruption, money laundering and organised crime).

For more information on our public mission and, the corporate structure we have put in place to support this, please see here.

Who we are

OpenCorporates is a trading name of OpenCorporates Ltd, which is a company incorporated in England and Wales (Company Registration Number 07444723).

In order to provide our services, we collect, use and make available certain personal data. We do this in accordance with the principles set out in this Privacy Notice, and in compliance with the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018.

For the purposes of the UK GDPR, we are a “controller” of personal data.

We have appointed a Data Protection Officer who oversees OpenCorporates data processing activities. You can contact our Data Protection Officer using the contact details at the end of this policy.

The personal information we collect and how we use it

Most countries publish some information about companies as part of the official public record. This often includes information about the ownership of the company, together with details of certain owners and officers associated with the company. As the owners and officers of a company are often (though not always) individuals, this means that much of this information will consist of personal data.

The information that we collect will vary from territory to territory depending on the information contained on the official public record for that territory. We aim to be completely open and transparent about the source of information we collect and wherever possible we publish a link to the source of the data we have collected.

In the vast majority of cases, the personal data we collect will have been made public by the individual themselves through the submission of such information to a public register.

If you are or were an officer, shareholder or ultimate beneficial owner of a company, or a sole trader registered with a company registry, we may collect and process the following information about you in our public records register (dependant on what the official public record requires):

  • name;
  • address;
  • unique identifier;
  • partial or full date of birth;
  • occupation;
  • nationality;
  • details of the company that you are an officer for and filings that refer to you (please be aware that not all of this is personal data); and
  • gazette notices (being statutory and non-statutory notices that are published in an official public record) that refer to you.

If you are the registered owner of a trade mark, license or trading/”doing business as” name related to a company held by OpenCorporates, we may collect and process your name and address in our public records register.

Who can access the information collected by OpenCorporates

A fundamental aspect of our public mission is that everyone should have easy access to the information we collect and maintain. In delivering this public mission, we therefore make our services available to individuals and organisations:

  • via the OpenCorporates website (https://opencorporates.com/);
  • via the OpenCorporates API (https://api.opencorporates.com/); and
  • via bulk download to users and customers on a case-by-case basis.

We will also share information, including personal data, with law enforcement or other authorities if required by applicable law.

Whilst we make our services available to everyone, the OpenCorporates website, API and bulk download is not designed for access or use by minors.

How long does OpenCorporates keep personal information

The information we collect forms part of our historical archive of company information.

Maintaining this on an on-going basis is fundamental to our public interest mission, and is particularly important for those using our services for investigative purposes. Accordingly, we do not automatically delete or remove information from our public records register after a certain period of time (as the European Court of Justice has ruled, “matters requiring the availability of personal data in the companies register may arise for many years after a company has ceased to exist”).

Our grounds for processing personal information

The lawful basis that we rely on for processing personal information in our public records register is that the processing is necessary for our legitimate interests which are not outweighed by the rights and freedoms of the individual (Article 6(1)(f) of the UK GDPR). Our legitimate interests include the fulfilment of our mission as set out above; namely, to increase and promote transparency of the corporate and business world, including the existence, ownership and activities and entities and people connected with them, by maintaining our public register.

Transfer of your information out of the UK

The nature of a web-based service means that information will be available to persons all over the world. Whilst OpenCorporates does not routinely transfer the information it holds outside the UK, it is possible for the information contained in the OpenCorporates public records register to be accessed from anywhere in the world. Making such information available to all without restriction is consistent with our public interest mission.

Keeping personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or accessed in an unauthorised way.

We also have procedures in place to deal with any suspected data security breach that we suffer and will issue a public notification of any security breaches that we suffer in accordance with our obligations under applicable law (including under the UK GDPR).

Your rights

Under the UK GDPR, individuals have a number of important rights. These include:

  • The right to fair processing of your information and transparency over how we use your personal data; and
  • The right to lodge a complaint with a supervisory authority (see How to complain below).

To ensure that our collection and processing of your information is fair, we also give you the right to:

  • obtain any information as to the source(s) of information that we hold about you;
  • access personal information that we hold about you; and
  • require us to correct any mistakes in information we hold about you.

However, please be aware that not all of these rights are available to everyone all of the time. There may be exceptions that apply meaning that some of these rights do not apply to the personal information that we process about you.

Most notably in the case of our public records register, there is an exception to the "right to be forgotten" where processing is necessary for exercising the right of freedom of expression and information. We process personal information in the context of providing journalistic functions, disclosing personal information to the public for public interests purposes and our exercising of our fundamental right to freedom of expression and information under Article 10 of the European Convention on Human Rights and Article 11 of the European Charter of Fundamental Rights and Freedoms. We therefore do not routinely give individuals the right to have information that we process about them erased other than as set out below.

Redacting information

If we are informed that a public company register has removed (or limited access to) certain information about a person concerned with a company due to exceptional circumstances (for example, because of a serious risk to personal safety), we will:

  1. update the OpenCorporates records in a timely manner; and
  2. institute a procedure for temporarily removing the relevant information from the OpenCorporates records while this is being carried out.

In keeping with our public mission as further explained above, we will normally only redact information when a company register has redacted it due to exceptional circumstances (such as a serious risk to personal safety). We do not deal with reputation management companies.

You can inform us of any application made to a public company register to remove or limit access to your information by sending an email to data.protection@opencorporates.com. The email should contain the relevant URLs, your position in the company and full details of the reasons for requesting such removal or limitation. We may require further information from you in order to fully consider your request. Note that requests for redaction of personal information must be made by the individual concerned or their legal representatives (including in the case of minors, their parents or guardians).

We decide requests to remove or limit access to personal data on a case by case basis and our decisions are not precedential.

Other Specific Issues

Public interest – Free speech v Privacy

As discussed above, most countries publish information about the ownership of companies together with details of the directors and officers of such companies. This will result in personal data about individuals forming part of the public record which can, in certain cases, lead to a conflict between the right to know, the right to free speech and the right to privacy. Particular sensitivities can be felt where, for example, directors or companies choose to submit a residential address to the relevant public register. Where the balance is drawn between these potential conflicts is not always clear and varies from country to country.

Our approach is that OpenCorporates shouldn't seek to be an arbiter in this regard. We strive to accurately reflect the information that is published in the public records and we will defer to the official company register on what information is published about the individuals connected with companies, especially the owners, officers and directors.

Information regarding minors

We do not set out to process personal data about minors, however on rare occasions there may be information in public records that relates to minors. Where OpenCorporates becomes aware that information in a public record clearly relates to minors, for example where there is a name and date of birth, OpenCorporates will restrict access to the record by allowing access only to logged in users (registration is free). We will also add a no-index tag to the web page(s) concerned which stops the webpage(s) from appearing in a Google search.

How to complain

We hope our data team would be able to resolve any query or concern you raise about our use of your information (see Contact us below).

The UK GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Contact us

If you have any questions about this Privacy Notice, or the information we hold about you, please contact our Data Protection Officer via email at data.protection@opencorporates.com

If you wish to contact us for any other reason, we can be contacted:

By Email: helpdesk@opencorporates.com

By Post: OpenCorporates Ltd, Aston House, Cornwall Avenue, London, N3 1LF, United Kingdom

Changes to this privacy notice

This privacy notice was published on 25 May 2018 and last updated on 4 Oct 2021.

We may change this privacy notice from time to time by posting an updated version of this privacy notice at this address.