Our mission

OpenCorporates exists to increase and promote transparency of the corporate and business world, including the existence, ownership and activities of entities, and the people connected with them, for the public benefit, referred to as the "Transparency Purpose". We do this by maintaining an archive of information about companies, including their ownership and activities, that we collect from a variety of public sources, and organising this information in such a way that can be used for the broader public benefit, including by increasing corporate transparency, creating a more trusted business environment, helping individuals engage with companies on a global basis and assisting in tackling the use of companies for criminal or anti-social purposes (for example for identifying and exposing corruption, money laundering and organised crime).

Who we are

OpenCorporates is a trading name of OpenCorporates Ltd, which is a company incorporated in England and Wales (Company Registration Number 07444723). In order to provide our services, we collect, use and make available certain personal data. We do this in accordance with the principles set out in this Privacy Notice, and in compliance with applicable data protection laws (namely, the General Data Protection Regulation or "GDPR") For the purposes of the UK GDPR, we are a “controller” of personal data.

The personal information we collect, the source and how we use it

Most countries publish information about companies as part of their official public record. This often includes information about the ownership of the company, together with details of certain owners and officers associated with the company. As the owners and officers of a company are often (though not always) individuals, this means that much of this information will consist of personal data. We collect this information from the following public sources around the world:

• Official company registers (such as Companies House in the UK);
• Government gazettes;
• Licences;
• Trademarks;
• Charity registers;
• Other regulatory data sources; and
• any other authoritative sources.

The information that we collect will vary from territory to territory depending on the information contained on the official public record for that territory. We aim to be completely open and transparent about the source of information we collect and wherever possible we publish a link to the source of the data we have collected. In the vast majority of cases, The personal data we collect will have been made public through the provision of such information in a public register. If you are or were an officer, shareholder or ultimate beneficial owner of a company, or a sole trader registered with a company registry, we may collect and process the following information about you in our public records register (dependant on what the official public record requires):

• name;
• address;
• unique identifier;
• partial or full date of birth;
• occupation;
• nationality;
• details of the company that you are or were an officer for and filings that refer to you (please be aware that not all of this is personal data);
• details of your relationship with the company you are or were an officer for, such as your position (e.g. shareholder/director) and period at the company (start and end date); and
• gazette notices (being statutory and non-statutory notices that are published in an official public record) that refer to you.

If you are the registered owner of a trade mark, licence or trading/"doing business as" name related to a company held by OpenCorporates, we may collect and process your name and address in our public records register. OpenCorporates processes this information to fulfil the Transparency Purpose by: (a) compiling a database of company and company officer profiles based on publicly available corporate data and then (b) enabling members of the public to access the contents of the database (for free) through a search engine webpage made available on its website (https://opencorporates.com/). In addition to the publicly available and free to use webpage, OpenCorporates also makes its database available via API and bulk download to certain third parties (as described in more detail below, see "Who can access the information collected by OpenCorporates").

Who can access the information collected by OpenCorporates

A fundamental aspect of our public mission is that everyone should have easy access to the information we collect and maintain. In delivering this public mission, we therefore make our services available to individuals and organisations:

• to the public via the OpenCorporates website (https://opencorporates.com/);
• to third parties via the OpenCorporates API (https://api.opencorporates.com/); and
• to third parties via bulk download .The third parties to whom we make our database available (e.g. via API and bulk download) include:

• Commercial third parties, such as financial institutions carrying out money laundering or other corporate due diligence checks.
• Public authorities, including law enforcement agencies investigating corporate crime and tax evasion.
• NGOs, journalists or academics for journalism and/or research purposes.

We will also share information, including personal data, with law enforcement or other authorities if required by applicable law. Whilst we make our services available to everyone, the OpenCorporates website, API and bulk download is not designed for access or use by minors.

How long does OpenCorporates keep personal information

The information we collect forms part of our historical archive of company information. It is the express aim of the database to provide transparency of corporate connections, including historical connections, without which a full and accurate picture of the corporate world would remain hidden. Maintaining this on an on-going basis is fundamental to our public interest mission, and is particularly important for those using our services for investigative purposes. Accordingly, we do not automatically delete or remove information from our public records register after a certain period of time (as the European Court of Justice has ruled, “matters requiring the availability of personal data in the companies register may arise for many years after a company has ceased to exist”).

Our grounds for processing personal information

The lawful basis that we rely on for processing personal information in our public records register is that the processing is necessary for the legitimate interests pursued by OpenCorporates which are not outweighed by the rights and freedoms of the individual (Article 6(1)(f) of the GDPR). The legitimate interests pursued include the fulfilment of our mission as set out above; namely, to increase and promote transparency of the corporate and business world, including the existence, ownership and activities and entities and people connected with them, by maintaining our public register. More specifically, we consider there to be significant benefits to the wider public in our processing of this data that are not outweighed by the rights and freedoms of individuals whose personal data is contained in our database, such as:

• Substantially enhancing access to a fulsome picture of the corporate world for members of the public, journalists, law enforcement agencies, financial institutions, NGOs and others. The provision of corporate data is obviously of great importance not least when it comes to the identification of corporate corruption and malpractice, corporate fraud, tax evasion, money laundering and the like.
• Contributing to the achievement of corporate data accuracy and reliability by facilitating access to the data held within official registers and, thereby, enabling errors or other questionable aspects of the data to be more readily detected.
• Contributing to the fight against corporate crime and the creation of a more trusted corporate environment for all.

Transfer of your information out of the UK

The nature of a web-based service means that information will be available to persons all over the world. As such, it is possible for the information contained in the OpenCorporates public records register to be accessed from anywhere in the world. Making such information available to all without restriction is consistent with our public interest mission. For transfers of our public records register to third parties (such as via the API or bulk download), these third parties may be based in counties other than the country in which you reside. Where this is the case, we take appropriate steps to safeguard personal data, such as (where required by law) putting in place data transfer agreements with those third parties.

Keeping personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or accessed in an unauthorised way. We also have procedures in place to deal with any suspected data security breach that we suffer and will issue a public notification of any security breaches that we suffer in accordance with our obligations under applicable law (including under the GDPR).

Your rights

Under the GDPR, individuals have a number of important rights. These include the right to:

• obtain access to personal information that we hold about you, as well as information about how we process your personal information;
• correct any mistakes in information we hold about you;
• object to our processing of your personal information;
• request erasure of your personal information;
• request restriction of our processing of your personal information;
• portability; and
• lodge a complaint with a supervisory authority (see How to complain below).

However, please be aware that not all of these rights are available to everyone all of the time. In order for these rights to arise certain conditions must be met and there may be exceptions that apply meaning that some of these rights do not apply to the personal information that we process about you. You can submit a request to us via our contact details (see Contact us below). Upon receipt of your request, we will assess the request on a case-by-case basis, and we will communicate the outcome of this assessment to you.

Redacting information

In keeping with our public mission, our public records database is intended to be an accurate account of company data as reflected on official public company registries. If we are informed that a public company register has removed (or limited access to) certain information about a person concerned with a company due to exceptional circumstances (for example, because of a serious risk to personal safety), we will:

• update the OpenCorporates records in a timely manner; and
• institute a procedure for temporarily removing the relevant information from the OpenCorporates records while this is being carried out.

In addition, we can carry out our procedure to temporarily redact information while the official public record is being changed. You can inform us of any application made to a public company register to remove or limit access to your information by contacting us here. Please include the relevant URLs, your position in the company and full details of the reasons for requesting such removal or limitation. We may require further information from you in order to fully consider your request. Note that requests for redaction of personal information must be made by the individual concerned or their legal representatives (including in the case of minors, their parents or guardians) and we may seek to verify this information.

Other Specific Issues

Information regarding minors

We do not set out to process personal data about minors, however on rare occasions there may be information in public records that relates to minors. Where OpenCorporates becomes aware that information in a public record clearly relates to minors, for example where there is a name and date of birth, OpenCorporates will restrict access to the record by allowing access only to logged in users (registration is free). We will also add a no-index tag to the web page(s) concerned which stops the webpage(s) from appearing in a Google search.

How to complain

We hope our data team would be able to resolve any query or concern you raise about our use of your information (see Contact us below). The GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Contact us

he GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. If you wish to contact us for any other reason, we can be contacted here: By Post: OpenCorporates Ltd, Aston House, Cornwall Avenue, London, N3 1LF, United Kingdom

Changes to this privacy notice

This privacy notice was first published on 25 May 2018 and last updated on 10 March 2023. We may change this privacy notice from time to time by posting an updated version of this privacy notice at this address.