Terms and Conditions of KYC API - the kompany API

April 2021

These General Terms and Conditions apply between 360kompany AG, an Austrian joint-stock company registered with the Austrian commercial register under FN 375714 x (“kompany”) and you (“Customer” or “you”) in respect of the Services provided by kompany (“T&C”).

1. General

1.1. kompany provides information services including searches and software services (“Services”) via its website https://www.kompany.com (“kompany Website”) and its associated API (“KYC API” together with the kompany Website the “kompany Systems”). The Services provide without limitation audit-proof primary source data and documents in real time from third parties (“Information”), and are made available to you via the kompany Systems.

2. kompany Customer

2.1. By using our kompany Systems and Services, you agree to become a Customer and these T&C apply to you. With each and every use of our kompany Systems and (free and fee-based) Services you confirm that you accept and comply with the T&C. If you do not agree with the T&C you must refrain from using kompany Systems.

2.2. kompany grants to the Customer a non-exclusive, limited, revocable, non-sublicensable and non-transferable right to access and use the Services for internal business use only, subject to these T&C.

2.3. You may purchase the Services by registering yourself on kompany Systems and providing us with valid and true information as required in the registration process. As soon as you have successfully completed the registration process and have chosen a plan (which is confirmed by kompany via e-mail) you are authorized to use all offered Services.

2.4. You may authorize other users including your employees, officers and agents (“Authorized Users“) by providing them with a secure user-ID and password (including any API-key) to the kompany Systems.

2.5. You shall

2.5.1. ensure that Authorized Users do not disclose or share their user-ID and password (including any API-key) to any party outside of the Customer, as this is a confidential information. The unlawful sharing or disclosure of the user-ID and password (including any API-key) by any Authorized User is a material breach of these T&C. If you believe that a third party has obtained access, you shall inform us immediately about such breach.

2.5.2. be responsible for installing any software and/or hardware and making any other arrangements required to use the Services, including use of a network or other connection required to access the Services.

2.5.3. provide kompany with the requested information necessary for providing the Services.

2.5.4. not sell, resell, license, lease, transfer, redistribute, assign or otherwise commercially exploit or make the Services and Information available to any third party, other than the Authorized Users.

2.5.5. use the kompany Systems lawfully and for lawful purposes only and comply with all relevant laws, rules and regulations in force.

2.5.6. use the kompany Systems for business to business and business purposes only.

2.5.7. not contract as a “consumer” (as defined by the Austrian Consumer Protection Act).

2.6. kompany offers Services to and enters into contracts only with persons of legal age.

3. Use of Services

3.1. The Customer acknowledges that a limited number of free searches on kompany Systems may be provided before payment for continued search usage functionality will be required and that jurisdictional limitations may apply.

3.2. The Customer may choose between a monthly or yearly plan. The Services may be offered in combination with an initial trial-period, during which the plan can be terminated at any time. If the Service is not cancelled during the trial-period, it is automatically upgraded to the chosen plan. Any offered trial-period can only be consumed once within 24 months. The chosen plan is automatically renewed at the end of the plan term, if not cancelled by the Customer.

3.3. The Customers acknowledges and confirms that he or she and any Authorized Users must comply with these T&C.

3.4. The Customer acknowledges that the Services may be updated and changed from time to time based on customer needs, business priorities and for any other reasons within kompany’s reasonable discretion.

3.5. As the Services are inter alia based on Information provided by third parties, changes of the Services may be required in order to meet legal, regulatory or factual requirements of these third-party providers.

3.6. kompany will provide customer service free of charge for reasonable Customer requests. If the service support request results in third party charges or significant additional attention, this will be agreed and charged separately.

3.7. The Services are available 24/7, except in the case of maintenance work. However, the availability of Information depends and is based on the official operating hours of the respective third-party information and services.

4. Pricing and payment

4.1. The Customer shall pay for the use of the Services and Information in accordance with the charges set out on kompany Systems (monthly/yearly plan fee and costs related to Information pursuant to https://www.kompany.com/i/support/price). The respective charges are due at the beginning of the plan period (e.g., monthly or yearly) and have to be paid in full (without offset or deduction for any fees and taxes, including banking/transfer fees or any withholding tax, or customs duties). Costs related to the purchase of Information during the period will typically be invoiced monthly, however, kompany reserves the right to invoice at any time. Individual purchases of Services and Information without a plan are not possible.

4.2. All sums payable by the Customer under these T&C shall be paid free and clear of all deduction or withholdings unless the deduction or withholding is required by law, in which event the Customer shall pay such additional amount as shall be required to ensure that the net amount received by kompany hereunder will equal the full amount which would have been received had no such deduction or withholding been required to be made. If any tax authority brings into charge to tax any sum paid by the Customer hereunder, then the Customer shall pay such additional amount as shall be required to ensure that the total amount paid, less the tax chargeable on such amount, is equal to the amount that would otherwise be payable hereunder.

4.3. kompany reserves the right to change the pricing for its Services at any time. kompany may require amending its charges in case third party providers increase their prices, especially with respect to certain government fees in regard to the Information retrieval. Pricing quoted is exclusive of all taxes, duties, levies, fees or other similar charges (e.g., VAT) for which the Customer shall be liable (where applicable).

4.4. The Customer agrees to receive the invoices via email and in PDF-format.

4.5. In case Customer is in delay with payments, kompany may charge reminder fees to a reasonable relation to the amount in delay and as far as such fees are necessary to cover adequate costs of kompany to administer such delay and enforce the rights (a total amount of at least EUR 5.00 up to a maximum of EUR 15.00 will be charged). In case the respective Customer does not settle debts within a reasonable time, kompany reserves the right to entrust a debt collection agency with the collection of the claimed debt. In such case kompany will additionally charge EUR 5.00 processing fee for claims between EUR 0 and EUR 500.00 and EUR 10.00 processing fee for claims of more than EUR 500.00. Furthermore, any additional expenses charged by the debt collection agency towards kompany will be charged to the Customer, as long as these are reasonable and necessary to cover adequate prosecution costs.

5. Data Protection

kompany and Customer shall comply with data privacy laws and regulations, which relate to the protection of individuals with regards to the processing of “Personal Data” (as defined in the General Data Protection Regulation 2016/679 - GDPR) and this includes compliance with the GDPR and any applicable local data privacy laws. In the course of delivering the Services, kompany is GDPR-compliant as described in the Privacy Policy (https://www.kompany.com/i/privacy).

6. Warranties

6.1. kompany does not and cannot control the flow of information to and from the kompany Systems and the performance of services provided by third parties (e.g., internet access, government and other registers, PEP and sanctions screening providers, credit reference agencies, translation services, etc). For this reason, kompany provides no warranty that use of the third-party services will be uninterrupted or error free. In the event that kompany is unable to access Information from a third party, necessary to deliver the services, kompany will not be liable for any interruption in the Services.

6.2. Since kompany receives Information from various company registers, financial and tax authorities as well as other third-party sources, kompany does not warrant the accuracy, completeness and reliability of third-party content. kompany will make reasonable commercial efforts to ensure Information accessible through the Services is up to date and complete. To the maximum extent permitted by law, kompany disclaims all liability for any error, inaccuracy or incompleteness in Information supplied.

6.3. kompany will make reasonable commercial efforts to ensure that its kompany Website and its systems (e.g., KYC API) are free from virus or other technologically harmful material that may infect Customer’s computer equipment or systems due to the Customer’s downloading of the Information or use of the Services. To the maximum extent permitted by law, kompany disclaims all liability for any loss or damage caused by any technologically harmful material accessed or downloaded via the kompany Systems or arising from use of the Services or from downloading the Information.

6.4. To the maximum extent permitted by law and except as expressly set forth in these T&C, kompany expressly disclaims any warranty of any kind relating to the Services, whether express, implied, statutory or otherwise, including without limitation, any implied warranty of merchantability, fitness for a particular purpose or the reasonable use of skill and care. Information and Services are provided on an “as is” basis and, to the maximum extent permitted by law, without any warranty of any kind.

7. Right of withdrawal

As stated in these T&C our Services are intended for commercial use and commercial clients. Should you be in breach of this provision, you must explicitly give up your 14-day right of withdrawal, from which consumers benefit according to section 11 of the Austrian Fern- und Auswärtsgeschäfte-Gesetz – FAGG, in order to allow kompany in accordance with section 18 para 1 no 11 FAGG to share the Information before the right of withdrawal expires. kompany Systems transmit a confirmation of the closed contract according to section 5 para 2 of the FAGG immediately after the purchase.

8. Termination

8.1. The Services may be terminated by providing one month notice prior to the end of a chosen plan. Such termination taking effect with respect to the chosen plan at the end of the respective plan period.

8.2. Either party may terminate this agreement immediately by written notice (e-mail sufficient), if (a) the other party has a bankruptcy order made against it or makes an arrangement or composition with its creditors, or enters into any form of insolvency, or has a receiver and/or manager, administrator or administrative receiver appointed over its undertaking or assets or any part thereof; or (b) the other party ceases or threatens to cease to carry on business; or (c) the other party commits a material breach of this agreement and (if such breach is remediable) fails to remedy that breach within thirty (30) calendar days of receiving written notice (e-mail sufficient) requiring it to do so.

8.3. Without prejudice to the remainder of the T&C or any remedies available at law, kompany may immediately suspend or terminate the Customer’s use of the Services, without liability or refund, if the Customer fails to make a payment due under the T&C or if additional verification of the Customer is required.

9. Indemnification

9.1. kompany will indemnify and hold Customer harmless from Losses resulting from any claims brought by unaffiliated third parties against Customer alleging that use of the Services as permitted herein infringes any intellectual property rights of any third party. “Losses“ means in connection with an indemnified claim, defense costs, the amount of a final judgement (including any award of fees and expenses) rendered against the indemnitee, and/or the amount of a settlement entered into by the indemnifying party, or with the indemnifying party’s consent.

9.2. Customer will indemnify and hold kompany harmless from Losses resulting from any claims brought by unaffiliated third parties against kompany (i) alleging that Customer’s use of the Services in breach of this T&C, infringes any intellectual property rights of any third party, or (ii) related to any acts or omissions of Customer or the Authorized Users in breach of Clause 2.5 of this T&C.

9.3. Each party’s obligations under Clause 9.1 and 9.2 are expressly conditioned on the party subject to a claim (a) providing prompt notice of the claim; (b) giving sole control of the defense and settlement of the claim to the other party; (c) reasonably cooperating with the party in charge of the defense; and (d) not having compromised or settled such claim in any way or having made any admissions with respect to such claim without the defending party’s prior written consent.

9.4. Should the Services become (or in the opinion of kompany, be likely to become) the subject of a claim of infringement of any third party's intellectual property rights, kompany may at its option and at no cost to Customer (a) procure for Customer the right to continue to use the Services, (b) replace or modify the Services to make it non-infringing and functionally equivalent, or, only if neither of the foregoing remedies can be provided under commercially reasonable terms, (c) terminate the such Services and refund to Customer any pre-paid fees prorated to the remainder of the pre-paid term.

9.5. kompany will have no liability for any claim based on (a) use of the Services in combination with any software, hardware, network or system not supplied by kompany where the claim relates to such combination, (b) any modification or alteration of the Services and/or Information (other than by kompany), (c) Customer continuing any infringing activity after being informed of alleged infringement, or (d) use of the Services not in accordance with the T&C.

9.6. This section 9. states each party’s entire liability with respect to third party claims as described herein.

10. Liability

10.1. kompany shall

10.1.1. via commercial clients only be liable for any direct and foreseeable damage in the case of intent or in cases physical damages of persons negligently caused by kompany.

10.1.2. via consumers only be liable for any direct and foreseeable damage in the case of intent, gross negligence or in cases of physical damages of persons negligently caused by kompany.

10.1.3. in no case be liable for indirect damages, consequential damages, especially but not limiting to damages to other software, lost profit, pure property damages of a Customer or third-party damage.

10.1.4. in particular not be liable for damages caused by interruptions of kompany Systems which are necessary for maintenance work or to avoid network disturbances and/or which are caused by inevitable occurrences which are outside kompany’s control.

10.2. To the maximum extent permitted by law, kompany’s liability for any claim, loss, expense, or damage arising under these T&C shall in no event exceed the total price paid for six (6) months’ use of services under the T&C in respect of the six (6) month period immediately preceding the date on which the event giving rise to the claim took place.

10.3. The Customer shall be responsible for all actions or omissions of the Authorized Users, and any breaches of these T&C, as if they were the Customer’s acts, omissions or breaches.

11. Intellectual Property

11.1. All intellectual property subsisting in, created during, or used in connection with the Services or Information, including any modifications and amendments thereto, provided to the Customer by kompany, shall be and remain the sole property of kompany or its licensors or other third-party providers. The Customer shall not, without kompany’s prior written consent, use or adopt any name, trade name, trading style or commercial designation used by kompany or the relevant owner, or do or omit anything to infringe on any intellectual property right relating to any Service or Information supplied by kompany or the relevant owner. The Customer agrees to notify kompany immediately if it becomes aware of any unauthorized use of our intellectual property.

11.2. In the event that new intellectual property, inventions, designs or processes evolve in the performance of or as a result of Services, including where modifications recommended by the Customer are incorporated by kompany into the Services, the Customer acknowledges that the same shall be kompany’s intellectual property unless otherwise agreed in writing.

12. Confidentiality

12.1. kompany and the Customer shall keep secure and secret any Confidential Information which such party has received from the other. “Confidential Information” shall mean any information, technical, commercial or of any other kind, whether written, oral or in electronic form, except such information which is publicly known or which has come to the public knowledge in any other way than through breach of this secrecy undertaking, or has been: (a) independently developed without access to such party’s Confidential Information; (b) rightfully received from a third party; or (c) required to be disclosed by law or by a governmental authority.

12.2. Neither kompany nor the Customer shall, even after the expiration of the T&C use or disclose to any third parties the Confidential Information except: (a) to those of its employees, officers, agents and sub- contractors required to know such Confidential Information for the purposes of their proper performance of these T&C; (b) to its auditors or such other third party having a right, duty or obligation to know such Confidential Information which disclosure shall only be made with the prior written consent of the disclosing party; or (c) to use the disclosing party’s Confidential Information solely in connection with the T&C and not for its own benefit or the benefit of any third party, in each case provided that such third parties have entered into confidentiality arrangements on terms at least as favorable as set out in this clause.

13. Public Relations

13.1. Customer agrees if requested by kompany to

13.1.1. release a joint press release (with the form and publishing details to be agreed between the parties). 13.1.2. allow kompany the use of the Customer’s logo and/or trademark(s) on kompany Website for the sole purpose of demonstrating this agreement, provided that this does not grant a license to use the Customer’s logo and/or trademark for any other reason.

14. Miscellaneous

14.1. The T&C exclusively govern the relationship between you and kompany and supersede any prior statements or agreements. Any of your terms and conditions are excluded from being applicable on the relationship between you and kompany.

14.2. If any provision or part-provision of these T&C is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the T&C.

14.3. Changes to and amendments of these T&C, including this clause, may be made by kompany at any time and become effective at the earlier of (i) the Customer accepts online the amended terms or (ii) within 1 (one) month after having published such changes or amendments.

14.4. No failure or delay by either party in exercising any right under these T&C will constitute a waiver of that right. Any waiver, to be effective, must be in writing and signed on behalf of the party who is waiving the breach or provision.

14.5. kompany and you agree on communication in English language. Subject to the German terms in brackets referring to Austrian legal terms (which shall be interpreted only with respect to their meaning under Austrian law and with respect to the German language term in brackets), any other language used shall be only used for purposes of convenience. Respectively every communication or notice shall be made in English language. The English language version of these T&C is the prevailing version.

14.6. Except for any payments due hereunder, neither party shall be responsible or liable for any failure to perform its obligations due to causes beyond its reasonable control, including but not limited to acts of God, war, riots, terrorist acts, embargoes, acts of civil or military authorities, fires, floods, earthquakes, accidents, strikes or other form of industrial actions, failure of any communications services or utility service for the duration of any such circumstances or cause.

14.7. These T&C and any Services hereunder shall be governed by and construed in accordance with the laws of the Republic of Austria to the exclusion of the provisions of the United Nations Convention on the International Sale of Goods and without giving effect to any statutory conflict of law provisions or rules that would cause the application of the law of any jurisdiction other than Austria.

14.8. Any and all disputes or divergences or claims shall be exclusively dealt with the commercial court (Handelsgericht), 1010 Vienna.

15. Special Terms and Conditions for RegisterDirect

15.1. Online access to the commercial register database and the land registry database for the Republic of Austria can be obtained from kompany. kompany has been commissioned as the official clearing house for the Austrian Federal Ministry for Justice to process enquiries relating to the commercial register and land register, whereas this service shall henceforth be referred to as "RegisterDirect". With these special terms, Customers have the right to use the IT applications, services, access and products provided within RegisterDirect ("Applications") under the conditions set out in this section.

15.2. The Applications are run during the hours of operation of the commercial registry database and the land registry database of the Republic of Austria. These hours of operation are referred to as the core operating time, whereas the operation of or access to RegisterDirect or the Applications may be suspended or restricted – also during the core operating time – due to, especially but not limited to, urgent problem solving by such databases, kompany or overload, malfunction or collapse of the Austrian or international telecommunications networks. Outside the core operating time, constant access to these Applications is not guaranteed (e.g. due to maintenance work). The Applications are run on equipment belonging to kompany. Data obtained from the Applications originates directly from the respective data bases or systems of the Republic of Austria.

15.3. In order to use the Applications, a Customer of RegisterDirect must purchase the respective plan. A Customer of RegisterDirect is not permitted to resell data from the Applications for commercial use and must adhere to the copyright laws of the Republic of Austria.

15.4. For a Customer of RegisterDirect and the Applications, the provisions of these T&C shall apply, whereas in case of a conflict between this section and the other sections of the T&C, this section shall prevail.

Privacy Policy

May 2021

1. kompany Privacy Policy

This is the Privacy Policy of 360kompany AG and its direct and indirect subsidiaries (“kompany” or “kompany Group” or “we”). kompany offers via its websites IT services and products based on data and documents provided by third parties. This Policy applies to the use of these kompany services.

360kompany AG with its business address at Schwindgasse 7/12, 1040 Vienna, Austria, registered in the companies register of the Commercial Court of Vienna under FN 375714x is the parent company and is the responsible content provider of kompany websites. kompany Group consist of the following companies which are all subsidiaries of 360kompany AG:

  • 360kompany USA, Inc with its business address at 2253 Edsall Avenue, Bronx, 10463 New York, USA, registered under 5121601 DE.
  • 360kompany UK Ltd, with its business address at 38-42 Newport Street, Swindon, SN1 3DR, England, United Kingdom, registered in the UK companies house under 13361766.

2. Our commitment

kompany offers services for the purpose of AML compliance and, therefore, stands for transparency, accountability and compliance. These guiding principles also apply to kompany’s business model and operations to ensure compliance with all relevant laws and regulations including data protection regulations. It is important to kompany that you feel safe during your visit to our website and while using our services. As soon as you make use of kompany services, you entrust us with the processing of your personal data.

Therefore, in this Privacy Policy, we want to inform you in detail about which personal data we collect from you, how we process it and to whom we might forward it. Furthermore, we would like to inform you about the precautions we are taking to protect your personal data, which rights you have in this context and to whom you can turn for data protection concerns.

3. Personal data

We process the personal data that we receive from you only within the scope of the business relationship and usage of our websites. When using kompany’s services or interacting with kompany, the following personal data might be processed:

Type of data What does this include
Contact Data when creating a new user account or communicating with kompany, we might process for example: first and last name / company name, user ID, / company registration number, phone number, email address, business and billing address.
Financial Data as part of purchase and sales transactions, we might process for example: bank details (IBAN, BIC), payment service provider information, payment details, transaction-ID, VAT number, etc.
Technical Data during visits of our websites, we might process for example: internet protocol address, login data, browser type and version, time zone setting and locations, browser plug-in types and versions, operation system and platform, and other technology on the devise used to access our services.
Profile Data when you sign agreements with us (e.g., terms and conditions, framework agreement, order forms) or interact with us (e.g. raise a ticket via kompany websites), we might collect profile data.
Usage Data when you use our services, we collect certain usage data (including IP address and the time of visit).
Marketing and Communications Data when you visit our website or social media sites, we might process statistical and marketing data such as : preferences in receiving marketing from us and your communication preferences (including in respect of cookies).
Photo, video and audio data when we attend or organise events or fairs or hold interviews, we may take photos and other recordings of such events and might process photo, video and audio data. However, we will always inform you separately about such recordings.
Hiring data if you apply for a job on our website, via LinkedIn or other recruitment platforms, we might process data which is necessary for the recruitment process, for example: contact data, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents like passport, and the data from all these documents, links to your portfolio or social media platforms, etc.

4. Special categories of personal data & children

kompany does not capture or process special categories of personal data. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data (Art 9 para 1 GDPR). kompany services are only for persons of legal age who are permitted to use the services of kompany. Therefore, we are not knowingly collecting personal data from under-age persons.

5. Purpose and legal basis for using personal data

All processing is performed in accordance with the GDPR and the Austrian Data Protection Act (Datenschutzgesetz - DSG). kompany processes your personal data based on at least one of the legal bases listed below and as outlined in the following chart.

Legal bases:

  • for the performance of contractual obligations (Art 6 para 1 lit b GDPR):
  • Processing of personal data might be necessary for the performance of the contract with you or in order to take steps at your request prior to entering into a contract.
  • for compliance with legal obligations (Art 6 para 1 lit c GDPR):
  • Processing of personal data might also be necessary for complying with various legal obligations (e.g. AMLD, GewO 1994, tax laws etc.)
  • to protect legitimate interests (Art 6 para 1 lit f GDPR):
  • Where necessary, data processing might take place beyond the performance of the contract in order to maintain the legitimate interests of kompany group or a third party.
  • based on your consent (Art 6 para 1 lit a GDPR):
  • If you have given us your consent to process your personal data, processing will only take place in accordance with the defined purposes and to the extent agreed in the declaration of consent. Given consent may be withdrawn at any time without giving reasons and with future effect, if you no longer agree to the processing. Please note that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. What personal data do we collect and how?

The following chart explains the personal data that we collect, how we collect it and what our legal basis is for collecting it.

Action What data is collected How do we collect this personal data Legal basis
Use of kompany websites (e.g., browsing website, submitting a request, subscribing to newsletter)

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (if subscribed to newsletter)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to contact us, you directly provide personal data to us.

1. Consent, contact about your query, to receive a newsletter, to process special category data, etc.
2. Necessary for legitimate interests (e.g. performance of services, to develop our business).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
kompany Customer (existing or in the process of becoming one)

Technical Data and Usage Data (for tracking purposes)

Contact Data, Financial Data, Transaction Data, Profile Data and Marketing and Communications Data (when you enter into a formal relationship with kompany)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to contact us, you directly provide personal data to us.

1. Performance of a contract with you
2. Necessary for legitimate interests (e.g. claim management).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
Job application

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (information in relation to application)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to apply for a job, you directly provide us with your personal data.

1. Consent, you choose to apply.
2. Performance of a contract with you.
Service provider to kompany

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (information in relation to application)

Financial Data, Transaction Data and Profile Data (when we engage with you)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you provide us with service, we will hold personal data, such as name and email address, of your staff that have engaged with us.

1. Performance of a contract with you
2. Necessary for legitimate interests (e.g. daily business).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
Manager and/or shareholder of a legal entity in a public registry Contact Data (as this is the information that is found in the public registries). Open data and public register:
We transfer personal data about you from public registries. Public registries are accessible to anyone. We do not store any of your personal data in our software and only provide a conduit through which our customers can easily access it.
1. Necessary for our legitimate interests (performance of service)
2. See below for further information. It is for our customers to have a specific lawful basis in which to instruct us to transfer personal data on you to them.

7. Personal data from public registers

kompany offers IT services and products based on data and documents provided by third parties. Such data include personal data (e.g., details of directors and shareholders) which are retrieved from public sources. However, kompany focus on the transfer of these data to its customer and does not store personal data of directors and shareholders.

One of the main principles of data protection including GDPR is that legitimate interest overrides the interest of directors and shareholders displayed in public registers. As kompany services are a part of the global combat against money laundering and terrorist financing, our services ensure a safer and stronger society. As the data we transfer are publicly available and considering the purpose of our services (AML/CTF) the rights of manager and shareholders do not override our legitimate interest of preventing and detecting crime.

8. Data transfer

kompany may share your personal data with the parties set out below for the purposes set out in the table above.

  • Data transfer within kompany Group.
  • Data transfer to external data processors such as:
    • Processors who perform services for us such as website, marketing and sales software (e.g., HubSpot, Google Adwords, Microsoft Advertising, and others), IT services (Next Layer, AWS, OCI, and others), customer support (Zendesk Inc.), improvement of our website (Hotjar Limited); performance of contracts, account management, accounting, invoicing (recurly, 3Scale), and sending out newsletters (e.g., HubSpot). Processors may only use or disclose this data to the extent necessary to perform services for kompany or to comply with legal rules. We contractually oblige these processors to ensure the confidentiality and security of your personal data that they process on our behalf.
    • Website, marketing and sales software which helps us to successfully communicate with you (e.g., Google).
    • Technology companies that provide us with desktop and cloud-based products, solutions and services which are important to ensure our business conduct (e.g., Microsoft).
    • Payment service providers that process payments made by customers (e.g., Braintree, PayPal, Erste Bank, etc).
    • Google Analytics: We use the web analytics service provided by Google Analytics on our websites. This uses data collected by cookies, i.e., information about your use of our website and your surfing behavior. Please feel free to visit kompany websites and choose your cookies settings should you wish to not allow such use of your data.
  • Other external third parties which are not deemed to be data processors in their relationships with us such as:
    • Professional advisers (e.g., law firms, banks, accountants): We may need to engage with them from time to time for the purposes of our business and to provide data.
    • Regulators and other governmental authorities: We may need to engage with them for the purposes of our business and to provide data.
    • Third parties whom we may be in contact with to sell, transfer or merge parts of our business or our assets, or to attempt to acquire or merge with other companies. Such situations, may result in the disclosure of your personal data. We do however, ensure that your data is kept confidential. Should the current ownership change, then the new owners may use your personal data in the same way as set out in this policy.

We do not sell your personal data to any third parties.

Our third-party service providers are not allowed to use your personal data for their own purposes and are only permitted to process your personal data for specified purposes as instructed by us.

9. Third party links & plug-ins

kompany websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. As kompany does not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy documentation of every website you visit.

10. Data Security

The security of data is very important to kompany and we are committed to protecting data we collect. We maintain comprehensive administrative, technical and physical measures designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. In addition, we limit access to your personal data to those employees, contractors and other third-parties who have a business need to know. They will only process your personal data based on our instructions and they are subject to a duty of confidentiality.

While these measures meet the highest international safety standards and are regularly reviewed regarding their effectiveness and suitability for achieving the intended safety objectives, kompany is also aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of data transmitted to kompany websites and any transmission is at your own risk. You are responsible for your user-ID and password (including API-key) which enables you to access any of kompany services.

11. International data transfer

kompany shares your personal data within kompany group and with some third-party suppliers, if required. This may involve transferring your data outside the EEA. However, kompany ensures by implementing at least one of the following safeguards that a similar degree of protection is ensured as within the EEA:

Please contact support@kompany.com, if you need further information regarding the international data transfer.

12. Retention and deletion periods

kompany retains personal data, as far as necessary, for the duration of the entire business relationship, and in principle 1 year after termination of the business relationship. Beyond this we retain your data only for a longer period, in accordance with statutory retention and documentation obligations, to defend legal claims or with your explicit consent.

The retention period is thus determined by the statutory retention periods or limitation periods. In accordance with the Austrian Enterprise Code (UGB) and the Federal Tax Code (BAO) 7 years, in accordance with the Equal Treatment Act (GIBG) half a year, and in certain cases between 3 and 30 years according to the Austrian General Civil Code (ABGB) e.g. if data is required as evidence for legal disputes or for as long as there are other legitimate interests in retention.

Unless expressly stated in this Privacy Policy, personal data processed by kompany shall be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations.

13. Marketing

kompany may use your Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you.

You will receive marketing communication from kompany, if you have requested such information or purchased services from kompany and you have not opted out of receiving such product & marketing information. kompany will get your express opt-in consent before we share your personal data with anyone for other marketing purposes. kompany newsletter is performed by HubSpot and in the newsletter so-called web beacons might be used. Such web beacons provide kompany with a better understanding of your interactions with the newsletter. They fulfil a similar function as cookies, but they are not visible to users. Information can be obtained via web beacons, in particular about whether an email was opened and whether the user’s system is capable of receiving HTML emails.

You can unsubscribe from such marketing messages at any time by using the unsubscribe option at the end of marketing emails or contacting us and withdrawing your consent. If you opt out of receiving marketing messages, this will not apply to messages that kompany needs to send you as a result of fulfilling a contractual relationship with you (e.g., we may need to contact you about a payment due).

14. Cookies

A cookie is a small file of letters and numbers that is stored in your browser, the hard drive of your computer or on your mobile device, if you agree. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of a website may become inaccessible or not function properly. For more information about the cookies we use, please see the Cookies Policy.

15. Data Protection Rights

Under certain circumstances, you have rights under GDPR in relation to your personal data which we summarized in the following.

Right to access You have the right to request copies of your personal data from kompany. We may charge you a small fee for this service.
Right of rectification You have the right to request that kompany corrects or completes any information you believe is inaccurate or incomplete.
Right to erasure You have the right to request that kompany erases your personal data.
Right to restrict processing You have the right to request that kompany restricts the processing of your personal data.
Right to object processing You have the right to object to kompany’s processing of your personal data.
Right to withdraw you consent You have the right to withdraw your consent. This does not affect the lawfulness of any processing carried out beforehand. Further, we may not be able to provide certain services to you.
Right to data portability You have the right to request that kompany transfers the data that we have collected to another organization, or directly to you.

Please contact us via email support@kompany.com. After such a request, kompany has on month to respond. kompany may need to request specific information from you to help us to confirm your identity. This security measure is in your own interest to ensure that personal data is not disclosed to any person who has no right to receive it.

16. Data Protection Authority

Should you wish to report a complaint or if you feel that kompany has not addressed you concern in a satisfactory manner, you may contact the Austrian Data Protection Authority (Datenschutzbehörde).

17. Changes to Policy

kompany regularly reviews this Privacy Policy to ensure transparency and compliance with developing data privacy rules. We update this Privacy Policy from time to time when required, in order to take current circumstances into account. If we make significant changes to this Privacy Policy, we will notify you after the login into your account and provide you with the updated version of the Privacy Policy. If it is required by applicable law, kompany will obtain your express consent to significant changes.

18. Contact kompany

If you have any further questions about this Privacy Policy or the processing of your personal data, please contact our privacy team: support@kompany.com.

Cookies Policy

May 2021

1. kompany Cookies Policy

This is the Cookies Policy of 360kompany AG and its direct and indirect subsidiaries (“kompany” or “kompany Group” or “we”). kompany uses cookies on its websites, applications and other digital platforms (“Digital Presence”). This Policy applies to kompany Digital Presence and all person who use or visit our Digital Presence. By continuing to use or visit our Digital Presence, you agree to our use of cookies.

360kompany AG with its business address at Schwindgasse 7/12, 1040 Vienna, Austria, registered in the companies register of the Commercial Court of Vienna under FN 375714x is the parent company and is the responsible content provider of Digital Presence. kompany Group consist of the following companies which are all subsidiaries of 360kompany AG:

  • 360kompany USA, Inc with its business address at 2253 Edsall Avenue, Bronx, 10463 New York, USA, registered under 5121601 DE.
  • 360kompany UK Ltd, with its business address at 38-42 Newport Street, Swindon, SN1 3DR, England, United Kingdom, registered in the UK companies house under 13361766.

2. Our commitment

It is important to kompany that you feel safe during your visit of our Digital Presence and while using our services. kompany wants to give you the best possible experience with our Digital Presence to ensure that you enjoy the usage of our services. That’s why we want to understand user behaviour in order to improve it. For this, it is necessary to use cookies and similar technologies.

Cookies are small text files that are set and stored on a computer system via the internet browser, if you agree. Cookies are safe for your devices and they only store information used by your browser. Cookies cannot access any other content on your device, and they do not create malware or viruses. For more information about cookies, tracking, cookie settings and privacy concerns visit All About Cookies.

The objective of this Cookies Policy is to provide you with transparent and accessible information about cookies and tools we use, the role they play in helping us to provide the best user experience, as well as the possibilities you have regarding cookies settings and your privacy.

If personal data is processed, we will do so only in accordance with the GDPR and other applicable law. For further information in this regard, we refer to our Privacy Policy.

3. All about cookies

Cookies have different purposes and are used for many essential functions on our Digital Presence. In the following we explain those categories, as well as their purposes and functions:

Session cookies: These are temporary cookie files, which are only active for the browser session and are erased after you close your browser.

Persistent cookies: These are files which are stored for a longer period in your browser’s subfolders until you delete them manually or your browser deletes them after a period contained within the persistent cookie file.

  • Strictly necessary cookies: These are cookies that are required for the operation of our Digital Presence. They include, for example, cookies that enable you to log into secure areas.
  • Analytical and performance cookies: These are cookies that a recognise and count the number of visitors and see how visitors move around on our Digital Presence.
  • Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.

First-party cookies: These are cookies stored directly by the Digital Presence that you are visiting (e.g., by us or by an assigned third party).

Third-party cookies: We also use third parties when providing you with our Digital Presence, these thirst parties may also use cookies. We do not control these third-party cookies. These third parties include providers of external services like web traffic analysis services such as Google Analytics. Google Analytics allows us to track visitor activity on our sites. These third-party cookies are usually analytical and performance cookies.

4. Manage cookies settings

You can prevent setting of cookies through our Digital Presence at any time by selecting the appropriate setting (e.g., Do Not Track) in your browser. If you would like to block all or some cookies, you can visit the “options” or “preferences” menu on your browser in order to change your settings. If you decide to this, your setting change will apply to all websites that you’re using including our Digital Presence. By blocking strictly necessary cookies, it may impact on your accessibility and functionality to all or part of our Digital Presence.

To find out more about blocking some or all of your cookies, you may find the website pages below useful as a guidance. Please not that we are not responsible for the information on any of the following websites:


If you have any questions about our use of cookies, please do get in touch with us at support@kompany.com.



KYC API provides real-time access to structured, official and authoritative commercial register data, including company filings covering more than 55 million companies in 80+ countries and jurisdictions.

About the General Data Protection Regulation (GDPR)

On May 25, 2018, the new General Data Protection Regulation (GDPR) will enter into force Europe-wide. It introduces new rules for companies offering goods and services in the EU, or processing sensitive data of EU citizens. The aim of the regulation is to introduce high standards of data protection that apply uniformly throughout the EU.

Data Privacy at KYC API

We take the protection of your private information very seriously. The protection of your privacy when processing personal data is an important matter for us, which we account for in our business processes.

KYC API ensures the security and privacy of the personal data provided in compliance with the European General Data Protection Regulation (GDPR). The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your consent.

Security and confidentiality of our customers? data has been central to the design and operation of the KYC API platform since inception.

The KYC API core platform has been hosted in the EEA, specifically in Vienna, at an ISO 27001 certified data center located in Austria since the service was launched in 2012. Our IT service provider, nextlayer Telekommunikationsdienstleistungs- und BeratungsGmbH, operates IT services for a wide range of companies, including Austrian insurance corporations, banking groups and air carriers.

Our own rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as Payment Card Industry (PCI-DSS) Level 1 compliant billing platform, PCI DSS SAQ A (3.2, Rev 1.1) and ISO 27001 (nextlayer).

We have recently updated and adapted to our internal processes, policies and products to further strengthen our comprehensive data privacy and compliance programs.

You can find our latest Data Protection Policy here.

Our goal is to ensure that our customers are confident with KYC API as a trusted data processor. Some of the major adaptations already completed before May 25, 2018 include:

  • Building a universal Data Governance service on the platform to ensure consent is captured globally across the platform and commercial sites.
  • Documenting all external services in use companywide and ensuring compliance and transparency where data is shared or must be shared as part of the Business Support Systems (BSS).
  • Updates of our privacy policy and terms of service to reflect changes related to GDPR.
  • Building internal policies covering requests for information, the ability to correct personal information and likewise, to delete these.
  • Ongoing monitoring and reporting of processes and procedures.
  • Ongoing review with and by the respective government authorities in Austria and the EEA.

Detailed information on Data Protection can be found at the following link:https://www.data-protection-authority.gv.at/home