Terms and Conditions of BREX Business Register Exchange GmbH

Effective May 25th, 2018

1. Scope

These General Terms and Conditions (the “GTC") apply to all current and future transactions and business relations between BREX Business Register Exchange GmbH, registered with the commercial register of the commercial court in Vienna under registration number FN 405096 f, having its registered office in Vienna (hereinafter "BREX"), and the user (the “User”) of the products and services on any of the websites operated by BREX as stated in the Masthead (as amended), including but not limited to www.brex.io, (the "Websites") as well as the Application Programming Interface offered by BREX which is a lightweight RESTful webservice that can be used to search for corporate and related information and to order and retrieve documents (hereinafter the "BREX API"). These GTC apply regardless of whether the products or services are used against payment or for free and with or without registration. Any terms and conditions provided by the User shall not apply. Such terms and conditions shall only by valid upon written confirmation by BREX.

2. Consumer protection

If the User of the Websites is a consumer as defined in the Austrian Consumer Protection Act (Konsumentenschutzgesetz; KSchG) as amended, these GTC shall apply to the extent not contradicting the mandatory provisions of the Austrian Consumer Protection Act (as amended) as well as the Austrian Distance Selling Act (Fern- und Auswärtsgeschäfte-Gesetz; FAGG) as amended.

3. Effectiveness and amendments to the GTC

These GTC govern the access to and the use of the BREX API and the Websites. BREX reserves the right to modify these GTC at any time and without being requires to state any reason for doing so; such changes may include, but are not limited to, the imposition of new or additional terms or conditions. By first accessing the Websites or first using the BREX API – whichever falls earlier – the User accepts these GTC, which shall apply towards the User from such first access of the Websites or first use of the BREX API. In case of amendments of the GTC, whereas the amended GTC come into force when published on the respective Website, the User automatically accepts the GTC in their latest version by accessing and using the Websites or using the BREX API. If the User does not accept the GTC (as amended), then he must immediately exit the Websites or refrain from using the BREX API or any other services or products related to the Websites or the BREX API. This applies regardless of whether the User is using the Websites or the BREX API with or without registration, and making a purchase or not. In case a User does not accept the amendment to the GTC, he is entitled to terminate the contractual relationship with kompany, whereas clause 7.1.3 shall apply mutatis mutandis. The contractual relationship between the User and kompany will then be terminated on the basis of the GTC last accepted by the User.

4. Services offered
4.1 Services and products
BREX offers the User the following services and products:
  • Extracts from the Austrian Business Register (Firmenbuch) and Austrian Land Register (Grundbuch), in capacity as official Clearing Office;
  • International search for businesses and officers;
  • International information gathered from public registers and databases, particularly registers of companies and commercial registers;
  • International information provided by credit reference agencies on the financial status of companies and persons engaging in business activities;
  • Other international information on businesses and persons engaging in business activities;
  • Access and usage of the BREX API to obtain the aforementioned services and products;

For a detailed description of our services and corresponding prices, see the current version of the product overview and price list available on https://brex.io/.

4.2 Supply options

In principle, BREX offers access to the Websites, the BREX API and the corresponding products and services based on a monthly or yearly subscription plan. A User can register on the Websites by entering a minimum set of data, i.e.: first name, last name, e-mail address, phone number, user name, and password. Furthermore, the User may voluntarily provide additional contact details and a VAT number, opt-in to receive newsletters and the like or offers from third parties, and opt-out to receive notifications on register changes of companies previously searched for (the "Registration"). This Registration does not oblige the User to purchase any products or services or conclude a subscription plan, however the User is entitled to such purchase or conclusion. The Registration creates a contractual relationship between the User and BREX, which shall be govern by these GTC.

4.3 User's entitlement

With its products and services, BREX offers access to data, in particular data from public registers. However, it cannot be deduced for the future that BREX has to offer these services, products and subscriptions in their existing form and composition, or give access to such data. BREX reserves the right to reject Users as contracting parties without stating the reasons, and to prohibit them from accessing its products and services, or cease to supply them with these products and services. All IT applications, services, access and products provided by BREX in its authority as Clearing Office may only be used for the purpose of access and enquiries as defined by the respective law or decree.

4.4 Changes to or discontinuance of services offered by BREX

Factually justified and reasonable changes of our performance obligations shall be tolerated by the User.

5. Availability

In order to use the products and services offered by BREX, the User must have operational Internet access. Connection problems between the User and its internet service provider lie beyond the sphere of influence of BREX and BREX assumes no liability for losses or damages of the User related therewith. Subject to the restrictions specified in this Clause 5., the products and services offered by BREX are basically available 24 hours a day. However, this does not apply to products and services that are subject to the availability of a public databases, third party databases or third party services. Such products and services are available only during the official operating hours of these databases and services. Restrictions may also result from maintenance work, in particular but not limited to maintenance work regarding the Websites and the BREX API, third party databases and third party services as well as from overload, malfunction or collapse of the Austrian or international telecommunications networks. BREX has no influence on the availability of the data communication networks of the various external connection providers. Where possible, BREX will give Users prompt, appropriate notification of any interruptions or significant restrictions, e.g. due to maintenance, modifications, etc.

6. Registration

The use of certain services of BREX, including the receipt of newsletters or special offers, is subject to the Registration. There is no entitlement of Users to Registration. BREX has the right to reject Registration applications or exclude Users from the offered products and service (in part or in whole) without stating any reason. Each User may register only once. In order to register, a User must be at least 18 years old. Minors are not permitted to apply. In case of a legal entity, the application must be made by a competent, authorized representative. The data and other information requested by BREX during the Registration process must be supplied by the User completely and correctly, and must be updated in the event of any change without being requested by BREX. For those products and services that require a Registration, a contractual relationship regarding such product or service is only created upon successful completion of the Registration. The successful Registration leads to the conclusion of a contractual relationship between the User and BREX for an indefinite period. The User has the option to print out the contract and data supplied during the Registration process.

7. Supply and settlement

The User may obtain the products and services of BREX offered on the Websites via the BREX API. These products and services are charged on a recurring basis based on the subscription plan chosen by the User. An individual purchase of products or services outside a subscription plan is not possible.

7.1 Subscription
7.1.1 Validity

Subscription plans are valid from the order date for the period stated in the subscription plan and end on the last day of such period.

7.1.2 Renewal

The User agrees that, when his chosen subscription plan expires, it will be automatically renewed by an equivalent, new subscription plan, if not otherwise agreed. The User also agrees that, when a possible trial period of its chosen subscription plan expires, the subscription plan will be automatically converted into a payable subscription plan, which may be fully charged at the end of the trial period. Users can only consume a trial period for a subscription plan once. Repeated registrations to obtain the benefits of a trial period multiple times are prohibited. BREX shall duly notify the User via e-mail before the expiry of a subscription plan or of a trial period that automatic renewal or conversion into a payable subscription and associated settlement are pending.

7.1.3 Cancellation

A User may cancel a subscription plan at any time without stating any reason, taking effect from the date up to which the subscription plan has been prepaid or to which the minimum subscription period runs, whichever day is later. In case of a cancellation, the refund of the subscription plan payment in whole or in part is not possible. Subscriptions must be cancelled in writing, either by postal mail or e-mail to BREX. Following a cancellation, the subscription plan remains valid for the period specified. During this period the User may make full use of the benefits derived from the subscription plan. In this case, there is no automatic renewal as described in clause 7.1.2. Any pre-paid credit purchased with a subscription plan will not be forfeited in the event of cancellation of this subscription plan. The User is free to spend this credit on any product or service of BREX. A refund in whole or in part is not possible. The User agrees that for the administration of an account with a pre-paid credit and no active subscription plan, BREX will charge a monthly service fee beginning 12 months after cancellation of the subscription plan. BREX is also entitled but not obliged, to deduct such monthly service fee against the pre-paid credit from the relevant account. If the User is a consumer, the provisions of the Austrian Consumer Protection Act and the Austrian Distance Selling Act, which entitle the consumer to withdraw from the contract under certain circumstances, shall apply.

7.1.4 Delivery

Delivery regarding the subscription plan is completed upon the User receiving a confirmation of such subscription plan from BREX (e.g. via e-mail). The delivery regarding the product or service requested within the scope of the subscription plan is completed upon display of the requested product or service via the BREX API. Subsequently, the User has various options for the further use, e.g. downloading the product in PDF format.

7.1.5 Settlement

Subscription plans are payable in advance. Payments must be made in full in order to make use of all benefits associated with the respective subscription plan. Payment is effected immediately before the delivery of the subscription plan, either by credit card or direct debit (where available).

7.1.6 Refund

Given the nature of the products or services provided by BREX, which typically consist of data, once the ordered product or service has been completely delivered, the User can no longer withdraw from the contract or return the product/cancel the service. Thus, a refund of the amount paid for a product/service is impossible. In particular, this applies to products and services that require payment to third parties by BREX. If the User is a consumer pursuant to the provisions of the Austrian Consumer Protection Act, the provisions of this Austrian Consumer Protection Act as well as of the Austrian Distance Selling Act (Fern- und Auswärtsgeschäfte-Gesetz; FAGG) would apply, in particular section 18 para 1 number 11 FAGG according to which the consumer cannot withdraw from the contract regarding the delivery of digital content, if BREX already commenced to fulfil before expiry of the withdrawal period (section 11 FAGG) with the express consent of the consumer and if the consumer accepts the loss of the right to cancel the contract in case of premature fulfilment after receiving a confirmation pursuant to section 5 para 2 or section 7 para 3 FAGG.

7.2 General rules on service and settlement
7.2.1 Settlement

Unless otherwise agreed, accounts are payable in full upon receipt of the invoice. If the User falls in arrears with the payment of an amount invoiced and due for at least seven (7) calendar days, kompany is entitled to preclude the User from obtaining products and services on account (soft ban). Pursuant to these GTC, BREX and the User are the only contracting parties. Settlement is always in the name of BREX, third parties are expressly excluded.

7.2.2 Invoicing

BREX's invoices are generally issued and sent in PDF format. The user agrees explicitly to receive electronic invoices (PDF format). BREX issues the initial copy of the electronic invoice and grants online access to copies of invoices free of charge. Upon the User's request, BREX shall issue a copy of the respective invoice in paper form free of charge.

7.2.3 Refund

Refunds of payments and the issue of credit notes to a User for services already obtained from BREX are excluded in accordance with section 7.1.7 of these GTC, except in the case where BREX does not fulfill the services due to the non-transmission of the requested data because of a proven technical fault on BREX's end. Clause 5. of the GTC applies mutatis mutandis. In cases in which a User cannot open, view or print purchased products due to problems with the User's computer, printer or systems setup, the obligation of the User to settle all fees remains untouched and BREX will not honor refund requests. No refund is possible with regards to payments that contain official fees and arise upon searches in and access to the data of public databases, including commercial registers or companies registers and in particular the Austrian companies register, the European Business Registry (EBR) and similar services.

8. Privacy Policy

The Privacy Policy of BREX (as amended), which forms an integral part of these GTC, shall apply.

9. User's obligations

All data, information, references, statements and opinions on businesses or persons engaging in business activities and the like, which BREX has collected, compiled and passed on in any form or by any method of publication, must be treated strictly confidential by the User, and are limited to internal business purposes only. The User undertakes not to store any of this data, in whole or in part, for purposes other than those expressly specified in the contract, and not to reproduce, transfer or disseminate the data, either in return for payment or free of charge, forward to any third parties, create or distribute data collections, or change the transmitted data (reports).

The User expressly declares his legal authority to receive the data transmitted. In particular, the User confirms his overriding, justifiable interest in the data as defined in section 6 para 1 point f of the Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; "GDPR"). Furthermore, the User acknowledges that he may be required to make additional declarations, if required by the country in which either the accessed database, person or business of interest or the User is located.

The User undertakes to follow the provisions of the data protection laws, in particular the GDPR, concerning data confidentiality and security. The User must take appropriate measures to protect and safeguard the data transmitted against unauthorized access by its employees or third parties. In particular, the User must ensure that employees to whom data is made accessible in connection with their work, keep the data strictly confidential. The User is liable to BREX for any damages and detriments which may incur as a result of an infringement of these data protection regulations.

Any disclosure to third parties, even partially, are expressly prohibited except disclosures can be made pursuant to applicable laws, regulations, a court, judicial or other governmental order. Furthermore, there must be no mention of or reference to BREX except as provided herein. The User is liable to BREX for any damages and detriments incurred as a result of an infringement of the above-mentioned regulations by the User or by third parties to whom the User discloses data.

The User undertakes not to violate any copyright, trademarks, patents and/or any other intellectual property rights of BREX and/or BREX’s data sources and partners, in particular but not limited to the European Business Register (EBR).

With regards to the address and contact information for other purposes is expressly prohibited. In particular, it is inadmissible to use the information for commercial purposes, the use to build or complete company directories of any kind and in any form (print, electronically, CD-Rom, etc.), the use to carry out information services or operate a call center, the use for directory assistance, the use for marketing and promotional purposes, the use for the development of competing products, the use for any other commercial purpose, the use for any other purposes or in the interest of third parties. Any transfer (copying) of data into proprietary directories is also prohibited. The availability of address and contact information as well as its completeness and correctness are not guaranteed.

All Users are required to comply with the GDPR, the Austrian Data Protection Law and the Telecommunications Act. The general availability of e-mail addresses or fax numbers does not imply the consent of the owner to the receipt of electronic mail or faxes. In particular, the User is obliged to take the list pursuant to section 7 para 2 E-Commerce Act (Robinson-list for unwanted electronic communication as managed by the Regulatory Authority for Broadcasting and Telecommunications) into account.

10. Warranty

Any warranty of BREX is subject to applicable law, in particular sections 922 et seqq of the Austrian Civil Code (ABGB).

11. Liability

BREX has no influence on the relevance, completeness, accuracy, and availability of data from public databases or credit reference agencies, and therefore accepts no liability for the accuracy and/or completeness of the data requested and obtained. BREX is not liable for any claims of a third party against a User arising out of or in connection with the use of BREX's products or services by the User, distortions or omissions in the requested data, or delays in the data request process. BREX is not liable for any errors or delays in the data transmission, not caused by BREX.

In order to compile and produce the products and services, BREX uses data from public databases and data made available by credit reference agencies. BREX indicates the data source in connection with the respective data set. BREX transmits data and content in their existing form ("as is"). Credit reference agencies compile business data to the best of their knowledge on the basis of the data and information sources available to them. BREX has no influence whatsoever on their data collection and processing methods, the way in which the data is evaluated, its relevance, completeness, accuracy, and availability. Credit reference agencies furthermore offer assessments and opinions on the creditworthiness of businesses and persons engaging in business activities in a variety of forms, often in the form of so-called ratings. Such assessments represent the opinion of the credit reference agencies, and no recommendation regarding a business or credit relationship can be derived from it. BREX has no influence whatsoever on these assessments, the conclusions made, the underlying technical and professional processes, and their relevance, completeness, accuracy, and availability. Translation agencies receive data and content as is from BREX. Based on this data, translations are prepared by professionals within the service levels specified. BREX has no influence whatsoever on their translation process, its completeness and accuracy.

BREX therefore does not accept liability for any damage arising from the completion or non-completion of a business transaction made on the basis of data transmitted by BREX.

The limitations of liability stipulated in this provision shall only apply to the extent permitted by law and, in particular, shall not apply to personal injuries as well as damages or losses occurred by Users that were caused by a willful act or omission or by gross negligence. Any liability for indirect loss or consequential damage is totally excluded.

12. Security and abuse

In order to prevent the misuse of subscriber and login data, the User undertakes to keep this data confidential and not to allow any unauthorized access to it, to prevent any misuse and to notify BREX immediately if a User suspect misuse of his data. The User is liable for any loss or damage and claims for fees made against BREX arising from or in connection with the misuse of the User’s facilities or the misuse of the requested data by the User or by third parties who gained access via the User's facilities or their login data. The User undertakes to refrain from attempts to hack into the Websites, the BREX API as well as the any services or products operated by BREX.

13. Compliance with statutory provisions

The User agrees to comply with the current statutory provisions. In particular, reference is made, but not limited to the obligations of to the following Austrian laws:

  • Copyright Act (Urheberrechtsgesetz) (BGBl No. 111/1936 as amended)
  • Data Protection Act (Datenschutzgesetz) 2000 (BGBl I No. 165/1999 as amended)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; GDPR
  • Telecommunications Act (Telekommunikationsgesetz) 2003 (BGBl I No. 70/2003 as amended)
  • E-Commerce Act (BGBl I 152/2001 as amended)
14. Applicable law, place of performance and jurisdiction

It is agreed that all disputes arising from this contract will be governed by English law, with the exception of the reference provisions of the International Private Law and the United Nations Convention on Contracts for the International Sale of Goods. The place of performance and exclusive legal venue shall be London, England. In case the User is a consumer, disputes will be settled at the place of jurisdiction over consumer contracts, which shall be the court of the consumer's domicile, its habitual place of residence or its place of employment in accordance with section 14 of the Austrian Consumer Protection Act. The contract, order and business language shall be English.

15. Miscellaneous

BREX recognizes the Internet Ombudsman, Margaretenstrasse 70/2/10, 1050 Vienna, www.ombudsmann.at as mediator for the negotiation of an out of court agreement. In case the User intends to express a complaint regarding the purchase of a product or a service of BREX, such complaint may be send to BREX via support@brex.io. In accordance with the provisions of the EU directive no. 524/2013 (ODR directive) regarding online consumer dispute resolution, the User is entitled to use the European OS-Platform for online dispute resolution (http://ec.europa.eu/odr). The right of the parties to take legal actions remains unaffected at any time. In case of sweepstakes, competitions or raffles of whatever kind the recourse to the courts shall be excluded.

If any of these provisions are or become invalid, the effectiveness of the other provisions shall not be affected. Instead, in place of the ineffective stipulation a replacement provision that corresponds as closely as possible to the objective of the invalid provision shall apply. In case the User is a consumer, such effective replacement provision shall apply that complies with applicable consumer protection laws.

Privacy Policy

Effective May 25th, 2018

General

1.1. Data protection is a matter of trust and your privacy is important to us. To make you feel safe when visiting our service and purchasing products, we comply with the applicable data protection law when processing your personal information and will hereinafter inform you about the data we collect and how we use it.

1.2. This privacy policy relates solely to BREX Business Register Exchange GmbH, Gußhausstraße 15/5, 1040, Vienna, Austria

2. Definitions and legal references

2.1. Personal data (or data): Any information regarding a natural person, a legal person, an insti-tution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.

2.2. Usage data: Information collected automatically from BREX (or third party services em-ployed in BREX ), which can include: the IP addresses or domain names of the computers utilized by the Users who use BREX, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the country of origin, the features of the browser and the operating system utilized by the User, the vari-ous time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the se-quence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

2.3. User: The individual using BREX, which must coincide with or be authorized by the Data Sub-ject, to whom the Personal Data refer.

2.4. Data subject: The legal or natural person to whom the Personal Data refers.

2.5. Data processor (or data supervisor): The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy policy.

2.6. Data controller (or owner): The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Control-ler, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of BREX. The Data Controller, unless otherwise specified, is the Owner of BREX.

2.7. BREX: The hardware or software tool by which the Personal Data of the User is collected.

2.8. Cookies: small pieces of data stored in the User's device.

3. Data Controller

The controller for the purpose of the General Data Protection Regulation is:
BREX Business Register Exchange GmbH (hereinafter "BREX")
Gußhausstraße 15/5
1040 Vienna
Austria
Phone: +43 720 230360
E-Mail: support@brex.io
Website: brex.io

4. Personal data

4.1. Personal data are all data that contain individual information about personal or factual cir-cumstances, such as name, address, email address, phone number, date of birth, age, gen-der, photos, as well as biometric data.

4.2. The Data concerning the User is collected to allow the Data Controller to provide its services, as well as for the following purposes: Registration and authentication, Remarketing and be-havioural Targeting, Handling payments, Analytics, User database management, Contacting the User, managing email addresses and sending messages, Advertising and Infrastructure monitoring.

4.3. Among the types of Personal Data that BREX collects there are:

  • First Name & Last Name
  • Phone number
  • Email
  • Company Name
  • Address, State, Province, ZIP/Postal code, City
  • VAT Number
  • Password
  • Cookie and Usage Data

4.4 If you register to our mailing list or for our newsletter, you will be added to the contact list of those who may receive email messages containing information of commercial or promo-tional nature concerning company. Email addresses might also be added to this list as a re-sult of signing up to BREX or after making a purchase. For the purpose of sending you those e-mails we collect your email, first name, last name. In some cases, we collect your compa-ny name and VAT number. You can revoke your consent at any time.

4.5 If you choose to contact us via our contact form, you authorize BREX to use your details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header. If you use to contact form we will collect your email, first name, last name, company name and phone number.

4.6 By registering or authenticating, you allow BREX to identify and give you access to dedicated services. You register by filling out the registration form. For the purpose of registration you provide us with the following personal data which will be collected by us: email, first name, last name, password and in some cases company name and VAT number.

4.7 The Personal Data collected is freely provided by the User when using the BREX live ser-vices.

4.8 All Data processed via the service hosted by BREX are used by BREX solely for the purpose of providing the service to the Users. Such Data will not be transferred or sold by BREX to any third party. The Owner reserves the right to aggregate the Data imported on the appli-cation by the different BREX Users, for the purpose of creating anonymized aggregated metrics.

5. Methods of processing

The Data Controller processes the Data of Users in a proper manner and is taking appropri-ate security measures to prevent unauthorized access, disclosure, modification, or unau-thorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the pur-poses indicated. In addition to the Data Controller, in some cases, the Data may be accessi-ble to certain types of persons in charge, involved with the operation of the service (admin-istration, support, sales, marketing, legal, system administration, financial) or external par-ties (such as third party service providers, mail carriers, communications agencies) appoint-ed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

6. Place

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

7. Legal basis for processing personal data

7.1. Consent – Art 6 (1) (a) GDPR

For certain processing operations we will seek your consent, e.g. sending you our newslet-ter. In the context of consent to the processing of your personal data, processing will take place only in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Once you have given your consent, you can revoke it at any time with effect for the future

7.2. Contractual Obligations – Art 6 (1) (b) GDPR

Personal data will be processed in order to provide and arrange BREX's services, most nota-bly in order to perform our contracts with you and to execute your requests. The purposes of data processing are primarily dictated by the specific product. The purposes of data pro-cessing are based on the respective contract documents and the Terms and Conditions.

7.3. Legal Obligations – Art 6 (1) (c) GDPR

Personal data may be processed for the purpose of fulfilling various legal obligations, e.g. tax obligations or obligations arising out of license agreements with commercial registers.

7.4. Legitimate Interests – Art 6 (1) (f) GDPR

If it is necessary and after weighing up interests, data may be processed in favour of BREX beyond the actual performance of the contract in order to protect our legitimate interests. Situations in which data is processed to protect legitimate interests for example include

  • Our Website using cookies, storing the IP-address and log-in information,
  • Measures to prevent and combat fraud,
  • Measures to correct the delivery of faulty services.
8. Provision of personal data

Both for the conclusion of the contract as well as its fulfilment it is necessary that you pro-vide us with your personal data, which will be processed by us. You are only obliged to pro-vide personal data that is necessary for the assumption and performance of the business relationship and which BREX is obliged by law to collect. Failure to provide certain Personal Data will make it impossible for BREX to provide its services.

9. Cookies & Server Log Files

9.1. Any use of Cookies – or of other tracking tools – by BREX or by the owners of third party services used by BREX, unless stated otherwise, serves to identify Users and remember their preferences, for the sole purpose of providing the service required by the User.

9.2. For operation and maintenance purposes, BREX and any third party services may collect files that record interaction with BREX (System Logs) or use for this purpose other Personal Data (such as IP Address).

10. Web and email analysis

10.1. Marketing: BREX uses a third party marketing and sales platform to manage a database of companies and contacts to communicate with the User. This service is also used to send emails and collect data concerning the date and time when the mail is viewed by the User, as well as when the User interacts with incoming mail, such as by clicking on links included in the mail.

10.2. Analytics, Monitoring and Reporting: Various services are used to collect, to track and to examine web traffic and can be used to track User behavior.

10.2.1 Google Analytics (Google Inc.): Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of kompany, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. Personal data collected: cookies and usage data. For further information please read Google's privacy policy. If you want to prevent your data from being used by Google Analytics you have the possibility to opt out. If you wish to do so please visit this website.

10.3. Service Monitoring and Reporting: BREX also uses services to enable BREX to monitor the use and behavior of its components so that performance, operation, maintenance and troubleshooting can be improved.

11. Social Media and Advertising

11.1 Remarketing and Behavioral Targeting: These services allow BREX and its partners to inform, optimize and serve advertising based on past use of BREX by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.

11.2 Advertising: These services allow User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements, possibly based on User interests. This does not mean that all personal data are used for this purpose. Infor-mation and conditions of use are shown below. Some of the services listed below may use Cookies to identify Users or they may use the behavioral retargeting technique, i.e. display-ing ads tailored to the User’s interests and behavior, including those detected outside BREX. For more information please check the privacy policies of the relevant services.

11.2.1 AdRoll (Semantic Sugar, Inc.): AdRoll is an advertising service provided by Semantic Sugar, Inc. Personal data collected: Cookie and usage data. For further information please read AdRoll's privacy policy.

11.2.2 Facebook Remarketing (Facebook): Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook Inc. that connects the activity of kompany with the Facebook advertising network. Personal data collected: cookie and usage data. For further information please read Facebook's privacy policy.

11.2.3 LinkedIn Remarketing (LinkedIn): LinkedIn Remarketing is a Remarketing and Behavioral Targeting service provided by LinkedIn Inc. that connects the activity of kompany with the LinkedIn advertising network. Personal data collected: Cookies and usage data. For further information please read LinkedIn's privacy policy.

11.2.4 Twitter Remarketing (Twitter): Twitter Remarketing is a Remarketing and Behavioral Targeting service provided by Twitter, Inc. that connects the activity of kompany with the Twitter advertising network. Personal Data collected: Cookie and Usage Data. For further information please read Twitter's privacy policy. For more information about opting out please visit this website.

12. Disclosure of your personal data

12.1. In order to provide our services, it is necessary to disclosure your data to third parties.

12.2. Some of the recipients of your personal data are located outside the European Union and/or process your data there. The data protection level in other countries may not com-ply to that of Austria. However, BREX only transmits your personal data to countries for which the EU Commission has decided that they have an appropriate level of data protec-tion. If this is not the case we take measures to ensure that all recipients have an adequate data protection level, for which we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC).

12.3 User Database Management: BREX uses regulated third party services to manage user pro-files. These profiles are built from an email address, a personal name, or other information that the User provides to BREX. This personal data is matched with publicly available infor-mation about the User (such as organisations and company profiles) and used to build pro-files that the Owner can use for improving BREX. BREX's core platform also manages user profiles and is hosted in the EEA at an ISO 27001 certified data center located in Austria.

12.4 Handling payments: Payment processing services enable BREX to process payments by credit card, bank transfer or other means. To ensure greater security, BREX shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.

12.5 Hosting and monitoring: BREX's core platform is hosted within the ISO 27001 certified date centers operated by Next Layer Telekommunikations- und Beratungs GmbH, located in Austria. Next Layer operate digital and physical security measures consistent with the certi-fication for both live datastores and backups. BREX also uses Amazon Web Services (AWS) hosting service platform in Germany, Dublin, USA and Singapore.

12.6 The User’s Personal Data may be used for legal purposes by the data controller, in court or in the stages leading to possible legal action arising from improper use of BREX or the relat-ed services.

12.7 We will disclose user’s personal information where the data controller is bound to do so, at law or via a court order as well as to meet any legal or regulatory requirement or obligations. The data controller will use all reasonable efforts to ensure that those requirements or obli-gations are in accordance with Applicable Law.

12.8 The data controller reserves the right to disclose user information to any Third Party, if the data controller has reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of BREX.

12.9 The data controller will disclose the user's data upon request of public authorities.

12.10 BREX does not sell any Personal Data collected or processed as part of using the BREX ser-vice.

13. Period of storage

The Data is kept for the time necessary to provide the service requested by the User or stated by the purposes outlined in this document, and the User can request that the Data Controller suspend or remove the data, except where legal obligations require the Data Controller to maintain records including the Data.

14. Rights of affected persons

14.1. You have at any time the right to request information about your stored personal data, their origin and recipients and the purpose of data processing. You also have the right to demand rectification, transfer, and, where applicable, to object or restrict the processing or deletion of inaccurate or improperly processed data.

14.2. If you believe that the processing of your personal data by BREX violates the applicable data protection law or your data protection claims in any other way, you may complain to the competent supervisory authority. In Austria the competent supervisory authority is the Austrian Data Protection Authority.

15. Contact Person

Russell Perry, Chief Executive Officer
Gußhausstrasse 15/5, 1040 Vienna, Austria

dataprivacy@brex.io
16. Right of modification

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using BREX and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

GDPR

Welcome to our website. Thank you for your interest in BREX by kompany? and our powerful API that gives you instant access to global commercial register data.

About BREX

BREX provides real-time access to structured, official and authoritative commercial register data, including company filings covering more than 55 million companies in 80+ countries and jurisdictions.

About the General Data Protection Regulation (GDPR)

On May 25, 2018, the new General Data Protection Regulation (GDPR) will enter into force Europe-wide. It introduces new rules for companies offering goods and services in the EU, or processing sensitive data of EU citizens. The aim of the regulation is to introduce high standards of data protection that apply uniformly throughout the EU.

Data Privacy at BREX

We take the protection of your private information very seriously. The protection of your privacy when processing personal data is an important matter for us, which we account for in our business processes.

BREX ensures the security and privacy of the personal data provided in compliance with the European General Data Protection Regulation (GDPR). The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your consent.

Security and confidentiality of our customers? data has been central to the design and operation of the BREX platform since inception.

The BREX core platform has been hosted in the EEA, specifically in Vienna, at an ISO 27001 certified data center located in Austria since the service was launched in 2012. Our IT service provider, nextlayer Telekommunikationsdienstleistungs- und BeratungsGmbH, operates IT services for a wide range of companies, including Austrian insurance corporations, banking groups and air carriers.

Our own rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as Payment Card Industry (PCI-DSS) Level 1 compliant billing platform, PCI DSS SAQ A (3.2, Rev 1.1) and ISO 27001 (nextlayer).

We have recently updated and adapted to our internal processes, policies and products to further strengthen our comprehensive data privacy and compliance programs.

You can find our latest Data Protection Policy here.

Our goal is to ensure that our customers are confident with BREX as a trusted data processor. Some of the major adaptations already completed before May 25, 2018 include:

  • Building a universal Data Governance service on the platform to ensure consent is captured globally across the platform and commercial sites.
  • Documenting all external services in use companywide and ensuring compliance and transparency where data is shared or must be shared as part of the Business Support Systems (BSS).
  • Updates of our privacy policy and terms of service to reflect changes related to GDPR.
  • Building internal policies covering requests for information, the ability to correct personal information and likewise, to delete these.
  • Ongoing monitoring and reporting of processes and procedures.
  • Ongoing review with and by the respective government authorities in Austria and the EEA.

Detailed information on Data Protection can be found at the following link:https://www.data-protection-authority.gv.at/home