Privacy Policy

Last Updated May 2021

1. kompany Privacy Policy

This is the Privacy Policy of 360kompany AG and its direct and indirect subsidiaries (“kompany” or “kompany Group” or “we”). kompany offers via its websites IT services and products based on data and documents provided by third parties. This Policy applies to the use of these kompany services.

360kompany AG with its business address at Schwindgasse 7/12, 1040 Vienna, Austria, registered in the companies register of the Commercial Court of Vienna under FN 375714x is the parent company and is the responsible content provider of kompany websites. kompany Group consist of the following companies which are all subsidiaries of 360kompany AG:

- 360kompany USA, Inc with its business address at 2253 Edsall Avenue, Bronx, 10463 New York, USA, registered under 5121601 DE.

- 360kompany UK Ltd, with its business address at 38-42 Newport Street, Swindon, SN1 3DR, England, United Kingdom, registered in the UK companies house under 13361766.


2. Our commitment

kompany offers services for the purpose of AML compliance and, therefore, stands for transparency, accountability and compliance. These guiding principles also apply to kompany’s business model and operations to ensure compliance with all relevant laws and regulations including data protection regulations. It is important to kompany that you feel safe during your visit to our website and while using our services. As soon as you make use of kompany services, you entrust us with the processing of your personal data.

Therefore, in this Privacy Policy, we want to inform you in detail about which personal data we collect from you, how we process it and to whom we might forward it. Furthermore, we would like to inform you about the precautions we are taking to protect your personal data, which rights you have in this context and to whom you can turn for data protection concerns.


3. Personal data

We process the personal data that we receive from you only within the scope of the business relationship and usage of our websites. When using kompany’s services or interacting with kompany, the following personal data might be processed:

Type of data What does this include
Contact Data when creating a new user account or communicating with kompany, we might process for example: first and last name / company name, user ID, / company registration number, phone number, email address, business and billing address.
Financial Data as part of purchase and sales transactions, we might process for example: bank details (IBAN, BIC), payment service provider information, payment details, transaction-ID, VAT number, etc.
Technical Data during visits of our websites, we might process for example: internet protocol address, login data, browser type and version, time zone setting and locations, browser plug-in types and versions, operation system and platform, and other technology on the devise used to access our services.
Profile Data when you sign agreements with us (e.g., terms and conditions, framework agreement, order forms) or interact with us (e.g. raise a ticket via kompany websites), we might collect profile data.
Usage Data when you use our services, we collect certain usage data (including IP address and the time of visit).
Marketing and Communications Data when you visit our website or social media sites, we might process statistical and marketing data such as : preferences in receiving marketing from us and your communication preferences (including in respect of cookies).
Photo, video and audio data when we attend or organise events or fairs or hold interviews, we may take photos and other recordings of such events and might process photo, video and audio data. However, we will always inform you separately about such recordings.
Hiring data if you apply for a job on our website, via LinkedIn or other recruitment platforms, we might process data which is necessary for the recruitment process, for example: contact data, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents like passport, and the data from all these documents, links to your portfolio or social media platforms, etc.

4. Special categories of personal data & children

kompany does not capture or process special categories of personal data. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data (Art 9 para 1 GDPR). kompany services are only for persons of legal age who are permitted to use the services of kompany. Therefore, we are not knowingly collecting personal data from under-age persons.


5. Purpose and legal basis for using personal data

All processing is performed in accordance with the GDPR and the Austrian Data Protection Act (Datenschutzgesetz - DSG). kompany processes your personal data based on at least one of the legal bases listed below and as outlined in the following chart.

Legal bases:

  • -  for the performance of contractual obligations (Art 6 para 1 lit b GDPR):
  • Processing of personal data might be necessary for the performance of the contract with you or in order to take steps at your request prior to entering into a contract.
  • -  for compliance with legal obligations (Art 6 para 1 lit c GDPR):
  • Processing of personal data might also be necessary for complying with various legal obligations (e.g. AMLD, GewO 1994, tax laws etc.)
  • -  to protect legitimate interests (Art 6 para 1 lit f GDPR):
  • Where necessary, data processing might take place beyond the performance of the contract in order to maintain the legitimate interests of kompany group or a third party.
  • -  based on your consent (Art 6 para 1 lit a GDPR):
  • If you have given us your consent to process your personal data, processing will only take place in accordance with the defined purposes and to the extent agreed in the declaration of consent. Given consent may be withdrawn at any time without giving reasons and with future effect, if you no longer agree to the processing. Please note that the withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. What personal data do we collect and how?

The following chart explains the personal data that we collect, how we collect it and what our legal basis is for collecting it.

Action What data is collected How do we collect this personal data Legal basis
Use of kompany websites (e.g., browsing website, submitting a request, subscribing to newsletter)

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (if subscribed to newsletter)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to contact us, you directly provide personal data to us.

1. Consent, contact about your query, to receive a newsletter, to process special category data, etc.
2. Necessary for legitimate interests (e.g. performance of services, to develop our business).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
kompany Customer (existing or in the process of becoming one)

Technical Data and Usage Data (for tracking purposes)

Contact Data, Financial Data, Transaction Data, Profile Data and Marketing and Communications Data (when you enter into a formal relationship with kompany)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to contact us, you directly provide personal data to us.

1. Performance of a contract with you
2. Necessary for legitimate interests (e.g. claim management).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
Job application

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (information in relation to application)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you decide to apply for a job, you directly provide us with your personal data.

1. Consent, you choose to apply.
2. Performance of a contract with you.
Service provider to kompany

Technical Data and Usage Data (for tracking purposes)

Contact Data and Marketing and Communications Data (information in relation to application)

Financial Data, Transaction Data and Profile Data (when we engage with you)

Automated technologies: As you interact with our website, we automatically collect personal data about you by using cookies and similar technologies. Please see Cookies Policy

Direct interactions: If you provide us with service, we will hold personal data, such as name and email address, of your staff that have engaged with us.

1. Performance of a contract with you
2. Necessary for legitimate interests (e.g. daily business).
3. Necessary to comply with a legal obligation (e.g. financial, tax and legal affairs).
Manager and/or shareholder of a legal entity in a public registry Contact Data (as this is the information that is found in the public registries). Open data and public register:
We transfer personal data about you from public registries. Public registries are accessible to anyone. We do not store any of your personal data in our software and only provide a conduit through which our customers can easily access it.
1. Necessary for our legitimate interests (performance of service)
2. See below for further information. It is for our customers to have a specific lawful basis in which to instruct us to transfer personal data on you to them.

7. Personal data from public registers

kompany offers IT services and products based on data and documents provided by third parties. Such data include personal data (e.g., details of directors and shareholders) which are retrieved from public sources. However, kompany focus on the transfer of these data to its customer and does not store personal data of directors and shareholders.

One of the main principles of data protection including GDPR is that legitimate interest overrides the interest of directors and shareholders displayed in public registers. As kompany services are a part of the global combat against money laundering and terrorist financing, our services ensure a safer and stronger society. As the data we transfer are publicly available and considering the purpose of our services (AML/CTF) the rights of manager and shareholders do not override our legitimate interest of preventing and detecting crime.


8. Data transfer

kompany may share your personal data with the parties set out below for the purposes set out in the table above.

  • -   Data transfer within kompany Group.
  • -   Data transfer to external data processors such as:
    • Processors who perform services for us such as website, marketing and sales software (e.g., HubSpot, Google Adwords, Microsoft Advertising, and others), IT services (Next Layer, AWS, OCI, and others), customer support (Zendesk Inc.), improvement of our website (Hotjar Limited); performance of contracts, account management, accounting, invoicing (recurly, 3Scale), and sending out newsletters (e.g., HubSpot). Processors may only use or disclose this data to the extent necessary to perform services for kompany or to comply with legal rules. We contractually oblige these processors to ensure the confidentiality and security of your personal data that they process on our behalf.
    • Website, marketing and sales software which helps us to successfully communicate with you (e.g., Google).
    • Technology companies that provide us with desktop and cloud-based products, solutions and services which are important to ensure our business conduct (e.g., Microsoft).
    • Payment service providers that process payments made by customers (e.g., Braintree, PayPal, Erste Bank, etc).
    • Google Analytics: We use the web analytics service provided by Google Analytics on our websites. This uses data collected by cookies, i.e., information about your use of our website and your surfing behavior. Please feel free to visit kompany websites and choose your cookies settings should you wish to not allow such use of your data.
  • -   Other external third parties which are not deemed to be data processors in their relationships with us such as:
    • Professional advisers (e.g., law firms, banks, accountants): We may need to engage with them from time to time for the purposes of our business and to provide data.
    • Regulators and other governmental authorities: We may need to engage with them for the purposes of our business and to provide data.
    • Third parties whom we may be in contact with to sell, transfer or merge parts of our business or our assets, or to attempt to acquire or merge with other companies. Such situations, may result in the disclosure of your personal data. We do however, ensure that your data is kept confidential. Should the current ownership change, then the new owners may use your personal data in the same way as set out in this policy.

We do not sell your personal data to any third parties.

Our third-party service providers are not allowed to use your personal data for their own purposes and are only permitted to process your personal data for specified purposes as instructed by us.


9. Third party links & plug-ins

kompany websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. As kompany does not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy documentation of every website you visit.


10. Data Security

The security of data is very important to kompany and we are committed to protecting data we collect. We maintain comprehensive administrative, technical and physical measures designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. In addition, we limit access to your personal data to those employees, contractors and other third-parties who have a business need to know. They will only process your personal data based on our instructions and they are subject to a duty of confidentiality.

While these measures meet the highest international safety standards and are regularly reviewed regarding their effectiveness and suitability for achieving the intended safety objectives, kompany is also aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of data transmitted to kompany websites and any transmission is at your own risk. You are responsible for your user-ID and password (including API-key) which enables you to access any of kompany services.


11. International data transfer

kompany shares your personal data within kompany group and with some third-party suppliers, if required. This may involve transferring your data outside the EEA. However, kompany ensures by implementing at least one of the following safeguards that a similar degree of protection is ensured as within the EEA:

- The European Commission assessed that a country has an adequate level of protection for personal data (for more details see: European Commission: Adequacy of the protection of personal data in non-EU countries).

- With certain service providers kompany may use specific contracts approved by the European Commission which give personal data the same protection it has in EEA (known as “Standard Contractual Clauses”, for more details see: European Commission: Model contracts for the transfer of personal data to third countries).

Please contact support@kompany.com, if you need further information regarding the international data transfer.


12. Retention and deletion periods

kompany retains personal data, as far as necessary, for the duration of the entire business relationship, and in principle 1 year after termination of the business relationship. Beyond this we retain your data only for a longer period, in accordance with statutory retention and documentation obligations, to defend legal claims or with your explicit consent.

The retention period is thus determined by the statutory retention periods or limitation periods. In accordance with the Austrian Enterprise Code (UGB) and the Federal Tax Code (BAO) 7 years, in accordance with the Equal Treatment Act (GIBG) half a year, and in certain cases between 3 and 30 years according to the Austrian General Civil Code (ABGB) e.g. if data is required as evidence for legal disputes or for as long as there are other legitimate interests in retention.

Unless expressly stated in this Privacy Policy, personal data processed by kompany shall be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations.


13. Marketing

kompany may use your Contact Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you.

You will receive marketing communication from kompany, if you have requested such information or purchased services from kompany and you have not opted out of receiving such product & marketing information. kompany will get your express opt-in consent before we share your personal data with anyone for other marketing purposes. kompany newsletter is performed by HubSpot and in the newsletter so-called web beacons might be used. Such web beacons provide kompany with a better understanding of your interactions with the newsletter. They fulfil a similar function as cookies, but they are not visible to users. Information can be obtained via web beacons, in particular about whether an email was opened and whether the user’s system is capable of receiving HTML emails.

You can unsubscribe from such marketing messages at any time by using the unsubscribe option at the end of marketing emails or contacting us and withdrawing your consent. If you opt out of receiving marketing messages, this will not apply to messages that kompany needs to send you as a result of fulfilling a contractual relationship with you (e.g., we may need to contact you about a payment due).


14. Cookies

A cookie is a small file of letters and numbers that is stored in your browser, the hard drive of your computer or on your mobile device, if you agree. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of a website may become inaccessible or not function properly. For more information about the cookies we use, please see the Cookies Policy.


15. Data Protection Rights

Under certain circumstances, you have rights under GDPR in relation to your personal data which we summarized in the following.

Right to access You have the right to request copies of your personal data from kompany. We may charge you a small fee for this service.
Right of rectification You have the right to request that kompany corrects or completes any information you believe is inaccurate or incomplete.
Right to erasure You have the right to request that kompany erases your personal data.
Right to restrict processing You have the right to request that kompany restricts the processing of your personal data.
Right to object processing You have the right to object to kompany’s processing of your personal data.
Right to withdraw you consent You have the right to withdraw your consent. This does not affect the lawfulness of any processing carried out beforehand. Further, we may not be able to provide certain services to you.
Right to data portability You have the right to request that kompany transfers the data that we have collected to another organization, or directly to you.

Please contact us via email support@kompany.com. After such a request, kompany has on month to respond. kompany may need to request specific information from you to help us to confirm your identity. This security measure is in your own interest to ensure that personal data is not disclosed to any person who has no right to receive it.


16. Data Protection Authority

Should you wish to report a complaint or if you feel that kompany has not addressed you concern in a satisfactory manner, you may contact the Austrian Data Protection Authority (Datenschutzbehörde).


17. Changes to Policy

kompany regularly reviews this Privacy Policy to ensure transparency and compliance with developing data privacy rules. We update this Privacy Policy from time to time when required, in order to take current circumstances into account. If we make significant changes to this Privacy Policy, we will notify you after the login into your account and provide you with the updated version of the Privacy Policy. If it is required by applicable law, kompany will obtain your express consent to significant changes.


18. Contact kompany

If you have any further questions about this Privacy Policy or the processing of your personal data, please contact our privacy team: support@kompany.com.


expand_less