These General Terms and Conditions (the “GTC") apply to all current and future transactions and business relations between BREX Business Register Exchange GmbH, registered with the commercial register of the commercial court in Vienna under registration number FN 405096 f, having its registered office in Vienna, Austria (hereinafter "BREX"), and the user (the “User”) of the products and services on any of the websites operated by BREX as stated in the Masthead (as amended), including but not limited to www.brex.io, (the "Websites" or a “Website”) as well as the Application Programming Interface offered by BREX which is a lightweight RESTful webservice that can be used to search for corporate and related information and to order and retrieve documents (hereinafter the "BREX API"). These GTC apply regardless of whether the products or services are used against payment or for free and with or without registration. Any terms and conditions provided by the User shall not apply. Such terms and conditions shall only be valid upon written confirmation by BREX.
BREX services are not available for consumers as defined in the Austrian Consumer Protection Act (Konsumentenschutzgesetz; “KSchG”) as amended. BREX services are only available for entrepreneurs. According to the Austrian Consumer Protection Act a person who does not make the transaction in the course of carrying on his business is a consumer. A person to whom this does not apply is not a consumer but an entrepreneur. Therefore, the provisions of the Austrian Consumer Protection Act (as amended) as well as the Austrian Distance Selling Act (Fern- und Auswärtsgeschäfte-Gesetz; “FAGG”) as amended do not apply. By registering for BREX services you confirm that you are not a consumer.
These GTC govern the access to and the use of the BREX API and the Websites as well as possible further contractual services (e.g. data remediation services). BREX reserves the right to modify these GTC at any time and without being required to state any reason for doing so; such changes may include, but are not limited to, the imposition of new or additional terms or conditions. By first accessing the Websites or first using the BREX API – whichever falls earlier – the User accepts these GTC, which shall apply towards the User from such first access of the Websites or first use of the BREX API. In case of amendments of the GTC, whereas the amended GTC come into force when published on the respective Website, the User automatically accepts the GTC in their latest version by accessing and using the Websites or using the BREX API. If the User does not accept the GTC (as amended), then he must immediately exit the Websites or refrain from using the BREX API or any other services or products related to the Websites or the BREX API. This applies regardless of whether the User is using the Websites or the BREX API with or without registration, and making a purchase or not. In case a User does not accept the amendment to the GTC, he is entitled to terminate the contractual relationship with BREX, whereas clause 7.1.3 shall apply mutatis mutandis. The contractual relationship between the User and BREX will then be terminated on the basis of the GTC last accepted by the User.
For a detailed description of our services and corresponding prices, see the current version of the product overview and price list available on https://brex.io/.
In principle, BREX offers access to the Websites, the BREX API and the corresponding products and services based on a monthly or yearly subscription plan. A User can register on the Websites by entering a minimum set of data, i.e.: company name, first name, last name, e-mail address, phone number, user name, and password. Furthermore, the User may voluntarily provide additional contact details and a VAT number, opt-in to receive newsletters and the like or offers from third parties. A User can also purchase a subscription plan in order to be able to receive BREX products. Both create a contractual relationship between the User and BREX, which shall be governed by these GTC.
With its products and services, BREX offers access to data, in particular data from public registers. However, it cannot be deduced for the future that BREX has to offer these services, products and subscriptions in their existing form and composition, or give access to such data. BREX reserves the right to reject Users as contracting parties without stating the reasons, and to prohibit them from accessing its products and services, or cease to supply them with these products and services. All IT applications, services, access and products provided by BREX in its authority as Clearing Office may only be used for the purpose of access and enquiries as defined by the respective law or decree.
Factually justified and reasonable changes of our performance obligations shall be tolerated by the User. This also applies to changes due to amendments of legal, regulatory or similar provisions applicable for BREX.
In order to use the products and services offered by BREX, the User must have operational Internet access. Connection problems between the User and its internet service provider lie beyond the sphere of influence of BREX and BREX assumes no liability for losses or damages of the User related therewith. Subject to the restrictions specified in this Clause, the products and services offered by BREX are basically available 24 hours a day. However, this does not apply to products and services that are subject to the availability of a public database, third party databases or third party services. Such products and services are available only during the official operating hours of these databases and services. Restrictions may also result from maintenance work, in particular but not limited to maintenance work regarding the Websites and the BREX API, third party databases and third party services as well as from overload, malfunction or collapse of the Austrian or international telecommunications networks. BREX has no influence on the availability of the data communication networks of the various external connection providers. Where possible, BREX will give Users prompt, appropriate notification of any interruptions or significant restrictions, e.g. due to maintenance, modifications, etc.
The use of certain services of BREX, including the receipt of newsletters or special offers, is subject to the Registration. There is no entitlement of Users to Registration. BREX has the right to reject Registration applications or exclude Users from the offered products and service (in part or in whole) without stating any reason. Each User may register only once. In order to register, a User must be at least 18 years old. Minors are not permitted to apply. In case of a legal entity, the application must be made by a competent, authorized representative. The data and other information requested by BREX during the Registration process must be supplied by the User completely and correctly, and must be updated in the event of any change without being requested to do so by BREX. For those products and services that require a Registration, a contractual relationship regarding such product or service is only created upon successful completion of the Registration. The successful Registration leads to the conclusion of a contractual relationship between the User and BREX for an indefinite period. The User has the option to print out the contract and data supplied during the Registration process.
The User may obtain the products and services of BREX offered on the Websites via the BREX API. These products and services are charged on a recurring basis based on the subscription plan chosen by the User. An individual purchase of products or services outside a subscription plan is not possible.
Subscription plans are valid from the order date for the period stated in the subscription plan and end on the last day of such period. YES; there may be rollover.
The User agrees that, when his chosen subscription plan expires, it will be automatically renewed by an equivalent, new subscription plan, if not otherwise agreed. The User also agrees that, when a possible trial period of its chosen subscription plan expires, the subscription plan will be automatically converted into a payable subscription plan, which may be fully charged at the end of the trial period. Users can only consume a trial period for a subscription plan once. Repeated registrations to obtain the benefits of a trial period multiple times are prohibited. BREX shall duly notify the User via e-mail before the expiry of a subscription plan or of a trial period that automatic renewal or conversion into a payable subscription and associated settlement are pending.
A User may cancel a subscription plan at any time without stating any reason, taking effect from the date up to which the subscription plan has been prepaid or to which the minimum subscription period runs, whichever day is later. In case of a cancellation, the refund of the subscription plan payment in whole or in part is not possible. Subscriptions must be cancelled in writing, either by postal mail or e-mail to BREX. Following a cancellation, the subscription plan remains valid for the period specified. During this period the User may make full use of the benefits derived from the subscription plan. In this case, there is no automatic renewal as described in clause 7.1.2. Any pre-paid credit purchased with a subscription plan will not be forfeited in the event of cancellation of this subscription plan. The User is free to spend this credit on any product or service of BREX. A refund in whole or in part is not possible. The User agrees that for the administration of an account with a pre-paid credit and no active subscription plan, BREX will charge a monthly service fee beginning 12 months after cancellation of the subscription plan. BREX is also entitled but not obliged, to deduct such monthly service fee against the pre-paid credit from the relevant account.
Delivery regarding the subscription plan is completed upon the User receiving a confirmation of such subscription plan from BREX (e.g. via e-mail). The delivery regarding the product or service requested within the scope of the subscription plan is completed upon display of the requested product or service via the BREX API. Subsequently, the User has various options for the further use, e.g. downloading the product in PDF format.
Subscription plans are payable in advance. Payments must be made in full in order to make use of all benefits associated with the respective subscription plan. Payment is effected immediately before the delivery of the subscription plan, either by credit card or direct debit (where available). Unless agreed otherwise contractually.
Given the nature of the products or services provided by BREX, which typically consist of data, once the ordered product or service has been completely delivered, the User can no longer withdraw from the contract or return the product/cancel the service. Thus, a refund of the amount paid for a product/service is impossible. In particular, this applies to products and services that require payment to third parties by BREX. If the User is a consumer pursuant to the provisions of the Austrian Consumer Protection Act (KSchG), the provisions of this Austrian Consumer Protection Act (KSchG) as well as of the Austrian Distance Selling Act (FAGG) would apply, in particular section 18 para 1 number 11 Austrian Distance Selling Act (FAGG) according to which the consumer cannot withdraw from the contract regarding the delivery of digital content, if BREX already commenced to fulfil before expiry of the withdrawal period (section 11 Austrian Distance Selling Act (FAGG)) with the express consent of the consumer and if the consumer accepts the loss of the right to cancel the contract in case of premature fulfilment after receiving a confirmation pursuant to section 5 para 2 or section 7 para 3 Austrian Distance Selling Act (FAGG).
Unless otherwise agreed, accounts are payable in full upon receipt of the invoice. If the User falls in arrears with the payment of an amount invoiced and due for at least seven (7) calendar days, BREX is entitled to preclude the User from obtaining products and services on account (soft ban). Pursuant to these GTC, BREX and the User are the only contracting parties. Settlement is always in the name of BREX, third parties are expressly excluded.
BREX's invoices are generally issued and sent in PDF format. The user agrees explicitly to receive electronic invoices (PDF format). BREX issues the initial copy of the electronic invoice and grants online access to copies of invoices free of charge. Upon the User's request, BREX shall issue a copy of the respective invoice in paper form free of charge.
Refunds of payments and the issue of credit notes to a User for services already obtained from BREX are excluded in accordance with section 7.1.3 and 7.1.6 of these GTC, except in the case where BREX does not fulfill the services due to the non-transmission of the requested data because of a proven technical fault on BREX's end. Clause 5. of the GTC applies mutatis mutandis. In cases in which a User cannot open, view or print purchased products due to problems with the User's computer, printer or systems setup, the obligation of the User to settle all fees remains untouched and BREX will not honor refund requests. No refund is possible with regards to payments that contain official fees and arise upon searches in and access to the data of public databases, including e.g. commercial registers or companies registers and in particular the Austrian companies register, the European Business Registry (EBR) and similar services.
All data, information, references, statements and opinions on businesses or persons engaging in business activities and the like, which BREX has collected, compiled and passed on in any form or by any method of publication, must be treated strictly confidential by the User, and are limited to internal business purposes only. The User undertakes not to store any of this data, in whole or in part, for purposes other than those expressly specified in the contract, and not to reproduce, transfer or disseminate the data, either in return for payment or free of charge, forward to any third parties, create or distribute data collections, or change the transmitted data (reports).
The User expressly declares his legal authority to receive the data transmitted. In particular, the User confirms his overriding, justifiable interest in the data as defined in section 6 para 1 point f of the Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; "GDPR"). Furthermore, the User acknowledges that he may be required to make additional declarations, if required by the country in which either the accessed database, person or business of interest or the User is located.
The User undertakes to follow the provisions of the data protection laws, in particular the GDPR, concerning data confidentiality and security. The User must take appropriate measures to protect and safeguard the data transmitted against unauthorized access by its employees or third parties. In particular, the User must ensure that employees to whom data is made accessible in connection with their work, keep the data strictly confidential. This also applies after termination of their employment. The User ensures that the data and information retrieved are not stored, saved or otherwise retained on its database or imprinted form or otherwise for a period longer than necessary to use the information and products for its specific use. The User is liable to BREX for any damages and detriments which may incur as a result of an infringement of these data protection regulations.
Any disclosure to third parties, even partially, as well as the use of or any reference to the data in official or judicial procedures are expressly prohibited except disclosures can be made pursuant to applicable laws, regulations, a court, judicial or other governmental order. Furthermore, there must be no mention of or reference to BREX except as provided herein. The User is liable to BREX for any damages and detriments incurred as a result of an infringement of the above-mentioned regulations by the User or by third parties to whom the User discloses data.
The User undertakes not to violate any copyright, trademarks, patents and/or any other intellectual property rights of BREX and/or BREX’s data sources and partners, in particular but not limited to the European Business Register (EBR).
With regards to the address and contact or other personal information available, the User is entitled to use it for his own non-commercial information purposes only. The use is limited to the identification of companies or persons and connected contact details (e.g. address, telephone number). The use of the information for other purposes is expressly prohibited. In particular, it is inadmissible to use the information for commercial purposes, the use to build or complete participant, company, or other directories of any kind and in any form (print, electronically, CD-Rom, etc.), the use to carry out information services or operate a call center, the use for directory assistance, the use for marketing and promotional purposes, the use for the development of competing products, the use for any other commercial purpose, the use for any other purposes or in the interest of third parties. Any transfer (copying) of data into proprietary directories is also prohibited. The availability of address and contact information as well as its completeness and correctness are not guaranteed.
All Users are required to comply with the GDPR, the Austrian Data Protection Law (Datenschutzgesetz) and the Telecommunications Act (Telekommunikationsgesetz). The general availability of e-mail addresses or fax numbers does not imply the consent of the owner to the receipt of electronic mail or faxes. In particular, the User is obliged to take the list pursuant to section 7 para 2 E-Commerce Act (E-Commerce Gesetz; Robinson-list for unwanted electronic communication as managed by the Regulatory Authority for Broadcasting and Telecommunications) into account.
Any warranty of BREX is subject to applicable law, in particular sections 922 et seqq of the Austrian Civil Code (Allgemeines Bürgerliches Gesetzbuch; ABGB).
BREX has no influence on the relevance, completeness, accuracy, and availability of data from public databases or from other third parties, and therefore accepts no liability for the accuracy and/or completeness of the data requested and obtained. BREX is not liable for any claims of a third party against a User arising out of or in connection with the use of BREX's products or services by the User, distortions or omissions in the requested data, or delays in the data request process. BREX is not liable for any errors or delays in the data transmission, not caused by BREX.
In order to compile and produce the products and services, BREX can use data from public databases and other third party data providers. BREX indicates the data source in connection with the respective data set. BREX transmits data and content in their existing form ("as is"). Those data base providers compile data to the best of their knowledge on the basis of the data and information sources available to them. BREX has no influence whatsoever on their data collection and processing methods, the way in which the data is evaluated, its relevance, completeness, accuracy, and availability. In case credit reference agencies offer assessments and opinions on the creditworthiness of businesses and persons engaging in business activities in a variety of forms, often in the form of so-called ratings such assessments represent the opinion of the credit reference agencies, and no recommendation regarding a business or credit relationship can be derived from it. BREX has no influence whatsoever on these assessments, the conclusions made, the underlying technical and professional processes, and their relevance, completeness, accuracy, and availability.
BREX therefore does not accept liability for any damage arising from the completion or non-completion of a business transaction made on the basis of data transmitted by BREX.
The limitations of liability stipulated in this provision shall only apply to the extent permitted by law and, in particular, shall not apply to personal injuries as well as damages or losses that were caused by a willful act or omission or by gross negligence. Any liability for indirect loss or consequential damage is totally excluded.
In order to prevent the misuse of subscriber and login data, the User undertakes to keep this data confidential and not to allow any unauthorized access to it, to prevent any misuse and to notify BREX immediately if a User suspects misuse of his data. The User is liable for any loss or damage and claims for fees made against BREX arising from or in connection with the misuse of the User’s facilities or the misuse of the requested data by the User or by third parties who gained access via the User's facilities or their login data. The User undertakes to refrain from attempts to hack into the Websites, the BREX API as well as the any services or products operated by BREX.
The User agrees to comply with the current statutory provisions. In particular, reference is made, but not limited to the obligations of to the following laws:
It is agreed that all disputes arising from this contract will be governed by Austrian law, to the exclusion of the reference provisions of the United Nations Convention on Contracts for the International Sale of Goods and the International Private Law. The place of performance and exclusive legal venue shall be Vienna, Austria. The contract, order and business language shall be German or English, whichever is agreed upon between the User and BREX.
In case of sweepstakes, competitions or raffles of whatever kind the recourse to the courts shall be excluded.
If any of these provisions are or become invalid, the effectiveness of the other provisions shall not be affected. Instead, in place of the ineffective stipulation a replacement provision that corresponds as closely as possible to the objective of the invalid provision shall apply.
1.1. BREX provides real-time access to structured, official and authoritative commercial register data, including company filings covering 100+ million companies in 90+ countries and jurisdictions. Data protection is a matter of trust and your privacy is important to us. To make you feel safe when visiting our service and purchasing products, we comply with the applicable data protection laws (General Data Protection Directive/GDPR, Austrian Telecommunications Law/Telekommunikationsgesetz/TKG 2003) when processing your personal information and will hereinafter inform you about the data we collect and how we use it. Especially the GDPR, which entered into force Europe-wide on May 25, 2018 introduces new rules for companies offering goods and services in the EU, or processing sensitive data of EU citizens. The aim of the regulation is to introduce high standards of data protection that apply uniformly throughout the EU. It is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your consent. BREX ensures the security and privacy of the personal data provided in compliance with the European General Data Protection Regulation (GDPR). Security and confidentiality of our customers’ data has been central to the design and operation of the BREX platform since inception. The BREX core platform has been hosted in the EEA, specifically in Vienna, at an ISO 27001 certified data center located in Austria since the service was launched in 2012. Our IT service provider, nextlayer Telekommunikationsdienstleistungs- und Beratungs GmbH, operates IT services for a wide range of companies, including Austrian insurance corporations, banking groups and air carriers. Our own rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as Payment Card Industry (PCI-DSS) Level 1 compliant billing platform, PCI DSS SAQ A (3.2, Rev 1.1) and ISO 27001 (nextlayer).
2.1. Personal data: any information regarding a natural person, which is, or can be, identified, even indirectly. Examples are name, address, e-mail-address, telephone number, birth date, age, sex, social security number, pictures or even biometric data.
2.2. Usage data: information collected automatically from BREX (or third party services employed in BREX ), which can include: the IP addresses or domain names of the computers utilized by the Users who use BREX, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
2.3. User: the individual using BREX, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
2.4. Data subject: the natural person to whom the Personal Data refers.
2.6. Data controller (or owner): The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of BREX. The Data Controller, unless otherwise specified, is the Owner of BREX.
2.7. BREX: the hardware or software tools by which the Personal Data of the User are collected.
2.8. Cookies: small pieces of data stored in the User's device.
The controller for the purpose of the General Data Protection Regulation is:
BREX Business Register Exchange GmbH (hereinafter "BREX")
Schwindgasse 7/12, 1040 Vienna
Phone: +43 720 230360
4.1. The Data concerning the User is collected to allow the Data Controller to provide its services, as well as for the following purposes: Registration and authentication, Remarketing and behavioural Targeting, Handling payments, Analytics, User database management, Contacting the User, managing email addresses and sending messages, Advertising and Infrastructure monitoring.
4.2. Among the types of Personal Data that BREX collects there are:
4.3 If you register to our mailing list or for our newsletter, you will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning BREX. Email addresses might also be added to this list as a result of signing up to BREX or after making a purchase. For the purpose of sending you those e-mails we collect your email, first name, last name. In some cases, we collect your company name and VAT number. You can revoke your consent at any time.
4.4 If you choose to contact us via our contact forms, you authorize BREX to use your details to reply to requests for information as well as for quotes or any other kind of request. If you use the contact form we will collect your email, first name, last name, password, company name and phone number.
4.5 By registering or authenticating, you allow BREX to identify and give you access to dedicated services. You register by filling out the registration form. For the purpose of registration, you provide us with the following personal data which will be collected by us: email, first name, last name, password and in some cases address, company name and VAT number.
4.6 The Personal Data collected is freely provided by the User when using the BREX live services.
4.7 All Data processed via the service hosted by BREX are used by BREX solely for the purpose of providing the service to the Users. Such Data will not be transferred or sold by BREX to any third party. The Owner reserves the right to aggregate the Data imported on the application by the different BREX Users, for the purpose of creating anonymized aggregated metrics.
The Data Controller processes the Data of Users in a proper manner and is taking appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the service (administration, support, sales, marketing, legal, system administration, financial) or external parties (such as third party service providers, mail carriers, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.
7.1. Consent – Art 6 (1) (a) GDPR
For certain processing operations we will seek your consent, e.g. sending you our newsletter. In the context of consent to the processing of your personal data, processing will take place only in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Once you have given your consent, you can revoke it at any time with effect for the future.
7.2. Contractual Obligations – Art 6 (1) (b) GDPR
Personal data will be processed in order to provide and arrange BREX's services, most notably in order to perform our contracts with you and to execute your requests. The purposes of data processing are primarily dictated by the specific product, the respective contract documents and the Terms and Conditions.
7.3. Legal Obligations – Art 6 (1) (c) GDPR
Personal data may be processed for the purpose of fulfilling various legal obligations, e.g. tax obligations or obligations arising out of license agreements with commercial registers.
7.4. Legitimate Interests – Art 6 (1) (f) GDPR
If it is necessary and after weighing up interests, data may be processed in favour of BREX beyond the actual performance of the contract in order to protect our legitimate interests. Situations in which data is processed to protect legitimate interests for example include
Both for the conclusion of the contract as well as its fulfilment it is necessary that you provide us with your personal data, which will be processed by us. You are only obliged to provide personal data that is necessary for the assumption and performance of the business relationship and which BREX is obliged by law to collect. Failure to provide certain Personal Data will make it impossible for BREX to provide its services or fulfil an existent contract.
9.2. For operation and maintenance purposes, BREX and any third party services may collect files that record interaction with BREX (System Logs) or use for this purpose other Personal Data (such as IP Address).
10.1. Marketing: BREX uses a third party marketing and sales platform to manage a database of companies and contacts to communicate with the User. This service is also used to send emails and collect data concerning the date and time when the mail is viewed by the User, as well as when the User interacts with incoming mail, such as by clicking on links included in the mail.
10.2. Analytics, Monitoring and Reporting: Various services are used to collect, to track and to examine web traffic and can be used to track User behavior.
10.3. Service Monitoring and Reporting: BREX also uses services to enable BREX to monitor the use and behavior of its components so that performance, operation, maintenance and troubleshooting can be improved.
11.1 Remarketing and Behavioral Targeting: These services allow BREX and its partners to send, optimize and serve advertising based on past use of BREX by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
12.1. In order to provide our services, it is necessary to disclosure your data to third parties.
12.2. Some of the recipients of your personal data are located outside the European Union and/or process your data there. The data protection level in other countries may not comply to that of Austria. However, BREX only transmits your personal data to countries for which the EU Commission has decided that they have an appropriate level of data protection. If this is not the case we take measures to ensure that all recipients have an adequate data protection level, for which we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC).
12.3. User Database Management: BREX uses regulated third party services to manage user profiles. These profiles are built from an email address, a personal name, or other information that the User provides to BREX. This personal data is matched with publicly available information about the User (such as organisations and company profiles) and used to build profiles that the Owner can use for improving BREX. BREX's core platform also manages user profiles and is hosted in the EEA at an ISO 27001 certified data center located in Austria.
12.4. Handling payments: Payment processing services enable BREX to process payments by credit card, bank transfer or other means. To ensure greater security, BREX shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.
12.5. Hosting and monitoring: BREX's core platform is hosted within the ISO 27001 certified date centers operated by Next Layer Telekommunikations- und Beratungs GmbH, located in Austria. Next Layer operate digital and physical security measures consistent with the certification for both live datastores and backups. BREX also uses Amazon Web Services (AWS) hosting service platform in Germany, Dublin, USA and Singapore.
12.6. The User’s Personal Data may be used for legal purposes by the data controller, in court or in the stages leading to possible legal action arising from improper use of BREX or the related services.
12.7. We will disclose user’s personal information where the data controller is bound to do so, at law or via a court order as well as to meet any legal or regulatory requirement or obligations. The data controller will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law.
12.8. The data controller reserves the right to disclose user information to any Third Party, if the data controller has reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of BREX.
12.9. The data controller will disclose the user's data upon request of public authorities.
12.10. BREX does not sell any Personal Data collected or processed as part of using the BREX service.
14.1. As a customer or Data Subject you have at any time the right to request information about your stored Personal Data, their origin and recipients and the purpose of data processing. You also have the right to demand rectification, transfer, and, where applicable, to object or restrict the processing or deletion of inaccurate or improperly processed data.
14.2. If you believe that the processing of your personal data by BREX violates the applicable data protection law or your data protection claims in any other way, you may complain to the competent supervisory authority. In Austria the competent supervisory authority is the Austrian Data Protection Authority (österreichische Datenschutzbehörde).
Russell Perry, Chief Executive Officer
Schwindgasse 7/12, 1040 Vienna, Austria
BREX provides real-time access to structured, official and authoritative commercial register data, including company filings covering more than 55 million companies in 80+ countries and jurisdictions.
On May 25, 2018, the new General Data Protection Regulation (GDPR) will enter into force Europe-wide. It introduces new rules for companies offering goods and services in the EU, or processing sensitive data of EU citizens. The aim of the regulation is to introduce high standards of data protection that apply uniformly throughout the EU.
We take the protection of your private information very seriously. The protection of your privacy when processing personal data is an important matter for us, which we account for in our business processes.
BREX ensures the security and privacy of the personal data provided in compliance with the European General Data Protection Regulation (GDPR). The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your consent.
Security and confidentiality of our customers? data has been central to the design and operation of the BREX platform since inception.
The BREX core platform has been hosted in the EEA, specifically in Vienna, at an ISO 27001 certified data center located in Austria since the service was launched in 2012. Our IT service provider, nextlayer Telekommunikationsdienstleistungs- und BeratungsGmbH, operates IT services for a wide range of companies, including Austrian insurance corporations, banking groups and air carriers.
Our own rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as Payment Card Industry (PCI-DSS) Level 1 compliant billing platform, PCI DSS SAQ A (3.2, Rev 1.1) and ISO 27001 (nextlayer).
We have recently updated and adapted to our internal processes, policies and products to further strengthen our comprehensive data privacy and compliance programs.
You can find our latest Data Protection Policy here.
Our goal is to ensure that our customers are confident with BREX as a trusted data processor. Some of the major adaptations already completed before May 25, 2018 include:
Detailed information on Data Protection can be found at the following link:https://www.data-protection-authority.gv.at/home