1

Information on applicable data protection rules in the countries participating in BRIS

The information below has been provided by the countries participating in BRIS in relation to the following questions:

Question 1: For how long is the information filed by companies made available in the business register? What are the national rules in this regard?

Question 2: Who is the national data controller responsible for the information made available in the business register(s) of your Member State? In other words, who should data

subjects contact in your Member State for the effective exercise of their rights to information, to access, to rectify and to object according to the applicable data protection legislation?

Question 3: Please provide the privacy statement that you currently apply on your business registers.

Country Question 1 Question 2 Question 3

Austria Information not available Information not available Information not available

Belgium Wat betreft rechtspersonen worden

de gegevens gedurende dertig jaar in

het register bewaard te rekenen van

de dag van verlies van de

rechtspersoonlijkheid.

Regarding legal persons the

information is kept in the register for

thirty years starting from the day the

legal person loses its legal

personality.

Commission for the protection of privacy

Rue de la Presse 35, 1000 Brussels

Tel: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

E-mail: commission@privacycommission.be

https://www.privacycommission.be/en/

There is currently no specific privacy statement on our register

website.

Bulgaria The information filed by companies

is available without a time limit.

The Bulgarian business register is hosted by

the Registry agency.

Агенция по вписванията (Registry agency)

1111 София, ул. Елисавета Багряна № 20

(20 Elisaveta Bagryana str., 1111 Sofia)

www.registryagency.bg

The Bulgarian Business Register does not currently apply an

explicit privacy statement. The matter is regulated by the national

legislation.

Croatia Information (active and deleted) are

available permanently in the court

register. (In the Republic of Croatia

there is no business register - there is

a court register, a craft register and

National data controller:

Croatian Personal Data Protection Agency

Fra Grge Martića 14, HR - 10 000 Zagreb

N/A

2

Country Question 1 Question 2 Question 3

several other registers for

associations). Tel.00385 (0)1 4609-000

Fax 00385 (0)1 4609-099

E-mail: azop@azop.hr

http://www.azop.hr

Cyprus There is specific legislative provision

(section 327 Companies Law,

Cap.113) for the retention of

company data for 20 years. This is

because de registered companies can

be brought back within this specific

time period.

The national data controller responsible for

the information made available in the

business register of Cyprus is:

The Registrar of Companies and Official

Receiver

Corner Makariou III Avenue and

Karpenisiou Street

''XENIOS'' Building, 7th Floor, Office No.

701

1427 Nicosia

Tel. +357 22404301-302

E – mail: deptcomp@drcor.mcit.gov.cy

www.mcit.gov.cy/drcor

At present there are no concrete measures for privacy statement

for our business registers.

Czech

Republic

All information is made available

indefinitely. Our IS contains a valid /

current listing and also a complete

listing of data, that is all historical

data about that company.

The IS administrator is the Ministry of

Justice, and the regional courts are

responsible for the accuracy of the data.

Ochrana osobních údajů

Povinně zveřejňované údaje týkající se zpracování osobních údajů

při vedení obchodního rejstříku.

Dle zákona č. 101/2000 Sb. (§ 18 odst. 1, písm. b), o ochraně

osobních údajů, není Ministerstvo spravedlnosti ČR jako správce

obchodního rejstříku povinno podat Úřadu pro ochranu osobních

údajů oznámení o zpracování osobních údajů, neboť povinnost

zpracovávat osobní údaje vznikla na základě zvláštního zákona č.

513/1991Sb., obchodní zákoník, ve znění pozdějších předpisů.

Zákon o ochraně osobních údajů v tomto případě stanoví (§ 18

odst. 2), že informace týkající se zpracování osobních údajů

(zejména účel zpracování, kategorie osobních údajů, kategorie

3

Country Question 1 Question 2 Question 3

subjektů údajů a další, viz níže) musí být zveřejněny.

Identifikační údaje správce osobních údajů:

Ministerstvo spravedlnosti

Vyšehradská 16

128 10 Praha 2

IČ 00025429

Účel zpracování:

- zákon č. 513/1991Sb., obchodní zákoník ve znění pozdějších

předpisů určuje povinnost zapisovat informaci rejstříkovými

soudy do obchodního rejstříku

- Obchodní rejstřík zajišťuje vedení registru samostatně

podnikajících fyzických osob,veřejných obchodních společností,

komanditních společností, společností s ručením omezeným,

akciových společností, státních podniků, družstev, organizačních

složek tuzemských i zahraničních organizací a dalších subjektů.

Kategorie subjektů údajů:

- subjekty zapsané v obchodním rejstříku dle zákona č. 513/1991

Sb., obchodní zákoník ve znění pozdějších předpisů

Kategorie osobních údajů:

- v § 35 a § 36 zákona č. 513/1991 Sb., obchodní zákoník ve znění

pozdějších předpisů jsou uvedeny údaje, které se zapisují do

obchodního rejstříku

- údaje o firmě, jménu nebo názvu, sídle nebo místu podnikání a

identifikačním čísle osoby (dále jen „identifikační číslo“);

Rozsah zpracovávaných údajů:

- u právnických osob sídlo,

- u fyzických osob bydliště a místo podnikání, liší-li se od

bydliště,

4

Country Question 1 Question 2 Question 3

- předmět podnikání (činnosti),

- právní forma právnické osoby,

- u fyzické osoby rodné číslo nebo datum jejího narození, nebylo-

li jí rodné číslo přiděleno,

- identifikační číslo, které podnikateli přidělí rejstříkový soud;

potřebná identifikační čísla poskytne rejstříkovému soudu správce

základního registru osob 2a),

- jméno a bydliště nebo firma a sídlo osoby, která je statutárním

orgánem právnické osoby nebo jeho členem, s uvedením způsobu,

jak jménem právnické osoby jedná, a den vzniku a zániku její

funkce; je-li statutárním orgánem nebo jeho členem právnická

osoba, též jméno a bydliště osob, které jsou jejím statutárním

orgánem nebo jeho členem,

- jméno a bydliště prokuristy, jakož i způsob, jakým jedná,

- u právnické osoby identifikační číslo, pokud jí bylo přiděleno,

- další skutečnosti, o kterých to stanoví právní předpis.

Zdroje osobních údajů:

Rejstříkové soudy:

- Městský soud v Praze, Krajský soud v Českých Budějovicích,

Krajský soud v Plzni, Krajský soud v Plzni - pobočka Karlovy

Vary, Krajský soud v Ústí nad Labem, Krajský soud v Ústí nad

Labem - pobočka Liberec, Krajský soud v Hradci Králové,

Krajský soud v Hradci Králové - pobočka Pardubice, Krajský

soud v Brně, Krajský soud v Ostravě, Krajský soud v Ostravě -

pobočka Olomouc

Popis způsobu zpracování osobních údajů:

- automatizované zpracování

Místo zpracování osobních údajů:

Ministerstvo spravedlnosti ČR

Vyšehradská 16

5

Country Question 1 Question 2 Question 3

128 10 Praha 2

Příjemce nebo kategorie příjemců:

- uživatelé internet

Popis opatření k zajištění požadované ochrany osobních údajů

podle § 13 zákona č.

101/2000 Sb.:

- na základě § 28 zákona č. 513/1991Sb., obchodní zákoník ve

znění pozdějších předpisů - obchodní rejstřík je každému

přístupný. Každý do něj může nahlížet a pořizovat si z něj kopie či

výpisy.

Denmark In general information is made

available indefinitely. The personal

data ceases to be updated 10 years

after a person has ceased to be active

in a company registered with the

DBA.

The national data controller according to

Directive 95/46/EC art. 2(d) is the Danish

Data Protection Agency.

The text according to Directive 2012/17/EU art. 3(3) is as follows,

in Danish:

"Hvornår kan der støttes ret på de registrerede oplysninger?

Selskabslovens § 14 implementerer 1. selskabsdirektivs artikel 3 i

dansk selskabsret og beskriver, hvorledes der kan støttes ret på

registrerede oplysninger. Af selskabslovens § 14 fremgår:

”Oplysninger, der er offentliggjort i Erhvervsstyrelsens it-system,

anses for at være kommet til tredjemands kendskab. 1. pkt. finder

dog ikke anvendelse på dispositioner, der er foretaget senest den

16. dag efter offentliggørelsen, såfremt det bevises, at tredjemand

ikke kunne have haft kendskab til det offentliggjorte forhold.

Så længe offentliggørelse i Erhvervsstyrelsens it-system ikke har

fundet sted, kan forhold, der skal registreres og offentliggøres,

ikke gøres gældende mod tredjemand, medmindre det bevises, at

denne har haft kendskab hertil. Den omstændighed, at et sådant

forhold endnu ikke er offentliggjort, hindrer ikke tredjemand i at

gøre forholdet gældende.”

Ansvar for rigtigheden af de registrerede oplysninger

Anmelder har ansvaret for rigtigheden af de anmeldte oplysninger,

jf. anmeldelsesbekendtgørelsen § 8 samt selskabslovens § 15, stk.

2. Anmelder kan ifalde strafansvar, såfremt anmeldelsen ikke er

6

Country Question 1 Question 2 Question 3

lovligt foretaget eller de anmeldte oplysninger ikke er korrekte.

Erhvervsstyrelsen efterprøver ikke rigtigheden af de anmeldte

oplysninger, men registrerer oplysninger, som de er anmeldt.

Dette gælder, hvad enten der er tale om en manuel registrering

eller en selvregistrering foretaget via Virk.dk.

Erhvervsstyrelsen kan være erstatningsansvarlig for brug af

registrerede oplysninger eller dokumenter, som er fejlagtige som

følge af styrelsens forhold, herunder fejl i sagsbehandlingen."

7

Country Question 1 Question 2 Question 3

Estonia The National Archives of Estonia has

given most of the data (registry card

and business files) permanent

conservation value. The data and

files of permanent conservation value

shall be transferred to a public

archive by electronic means if

technically possible, after the

company is struck off from the

register.

The commercial register is maintained by the

registration department of Tartu County

Court.

Registration Department of Tartu County

Court

Pikk 32

44307, Rakvere

Estonia

Phone: +372 601 1166

E-mail: registriosakond@kohus.ee

There is no specific privacy statement applicable for the data

processing in the commercial register. Data processing in the

commercial register is regulated by specific provisions (sections

22–71) of the Commercial Code. Concerning the personal data

processing in the commercial register, the provisions of the

Personal Data Protection Act also apply.

A data subject has a right of recourse to the Data Protection

Inspectorate or a court if the data subject finds that his or her

rights are violated in the processing of personal data (Personal

Data Protection Act section 22).

Estonian Data Protection Inspectorate

Väike-Ameerika 19

10129, Tallinn

Estonia

Phone: +372 627 4135

E-mail: info@aki.ee

http://www.aki.ee/en

Commercial Code:

https://www.riigiteataja.ee/en/eli/513072016002/consolide

Personal Data Protection Act:

https://www.riigiteataja.ee/en/eli/507032016001/consolide

8

Country Question 1 Question 2 Question 3

Finland After information is provided to the

register it will be available forever.

Information regarding old, liquidated

/ deregistered companies may not be

available in the electronic register but

information is stored to the National

Archives of Finland.

Finnish Patent and Registration Office

Arkadiankatu 6 A, Helsinki

P.O. Box 1140, FI-00101 Helsinki, Finland

Telephone exchange: +358 29 509 5000

https://www.prh.fi/en/index.html

Trade Register Information Services

https://www.prh.fi/en/kaupparekisteri/tietopal

velut.html

Online information service, Virre:

https://virre.prh.fi/novus/home?execution=e1

s1

Privacy statement from Trade Register:

In Finnish:

https://www.prh.fi/stc/attachments/rekisteri-

_ja_tietosuojaselosteet/kaupparekisteri_tietosuojaseloste.pdf

In English:

https://www.prh.fi/stc/attachments/rekisteri-

_ja_tietosuojaselosteet/englanti/kaupparekisteri_eng_tietosuojasel

oste.pdf

Privacy statement from Business Information System (YTJ):

In Finnish:

https://www.ytj.fi/stc/attachments/rekisteriselosteet_0/ytj_rekisteri

seloste.pdf

In English:

https://www.ytj.fi/stc/attachments/rekisteriselosteet_0/bis_descript

ion.pdf

France Information not available Information not available Information not available

9

Country Question 1 Question 2 Question 3

Germany The registers maintain information

without a time limit and the

information remains accessible even

after a company is dissolved or

struck off. If a company is struck off,

the filed documents will be deleted

after ten years.

For the Handelsregisterportal (Common

Register Portal of the German federal states):

Die Landesbeauftragte für Datenschutz und

Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2 – 4

40213 Düsseldorf

Telefon: +49 (0)211/38424-0

E-Mail: poststelle@ldi.nrw.de

https://www.ldi.nrw.de

For the federal Business Register

(Unternehmensregister):

Die Bundesbeauftragte für den Datenschutz

und die Informationsfreiheit

Husarenstraße 30

53117 Bonn

Telefon: +49 (0)228-997799-0

E-Mail: poststelle@bfdi.bund.de

https://www.bfdi.bund.de

This is the privacy statement from the website

"www.handelsregister.de" (joint online-platform organized by the

German federal states for information of the commercial registers

(Handelsregister)):

"Privacy Statement

When you visit our online presentation we will save the following

records:

name of the requested file,

date and time of request,

amount of data transferred,

error state, and

IP-address of the person who made a request.

Six weeks after a request has been made by a visitor the collected

data will be converted into anonymous information by erasing the

IP address in each data file. The collected data will be used only

for statistical purposes. Neither this data nor any parts thereof will

be passed on to any third party. No alignment with any of the

already existing records will be done.

If the user is being offered to enter personal or business-related

data (e-mail addresses, names, postal addresses) anywhere within

this online presentation, this information shall be disclosed

exclusively on an expressly voluntary basis. Here, too, your data

will be treated as strictly confidential and shall not be passed on to

any third party. The website of the German federal justice

ministry does not employ cookies. No other techniques are applied

either that allow to trace the access data of internet users visiting

the web site."

The privacy statement on the Website of the federal Business

Register "www.unternehmensregister.de" can be found under the

following link:

https://www.unternehmensregister.de/ureg/datenschutz.html?sub

mitaction=language&language=en

10

Country Question 1 Question 2 Question 3

Greece Information not available Information not available Information not available

Hungary The company documents and data

are stored for always.

Company registration (amendment

notification) proceedings are non-contentious

proceedings in the first and second instance,

carried out by way of electronic means to

which the provisions of Act III of 1952 on

the Code of Civil Procedure (hereinafter

referred to as CPC) shall apply, unless

otherwise provided for in this Act;

adjournments.

The company register is kept by the company

court.

http://birosag.hu/torvenyszekek/cegbirosagok

We haven't any privacy statement for our business register. The

company date are fully public.

Iceland Information not available Information not available Information not available

Ireland The Information filed by companies

is always available as long as the

company exists, and information is

available for up to twenty years (20)

in the case of all companies which

are dissolved.

The Companies Registration Office is an

organization that only carries out processing

to keep, in accordance with the law, a register

that is intended to provide information to the

public and is therefore exempt from the

requirement to specify a Data Controller

under the Data Protection Acts 1988 and

2003.

Please find the included Companies Registration Office Privacy

Statement

https://www.cro.ie/About-CRO/Website-Privacy-and-Security-

Statement

11

Country Question 1 Question 2 Question 3

Italy The Italian business register is a

public register providing data

disclosure on companies, accessible

to both members and third parties for

the necessary safeguards and

protection of their interests. The

Italian regulation does not prescribe a

time limit for the data published in

the business register.

Each Chamber of Commerce is responsible

for running the local office of the business

register and each local office of the business

register is the data controller for the

companies whose location is specified in the

particulars available through BRIS. The

contact information of the local office of the

business register can be obtained via their

Chamber of Commerce website, each

available at the following web address:

www.camcom.gov.it (selecting the name of

the Chamber of Commerce).

I dati sono raccolti dalla Camera di Commercio competente a

mezzo del sistema informativo messo a disposizione dalla società

consortile InfoCamere in base alle norme ed ai regolamenti che ne

prevedono la comunicazione alla stessa. Le finalità del trattamento

dei dati, pertanto, sono quelle definite nelle leggi e nei

regolamenti che ne disciplinano l’attività (in particolare l'articolo

8 della Legge n. 580/1993 e s.m.i. ed il relativo regolamento

attuativo, oltre che il codice per la tutela dei dati personali, il

D.Lgs n. 196/2003 e s.m.i.), e che sono necessarie per il corretto

svolgimento dell’azione istituzionale esercitata dalla Camera di

Commercio. I dati raccolti sono inseriti in un’apposita banca dati

al fine di consentirne la fruizione in via telematica al pubblico.

Latvia It is not specified in the legal acts for

how long the Enterprise Register

shall maintain the entries made in the

public registers. Thus all entries are

kept forever, even after the legal

person, about whom the entries are

made, is striked – off the register.

Documents submitted to justify the

entries made are kept for ten years

after legal person is striked – off.

After that these documents shall be

deposited to National Archives of

Latvia in procedure stipulated by the

Law on Archives.

The national data controller responsible for

the information made available in the

business is

The Enterprise Register of the Republic of

Latvia

Pērses iela 2, Rīga, LV – 1011

e-mail: info@ur.gov.lv

Personal data processing framework is set in the Law "On the

Enterprise Register of the Republic of Latvia" and in the laws and

regulations governing the registration of legal entities and legal

facts. Authorities processes personal data only on the basis of laws

and regulations of the Republic of Latvia - Enterprise Register of

the Republic of Latvia can't accept a binding privacy statement.

Liechtenstein Information not available Information not available Information not available

12

Country Question 1 Question 2 Question 3

Lithuania Under the Article 2.64 of the Civil

Code of the Republic of Lithuania a

legal entity must be registered within

3 working days from the day on

which all documents listed in

Paragraph 2 of the given Article are

produced and a registration fee is

paid.

File of a legal entity is stored 50

years after the removal of a legal

entity from the Register.

State Data Protection Inspectorate

Vinco Kudirkos str. 18-3

LT-03105 Vilnius, Lithuania

Phone: +370 5 271 2804

E-mail: ada@ada.lt

https://www.ada.lt/go.php/eng/lietuviskai/3

https://www.ada.lt/go.php/lit/english

Under the Paragraph 1 of the Article 2.71 of the Civil Code of the

Republic of Lithuania data of the Register of Legal Entities,

documents stored in the Register as well as any information

supplied to the Register shall be made public.

Individuals' personal data are processed in accordance with the

Law on Personal Data Protection procedures.

Luxembourg The information filed by companies

is available in the business register as

long as the company remains filed at

the business register and 20 years

after its deletion from the business

register.

The national data controller is the

«Commission nationale pour la protection

des données » (CNPD).

The data collected by the business register are public. The

business register doesn’t apply a privacy statement.

The information which can be found on the business register’s

web site is:

The data filled on the business register provide from the

informations given by companies in application of the law of the

19th December 2002 on the Luxembourg Trade and Companies

Register as well as accountancy and annual company accounts

(“loi modifiée du 19 décembre 2002 concernant le registre de

commerce et des sociétés ainsi que la comptabilité et les comptes

annuels des entreprises”) and of the regulation of the 23rd January

2003 enforcing the above law (Règlement grand-ducal du 23

janvier 2003 portant exécution de la loi du 19 décembre 2002

concernant le «registre de commerce et des sociétés» ainsi que la

comptabilité et les comptes ).

With the exception of the data which can be found on the official

business register extract, a document publicly available, the

collected data are not transferred to any commercial companies or

organization except to the Luxembourgish government or

Luxembourgish judicial administration.

13

Country Question 1 Question 2 Question 3

Malta There is no time limit in terms of law

- Information and documents are kept

for indefinite period.

All data on companies in the register is

publicly available as required by company

law. The information is available company

by company. The Registrar of Companies is

responsible for the maintenance of the

company register.

In Malta data protection legislation is

administered by

The Information and Data Protection

Commissioner

Level 2, Airways House. High Street.

Sliema SLM 1549. Malta.

Telephone. (+356) 2328 7100.

idpc.info@gov.mt

Link to their portal:

http://idpc.gov.mt/en/Pages/Home.aspx

Link to disclaimer/privacy statement:

http://registry.mfsa.com.mt/disclaimer.jsp

Netherlands The data registered in the

Commercial Register are available

eternally (Commercial Register Act

and Archive Act).

The yearly accounts deposited at the

Chamber of Commerce are available

for a period of seven years, after

which they are deleted (Book 2

Dutch Civil Code).

The Chamber of Commerce administers the

Commercial Register in the Netherlands.

Datasubjects can contact the Chamber of

Commerce for the exercise of their rights and

obligations with regard to their data in the

register.

The applicable rules and regulations with regard to the (data in

the) Commercial Register are stipulated in the General

Administrative Act (Algemene Wet Bestuursrecht), the

Commercial Register Act (Handelsregisterwet), the Commercial

Register Decree (Handelsregisterbesluit) and the Personal Data

Protection Act (Wet Bescherming Persoonsgegevens). With

regard to the right of datasubjects in the Commercial Register to

information, to access, to rectify and to object the (procedures in

the) General Administrative Act and the Commercial Register Act

are denominated as 'lex speciales' of the Data Protection Act.

14

Country Question 1 Question 2 Question 3

Norway The information is publicly available

as long as the company is registered

(not struck off). Historical

information can be ordered.

Our General Director is the data controller

responsible for the information made

available in the business.

The daily responsibility for fulfilling our

duties has been delegated to the head of the

business register.

Contact information:

Name: Øyvind Vågan

Phonenumber: +47 90562763

e-mail: oyvind.vagan@brreg.no

www.brreg.no

Our privacy statement:

Mye av registerdriften ved Brønnøysundregistrene handler om å

holde oversikt over hvem som har forpliktet seg til hva.

Løsøreregisteret gjør det mulig å pantsette gjenstander, fordi både

låner og utlåner stoler på at noen tar vare på hva som er avtalt

mellom partene. På samme måte sikrer Foretaksregisteret og

Enhetsregisteret at det ikke skal oppstå tvil om hvem som har

påtatt seg ulike typer ansvar.

Åpenhet og oversikt motvirker økonomisk kriminalitet. Pålitelig

og saklig informasjon gir økonomisk trygghet. I forbindelse med

forvaltningen av våre oppgaver registreres personopplysninger.

De aller fleste opplysninger registreres med direkte hjemmel i lov,

og da de ulike særlovene som regulerer hvert enkelt register.

Når det gjelder nettportalen Altinn har vi utformet en egen

personvernerklæring. Hvis du ønsker å vite mer om behandlingen

av personopplysninger i Altinn, se Altinns nettsider om

personvern.

Som registrert i våre registre, vil du ha rettigheter som følger av

lovgivningen for det aktuelle register eller fagområde. I tillegg vil

du ha rettigheter etter lovgivning som gjelder generelt. Særskilt

aktuelt i forbindelse med registreringen av personopplysninger, er

personopplysningsloven.

Poland Information not available Information not available Information not available

15

Country Question 1 Question 2 Question 3

Portugal The recorded information is

permanently retained.

The president of the Board of Directors of the

Institute of Registries anda Notary (article

78.º-C Commercial Register Code)

Name: José Ascenso Nunes da Maia

Address: Av. D. João II, nº 1.08.01D,

Edifício H, Parque das Nações, Apartado

8295

1803-001 Lisbon, Portugal

e-mail adrdress: irn@irn.mj.pt

Phone number: 0351 217985500

http://www.irn.mj.pt/IRN/sections/irn/contact

os

http://www.irn.mj.pt/IRN/sections/irn/legisla

cao/docs-legislacao/cod-reg-

comercial/downloadFile/file/Codigo_do_Reg

isto_Comercial.pdf?nocache=1339670405.5

Os dados pessoais recolhidos destinam-se à organização de

informação sobre a situação jurídica das entidades sujeitas a

registo comercial e são processados automaticamente nos termos

da legislação aplicável ao registo comercial e à proteção de dados

pessoais, não podendo ser utilizados para outra finalidade. O seu

tratamento é da responsabilidade do Presidente do Conselho

Diretivo do Instituto dos Registos e do Notariado, I.P.., que

assegura o acesso à informação pelo próprio, que tem direito à

correção dos dados indevidamente registados.

The personal data collected are used to organize information on

the legal status of entities subject to commercial register and are

processed automatically, in accordance with the legislation of the

commercial register and protection of personal data, and can not

be used for another purpose. The President of the Board of

Directors is the responsible for the processing of data, and

provides access to the information to the data subject, who can

request the rectification of the unduly registered data.

16

Country Question 1 Question 2 Question 3

Romania Prin registrul comerțului se

realizează evidența datelor din

documentele de înregistrare ale

persoanelor supuse înregistrării,

arhiva oficială a documentelor cu

caracter constitutiv sau modificator

ale acestora și a altor documente

prevăzute în mod expres de lege.

Prin urmare, informațiile referitoare

la profesioniștii înregistrați în

registrul comerțului sunt publice

până la radierea profesioniștilor din

registrul comerțului, intervenită ca

urmare a încetării exercitării

activității economice.

Ulterior radierii, datele sunt păstrate

într-un istoric al înregistrărilor

efectuate, accesul la aceste date fiind

permis numai în situațiile expres

prevăzute de lege.

Oficiul Național al Registrului Comerțului

este operatorul național de date responsabil,

cu sediul în

Bulevardul Unirii, nr. 74, bl. J3b, sector 3

București, România, Cod poștal 030837.

Tel: +40213160804

Fax:+40213160803

e-mail: onrc@onrc.ro

Pagina de internet: https://www.onrc.ro

Portal: https://portal.onrc.ro

Adresa de e-mail pentru primire în format

electronic a copiei după cartea de identitate:

carteidentitate@onrc.ro

•Art. 511 din Legea nr. 26/1990 privind registrul comerțului,

republicată, cu modificările și completările ulterioare:

În exercitarea competenţelor sale prevăzute de lege, Oficiul

Naţional al Registrului Comerţului şi oficiile registrului

comerţului de pe lângă tribunale colectează, procesează şi

prelucrează date şi informaţii, inclusiv de natura datelor cu

caracter personal, cărora le sunt aplicabile prevederile Legii nr.

677/2001 pentru protecţia persoanelor cu privire la prelucrarea

datelor cu caracter personal şi libera circulaţie a acestor date, cu

modificările şi completările ulterioare.

•Art. 203 alin.(2) din Normele metodologice privind modul de

ținere a registrelor comerțului, de efectuare a înregistrărilor și de

eliberare a informațiilor, aprobate prin Ordinul nr. 2594/C/2008:

În vederea respectării dispoziţiilor legale referitoare la protecţia

persoanelor cu privire la prelucrarea datelor cu caracter personal şi

libera circulaţie a acestor date, în ceea ce priveşte informaţiile

despre asociaţii/acţionarii, administratorii, directorii, membrii

consiliului de supraveghere, membrii directoratului,

cenzorii/auditorii, reprezentanţii persoane fizice ai persoanelor

juridice, având calităţile anterior menţionate, înscrisurile eliberate

solicitanţilor, inclusiv copiile certificate, vor conţine numai

numele, data şi locul naşterii, cetăţenia şi statul de domiciliu ale

acestor persoane.

•Nota de informare afișată pe pagina de internet și pe portalul

ONRC.

Slovakia Information not available Information not available Information not available

Slovenia Data on companies entered to the

Court register as part of Slovenian

Business register (PRS) is public

according to Article 2 and 3 of the

Slovenian Business Register Act

(Official Gazette of the Republic of

The company data is entered to the register

(the Court register/PRS) by the Registry

Court (a registrar for companies). For any

kind of correction or change of data, data

subject has to turn to the Registry court, in

Privacy statement is contained in General terms and conditions for

the use of the AJPES Web Portal.

Please follow the link: https://www.ajpes.si/Terms_of_use

17

Country Question 1 Question 2 Question 3

Slovenia no. 49/2006 as amended)

and Article 7 (1) of The Court

Register Act (Official Gazette of the

Republic of Slovenia no. 54/07 as

amended), except data that is

protected as personal data by the law.

The Court Register Act prescribes

different ways the data is available to

the public (search, view, extracts,

access to documents) in Articles 7

and 48., and 48.a to 48. C.

In addition to the latest status

information on all business units,

there is also all previous entries,

changes and deletions of business

units kept in PRS. There is no time

limitation prescribed by the law in

Slovenia on availability of data

entered to the Court register and

PRS.

Also all documents of companies

based on which the data was entered

to the register is public (except for

personal data), with most recent

documents available on internet sites

of The Agency of the Republic of

Slovenia for Public Legal Records

and Related Services (AJPES) and all

other on demand at the registry

courts for unlimited time.

due process.

Link: http://www.sodisce.si/

Access to information of public character is

regulated in Republic of Slovenia by Act on

the Access to Information of Public

Character (Official Gazette of the Republic

of Slovenia no. 51/06 as amended).

If information made available in the business

register include information, which is also

subject to protected personal data in

accordance with the Personal data protection

Act (Official Gazette of the Republic of

Slovenia no. 94/2007), data subjects should

contact Information Commissioner, which is

an autonomous and independent body,

established with the Information

Commissioner Act, which supervises the

protection of personal data and the access to

public information - the right to access to

public information and the right to personal

data protection, are being enforced.

Information Commissioner

Republika Slovenija

Informacijski pooblaščenec

Zaloška 59

1000 Ljubljana

T: 01 230 97 30

F: 01 230 97 78

@: gp.ip(at)ip-rs.si

https://www.ip-rs.si/en/

18

Country Question 1 Question 2 Question 3

Spain In accordance with the current

Personal Data Protection regulation

in Spain and regarding to data

retention periods applied in the

Business Registers, we must take into

account what Article 2 of Royal

Decree 1720/2007, of 21 December,

approving the Regulation

implementing Organic Law 15/1999,

dated 13 December, on Personal Data

Protection (RLOPD), which states

that “2. The present regulations shall

not be applicable to data on

corporations or to files including the

data on the natural persons engaged

thereby that consist in no more than

first and last names, duties or

positions, postal or electronic

address, and professional telephone

and fax numbers. 3. Data on

individual business people that refer

to their engagement in trade, industry

or shipping shall likewise be

understood to be excluded from the

protection afforded personal data”

(…)”.

With the exception of Article 2

RLOPD, and, as a general rule, the

personal data information shall be

erased when it is no longer necessary

or relevant for the purpose for which

it was obtained or recorded. The

specific retention periods are

stablished by specific laws depending

on the subject. The main national

rules are the Constitutional Act

Spanish Business Registers depend on the

Ministry of Justice. All matters relating to

them are entrusted to the General Directorate

of Registers and Notaries (DGRN). Each

Business Register is in charge of one or more

Registrars. Registrars are public officials for

all legal purposes.

The Business Register is composed of the

Territorial Business Registers (established in

all Spain´s provincial capitals, extending

their jurisdiction to the territory of the

province, and, in addition, to some other

cities) and the Central Business Register

(based in Madrid).

Data Controller: Ministry of Justice (public

files) / Territorial Business Registers (private

files). Example: Madrid Business Register,

Barcelona Business Register, etc.

Location: Calle de San Bernardo, 45, 28071

(zip code), Madrid (Ministry of Justice) /

Paseo de la Castellana, 44, 28046 (zip code),

Madrid (Madrid Business Register) / Gran

Via de les Corts Catalanes, 184, 08038 (zip

code), Barcelona (Barcelona Business

Register).

Links:

http://www.mjusticia.gob.es/cs/Satellite/Port

al/en/inicio (Ministry of Justice);

http://www.mjusticia.gob.es/cs/Satellite/Port

al/es/ministerio/organigrama/subsecretaria/di

reccion-general-registros (General

Directorate of Registers and Notaries);

https://www.rmercantilmadrid.com/RMM/Ho

me/Index.aspx (Madrid Business Register);

• Every Territorial Business Register has developed its own

Privacy Policy, and the Association of Land and Business

Registrars of Spain (“Colegio de Registradores de la Propiedad,

Mercantil y Bienes Muebles de España – CORPME”) is not

responsible for the elaboration or content thereof. However,

telematic users (in order to inscribe their business information in

the Business Register) enter via CORPME website and, therefore,

our Privacy Policy must be applied and accepted.

http://www.registradores.org/politica-de-privacidad/

“De acuerdo con la Ley Orgánica de Protección de Datos de

Carácter Personal 15/1999, de 13 de diciembre, el usuario y titular

de los datos queda informado y presta su consentimiento

inequívoco a la incorporación de sus datos al fichero de

Consumidores y al tratamiento automatizado del mismo, siendo

responsable del fichero y del tratamiento el Colegio de

Registradores. El uso y fin del tratamiento es la atención a

ciudadanos usuarios de los servicios registrales.

La política de privacidad del Colegio de Registradores asegura el

ejercicio de los derechos de acceso, rectificación, cancelación, y

oposición en los términos establecidos en la legislación vigente,

pudiendo utilizar para ello cualquiera de los canales de

comunicación del Colegio de Registradores, con domicilio en la

Calle Diego de León nº 21, 28006 Madrid, utilizando el servicio

de Soporte LOPD (902 181 442 / 91 270 16 99 y 902 73 43 75), a

través de la dirección de correo electrónico

soporte.lopd@corpme.es o, en general, por el medio de

comunicación que habitualmente utilice.

El usuario también podrá dirigirse por escrito, en caso de que lo

encontrara necesario, al Colegio de Registradores, Servicio de

Sistemas de Información, Oficina de Seguridad, Calle Diego de

León nº 21, 28006 Madrid.

El Colegio de Registradores ha adoptado los niveles de seguridad

de protección de los Datos Personales legalmente requeridos, y ha

instalado todas las medidas técnicas y organizativas a su alcance

para evitar la pérdida, mal uso, alteración, acceso no autorizado y

19

Country Question 1 Question 2 Question 3

15/1999 on Personal Data Protection

(Spanish Data Protection Act –

SPDA) and the mentioned Royal

Decree 1720/2007, of 21 December,

approving the Regulation

implementing Organic Law 15/1999,

dated 13 December, on Personal Data

Protection (in accordance with the

common European rules).

http://w3.registromercantilbcn.es/?page_id=4

0705&lang=es (Barcelona Business Register)

Regarding the effective exercise of their

rights to information, to access, to rectify and

to object according to the applicable data

protection legislation data subjects should

contact, on a first instance, the Business

Register on which they have presented their

business information due to inscriptions must

be made in the Business Register

corresponding to the address of the

entrepreneur (individual) or corporations that

registers. Furthermore, due to the Association

of Land and Business Registrars of Spain

(“Colegio de Registradores de la Propiedad,

Mercantil y Bienes Muebles de España –

CORPME”) act as a data processor of the

Business Registers, data subjects could

contact the Association of Land and Business

Registrars of Spain (CORPME), once the

Business Registers have authorized to do it.

robo de los Datos, cuyo secreto y confidencialidad garantiza.

La aceptación del usuario para que puedan ser tratados sus Datos

en la forma indicada es condición necesaria para la prestación de

los servicios, de forma que el uso del mismo implica tal

aceptación, que tiene siempre carácter revocable, sin efectos

retroactivos, conforme a lo que disponen los artículos 6 y 11 de la

Ley Orgánica de Protección de Datos de Carácter Personal

15/1999, de 13 de diciembre. El usuario responderá, en cualquier

caso, de la veracidad de los Datos facilitados. El Colegio de

Registradores podrá excluir de los servicios prestados al usuario

que haya facilitado datos falsos, sin perjuicio de las demás

acciones que procedan en Derecho.

El Colegio de Registradores informa que por motivos de calidad

del servicio las llamadas realizadas al servicio de Atención al

Cliente del CORPME pueden ser grabadas, en cuyo caso pasarán

a formar parte de nuestros ficheros automatizados durante el plazo

de seis meses. Al hacer uso de nuestro servicio de Atención al

Cliente usted consiente tal circunstancia.

El Colegio de Registradores se reserva el derecho a modificar la

presente Política para adaptarla a novedades legislativas o

jurisprudenciales. En dichos supuestos el Colegio de

Registradores incluirá en el presente documento los cambios

introducidos con razonable antelación a su puesta en práctica”.

Sweden The information in the registry is

never deleted and it is always

available. On the other hand, there

are certain search restrictions for

dissolved companies - when it has

elapsed/passed five years since the

company was dissolved, it is only

possible to search on Registration

number and Company names.

Bolagsverket (Swedish Companies

Registration Office)

851 81 Sundsvall

Sverige

bolagsverket@bolagsverket.se

There is no specific privacy policy for our business. We apply the

rules and regulations valid for the processing of data in the

registry (as stated in the Companies Act (2005: 551) and the

Companies Act/ordinance (2005: 559)).

Read more here:

http://bolagsverket.se/om/oss/verksamhet/offentliga/personuppgift

er-1.2266