PRIVACY NOTICE
Share Owner Registrar - Privacy Notice
This Privacy Notice is
issued by Share Owner Registrar, registered in USA and whose registered office is 110 South Poplar Street Wilmington, DE 19801, USA
We
understand how important your personal data is and are committed to protecting
and respecting your privacy.
‘Personal Data’ means any information relating to or which identifies you.
This can include items such as your name, address, phone number, identification
numbers (such as a shareholder reference number or your national insurance
number), location data or online identifiers. Personal data can be held
electronically or in certain paper records.
The General Data Protection Regulation (GDPR) regulates the processing
of personal data. The GDPR seeks to protect your rights to your personal data by
setting out, amongst other things, the conditions under which the processing of
personal data is lawful, the rights of data subjects and the standards that
organisations handling personal data must adopt.
We are a ‘Data Processor’ and we use Personal Data in the obtaining,
recording or holding the data, or carrying out any operation or set of
operations on the data including organising, amending, retrieving, using,
disclosing, erasing or destroying it. Processing also includes transmitting or
transferring Personal Data to third parties. We obtain personal data from ‘Data
Controllers’ who are responsible for deciding how and why we hold and use
personal data about you.
It
is a legal requirement that a shareholder’s name, address and the number of
shares held are made available on a Register of Members. We therefore hold your
data to (i) maintain the Register of Members according to these legal
requirements; (ii) undertake activities such as payments of dividends and (iii)
to communicate with shareholders.
We
are committed to keeping your data safe and always seek to use your data in ways
you would expect. We also hold your data to ensure that we meet legal and
regulatory requirements.
The
personal data we hold may include the contents of our investor data-key, names,
home addresses, shareholdings, share transactions, dividend payments, financial
information and, where such personal data is provided by the shareholder to the
Registrar, the email addresses, Social Security numbers, date of birth and
bank account details of natural persons who are shareholders on the Company’s
shareholder register in accordance with the applicable laws and regulations
together with any web-registration passwords. Passport and driving licence
details may also be held where required for verification of identity purposes.
We collect personal data in a variety of different ways:
Information you provide to us By using our website
By corresponding with us by post, phone, e-mail or otherwise; and
Application and registration forms/identification documentation
Information we collect about you when you use our services
Information
about how you logged on and off of our website, including your IP address,
information about your visit, your browsing history, your device information and
how you use our website.
If you contact us electronically, we will collect details about the date
and time of contact, and the contact details such as the call reference number
and your telephone number;
Information we receive from third parties
As
part of our identity and financial crime checking procedures with credit
reference agencies, fraud detection agencies and registration or stockbroking
industry exchanges as well as public information sources;
From
third parties when you have instructed or agreed for them to pass information to
us, such as:
• Your employer if you are subject to personal dealing reporting;
•
Your broker, agent, Trustee or Investment Company and companies that introduce
you to us;
•
Where we as Share Owner Registrar are informed of a change in details on the share
register
Special
types of data - The law and other regulations treat some types of personal
information as special. We will only collect and use this information if the law
allows us to do so. Special types of data are
• Criminal convictions and offences;
• Genetic and bio-metric data;
• Health data including gender;
• Racial or ethnic origin;
• Religious or philosophical beliefs; and Trade union membership.
Keeping your personal data up to date
It
is important to us that the personal data we hold about you remains accurate and
up to date at all times, but we need your help in doing this. Please help us by
ensuring that you review the information held about you regularly and let us
know as soon as anything needs updating or correcting.
Other people’s personal data
The
information you give us or that we collect through your use of our services, may
contain your or another person’s personal data. If you provide us with
information about another person, you confirm that they have appointed you to
act for them, they consent to you providing their personal data to us and any
processing of their personal data and that you
have
informed them of our identity and the purpose for which their personal data will
be processed – as set out in this Privacy Notice.
In the below we demonstrate why and how we use your personal data as
well as providing the legal reasons which we rely upon.
We use your personal data to manage and operate your account with us
to facilitate the administration of your shareholding. This includes:
o
Retaining records of your instructions and telephone calls and keeping your
shareholder records up to date.
o
Completing transactions that you instruct us to undertake, and any legal
obligations we have in relation to the transactions.
o To provide you with dividends / certificates and notices.
o To respond to any complaints and / or data rights that you invoke.
o To notify you about changes to the way we manage our Register of Members,
such as a corporate action.
o To keep our websites secure and permit you safe access to our services.
The legal reasons for this are to comply with legal requirements
placed upon us, such as the Companies Act, Stock Exchange requirements and
Financial Crime regulations, and our legitimate interests, such as the proper
administration of our service and business.
If you choose not to give personal information
We
need to collect personal information required by law or under the terms of
service you have elected to use. If you choose not to give us the personal data
we need, it can mean that we have to cancel or decline a service that you
request or have with us. So that you know what information is optional, we make
it clear at the time we collect your personal data.
Personal
data will not be retained for longer than necessary for us to achieve the
purpose for which we obtained your personal data. We will then either securely
delete it or anonymise it so that it cannot be linked back to you. We review our
retention periods for personal data on a regular basis.
We
will retain personal data for the duration of your entry on the Register of
Members for a period of up to 12 years following your last entry on the Register
or completion of service e.g. payment of unclaimed dividends, to meet regulatory
requirements.
We
can keep your data for longer than 12 years if we cannot delete it for legal,
regulatory or technical reasons. We can also keep it for research or statistical
purposes. If we do, we will make sure that your privacy is protected and only
use it for those purposes
The
information we hold about you is confidential and we will only share your
personal information to enable us to deliver the product(s) or service(s),
examples are as follows:
o
At your request, or with your consent or the consent of any party linked to your
shareholding;
o Third parties including:
•
Banks and other payment service providers to process your entitlements and
payments;
• Printers in order to supply you with documentation and certificates;
•
Insurance companies – where we need to provide details of your account when we
make a claim;
• Stockbrokers and market makers who execute transactions on your behalf;
• Service suppliers to facilitate email, IT and administration services;
•
Our professional advisors, for example, our lawyers and technology consultants,
when they need it to provide advice to us;
•
Your employer or agent(s), in accordance with any specific instructions you
provide to us;
•
Third party providers, for example, your solicitor, when you have requested
their services;
•
Credit reference agencies and fraud detection agencies as part of our
identification procedures;
•
Fraud prevention agencies who will use it to prevent fraud and money-laundering
and to verify your identity. If fraud is detected, you could be refused certain
services, finance, or employment. Further details of how your information will
be used by us and these fraud prevention agencies, can be obtain by contacting
Share Owner Registrar Ltd; and
•
Your Official Receiver or appointed insolvency practitioner if we receive notice
of your insolvency, bankruptcy or insolvency proceedings / arrangement.
We will only transfer your personal information to trusted third
parties who provide sufficient security guarantees and who demonstrate a
commitment to compliance with applicable law and this policy. Where third
parties are processing personal information on our behalf, they will be required
to agree, by contractual means, to process the personal information in
accordance with the applicable law. This contract will stipulate, amongst other
things, that the third party and its representatives shall act only on our
instructions, or as permitted by law.