RD:IR Privacy Policy
Last reviewed:19 August 2021
This privacy notice sets out how RD:IR collects and processes Personal Data in its capacity as a Data Controller or Processor. Richard Davies
Investor Relations Limited (“the Company” or “RD:IR”) is committed to ensuring that your privacy is protected and to abiding by the UK General
Data Protection Regulation (“the GDPR”).
For a brief overview of how RD:IR uses Personal Data, please read the section below titled ‘How does RD:IR use Personal
Data?’.
RD:IR may change this notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy
with any changes. This notice is effective from the most recent review date.
Definitions
‘Personal Data’ – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one
who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data,
an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of
that natural person.
‘Data Controller’ – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes
and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller
or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Data Processor’ – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
How does RD:IR use Personal Data?
RD:IR processes Personal Data for providing share register analysis (“SRA”), customer relationship management (“CRM”), targeting, proxy solicitation
and other services to its clients.
Most processing of Personal Data is done as a legitimate interest, lawful under the GDPR and subject to a three-part test. All Personal Data that
is processed by RD:IR as a legitimate interest undergoes a Legitimate Interest Assessment (“LIA”) that is structured to satisfy the three-part test.
LIAs are available upon request.
Other Personal Data is processed by RD:IR either with lawful consent from the individuals the Personal Data relates to, or under the legal and statutory
obligations of the UK’s Companies Act 2006.
You have the right to object to RD:IR processing your Personal Data. If you wish to raise an objection, please contact the Company via Welcome@rdir.com
How RD:IR collects Personal Data
In the course of the work RD:IR undertakes, Personal Data is collected through any of the following:
- Publicly-available share registers;
- Requests sent to institutions under s793 Companies Act 2006;
- Requests sent to institutions to fulfil contractual obligations;
- Institutional investor websites;
- Professional third parties;
- Provided by clients in their capacity as Data Controllers.
Categories of Personal Data that RD:IR processes
The categories of Personal Data that RD:IR processes as a legitimate interest are as follows:
- Clients:
- Name
- Business contact details
- Professional investors:
- Name
- Company information
- Business contact details
- Shareholders registered on the share register:
- Name
- Registered address
- Shareholding information
- Retail investors holding shares via custodians:
Why RD:IR collects and processes Personal Data
RD:IR collects and processes Personal Data to provide SRA, CRM, targeting, proxy solicitation and other services to its clients.
A large part of the SRA service RD:IR provides is in line with the Companies Act 2006, primarily s793 and s808. The Personal Data that RD:IR deals
with is largely publicly available.
Any Personal Data that is not covered by the legitimate interest principle within the SRA service has been lawfully processed with the active consent
of the individuals involved.
The CRM service that RD:IR provides involves supplying clients with contact information of individuals to assist clients in connecting with their
shareholders and conducting good business.
Personal Data processed by RD:IR is only shared with the related client of RD:IR and never shared with third parties without consent having been
sought from the individuals affected.
RD:IR does not sub-contract to any third parties any of the services it provides to its clients.
How long RD:IR retains Personal Data
RD:IR will not retain Personal Data for longer than is necessary to fulfil its legal and contractual obligations.
Professional investor information will be retained as long as it is required and as long as it is accurate.
How RD:IR keeps Personal Data secure
The majority of the Personal Data RD:IR maintains is stored on IT systems with rigorous network security processes in place, including encrypted backup process and annual penetration testing. Hardware is stored securely and access is restricted to relevant personnel only.
All emails going through RD:IR servers are encrypted. The Company’s website and online applications are secure to international standards.
RD:IR employee passwords are known only to the employee in question. Client passwords for online applications are provided by RD:IR and the client is encouraged to change their password regularly and keep this data secure.
Any physical Personal Data that RD:IR processes is secured when not in use, and when in storage stored in a secure offsite facility that specialises in providing secure storage.
RD:IR has detailed internal policies on data protection and security. These are available upon request.
Controlling your personal information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Review & audit of information policies & processes
We carry out regular and frequency reviews and audits of all data-related processes with logs of activity and outcomes.