Last reviewed: 07 June 2018
This privacy notice sets out how RD:IR collects and processes Personal Data in its capacity as a Data Processor. Richard Davies Investor Relations Limited (“the Company” or “RD:IR”) is committed to ensuring that your privacy is protected and to abiding by the European Union’s General Data Protection Regulation (“the GDPR”).
For a brief overview of how RD:IR uses Personal Data, please read the section below titled ‘How does RD:IR use Personal Data?’.
RD:IR may change this notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This notice is effective from the most recent review date.
If you require this notice to be provided in an alternative format, please contact the Data Protection Officer at firstname.lastname@example.org.
‘Personal Data’ – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Data Controller’ – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Data Processor’ – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Any further detail on definitions can be found in Article 4 of the GDPR: https://gdpr-info.eu/art-4-gdpr/
How does RD:IR use Personal Data?
RD:IR processes Personal Data for providing share register analysis (“SRA”), customer relationship management (“CRM”), targeting, proxy solicitation and other services to its clients.
Most processing of Personal Data is done as a legitimate interest, lawful under Article 6(1)(f) of the GDPR, and is subject to a three-part test. All Personal Data that is processed by RD:IR as a legitimate interest undergoes a Legitimate Interest Assessment that is structured to satisfy the three-part test. These can be made available upon request.
Other Personal Data is processed by RD:IR either with lawful consent from the individuals the Personal Data relates to, or under the legal and statutory obligations of the UK’s Companies Act 2006.
If you would like to know more about how we process Personal Data, please continue reading.
You have the right to object to RD:IR processing your Personal Data. If you wish to raise an objection, please contact the Company’s Data Protection Officer at email@example.com, or on 020 7492 0549.
How RD:IR collects Personal Data
In the course of the work RD:IR undertakes, Personal Data is collected through any of the following:
- From the publicly-available share register;
- Requests sent to institutions under s793 Companies Act 2006;
- Requests sent to institutions to fulfil contractual obligations;
- Sourced from institutions’ websites;
- Sourced from professional third parties;
- Provided by clients in their capacity as Data Controllers.
Categories of Personal Data that RD:IR processes
The categories of Personal Data that RD:IR processes as a legitimate interest are as follows:
- Professional investors:
- Company information
- Business contact information
- Shareholders registered on the share register:
- Registered address
- Shareholding information
- Retail investors:
- Email address
Why RD:IR collects and processes Personal Data
RD:IR collects and processes Personal Data to provide SRA, CRM, targeting, proxy solicitation and other services to clients.
A large part of the SRA service RD:IR provides is in line with the Companies Act 2006, primarily s793 and s808. The Personal Data that RD:IR deals with is publicly available. Any Personal Data that isn’t covered by the legitimate interest principle within the SRA service has been lawfully processed with the active consent of the individuals involved.
The CRM service that RD:IR provides involves supplying clients with contact information of individuals to assist clients in connecting with their shareholders and conducting good business.
The targeting service that RD:IR provides involves screening for fund managers and analysts covering relevant sectors/geographies/market capitalisations and contacting these fund managers and analysts to offer them direct corporate engagement with the Company’s clients.
The proxy solicitation service that RD:IR provides involves contacting investors and individuals at financial institutions to discuss upcoming client meetings and voting in those meetings.
Personal Data processed by RD:IR is only shared with clients of RD:IR and never shared with third parties without consent having been sought from the individuals affected. RD:IR does not sub-contract to any third parties any of the services it provides to clients.
How long RD:IR retains Personal Data
RD:IR will not retain Personal Data for longer than is necessary to fulfil its legal and contractual obligations.
Professional investor information will be retained as long as it is required and as long as it is accurate.
How RD:IR keeps Personal Data secure
The majority of the Personal Data RD:IR deals with is stored on IT systems. There is a rigorous network security system in place, as well as an encrypted backup process and annual penetration testing. Hardware is stored securely and access is restricted to relevant personnel only.
All emails going through RD:IR servers are encrypted and the Company’s website and web application are both secure.
RD:IR employee passwords are known only to the employee in question. Client passwords for the web application are provided by RD:IR and the client is encouraged to change that password and keep it secure.
Any physical Personal Data that RD:IR processes is secured when not in use, and when in storage stored in a secure offsite facility that specialises in providing secure storage.
RD:IR has detailed internal policies on data protection and security. These can be made available upon request.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.