Shareholder privacy policy
1. Introduction
Daily Mail and General Trust plc (“DMGT” or “we” or “us“) values and respects the privacy of every individual whose personal data it collects and handles. This Privacy Notice explains how DMGT collects, stores and uses the personal data of its shareholders who have acquired A Ordinary Non-Voting shares.
Why have a Privacy Notice?
The EU General Data Protection Regulation has introduced new laws that deal with how personal data is collected, stored and used. This law will continue to apply after the UK leaves the EU.
We will hold certain personal data about you in your capacity as a shareholder of DMGT. We believe it is important that you know what personal data about you we collect, what we use it for and on what basis. It’s also important we set out the rights you have in relation to your personal data. Where applicable, you have the right to know what information we hold and to request copies of that information, as well as object to us holding such information, request that any inaccurate information we may hold about you is rectified, and in certain circumstances request that we delete such information.
This Privacy Notice sets out in detail the reasons why we collect your personal data.
Application
This Privacy Notice applies to DMGT shareholders who have acquired A Ordinary Non-Voting shares. Please be aware that if you require us to receive personal data about someone else in relation to your shareholding with us, this Privacy Notice will apply to the processing of personal data relating to that individual as well. However, we will always check with you first if we need that individual’s permission to use their personal data.
For the purpose of applicable data protection law we are the data controller of your personal data.
Updates and changes to this Privacy Notice
We review our Privacy Notice regularly and we will always let you know if we plan to make changes to this Privacy Notice. If you have any questions about this Policy you can contact us at the address set out at section 7 (How to contact us) below. This Privacy Notice was last updated on 28 June 2018.
2. What Personal data we collect and how
The personal details of DMGT shareholders who hold shares directly, or details of the nominee accounts in which some retail and institutional shareholders hold their shares, are held and maintained by DMGT’s registrar, EQ Limited who process your data for DMGT. We and they, need this information to administer your DMGT shareholding.
Please be aware that if we are given inaccurate information or if you ask us to delete the information we hold about you, we may be unable to help you with the administration of your shareholding.
In order to manage A Ordinary Non-Voting shares we may collect and use the following personal data:
- contact details and identity information: for instance your name, gender, address, phone number, date of birth, nationality, and email address (work or personal); and
- financial information: for instance your bank or building society details in order to know where to pay dividends direct.
We collect this information when you provide it to us, or we create it ourselves or collect it from other organisations.
We will collect information about you from other organisations as part of our identity and financial crime checking procedures with credit reference agencies, fraud detection agencies, and registration or stockbroking industry exchanges.
Sensitive or special category personal data
Please note that different rules apply to data concerning race, ethnic origin, political opinions or beliefs, religious or other beliefs, trade union membership, physical or mental health, sexual life or orientation and any offences committed and sentences or court proceedings relating to actual or potential offences. This is what is known as sensitive or special categories of personal data.
During our relationship with you, we should not require any such sensitive or special categories of personal data. Therefore please do not send us such data.
3. Why we collect your personal data
We will never collect your personal data for no reason. Therefore, we will always have a specific purpose to collect, store and use your personal data. The personal data we collect will depend on the type of shareholding you have with us.
We set out below the different ways we collect, store and use your personal data.
Management purposes
If you have acquired DMGT shares, we are entitled to process your information so that we can:
- include you on our share register;
- make dividend payments;
- complete transactions that you instruct us to undertake;
- retain records of your instructions and keeping your shareholding account up-to-date;
- to communicate to you through your Shareview account;
- send you information about (i) your DMGT shareholding (including the email notification of the release of Interim and Annual Reports (provided you have registered for such an alert through your Shareview account), (ii) changes to our services, and (iii) corporate actions which may affect your DMGT shareholding;
- provide information to EQ, our share registrar, so they can manage your shareholding on our behalf;
- provide you with transaction records / confirmation notices and statements as required by financial regulations; and
- support you more if you are a vulnerable customer.
Our legitimate interest
In accordance with applicable data protection law we will use your personal data if it is necessary for the purposes of our legitimate interests. For example, processing is necessary for the purposes of running and operating our business and ensuring effective communications with shareholders as well as to administer such shares. We will explain to you when the provision of particular information is mandatory (for example to comply with applicable law or fulfil our contractual duties to you), including the possible consequences of not providing particular information, for example it may prevent us from proceeding with a transaction involving you.
In particular, we will use your information to:
- identify and let you know about plans that you would be eligible for or may interest you;
- make efforts to trace you if we lose contact with you, for example, to reunite you with your assets;
- create aggregated data and anonymised data for further use;
- improve our service including trouble shooting, data analysis, testing, research, statistical and survey purposes;
- share with our insurers and insurance brokers where required;
- run credit and fraud prevention checks;
- collect debt, bring or defend claims; and
- prevent and detect crime, and secure and protect our network.
Where we process your data to provide a product or service, we do so because it is necessary to perform our contractual obligations. The above processing is necessary in our legitimate interests to provide products services and to maintain our relationship with you and to protect our business (for example, against fraud).
Meeting our legal and regulatory obligations:
In some cases we will collect and use your personal data on the basis that processing is necessary for our compliance with our legal or regulatory obligations. For example, to comply with Money Laundering Regulations, and to manage our credit risk and prevent fraud, before we supply you with a product or service we may use information you have supplied to us together with information we have collected from credit reference or fraud protection agencies. Such information may include:
- identity information such as name, address, date of birth and contract details;
- financial information; and
- device identifiers for example your IP address.
Please note that if you do not end up buying DMGT shares, we may still keep the result of our credit checks about you if we have a legal obligation to do so and it is in our legitimate interests. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held by us and the organisation we share it with for up to six years. Please be aware that if you provide us with false or inaccurate information which we identify as fraudulent, we will pass that on to fraud prevention agencies and we may also share it with law enforcement agencies.
Your information might be shared with certain government bodies / agencies to further meet our legal and regulatory obligations, such as disclosing or sharing information to / with:
- Her Majesty’s Revenue & Customs;
- Department for Work and Pensions;
- Her Majesty’s Courts and Tribunals Service;
- the Financial Services Authority;
- the London Stock Exchange plc;
- the Information Commissioner’s Office; or
- the operator of any market in which you may hold investments.
Under investigatory powers legislation, we may be compelled to share your personal data with government and law enforcement agencies, such as the police as part of crime prevention, detection and prosecution or otherwise to protect national security. Such government and enforcement agencies may request:
- your contract and identity information: for instance your name, gender, address, phone number, date of birth, nationality, email address (work or personal), and even your passwords or credentials;
- your communications with us, such as calls, emails and webchats;
- your payment and financial information; and / or
- details of the shares and products and services you have bought.
Sharing:
Personal data we hold about our shareholders may be shared with:
- companies who process personal data on DMGT’s behalf, such as our shareholder registrar, EQ, so they can manage your shareholding on our behalf and deliver products and services;
- our service providers, such as EQ who operate our Shareview service;
- professional advisors, such as accountants, lawyers, proxy advisers or other consultants; and
- other companies in the DMGT group for the purposes set out above.
Automated decision making and profiling
DMGT will not use your personal data for automated decision-making or profiling purposes.
4. International transfers of personal data
DMGT is a global group and has operations throughout the world. The personal data that we hold about you may be transferred to, and stored at a country outside of your country of residence, including countries outside the European Economic Area (EEA). To ensure your personal data is always protected when we transfer such information to DMGT group companies or other third parties outside of the EEA, we will ensure that those transfers take place in accordance with applicable data protection laws. In particular, if we need to transfer your personal data to another organisation for processing in countries that are not listed as “adequate” by the European Commission, we will only do so if we have appropriate safeguards in place.
5. How do we protect your information and how long do we keep it?
Protection of personal data
We have strict security measures to protect your personal data.
If you ever receive a communication from us by post, email or by phone that you are concerned may not be genuine, please contact us using the contact details below.
It is important that you inform us immediately if you become aware, or suspect that, someone else has knowledge of your account details.
Retention of personal data
We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law or regulations.
6. Your rights
As holders of your personal data you have certain rights against us in relation to how that information is collected and used.
If you wish to exercise one or more of these rights, please contact us with your request at [email protected] , and include your name, email and postal address, as well as your specific request and any other information we may need in order to provide or otherwise process your request.
Access | You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. |
Deletion | You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. |
Restriction | You have the right to restrict our processing of your personal data where you believe such information to be inaccurate, our processing is unlawful or that we no longer need to process such information for a particular purpose, but where we are not able to delete the information due to a legal or other obligation or because you do not wish for us to delete it. In such case, we would mark stored personal data with the aim of limiting particular processing for particular purposes in accordance with your request, or otherwise restrict its processing. |
Portability | Where the legal justification for our processing of your personal data is based on consent or for the performance of a contract, you have the right to request that data you have provided to us (and not data we may have created about you) be transmitted directly to another controller. We will abide by your request unless we have compelling legitimate grounds for why we cannot undertake the transmission. |
Objection | Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim. |
Please note, that for all requests it will normally take one month for us to get back to you. If we think it may take longer, for example if the request is particularly complex or we are inundated with lots of requests at once, we will inform you as soon as possible and let you know the expected timeframe to process your request.
7. How to contact us
If you would like any more details, or have any comments or questions about our Privacy Notice, write to us at:
DMGT Plc, Northcliffe House, 2 Derry street, London, W8 5TT
Or email us at [email protected]
Complaints
If you wish to make a complaint on how we have handled your personal data, in the first instance please contact us using the above email address. We will investigate the matter and report back to you.
If you are still not satisfied, or believe that we have not handled your personal data in accordance with applicable data protection laws, you have the right to complain to the data protection authority in the country where you live or work. For the UK, that is the Information Commissioner’s Office (https://ico.org.uk/):
The Information Commissioner’s Office
Telephone: +44 0303 123 1113 / +44 1625 545 700
Email: [email protected]
Website: www.ico.org.uk
Web-form: www.ico.org.uk/concerns/
Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
If you are based in, or the issue you would like to complain about took place, elsewhere in the European Economic Area (EEA), a list of local data protection authorities in the other EEA countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
8. Glossary
We set out below terms which we have defined in this Privacy Notice and the general meaning and understanding of certain technical terms we have used in this Privacy Notice:
Aggregated data | means grouped information, for example the total number of share transactions made in a year. |
Anonymised data | means data which has had all personally identifiable information removed. |
Automated decision-making | means a decision made by automated means without any human involvement. |
Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
DMGT shareholder | means an individual or company who has acquired A Ordinary Non-Voting shares in DMGT, but for the avoidance of doubt not holders of Ordinary DMGT shares. |
IP address | is a unique string of numbers that identifies each device using the internet or a local network. |
Money Laundering Regulations | means all applicable EU and UK legislation dealing with anti-money laundering, financial crime, know your customer checks etc. |
Personal data | means information that identifies you as an individual, or is capable of doing so. |
Profiling | means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. |
Regulatory obligations | means our obligations to regulators such as the Financial Conduct Authority and the Information Commissioner’s Office. |