1. Privacy and your Personal Data
1.1. The UK Individual Shareholders Society Ltd (“ShareSoc”) is a company limited by guarantee and registered in England – Registration Number 7503076. This is a “not for profit” organisation controlled by the members of the organisation, and funded by membership fees and donations. The UK Individual Shareholders Society Ltd operates under the trading name of “ShareSoc”. Please refer to our “contact us” page for the business address and other contact information for the UK Individual Shareholders Society.
1.4 All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section 9 below, please write to us at the below address or via email at: firstname.lastname@example.org
UK Individual Shareholders Society Ltd
20 Wenlock Road
1.5 ShareSoc is the controller of your Information for the purposes of the GDPR and is a company registered in England under number 7503076.
2. What Information do we collect on our Website?
2.1 When you visit our Website you may provide us with personal information as part of your membership application, event registration or campaign membership, such as name, postal address, email address, phone number, credit or debit card details, or there may be other personal information you choose to provide as part of any query submitted via the Contact page. You may provide us with Information in a number of ways:
a) by supplying us with the Information as listed above, on an individual basis by registering to receive updates or offers from us or to register as an Associate or Full Member of ShareSoc. To become a registered user you must provide us with your name, postal address and email address, but you may also provide us with additional information if you choose to do so;
b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
c) through any additional personal information you choose to provide as part of any written or electronic correspondence with ShareSoc, participation in the ShareSoc Members Network website or attendance at a ShareSoc event.
3. What Information do we collect at ShareSoc Member Events?
In advance of ShareSoc Member Events we record from our membership database the contact details of those registered to attend and then at the event confirm all those in attendance. Event attendance information is then stored securely within our membership database; all other copies of event attendance information are destroyed.
4. What Information do we collect for ShareSoc campaigns?
4.1 When you elect to participate in one of ShareSoc’s campaigns you consent to receiving ongoing communications from ShareSoc until the end of the campaign, or the point at which you choose to unsubscribe, if earlier. You may provide us with Information in a number of ways:
a) as part of the campaign records you may be noted as having a shareholding in the relevant company and number of shares held;
b) any other personal information that you choose to provide to us as part of ongoing shareholder campaign communications and correspondence may be retained as a record of our correspondence with you.
5. How we use your Information
5.1 We will hold, use and disclose your Information for our legitimate business purposes including:
a) to keep you up-to-date with any important changes relating to your ShareSoc membership (for associate and full members);
b) to advise you of ShareSoc news, activities, shareholder campaigns, events, promotions and competitions and other Information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
c) to keep you updated on products and services from third party providers which we believe may be of interest to you. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication. Please note that we will not share any of your personal data with these third parties;
d) to answer your queries;
e) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
5.2 We may process certain sensitive personal data (known as special category data in GDPR) where you include it in information you choose to send to us, for example if you include information about your health or your political opinions in any correspondence that you send. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law. Whilst not considered special category data under GDPR we adopt a similar process for any information about your investment portfolio or financial situation that you choose to send to us.
6. The legal basis for processing your Information
6.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a) Consent – in some circumstances, we may ask for your consent to process your Information in a particular way. This is generally achieved through completion of our communication preferences page, at the point of initial registration, or through any subsequent updates that you submit to us;
b) Necessary for performance of a contract – in order to deliver the benefits of your membership, as set out on our Website;
c) Necessary for the purposes of legitimate interests – we may need to process your Information for the purposes of our legitimate interests as an organisation, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you, optimising our website and customer experience, informing you about our shareholder campaigns and services under the terms of your membership, and ensuring that our operations are conducted in an appropriate and efficient manner;
d) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency.
7. How we share your Information
7.1 Any personal information that you submit to ShareSoc will be kept and treated as confidential and will normally only be used by ShareSoc for internal purposes and for communicating with you, and otherwise as required by UK data protection legislation.
In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.
a) Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as IT infrastructure companies, membership payment service providers and email/print mail logistics providers. We will not share your data with any third party where it is not necessary to do so in order to provide a service to you. Note that some systems used by ShareSoc to communicate with you may be based outside of the European Economic Area (EEA), such as the USA, and you accept by using this or our associated Websites that such transfers may take place. We have procedures in place to ensure your Information receives the same protection as if it were being processed inside the EEA, for example through the contracts or data processing agreements we have in place with third parties. If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us at the address or email address set out above;
b) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies;
c) In relation to our shareholder campaign activity, if you have indicated that you wish such information to be in the public domain.
Otherwise we will not sell, rent, lease, or give away your personal information, including email addresses, to others.
8. How long we hold your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics. We will not directly market to you for longer than three (3) years, unless you are an associate or full member, or if you consent to receive direct marketing by opting in again before the expiry of that three (3) year period. If you elect to cease your membership at any time then we will retain your details for a further five (5) year period prior to deleting it. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
9. Your rights relating to your Information
9.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a) Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
b) Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
c) Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
• you have provided to us previously; and
• is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
9.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
9.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by updating your communications preferences, advising our office, or by unsubscribing via the link provided in any ShareSoc communication (but note that using the unsubscribe link may also have the effect of terminating your membership).
11. How we protect your personal data
We know how much data security matters to our members. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. All transactional areas of our Website are secured using ‘https’ technology. Sensitive data such as payment card information is handled securely by a third party online payment specialist who complies with the requirements of GDPR and other relevant legislation, to ensure your Information is protected. Our membership database is securely protected with restricted password-controlled access. Our third party IT infrastructure providers regularly monitor their systems for possible vulnerabilities and attacks.
12.1 Our main Website uses Google Analytics and a technology called “cookies” and web server logs to collect information about how the Website is used. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
12.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
12.3 Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our members. Cookies do not allow us to gather any personal Information about you and we do not generally store any personal Information that you provide to us in your cookies.
12.4 Cookies are also used in the ShareSoc Members Network website which is run by a third party. You can block cookies by altering the settings in your web browser, or remove existing ones.
If you are unhappy about our use of your Information, you can contact us here. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 1113
Post: Information Commissioner’s Office
This will not affect any other legal rights or remedies that you have.