Global Shares Privacy Notice

Effective Date:

Here is a brief summary of our Privacy Notice. We encourage you to read it in full.

We are GLOBAL SHARES PUBLIC LIMITED COMPANY and its affiliates “Global Shares Group” or “Global Shares”.

Our global headquarters is at West Cork Technology Park, Clonakilty, Cork, Ireland

Email: [email protected]

Website is www.globalshares.com

This Privacy Notice applies to all companies in the Global Shares Group.

Global Shares has split our Privacy Notice into four separate notices as follows:

  • Our General Business Privacy Notice describes how we process personal data of business contacts and website visitors
  • Our User Privacy Notice describes how we process data of registered users who have Share Accounts with Global Shares.
  • Our Recruitment Privacy Notice [Link] informs job applicants how we will process their data through our recruitment process.
  • Our Employee Privacy Notice is made available to all employees via our HRIS platform.

References to “We”, “Us” the “Company” and “Global Shares” shall apply to the company in the group that is processing your Personal Data.  

We are a company that:

– designs and develops enterprise software;

– provides equity compensation management solutions for corporate clients who use share plans to     engage, align and reward their employees through share ownership and profit sharing;

– is authorised by MFSA, FINRA and SEC to provide share dealing services;

– is a trust service provider.

In order to provide our services, we need to process Personal Data. We are committed to protecting the personal data rights of individuals in accordance with data protection legislation including the General Data Protection Regulation (the “GDPR”) in Europe and other applicable privacy laws wherever Global Shares operates.

Personal Data” means data which identifies a person or could identify a person, such as their name, contact details and financial data. It applies to Personal Data that we process in connection with your relationship with us as a customer, supplier, partner, investor, visitor to our website or prospective employee.

Every individual has a right to understand how their Personal Data is being used and to exercise control over it using data protection rights which are set out in the General Data Protection Regulation (“GDPR”).  This Privacy Notice seeks to ensure that you know:

  • what Personal Data we collect from you
  • what we are doing with your Personal Data
  • that we will only use your Personal Data for the purposes set out in our Privacy Notice
  • your rights, and how you can exercise control over your Personal Data

We make the following commitments. We will:

  • not send you marketing emails if you do not want to receive them
  • always ensure that we only share your Personal Data with third parties where absolutely necessary and with appropriate safeguards in place
  • ensure appropriate technical and organisational measures are in place to protect your Personal Data and keep it secure

In this Privacy Notice, we provide information about what Personal Data we collect, what we use it for, why we collect it and what our legal basis is, who we share it with and how long we retain it.  We also provide detailed information about your rights in relation to your Personal Data.   If you have further questions, please get in touch with us using the contact details above.

You have the right to lodge a complaint with your supervisory authority, in the country where you reside, place of work or place of the alleged infringement if you consider we are not processing your Personal Data in compliance with the GDPR.

The contact details for the regulator in Ireland, the Data Protection Commission (DPC) are:

Online Form:
https://forms.dataprotection.ie/contact
Address:
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Telephone
+353 578 684 800 or +353 761 104 800

You will be notified of any material changes to our Privacy Notice.

PRIVACY NOTICE FOR GLOBAL SHARES PUBLIC LIMITED COMPANY

Last Updated:

We are GLOBAL SHARES PUBLIC LIMITED COMPANY and affiliate companies.

Our headquarters is at
West Cork Technology Park, Clonakilty, Cork, Ireland
Email:
Website is
www.globalshares.com

1.  ABOUT US

This Privacy Notice applies to the following companies in the Global Shares group of companies:

Company Name
Company Address
Global Shares Public Limited Company
West Cork Technology Park, Clonakilty, Cork Ireland
Global Shares Ireland Limited
West Cork Technology Park, Clonakilty, Cork Ireland
Global Shares Execution Services Limited (Malta)
171 Old Bakery Street, Valletta, VLT1455, Malta
Global Shares UK Limited
1 Poultry, London, EC2R 8EJ, United Kingdom
Global Shares Inc
1000 North King Street, Wilmington, New Castle County, Delaware 19801, USA
Global Shares Hong Kong Limited
Suite 406-409, 4th Floor, Three Pacific Place, 1 Queen’s Road East, Hong Kong.
Global Shares Portual, Unipessoal LDA
Avenida Defensores de Chaves, No 45, 5gth Floor, 1000-112 Lisbon, Portugal
Global Shares Financial Services Inc
1000 North King Street, Wilmington, New Castle County, Delaware 19801, USA
Global Shares Trustees Ireland Limited
West Cork Technology Park, Clonakilty, Cork Ireland
Global Shares Trustee Company Limited
1 Poultry, London, EC2R 8EJ, United Kingdom
Global Shares Trustees (UK) Limited
1 Poultry, London, EC2R 8EJ, United Kingdom
Global Shares Beijing Limited
Beijing Administration for Industry and Commerce Chaoyang Branch
Global Shares Japan KK
Level 1 Yusen Building 2-3-2, Marunouchi, Chiyoda-ku, Tokyo 100-0055, Japan
Global Shares Saudi Limited
4124 Prince Mohammed Ibn Salman Ibn Abdulaziz Rd – AlRabie Dist. Unit No 86 Riyadh 13316 – 6664 Kingdom of Saudi Arabia
Global Shares Financial Services Japan K.K
Tokyo- Level 1 Yusen Building 2-3-2, Marunouchi, Chiyoda-ku, Tokyo 100-0055, Japan

References to “We”, “Us” the “Company” and “Global Shares” shall apply to the company in the group that is processing your Personal Data.  

 We are a company that:

  • designs and develops enterprise software;
  • provides equity compensation management solutions for corporate clients who use share plans to engage, align and reward their employees through share ownership and profit sharing;
  • is authorised by MFSA, FINRA and SEC to provide share dealing services;
  • is a trust service provider.

In order to provide our services, we need to process Personal Data. We are committed to protecting the personal data rights of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).

 

2. Contact Details

We have appointed a Data Protection Officer.  If you have any questions about this Privacy Notice or the way in which your Personal Data is being used by us, please contact:

The Data Protection Officer

West Cork Technology Park,

Clonakilty, Cork,

Ireland

Email:
Telephone:
+353 (076) 888 7662
Website:
https://www.globalshares.com/

3. The purpose of this privacy notice

This Privacy Notice applies to Personal Data.  The definition of Personal Data is as follows:

Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Privacy Notice describes our approach to data protection and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR.  Please read this Privacy Notice carefully to understand our views and practices regarding the Personal Data we collect, as controllers under the GDPR, and how we will treat it.

 

4. Who this privacy notice applies to

This Privacy Notice provides specific information relating to the following individuals whose Personal Data we process:

  1. business contacts including our customers, suppliers, partners, shareholders, investors and business prospects “Business Contacts”;
  2. users/guests of our Website “Website Users”.

Global Shares has split our Privacy Notice into four separate notices as follows:

  • Our General Business Privacy Notice describes how we process personal data of business contacts and website visitors
  • Our User Privacy Notice describes how we process data of registered users who have Share Accounts with Global Shares.
  • Our Recruitment Privacy Notice informs job applicants how we will process their data through our recruitment process.
  • Our Employee Privacy Notice is made available to all employees via our HRIS platform.

 

5. Sources of personal data

BUSINESS CONTACT PERSONAL DATA

We collect Business Contact Personal Data from our business contacts including – customers, suppliers, partners, shareholders, board members, and business prospects, your employer, third party brokers and government agencies.

We source Business Contact Personal Data in order to serve the business relationship. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Personal Data is often provided by the Business Contact as part of the business relationship;
  • the Personal Data may be collected from public sources like LinkedIn;
  • the Personal Data may be collected indirectly from another person within the company of the Business Contact;
  • the Personal Data may be collected through our website;
  • the Personal Data may be collected indirectly from a website or from a third party.

WEB DATA

We may collect Website User Personal Data from all visitors to our website in order to improve our services and develop the Website.

For more details please refer to our Cookie Notice.

 

6. Categories of personal data

We process the following categories of Personal Data.  For each category we have included an example of the type of Personal Data that may be part of that category:

Personal Data Category
Description
Identification Data
may include a person’s name, photograph, date of birth, driver’s license, tax Information Number (TIN), national identity card number or passport information
Contact Data
may include a person’s email address, phone number, postal address, other communication details (e.g. Social Media links)
Communication Data
may include phone calls, texts, email correspondence and hard copy correspondence.
Marketing Data
may include Identification Data and Contact Data and any preferences in receiving marketing from us and your communication preferences.
Financial Data
may include financial data such as Identification Data and Contact Data, transaction data, payment related information or bank account details, holdings and dividend payments. It may also include residency status and credit checks. It may include Personal Data for AML/CFT compliance such as photographic identification, non-photographic identification such as utility bill or bank statements.
Web Data
may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Log Data
Includes log files of online transactions. It is collected primarily to manage the security of our services and enable Global Shares to investigate incidents and user reported issues.
Phone Recording Data
This includes Personal Data captured on the call recording system Five9 which records service desk calls and VTSL which is our main general phone system for the purpose of responding to customer queries, investigating customer complaints, to deter and investigate fraud and to resolve disputed transactions. This may include identification data, contact data and financial data.

7. Our legal basis for processing personal data

We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.

When the Company processes Personal Data it is generally on one of the following legal basis:

CONTRACT

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract (e.g. our Client Services Agreement);

CONSENT

For certain processing activities we may rely on your consent.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at  [email protected]

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to expand our business opportunities, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights. 

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at [email protected] and we will review our processing activities.

LEGAL OBLIGATION

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.

 

8. Our processing activities

We use your Personal Data to provide you with our services and to assist us in the operation of our Company.  Under data protection law, we must ensure that the purpose of processing is clear.

We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing in the following table:

Purpose of Processing
Categories of Personal Data
Lawful Basis
Service Delivery activities • to carry out your instructions in relation to your account and provide the necessary assistance in relation to your share account. • to communicate with you about your account transactions with us, and give you important information about our services or other legally binding information • to contact you about payments to and from you • for customer relationship management and support • to send notifications about changes/updates to our products and services • to fulfil our legal and contractual obligations • to improve customer service • to provide you with the necessary assistance in relation to your share account.
• Identification Data • Contact Data • Communications Data • Financial Data
• Contract • Legitimate Interest
Marketing & Promotion activities • to respond to any requests from you • to send newsletters and other information that maybe of interest • to contact you as part of our business relationship or for lead generation and general administration • to inform you of events or webinars that might be of interest • to deliver and organise our conferences, seminars, events • for statistical and marketing purposes, including generating sales reports and measuring and understanding demographics and user trends and interests
• Marketing Data • Contact Data • Communications Data • Web Data
• Consent • Legitimate Interest
Website Delivery • to respond to web forms completed by you • to promote our products and services • to improve and administer the Website; and • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes • to ensure the safety and security of our website and our services.
• Web Data • Log Data
• Consent • Legitimate Interest
IT Security • to provide appropriate secure access to internal systems for business efficiencies • to monitor the security and use of our IT systems • to allow suppliers of IT Systems access for troubleshooting purposes
• Web Data • Log Data
• Legitimate interest
Administration of Customer Relationship • to manage/respond to a query /complaint /appeal • to notify you of updates to this Privacy Notice
• Identification Data • Contact Data • Communication Data • Financial Data
• Contract • Legitimate Interest
Managing payments and administration of contract • to process payments to and from our business • to manage and administer our contracts
• Identification Data • Contact Data • Communication Data • Financial Data
• Contract • Legitimate Interest
Management of Corporate Affairs and Regulatory obligations • to take minutes at board meetings • to contact shareholders/investors • to enter into partnerships and other commercial relations • to undertake appropriate due diligence • to comply with regulatory and legal obligations e.g. transaction reporting under rules imposed by the relevant financial authorities • to detect, prevent and report financial crime by complying with anti-money laundering (AML) and the countering of the financing of terrorism (CFT) regulations.
• Identification Data • Contact Data • Communication Data • Financial Data
• Contract • Legal Obligation • Legitimate interest

9. Disclosure of personal data

In certain circumstances, we may disclose Personal Data to third parties as follows:

  • to business partners and subcontractors for the performance of any contract relating to our services, including email, Skype, Communication Platforms, Customer Relationship Management system, web developers, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • to custodians to hold securities for customers availing of our employee share plan;
  • to analytics and search engine providers that assist us in the improvement and optimisation of our website;
  • if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • to other companies in the Global Shares group of companies for the purposes of administration, marketing, HR and provision of our services;
  • if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation (including tax, audit or other authorities, including officials outside your country of residence), in order to enforce or apply any contracts that we have, to protect our operations or those of any of our affiliates and subsidiaries
  • to protect our rights, property, or safety, or that of our Business Contacts or others. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection. When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services;

10. Security measures

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Privacy Notice and the relevant law, including the GDPR.

In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential.  Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

11. Transfers outside the EEA

In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

12. Cookies

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them. 

Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Notice.

13. Third party websites

Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us.  We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

14. Retention

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Further information about our retention practices are set out below:

Purpose of Processing
Categories of Personal Data
Retention Period
Service Delivery Activities
• Identification Data • Contact Data • Communications Data
24 months after completion of account activation and service delivery activities in the case where there is no further meaningful engagement.
Marketing and Promotion Activities
• Marketing Data • Contact Data • Web Data
12 months in the case where no meaningful engagement or earlier in the case you unsubscribe.
Website Delivery
• Web Data
12 months
IT Security
• Web Data and log Data
24 months
Managing Payments and administration of the contract including holdings and transaction data
• Identification Data • Contact Data • Communication Data • Financial Data
7 years
Management of Corporate Affairs and Regulatory Obligations
• Identification Data • Contact Data • Communication Data • Financial Data
7 years or longer in the case where there is a specific statutory requirement

In certain cases, we may retain Personal Data for longer than specified here if required under relevant laws or in the event of any legal claim.

 

15. Your rights

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.  

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where: 

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we can’t delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression 
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims. 

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate Personal Data, and have told us of it
  • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing.  We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing.  This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

 

16. Exercising your rights

If You have any concerns or questions about the processing of Your Personal Data you may consult with our Privacy Team and/or You have the right to lodge a complaint with your local Data Protection Authority in the country where you reside.

The contact details for the regulator in Ireland, the Data Protection Commission (DPC) are:

Country
Contact Details
Ireland
Data Protection Commission Online Form: https://forms.dataprotection.ie/contact Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland Tel: +353 578 684 800 or +353 761 104 800

Links for other supervisory authorities are provided below:

Malta
Information and Data Protection Commissioner (IDPC)
Rest of EU
The full list of EU Supervisory Authorities is listed on the European Data Protection Board (EDPB) website
UK
Information Commissioner’s Office
US
In the USA, there is no single national authority. The Federal Trade Commission has jurisdiction over most commercial entities and has authority to issue and enforce privacy regulations. State Attorneys generals have a similar enforcement authority. Check the Attorneys General website for your location to understand if you can make a complaint with your local attorney general office.
Hong Kong
Office of the Privacy Commissioner for Personal Data (PCPD)
China
The Cyberspace Administration of China (CAC) (国家互联网信息办公室) CAC
Japan
Personal Information Protection Commission
All other locations
The Global Privacy Assembly is the global forum for data protection and privacy authorities. The GPA maintains a list of members where you will find your local authority.

17. Amendments to this privacy notice

We will post any changes on the Website and when doing so will change the effective date at the top of this Privacy Notice.  Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Privacy Notice, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.