Sophos Group plc (Sophos) collects and processes certain personal data provided by you or on your behalf, and which relates to you as an individual shareholder of Sophos. Sophos processes such information in its capacity as a data controller for the purposes of the General Data Protection Regulation (GDPR), and determines how and why your personal data will be processed.
The purpose of this notice is to provide you with more information in relation to the processing of your personal data, and your rights in connection with that personal data.
Sophos collects certain personal data about its registered shareholders, which may include the following types of data:
- Contact information such as your name, home address, email address, and telephone number(s); and
- Shareholder information such as a unique shareholder reference number and details of your shareholdings.
Use of personal data
We may collect, use, retain, share, or otherwise process your personal data for the purpose of communicating with you, such as to notify you of press releases, financial results, and other shareholder communications. We may also process your personal data to administer our obligations as a UK listed company. These activities are carried out to comply with our legal obligations, and to further our legitimate interest in managing our investor relations. The data you provide will, to the extent required by law, be included in the company’s register of members which will be available for inspection by the public on request.
Sophos may engage third parties who may process your personal data on Sophos’ behalf. Currently, the third parties who provide services relating to Sophos’ shareholders are our Registrar, Link Asset Services (a UK division of the Link Group, which is headquartered in Australia). It may also be necessary to share your personal data with other Sophos group companies.
In some circumstances Sophos may transfer your personal data to third parties or group companies in a country other than the country in which the data was collected. When we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer information from the European Economic Area (EEA) to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into EU Standard Contractual Clauses with the data importer, or taking other measures to provide an adequate level of protection under EU law.
We retain your data only for as long as we need it in order to maintain the investor relationship with you, and to meet any applicable legal obligations.
You may exercise the rights available to you under applicable data protection laws as follows:
- If you wish to access, or request deletion of your personal information you can do so at any time by completing this form.
- If you wish to update or correct your personal data you can do so any time by using the contact details provided below.
- If you are a resident of the EU, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data using the contact details below.
- If we have collected and processed your personal data on the basis of consent, then you can withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing conducted prior to your withdrawal, processing conducted in reliance on lawful processing grounds other than consent.
Sophos will respond to all requests received from individuals wishing to exercise data protection rights in accordance with applicable data protection laws.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here.)
Should you have any questions around the processing of your personal data, or anything else in this notice, please contact firstname.lastname@example.org, or write to the Data Protection Officer, Sophos Group plc, The Pentagon, Barton Lane, Abingdon, Oxford, OX14 3YP, United Kingdom.