Shareholder Privacy Notice

Glenveagh Properties plc is the Data Controller and complies with the Data Protection Act 2018, General Data Protection Regulation and e- Privacy Regulation where amended (the ‘Applicable Law’). In the following notice we would like to inform you, our shareholders, about the way we process your personal data and further explain your data rights accorded to you under the Applicable laws.

If you have any queries in relation to this data protection notice, or if you have any concerns as to how your data is processed, please contact us at the address listed below.

Purpose and legal basis for processing your data

We collect and process your personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 (GDPR).

Purpose(s) for Processing

  • As a public listed company our shares are registered in accordance with Euronext market regulatory listing rules in Ireland. This obliges us to enter company shares on to a company share register held with Computershare. To enter shares onto our register the name, date of birth, address of the shareholder and share number must be completed for registration of a share interest. Without this information we cannot meet our statutory obligations and the share cannot be registered thereby denying you shareholder rights. We advise our shareholders to become familiar with Computershare privacy policy located on the Computershare home page at https://www.computershare.com/ie/privacy-policy.
  • We may need to process shareholder data in compliance with securities exchange, residency rules, revenue or anti-money laundering provisions.

Legal Basis - This processing of your data is necessary in order for us to comply with our legal obligations.

Purpose(s) for Processing

  • We capture audio recordings of our public results/earnings calls and publish them on our website so that our investors who cannot attend the call can listen to managements presentation the investor and analyst Q&A. Personal data relating to individuals who participate in those meetings is processed in order to provide this service.
  • In order to communicate with shareholders we need to maintain contact details for shareholders or their appointed agents to communicate group and governance activities.
  • To protect our legal rights and interests including screening for fraud prevention and anti-money laundering purposes.
  • When engaging the Group or information services your data may be used to compile statistics e.g. to demonstrate shareholder performance, improve service partners Computershare performance or monitor shareholders activity so that we may improve Group performance or offer improved services to you.

Legal Basis - This processing of your data is necessary for our legitimate interest in managing our activities including legal, personnel, administrative and management purposes and for the prevention and detection of crime, provided our interest is not overridden by your interest.

Your right to object

Please note that you have a right to object to the processing of your personal data where that processing is carried out for our legitimate interests.

Where there is a need to process your data for a purpose other than those set out in this section or otherwise outlined to you, we will inform you of this.

Sharing personal data

To maintain and administer the share register and to handle the Annual General Meeting (e.g. for printing and sending shareholder notifications or for holding the Annual General Meeting), we make use of external service providers who have access to your personal data within the scope of the tasks we might assign to them.

Our service provider for maintaining the share register is Computershare Investor Services (Ireland) Limited, company number 239353, with a registered address at

Computershare Investor Services (Ireland) Limited

3100 Lake Drive

Citywest Business Campus

Dublin 24

D24 AK82

We may also disclose your personal data to other third parties or agents, including the following:

  1. Regulatory bodies to whom we are obliged or required to disclose information
  2. Relevant Government departments and agencies
  3. Our legal advisors
  4. Our company secretarial services provider
  5. Our statutory auditors
  6. Our Client Relationship Management service provider and our share register analytics service provider
  7. Our brokers, market makers in our shares and members of the advisory community
  8. Potential acquirers of our assets

Data retention periods

Glenveagh Properties Plc is under a legal obligation to retain certain shareholder personal data indefinitely. To the extent that Glenveagh hold any shareholder personal data which it is not legally required to retain indefinitely, Glenveagh willtake all reasonable steps to destroy or erase the data from its systems when it is no longer required.

Your data rights

Right to Withdraw Consent

If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time (see Contact Us below). However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.

Right to Erasure (‘Right to be Forgotten’)

You have the right to request that your personal data be deleted in certain circumstances including:

  • The personal data are no longer needed for the purpose for which they were collected;
  • You withdraw your consent (where the processing was based on consent);
  • You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below);
  • The personal data have been unlawfully processed; or
  • To comply with a legal obligation.

However, this right does not apply where, for example, the processing is necessary:

  • To comply with a legal obligation; or
  • For the establishment, exercise or defence of legal claims.

Right to Restriction of Processing

You can ask that we restrict your personal data (i.e., keep but not use) where:

  • The accuracy of the personal data is contested;
  • The processing is unlawful but you do not want it erased;
  • We no longer need the personal data but you require it for the establishment, exercise or defence of legal claims; or
  • You have objected to the processing and verification as to our overriding legitimate grounds is pending.

We can continue to use your personal data:

  • Where we have your consent to do so;
  • For the establishment, exercise or defence of legal claims;
  • To protect the rights of another; or
  • For reasons of important public interest.

Right to Data Portability

Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:

  • The processing is carried out by automated means; and
  • The processing is based on your consent or on the performance of a contract with you.

Right to Object

You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests, for the performance of a task carried out in the public interest or in the exercise of our official authority. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.

Right to Complain

You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The contact details for the Irish Data Protection Authority:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

Phone: 01 7650 100 / 1800437 737

E-Mail: info@dataprotection.ie

Website: www.dataprotection.ie

Contact Us

We may be contacted with respect to any personal data enquiry related to your shareholding at:

The Company Secretary

Block C, Maynooth Business Campus

Straffan Road,

Maynooth

Co. Kildare

We may also be contacted by email at dataprivacy@glenveagh.ie. We ask that you insert ‘Shareholder Data Protection’ into the subject line to ensure prioritised attention and will respond free of charge within 30 days.

Details of this policy

Data protection compliance is reviewed and updated by the Group Audit Committee and may be changed from time to time to comply with amended regulation, legislation or Applicable Laws.

This policy was last amended on 25 May 2023.

Privacy Notice Changes

Glenveagh reserves the right to change this Privacy Notice at any time and without advance notice, therefore, we encourage you to review this Privacy Notice from time to time to review any changes.