Kerry Group Shareholder Data Protection Policy
Information on who we are
Kerry Group plc (the ‘Company’) is committed to protecting the privacy and security of your personal data. The Company is incorporated in Ireland with a registered office address at Prince’s Street, Tralee, Co Kerry.
The Company is a data controller. This means that we are responsible for deciding how we hold and use your personal data.
This data protection policy describes how we collect and use personal data about you in accordance with Data Protection Law* in the course of providing services to you.
From 25 May 2018 existing data protection law was amended and consequently the Company has enhanced accountability and transparency obligations concerning your personal data.
It is important that you read this data protection policy so that you are aware of how and why we are using your personal data.
* Data Protection Law means the Data Protection Act 2018 transposing Regulation EU/2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) and any legislation which amends, extends, consolidates, re-enacts or replaces same, including any statutory instruments and regulations that may be made pursuant thereto from time to time.
The Kind of Data We Hold About You
Personal data means any data about an individual from which that person can be identified. It does not include anonymous data i.e. data from which you cannot be identified. There are special categories of more sensitive personal data which require a higher level of protection.
When you become a shareholder in the Company, we may collect and process your personal data. We will only collect, and process personal data required for the provision of shareholder services to you. You may provide us with this data directly or we may collect your personal data from third parties such as the stockbroker or other agents that you use or through electronic settlement systems such as CREST. Such data may include:
- Name, address and contact details, including your phone number and email address.
- Date of birth.
- Proof of identity such as passport or drivers licence.
- Bank account details, including bank account name and number and bank identifier code.
- Details of the shares held in the company by you, dates of membership/cessation of membership of the company and share transaction data.
- Details of dividend or other payments made to you.
- Tax details supplied by you on Stamp Duty Certificates and Dividend Withholding Tax Exemption Forms.
- Information held on documents supplied by you or your legal representatives in respect of your shareholding, for example, marriage certificate, court order, power of attorney, death certificate, grant of probate and letters of administration.
- When you interact with us we may record details of those interactions, for example, phone calls, e-mail correspondence and hard copy correspondence as well as data on how you use our website. If you make a complaint we will process details concerning that complaint.
How We Use Your Personal Data
We will only use your personal data when the law allows us to.
We need to process your personal data primarily to allow us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may use your personal data to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
We may also use your personal data where we need to protect your interests (or someone else's interests) or where it is needed in the public interest.
We and our trusted third party providers will use your personal data to register you as a shareholder and to maintain our relationship with you as a shareholder including:
- Maintaining and administering the Company’s register of members.
- Providing you with updates in relation to the business of the Company.
- Notifying you of upcoming general meetings of the Company or resolutions that require your vote and the result of such votes.
- Maintaining records of member meetings, votes and resolutions and provide voting services.
- Providing you with Company documents.
- Carrying out instructions in relation to your shareholding and dealing with requests and queries.
- Paying dividends.
- Dealing with notifications on the death of a shareholder.
- Dealing with complaints and legal claims.
- Anti-money laundering, fraud prevention, detection and investigation.
- Complying with market abuse law and other legal and regulatory obligations.
- Notifying you about changes to our terms or data protection policy.
Lawful Basis for Processing Personal Data
The lawful bases on which we collect, process and transfer your personal data would be one of the following:
- That it is necessary for compliance with a legal obligation that applies to us.
- That it is necessary for the performance of our contract with you under the Company’s Constitution.
- That it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party to whom we may provide your personal data. Your personal data will not be processed for these purposes should your own interests, rights and freedoms override the legitimate interests of the Company or a third party to whom we provide your personal data.
Requirement to Provide Data
As a shareholder you are under a statutory obligation to provide us with certain personal data under the Companies Act 2014 (as amended), you are also under a contractual obligation to provide us with certain personal data under the Company’s Constitution.
Where we require your personal data to enter into a contract with you and to provide you with our services, we will make this clear.
If you do not provide us with this personal data, we may not be able to enter into or perform our contract with you or provide you with our services. You may also be in breach of your applicable statutory or contractual obligations, and we may have such legal rights and remedies against you as are available under applicable law and/or the Company’s Constitution.
Change of Purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so unless this is otherwise required or permitted by law (in which case we may process your personal data without your knowledge or consent).
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.
Your personal data will not be subject to automated decision-making.
We will share your personal data with third parties where required to comply with our legal or regulatory obligations, in the context of a transfer of our statutory functions, or to otherwise comply with the law. We require third parties to respect the security of your data and to treat it in accordance with the law.
We will also share your personal data with trusted third party service providers where it is necessary to perform our contract with you or where we have another legitimate interest in doing so.
All our third party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Third parties with whom your personal data is shared include:
- Banks (for payment of dividends).
- Government bodies such as the Companies Registration Office, Central Bank of Ireland and Revenue Commissioners.
- Bulk printing service providers (for the printing and dispatch of documents).
- Shareholder agents such as a shareholder’s solicitor, stockbroker or accountant.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will never sell your data to anybody for unsolicited marketing.
We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transferring Data Outside the EU
We may transfer the personal data we collect about you outside the European Economic Area (EEA) where a trusted service provider is based outside of the EEA. We will always take steps to ensure that any transfer of your data outside of the EEA is carefully safeguarded and managed to protect your privacy rights.
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for. Certain personal data will be retained for the duration of your shareholding in the Company and for such period of time after you cease to be a shareholder in the Company as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise in connection with your shareholding.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
Your Duty to Inform Us of Changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
- To access your personal data.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request the restriction of processing of your personal data.
- Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data, object to or restrict the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact our Data Protection Officer in writing.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific data from you to help us confirm your identity and ensure your right to access the data or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you have any complaints about the way we use your personal data please contact our Data Protection Officer who will try to resolve the issue.
You have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues.
Data Protection Commission
Data Protection Officer
We have appointed a Data Protection Officer to oversee compliance with our obligations under Data Protection Law.
If you have any questions about this data protection policy or how we handle your personal data, our Data Protection Officer may be contacted by post at Kerry Group plc, Prince’s Street, Tralee, Co Kerry, Ireland or by email at firstname.lastname@example.org.
Changes to This Data Protection Policy
We reserve the right to update this data protection policy at any time. We may also notify you in other ways from time to time about the processing of your personal data.