Templates

Company Privacy Notice

This company privacy notice is a legal statement that indicates how your company collects and processes the personal data of shareholders and/or investors in your company, and the purposes and legal basis for this processing. It is a requirement of data protection laws to give this notice to shareholders / investors. Read more

Privacy notice for shareholders and investors

Legal requirement: UK data protection law requires businesses to outline how they manage personal data to all parties whose personal data they process. This includes shareholders and investors and requires a company privacy notice to be given, in order to meet data protection law obligations.

Take privacy seriously: By providing a company privacy notice to your shareholders and investors, you are demonstrating your company's commitment to protecting their personal data and complying with data protection laws.

Don’t get privacy wrong: Failing to comply with data protection laws can have a hugely negative impact on your company:

  • Damage the company’s reputation: non-compliant data protection practices can lose the hard-earned trust of your shareholders and future investors - having a privacy notice in place is an obvious way to demonstrate to potential investors in your company that you take their privacy seriously and make your business even more attractive to them;
  • Huge fines: If there are non-compliances with data protection laws, your business could be exposed to multi-million-pound fines and legal action; and
  • ICO investigations: If complaints are made about your data protection practices, this could ultimately lead to an ICO (the data protection regulator in the UK) investigation. This type of investigation would cause the ICO to look into your data protection practices and procedures in detail, and potentially take action where non-compliances are identified.

What does Docue’s company privacy notice include?

Content of the company privacy notice: This company privacy notice is a legal statement that indicates how your company collects and processes the personal data of shareholders/investors in your company, and the purposes and legal basis for this processing. The purposes and legal basis for processing is a particularly important thing to consider, and you will be reliant on approved purposes and legal bases to ensure your use of data is lawful.

Example: You might collect data in order to administer an investment and assess an application, or to conduct anti-money laundering checks. These people are not necessarily always employees of your company, so this notice should be made available on the relevant area of your website, or sent directly to those contacts it applies to. This is to ensure the company has complied with its obligation to make data subjects aware of its data processing activities.

What do DP laws require in a privacy notice?: UK data protection laws have strict requirements about the information that a privacy notice must set out, which include:

  • Controller details - the identity and the contact details of the controller (which will be the company that the shareholders are taking shares in or that the investors are investing in);
  • Data protection officer (DPO) - if you have appointed a DPO, the contact details of the DPO must be provided to data subjects via the privacy notice;
  • Purpose and lawful basis - the specific purposes of the processing as well as the lawful basis for the processing must be included (and where legitimate interests are relied upon as the lawful basis, details of the specific legitimate interests);
  • Data sharing - shareholders / investors should be given details of the recipients or categories of recipients of their personal data e.g. Companies House, HMRC, other group companies, software providers;
  • International transfers - where applicable, you need to tell shareholders / investors that you are transferring their personal data to a country outside of the UK and EEA;
  • Retention period - you must tell shareholders / investors the period for which their personal data will be stored, or if that is not possible, the criteria used to determine that period; and
  • Data subject rights - a privacy notice must tell data subjects what their rights are under data protection laws. This includes the right to request access to and rectification or erasure of personal data, the right to request the restriction of processing concerning the data subject or to object to processing, the right to data portability, the right to withdraw consent at any time and the right to lodge a complaint with the ICO.

Use Docue’s template for a compliant privacy notice: You can include all of the matters listed above (plus more!) in Docue’s dynamic company privacy notice template, to produce a legally compliant privacy notice that is ready for use with your investors and shareholders. This document assumes that you are a UK-incorporated company and that English law applies.

Why should I use Docue’s company privacy notice?

Created by lawyers: Docue’s template is lawyer-made, lawyer-maintained, and has lawyer-crafted guidelines to steer you through every stage of drafting your document.

Easy to use: To create your privacy notice for shareholders and investors with confidence and speed, simply click through the intelligent tick box options and text box answers and you’ll have a comprehensive, tailored, and ready-to-use notice in no time.

Secure storage: All legal documents that you create are saved in your company's own secure account, Docue Drive.

Tags: company privacy notice, shareholder privacy notice, investor privacy notice, company privacy policy, shareholder personal data, investor personal data

Docue gives you access to 150+ high-quality legal templates drafted and maintained by UK lawyers. Trusted by 100,000+ companies.

"We needed an instant fix for writing contracts and looked around at alternatives, but Docue was superior. Easy to engage with and a wide range of templates."

Darrell Arnold

Founder & CEO, Servicedek

"Docue gave us professional contracts that we know are legally written, and cover us in a way that's easy for a non-expert to understand."

Andrew Cowen

Chief Commercial Officer, Komerz

We use cookies

Docue and our partners (e.g. Google — see full list in our Privacy policy ) use cookies and your personal data for:

  • functionality
  • analytics
  • personalised advertising

By clicking "Accept cookies", you consent to the use of cookies and personal data (such as your IP address, browsing behaviour or unique IDs) for these purposes.

You can change your cookie preferences at any time via the Cookies link in the footer.


Functionality

We use cookies to store information about the logged-in user and the selected language. You cannot disable these cookies.

Security

We use cookies to make the service more secure and to prevent misuse. You cannot disable these cookies.

Advertising

We and our partners (e.g. Google — see the full list in our Privacy policy ) use cookies and your personal data to measure how ads perform and to personalise ads based on your interests and activity across the web. Cookies may also be used for non-personalised ads.

Learn how Google uses your data.
Analytics

We use cookies to understand how users interact with our website.

Personalization

We use cookies to tailor content, such as images or layout, based on your preferences.