Privacy Policy
1.) OUR APPROACH
This privacy policy sets out how we, Aterian PLC, (further referred to as “Aterian”, “our” or “we”) process the personal information of our shareholders and warrant holders in the European Union (“User” or “you”).
2.) WHAT INFORMATION DO WE HOLD ABOUT YOU?
We may collect personal information either in the course of you becoming a shareholder or a warrant holder of Aterian PLC or if you have requested to be circulated with or notified of our published announcements (“Announcements”).
3.) WHAT DO WE DO WITH YOUR PERSONAL INFORMATION?
3.1 We will use your personal information, and may share your personal information with other third parties acting on our behalf, for one or more of the following purposes:
3.1.1 to maintain our Share and Warrant Registers;
3.1.2 to provide you with or notify you of Announcements including notices of general and annual general meetings;
3.1.3 to respond to any information request, enquiry or complaint you may make to us;
3.1.4 to prevent or detect fraud or abuse of statutory records;
3.1.5 to enable our service providers or agents to carry out certain functions on our behalf, for example, verification, settlement or IT support or telecommunications or other relevant functions;
3.1.6 for regulatory and legal compliance purposes; and
3.1.7 for our own administrative purposes, including training our staff or conducting statutory or internal audits.
3.2 In certain circumstances, we may need to collect sensitive information about you. We will only use such personal information:
3.2.1 to administer or carry out our obligations to you as a shareholder or warrant holder;
3.2.2 to fulfil our legal or regulatory obligations; or
3.2.3 to assess and respond to a complaint you might make relating to us.
3.3 We do not sell, rent, trade or otherwise derive income from your data.
3.4 We do not use automated means to process your data or make decisions regarding you.
4.) GROUNDS FOR PROCESSING YOUR PERSONAL INFORMATION
To process your personal information lawfully we need to rely on one or more valid legal grounds. Our primary legal grounds for processing your personal information are to fulfil our regulatory and statutory obligations, principally, our obligations as an AIM listed company.
5.) DISCLOSURE OF YOUR PERSONAL INFORMATION
There are circumstances where we may wish to disclose or are compelled to disclose your personal information to third parties. This will only take place in accordance with the law or our regulatory obligations and for the purposes listed above.
6.) RETENTION OF PERSONAL INFORMATION
Your personal information will be retained for as long as it is necessary to carry out the purposes set out in this privacy policy (unless longer retention is required by law or regulation). However, we will not retain any of your personal information beyond this period and the retention of your personal information will be subject to periodic review.
7.) INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your personal information to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means.
8.) THIRD PARTIES PERSONAL INFORMATION
Where you submit information on behalf of another person, you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this privacy policy and that they have consented to such collection, use and disclosure.
9.) DATA SUBJECT RIGHTS
Data protection law provides data subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of their personal information. Data subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal information is not being processed in accordance with applicable data protection law.
9.1 Right to make a subject access request (SAR).
Data subjects may, where permitted by applicable law, request copies of their personal information (by way of a SAR). If you would like to make a SAR, i.e. a request for a copy of the personal information we hold about you, you may do so by writing to us. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee (if your request may reasonably be considered to be unfounded, excessive or repetitive).
9.2 Right to rectification.
You may request that we rectify any inaccurate and/or complete any incomplete personal information.
9.3 Right to withdraw consent.
You may, as permitted by applicable law, withdraw your consent to the processing of your personal information at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent or processing based on other permitted grounds (e.g. our regulatory obligations or legitimate interests). Please note that if you withdraw your consent, you may not be able to benefit from certain features for which the processing of your personal information is essential such as receiving Announcements.
9.4 Right to object to processing.
You may, as permitted by applicable law, request that we stop processing your personal information
9.5 Right to erasure.
You may request that we erase your personal information and we will comply, unless there is a lawful or regulatory reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal information (e.g. if retention is necessary for us to comply with our legal and regulatory obligations).
9.6 Your right to lodge a complaint with the supervisory authority.
We suggest that in the first instance you contact us if you have any questions or if you have a complaint in relation to how we process your personal information. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.