Share Incentive Plan (SIP) - UK

Share Incentive Plan (SIP) UK - Privacy Policy

Equiniti Share Plan Trustees Limited Privacy Notice

Equiniti Share Plan Trustees Limited handles your personal data as part of providing employee share plan services. We are committed to keeping your data safe and using it in a clear and transparent way. This summary details why we hold your data, including any ways that you might not expect. Please read the following Privacy Notice pages if you want to know more.

We hold your data

You have rights over the data we hold about you, further details are provided in section 9. 

Things you might not know


Equiniti Share Plan Trustees Limited Privacy Notice

We understand how important your personal data is and are committed to protecting and respecting your privacy.

‘Personal Data’ means any information relating to or which identifies you. This can include items such as your name, address, phone number, identification numbers (such as an account number or your national insurance number), location data or online identifiers. Personal data can be held electronically or in certain paper records.

The General Data Protection Regulation (GDPR) regulates the processing of personal data. The GDPR seeks to protect your rights to your personal data by setting out, amongst other things, the conditions under which the processing of personal data is lawful, the rights of data subjects and the standards that organisations handling personal data must adopt. This Privacy Notice is issued in compliance with GDPR and seeks to explain:

  1. Who we are;
  2. Products and services covered by this Privacy Notice;
  3. How we collect your personal data;
  4. Why we collect your personal data;
  5. How long we hold the personal data;
  6. The conditions under which we can share your personal data with others;
  7. Overseas processing;
  8. How we keep your personal data secure;
  9. Your personal data rights and how to exercise them;
  10. Useful information; and
  11. Where to find further information about this Privacy Notice.


1.    Who we are

Equiniti Share Plan Trustees Limited (ESPTL) is one company within the Equiniti Group. Our main business is provision of Employee Share Plan services. Our registered address is Aspect House, Spencer Road, Lancing, West Sussex, BN99 6DA and our Information Commissioner’s Office (ICO) registration number is Z7941663.

ESPTL is a ‘Data Controller’. This means that we are responsible for deciding how and why we hold and use personal data about you.

In this Privacy Notice, ‘we’, ‘us’ and ‘our’ will always mean Equiniti Share Plan Trustees Limited as Data Controller. 


2.    Products and services covered by this Privacy Notice

This Privacy Notice covers the trustee services provided by us in relation to Employee Share Plans (‘the Employee Share Plan’ or ‘Plan’) as set out in the Plan’s trust deed and rules. Plans include UK and International Share Incentive Plans and International Sharesave (SAYE) plans.

If you have questions about your Employee Share Plan and services, please contact the helpline shown in your Employee Share Plan documentation.

Please note, tax advantaged Plans are operated in accordance with Social Security legislative requirements such as ITEPA for UK tax advantaged Plans. You should refer to your Plan documentation to check if this applies to you.


3.    How we collect your personal data

The personal information we hold includes your account number, title and name, postal address, and dependent upon the Plan requirements and your circumstances, also include your email address and phone number, date of birth, gender, nationality, payroll details such as salary, tax status and tax residency, bonus payments, local employer’s PAYE reference, your pay site code, your payroll reference, your National Insurance Number or other tax identification number such as social security number and your salary bank account, financial information about the value of the Plan, savings information where there is a linked savings arrangement, the number of Plan shares or shares under option, performance indicators, any Persons Discharging Managerial Responsibilities, Directors’ Interest or Closed Period indicators and elections made in connection with the running of the Plan or made as part of a Corporate Action.

This could include special personal data, if we need to record the reason why and when you are no longer an employee of the Company or temporarily not at work, for example due to injury or disability, in order to administer the Plan.

We use different kinds of personal data dependent upon the relationship you have with us, the Employee Share Plan that you participate in and the products and services that you use. We collect it through a variety of different ways:

Information you provide to us

Information we collect about you

Information we receive from third parties


Special types of data

The law and other regulations treat some types of personal information as special. We will only collect and use this information if the law allows us to do so:

Keeping your personal data up to date

It is important to us that the information we hold about you remains accurate and up to date at all times, but we need your help in doing this. Please help us by ensuring that you review the information held about you regularly and let us know as soon as anything needs updating or correcting.

Other people’s personal data

The information you give us in connection with your Plan, can contain your or another person’s personal data. If you provide us with information about another person, you confirm that they have appointed you to act for them and/or they consent to you providing their personal data to us and that you have informed them of our identity and the purpose for which their personal data will be processed – as set out in this Privacy Notice.


4.    Why we collect your personal data

In the table below we demonstrate why and how we use your personal data as well as providing the legal reasons which we rely upon.

Under Data Protection legislation we must always have a legal reason for processing your personal data. One of the legal reasons is when we use your personal data for our legitimate interests and this is usually when we have a business reason. However, we must always ensure that we take your interests into consideration too, and ensure that the use is fairly balanced. We tell you below when we rely on legitimate interests and what our legitimate interests are.

Why we use your personal data

How we use your personal data

Our legal reasons for using your personal data

Plan launch

To contact eligible employees to provide Plan information.

Our legitimate interests to alert employees to company benefits.


In running your account we may analyse the personal data we hold about you and others to create a profile of interests and preferences in order that we can tailor our product or service offering and contact you with information that is relevant to you.


Our legitimate interests for the proper administration of our business for example:

·     Defining types of participants for new products and services; and

·     Operating efficiently.

Provision of Financial services, including the administration and management of customer records

To manage and operate your Employee Share Plan account with us to facilitate the administration of the Plan in accordance with the Plan trust deed and rules. This includes:

·       Checking individual share entitlements and/or savings limits are not exceeded;

·       Retaining records of your instructions and keeping your Plan account up to date;

·       Notifying you about Plan events;

·       Notifying you about any Corporate Actions impacting the Plan;

·       Notifying you about changes to our service;

·       Completing transactions that you instruct us to undertake and any legal obligations we have in relation to the transactions;

·       Processing our fees, charges, and any interest due on your accounts. Enforcing or obtaining settlement of debts owed to us or in relation to investments made on your behalf; and

·       Keeping Equiniti websites and portals secure and permit you safe access to our services.


To provide you with transaction records/confirmation notices and statements as required by the Plan.


To respond to any complaints and/or data rights that you invoke.

As part of contract preparations and obligations between us and you.


With your consent.


Legal obligations, such as in relation to UK tax advantaged Plans and/or Plans approved by other jurisdictions.


Our legitimate interests for the proper administration of our business, for example:

·     Keeping our records up to date;

·     Seeking your consent when we need it to contact you;

·     Operating efficiently;

·     Enabling and monitoring your use of Equiniti websites, portals and services; and

·     Defining types of anniversary, vesting and maturity services to notify you about.


Special personal data is only collected as part of UK tax advantaged Plans in accordance with Social Security legislative requirements e.g. ITEPA.

Assessment and collection of taxes

To submit returns to the relevant regulatory authorities and deduct tax and duties (such as income tax). This includes disclosing information to Her Majesty’s Revenue & Customs (HMRC).

As part of contract preparations and obligations between us and you.


With your consent.


To meet our regulatory requirements.


To comply with a legal obligation to account for tax and duties such as in the UK Social Security legislation.

Financial crime/ auto decision making

To analyse your personal data for financial crime, money laundering and fraud risk purposes in accordance with EEA regulations.


This can include making automated decisions based on the personal data that we hold about you, or are permitted to collect from others. 


You can ask to have one of our staff review any automated decision about you at any time – see section 9 - Your Rights.


To comply with both national and international legislation relating to financial crime.


Our legitimate interests such as the proper administration of our services and business for example:

·     Keeping our records up to date;

·     Operating efficiently; and

·     Enabling and monitoring your use of company websites, portals and services.


As part of contract preparations and obligations between us and you.


With your consent.


To meet our regulatory requirements.

Improving our services

To improve administration including:

·       Identifying improvements by undertaking data analysis, testing new products, using your personal data for research, statistical and survey purposes;

·       Ensuring that content from company websites and portals are presented in the most effective manner for you and for your device;

·       To develop and manage our products, brands and services;

·       How we manage and work with other companies in the delivery of your products and services;

·       Studying how you and others use our products and services; and

·       Measuring or understanding the effectiveness of Employee Share Plan information packs.

We can do this ourselves or appoint an agency to do this on our behalf.

Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.


With your consent.


As part of contract preparations and obligations between us and you.


To comply with legal requirements placed upon us.


To meet our regulatory requirements.


Our legitimate interests, such as the proper administration of our service and business, for example:

·     Keeping our records up to date;

·     Defining types of anniversary, vesting and maturity services to notify you about;

·     Seeking your consent when we need it to contact you.

·     Operating efficiently; and

·     Enabling and monitoring your use of our website and services.


Some of this information will be gathered by cookies that you have consented can access your computer. Please see our cookie policy for further information on how to manage cookies.


If you choose not to give personal information

We need to collect personal information required by law or under the terms of a contract we have with you. If you choose not to give us the personal data we need, it can mean that you will be unable to participate in the Employee Share Plan or your participation will lapse. So that you know what information is optional, we make it clear at the time we collect your personal data.


5.    How long we hold your personal data

Personal data will not be retained for longer than necessary for us to achieve the purpose for which we obtained your personal data. We will then either securely delete it or anonymise it so that it cannot be linked back to you. We review our retention periods for personal data on a regular basis.

We will retain personal data for the duration of the Plan and for a period of up to 8 years following the closure of the Plan, for the reasons noted below:

We can keep your data for longer than 8 years if we cannot delete it for legal, regulatory or technical reasons. We can also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

For full details of our retention policies, please contact us.


6.    The conditions under which we can share your personal data with others

The personal data we hold about you is confidential, and we will only share your personal data to enable us to deliver our product(s) or service(s), examples are as follows.

We will only transfer your personal information to trusted third parties who provide sufficient security guarantees and who demonstrate a commitment to compliance with applicable law and this Privacy Notice. Where third parties are processing personal information on our behalf, they will be required to agree, by contractual means, to process the personal information in accordance with the applicable law. This contract will stipulate, amongst other things, that the third party and its representatives shall act only on our instructions, or as permitted by law.

We are also required to share your personal data with external third parties as follows (but not limited to):


7.    Overseas Processing

Personal data will be shared with members of the Equiniti Group outside of the European Economic Area (EEA) and the European Union (EU), including Equiniti India Private Limited which is based in India, for the purposes described in this Privacy Notice. For these transfers we utilise Model Clauses recognised by the European Commission.

When we contact you via email, one of our service providers uses services outside of the EEA and EU.  For these transfers, we utilise Model Clauses recognised by the European Commission.

If you would like to obtain a copy of the Model Clauses used to share personal data, please contact the Equiniti Data Protection Officer using the details provided in this Privacy Notice.

Please note that information protection laws do vary from country to country. In particular, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the United Kingdom and/or those other countries in which we store and use the personal data we collect. Our transfer of personal data to other countries could result in that personal data being available to governments and other authorities in those countries under their laws.

By joining the Plan, you understand this international transfer, storing and processing.


8.    How we keep your personal data secure

We understand how important your personal data is to you and we take its security very seriously.

We safeguard your personal data across all our computer systems, networks, websites and offices as much as possible through appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) and our Information Security policies are aligned to ISO27001, which is an internationally recognised security standard.

We also use secure ways of communicating with you such as when collecting your personal data or providing your account information:

Where you have been given (or where you have chosen) a password or unique identifier (PIN) which enables you to access your Plan details, you are responsible for keeping this password/PIN confidential, along with any username. We will never ask for your full password or PIN, and you must not divulge your full password to us or anyone else. We recommend that any password or PIN you set is not easily guessable, and changed frequently (at least once a month).

Because we cannot guarantee the confidentiality of personal data sent on the internet you should never send your login details via email.


Security concerns

If you ever receive a communication from us by post, email or by phone that you are concerned is not genuine, please contact us using the contact details below.

You must immediately inform us if you become aware, or suspect, that someone else has knowledge of your account details.

If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed at


9.    Your personal data rights and how to exercise them

You have rights in respect of the personal data that we hold about you. Details about all of your rights are provided below and include the right to request a copy of the information that we hold about you. 

Some of these rights are conditional and depend upon why we are processing your personal data. This means that we cannot always be able to respond to your request in the way that you want. For example:


Your rights in respect of the personal data that we hold about you

Explanatory detail

The right to be informed about how we use your personal data

This Privacy Notice provides you with the details on how we use and process your data.

The right of access to a copy of any personal data we process about you, together with certain additional information

If you request to see your personal data, your initial request will be free of charge; subsequent requests can attract an administration fee. The additional information includes details of the categories and recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.

The right to request us to rectify or update it

This will be relevant where the personal data we hold is or has become inaccurate or incomplete, taking into account the purposes of the processing. Please explain why you consider the data inaccurate or incomplete.

The right to request us to erase your personal data in certain circumstances

The circumstances when erasure can apply include when we no longer need it to meet a lawful basis for processing unless that basis is consent and you withdraw your consent or you object to the processing or the processing is unlawful. However, certain exclusions apply - where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.

The right to request us to restrict processing it

This request can be used to stop us processing your personal data: if you disagree over the accuracy of the personal data until we have verified the data; the reason for processing; or if you wish us to retain your personal data for longer than our retention period, e.g. to establish, exercise or defend a legal claim.

The right to request a copy of your personal data for data portability purposes

If you have provided personal data to us under contract or because you consented to the processing and use of the data by automated means, then you have the right to instruct us to transmit that personal data to you or another data controller in a machine-readable format.

The right to object to us processing your personal data

You have a right to object to us processing your data where we are processing it for the performance of a public interest task or purpose of legitimate interests.


You can also object to direct marketing communications from us about products, offers, competitions, or services and any profiling that we can perform in relation to direct marketing. You can do this at the point of data collection, through the use of any opt-out functionality on text and emails, via your preference centre or by contacting the helpline service.


You can update your marketing preferences at any time through the use of the opt-out functionality. You have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing before the withdrawal. If you would like to receive the marketing described above, please ensure you have indicated your preferences accordingly.

Rights related to decisions based solely on automated processing

Where this processing produces legal effects or significantly affects you, you can object to this processing unless the processing is necessary as part of our contract, or is required by legislation.

Right to lodge a complaint with a supervisory authority

If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection team who will investigate the matter and report back to you.


If you remain unsatisfied with our response or believe we are not processing your personal data in accordance with the law, you are able to contact the data protection authority in your country. In the UK, it is the Information Commissioner’s Office (ICO) who regulates Data Controllers compliance with data protection legislation. They can be contacted by email:, post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by telephone: 0303 123 1113.



10. Useful information

Vulnerable Adults

We are committed to the privacy protection of vulnerable adults. If we are notified that you are a vulnerable adult we will liaise with your authorised representative, once we are in receipt of the appropriate permissions.

Links to other websites

The websites used for administering the Plan can contain links to other websites run by other organisations, or other Equiniti companies. When you are on another website, we encourage you to read their privacy statement as it will take precedence over this Privacy Notice. We are not responsible for the privacy policies and practices of other sites.

Social media, blogs, reviews, and similar services

Any social media posts or comments you make to us or the delivery of your Plan (e.g. through a Facebook page) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by other organisations, and so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.

Any blog, review or other posts or comments you make about us, our products and services on any of our blogs, reviews or user community services will be shared with all other members of that service and the public at large.

You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

Changes to this Privacy Notice

We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and/or what we do with it. As a result, we can change this Privacy Notice from time to time to keep it relevant and up to date.

We will endeavour to alert you to these changes so that you can check you are happy with them before proceeding any further. Please look out for notices from us alerting you to these changes, via websites or other timely communications. If you see such an alert, please take a moment to ensure that you’re happy with any changes. However, we will also tell you of the changes where required by law to do so.

By continuing to use our products and services, you will be bound by this Privacy Notice.

This Privacy Notice was issued on 24.05.2018. If you require copies of previous versions of this Privacy Notice, please contact the Equiniti Data Protection Officer using the contact details noted below.


11. Where to find further information about this Privacy Notice

We hope that this Privacy Notice has been helpful in setting out how we handle your personal data and your rights to control it.  If you have any questions that remain unanswered, please visit our Customer Privacy Centre or contact our Data Protection Officer:



Read our other privacy policies

Online Subject Access Request

You can request a copy of the data we hold using our secure online system EQ Synergy.

Raise an online Subject Access Request here (opens in new window)

Still have questions?