Privacy Notice for Investors

We process your personal information because you are one of our investors. We are required to process this information to allow us to undertake and comply with our legal and regulatory obligations applicable to public limited companies, and to allow us to contact you.

We may wish to make certain communication channels available to you, to customise our communications to you, to understand your needs, and to provide improved investor opportunities to you. With your agreement, we may request to contact you about information which we think you may find interesting, or for investor satisfaction purposes (including contact by email), and for risk management and administrative purposes. In these cases, we are a data controller.

In order to carry out the above, we shall obtain, either from you directly, or from your employer or other business contacts with whom we have a relationship in common, and process the following information:-

• Contact details such as name, address, telephone number and email address; and
• Identification details such as signatures and job titles.

We take all necessary steps to ensure that personal information is kept safe and confidential during storage, processing and transit (where applicable).

Personal data may be held at our offices, our information processing centres and those of our third party service providers, representatives and agents.

Some of those third parties may be based outside of the UK and/or European Economic Area (“EEA”). For more information, including on how we safeguard your personal data when this happens, see below “Transferring your personal data outside of the UK and EEA”.

Due to our corporate structure, our group companies will have access to your personal information. This privacy policy applies to all our group companies, including SMS Connections Limited, SMS Meter Assets Limited, SMS Data Management Limited, UKMA (AF) Limited, SMS Energy Services Limited, CH4 Gas Utility and Maintenance Services Limited, Trojan Utilities Limited, SMS Mapco 1 Limited, Qton Solutions Limited, Solo Energy, Metering Limited, and SMS Data Services Limited,

Under certain circumstances, we may be required to share your personal information with our third party suppliers, partners and subcontractors that we engage in order for us to comply with our legal and regulatory obligations as a public limited company. This includes where a third party manages our share register, where we wish to contact you about your investor experiences and we engage a third party to do this on our behalf, and or where we use a third party IT service provider (including security providers and cloud service providers) to provide a customer relationship management system in which we store and manage our investor details.

Where you are a significant major shareholder, this information is reported in line with our legal obligations on our website. We may be obliged to disclose personal information to any competent legal or regulatory authority conducting an investigation in relation to criminal activity.

We keep personal information only for so long as we need it. Once we no longer need it, we arrange for it to be deleted from our systems. Where we are required to retain personal information to allow us to comply with legal or regulatory obligations as a public limited company, we will do so only for so long as we need to.

We (or a third party who we share personal data with) might process that personal data outside of the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of personal data.

When we send data outside of the UK/EEA, we will make sure that the correct safeguards have been put in place to protect personal data, including:

• ensuring that the country where any data will be transferred to is subject to an “adequacy decision” by the UK government and/or European Commission. This is to ensure that the particular country ensures an adequate level of protection of personal data under their domestic laws; or
• ensuring that there are appropriate safeguards in place, together with enforceable rights and effective legal remedies; or
• a specific exception applies under relevant data protection law; or
• ensuring that standard, legally approved, data protection clauses recognised or issues further to Article 46(2) of the UK GDPR or EU GDPR (as applicable) are included in our contracts with those third parties.

In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy

The legal bases on which we will use personal data provided to us are as follows:

• in connection with our contract with the third party who we provide services to; or
• in connection with our legal obligations, including regulatory or industry regulations; or
• legitimate interests; or

Individuals have the following rights relating to personal data processed about them :-

• Right to request a copy of personal information that we process;
• Right to request that personal information is updated or removed;
• Right to make a complaint to the Information Commissioner’s Office due to concerns about the way we are processing personal information; and
• Right to withdraw consent to us processing personal information.

To get in touch with us about any of the above, please email or write to our data protection officer at: dpo@sms-plc.com / Data Protection Officer, SMS plc, 2nd Floor, 48 St Vincent Street, Glasgow, G2 5TS.

SMS reviews this policy regularly. If there are any changes to the way we use personal information, we will update this policy on our website. This privacy policy was last updated on 17 February2022.

If an individual is not happy with our reply to any complaint or thinks our processing of their personal data doesn’t comply with data protection law, a complaint can be made to the Information Commissioner’s Office (ICO). Just use these details: Address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Telephone number: 0303 123 1113

Visit the ICO website