Sterling Digital PLC – Shareholder Privacy Policy

Introduction

This Shareholder Privacy Policy explains how Sterling Digital PLC ("Sterling Digital", "we", "our", or "us") collects, uses, stores, and protects personal data relating to shareholders, prospective investors, beneficial owners, and other persons whose information may be connected with the Company's share register or investor relations activities.

We are committed to safeguarding your privacy and ensuring that personal data is handled securely, lawfully, and transparently in accordance with the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and other applicable privacy and electronic communications laws.

Who We Are

Sterling Digital PLC is the controller of personal data processed in connection with shareholder communications, investor relations, market disclosure obligations, and the administration of the Company's securities.

Information We May Collect

Depending on your relationship with Sterling Digital, we may process:

• Your name, address, email address, telephone number, and other contact details.
• Shareholding information, investor reference numbers, and details of securities held.
• Identity, verification, and anti-money laundering information where required.
• Communications you send to us, including enquiries, meeting requests, voting instructions, and correspondence with our advisers or registrar.
• Information required for regulatory filings, market disclosures, shareholder meetings, and corporate actions.

How We Use Shareholder Information

We use shareholder and investor information to:

• Maintain and administer shareholder records.
• Communicate with shareholders and respond to enquiries.
• Manage shareholder meetings, voting, corporate actions, and statutory communications.
• Comply with market disclosure rules, company law, tax obligations, anti-money laundering requirements, and other legal or regulatory duties.
• Support investor relations and provide information requested by shareholders or prospective investors.
• Protect the Company's rights, property, systems, and stakeholders.

Lawful Basis for Processing

We process shareholder personal data where it is necessary to comply with our legal and regulatory obligations, to perform tasks connected with the administration of securities, to pursue legitimate business interests in managing investor relations and corporate governance, or where you have given consent for a specific purpose.

Sharing of Information

We may share shareholder information with:

• Our registrar, broker, corporate adviser, legal advisers, auditors, and other professional advisers.
• Service providers who support our website, communications, records, security, or administration.
• Regulatory authorities, stock exchanges, law enforcement agencies, courts, or other public bodies where required by law or regulation.
• Potential counterparties or advisers in connection with corporate transactions, reorganisations, financing, or due diligence, where appropriate safeguards are in place.

We do not sell shareholder personal data to third parties.

International Transfers

Some of our service providers may process personal data outside the United Kingdom or European Economic Area. Where this occurs, we take steps to ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other recognised transfer mechanisms.

Security and Retention

We use appropriate technical and organisational measures to protect shareholder personal data against unauthorised access, loss, misuse, alteration, or disclosure. Access to shareholder information is restricted to those who need it for legitimate business, legal, or regulatory purposes.

We retain shareholder personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, reporting, or governance requirements. When data is no longer required, it will be securely deleted or destroyed.

Your Rights

Under applicable data protection laws, you may have the right to:

• Request access to the personal data we hold about you.
• Ask us to correct inaccurate or incomplete information.
• Request deletion of your personal data where there is no lawful reason for us to retain it.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.
• Receive a copy of your personal data in a portable format where applicable.

To exercise your rights, please contact us using the details below. You also have the right to lodge a complaint with the UK Information Commissioner's Office.

Updates to This Policy

We keep this Shareholder Privacy Policy under review and may update it from time to time. Any updates will be posted on this page, and significant changes may be notified through appropriate shareholder or investor communication channels.

Contact Us

If you have questions about this Shareholder Privacy Policy, or wish to exercise your rights, you can contact us at: