Privacy policy

This Privacy Policy explains how we use the personal information that the Takeover Appeal Board collects or generates, both in relation to this website and in relation to the exercise of our regulatory functions.

The list below sets out what is covered in this Privacy Policy and you can click on the headings below to go to a specific section.

    1. The Takeover Appeal Board, whose address is 1 Angel Court, London, EC2R 7HJ collects and uses certain Personal Data. The Takeover Appeal Board is responsible for ensuring that we use Personal Data in compliance with data protection laws.
    2. At the Takeover Appeal Board we respect your privacy and we are committed to keeping all your Personal Data secure. This Privacy Policy governs the handling of Personal Data by the Takeover Appeal Board in the course of the exercise of our regulatory functions.
    3. We use the following definitions in this Privacy Policy:
      • “Board”, “we” or “us” means the Takeover Appeal Board.
      • “Personal Data” means any data which relates to a living individual who can be identified from that data or from data and other information which is in the possession of, or is likely to come into the possession of, the Board (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of the Board or any other person in respect of an individual.
    1. This Privacy Policy concerns the following categories of information that we collect about you when exercising our regulatory functions and when carrying out our services generally:
      1. information that we receive or generate as a result of the exercise of our regulatory functions;
      2. information we receive or generate through our website (the “Board Website”) or as a result of your use of the Board Website; and
      3. information we receive or generate as a result of providing our publications to you.
    1. In relation to each of the activities described at paragraph 2.1 above, we will collect and process the following Personal Data about you:
      • information that you provide to the Board. This includes information about you that you provide to us. The nature of the activities that we carry out in accordance with our regulatory functions determines the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):
        • Basic Personal Data (such as first name; family name; company name; position in the company; company email address; business phone number; business address; city; postcode; country); and
        • Personal Data related to your professional life or financial or personal dealings (such as details of directorships, involvement in share transactions, shareholdings in companies, banking arrangements (including details of bank accounts and prime brokerage accounts), details of professional advisers, business associates, friends and family and general corporate activity/history).
      • information that we collect or generate about you. This includes (by way of non-exhaustive list):
        • information generated through your use of the Board Website (e.g. any documents downloaded from the Board Website, searches made on the Board Website, etc.); and
        • information generated by us about you in the exercise of our regulatory functions, including during the course of our case work and investigations.
      • information we obtain from other sources. This may include (by way of a non-exhaustive list):
        • information obtained from public websites and other public sources;
        • information received from your advisers or intermediaries, including bankers, stockbrokers and financial advisers, with respect to transactions that you have engaged in or which are related to you;
        • information obtained from third parties such as Bloomberg, Thomson Reuters, the London Stock Exchange and other financial information outlets;
        • information from your business associates, friends and family;
        • information obtained from employees of third party companies involved in your business transactions that fall within our regulatory scope; and
        • information provided by other regulators, authorities and/or related third parties relating to activities falling within our regulatory functions.
      • cookies
        • When you visit the Board Website, cookies are used to collect technical information about the services that you use, and how you use them.
        • For more information on the cookies used by the Board please see our Cookies Notice further below.
    1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
      • to ensure that we can exercise our regulatory functions properly and efficiently under, amongst other things, the Companies Act 2006 and the Takeover Code;
      • to conduct administrative tasks within the Board in aid of the exercise of our regulatory functions or otherwise administering our organisation;
      • for record-keeping purposes required for the Board’s internal business administration;
      • to communicate with you in order to provide you with information about the Board, the conduct of our functions and our publications;
      • to communicate, as appropriate, with other regulators and authorities both within the UK and outside of the UK, in the exercise of our regulatory functions;
      • for the management and administration of our organisation;
      • for ongoing review and improvement of the operation of the Board Website and information provided on the Board Website to ensure that it is user-friendly and informative;
      • in order to comply with, and to assess compliance with, applicable laws, rules and regulations, and internal policies and procedures; and/or
      • for the administration and maintenance of databases storing Personal Data.
    2. However we use Personal Data, we will make sure that the usage complies with the law. The law allows us and requires us to use Personal Data for a variety of reasons. For example:
      • we have legal and regulatory obligations that we have to discharge, including in relation to the exercise of our regulatory functions;
      • we carry out tasks that are within the public interest or by virtue of our official authority under relevant statutes, such as the Companies Act 2006;
      • we may need to use your Personal Data in order to perform our contractual obligations with you;
      • we may have obtained your consent to use your Personal Data;
      • we may need to use your Personal Data in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
      • the use of your Personal Data may be necessary for our legitimate interests, such as:
        • allowing us effectively and efficiently to manage and administer the operation of our organisation; and
        • maintaining compliance with internal policies and procedures.
    3. We will take steps to ensure that Personal Data is accessed only by employees of the Board who have a need to do so for the purposes described in this Privacy Policy.
    1. We may share your Personal Data within the Board.
    2. We may also share your Personal Data outside of the Board for the following purposes:
      • with parties connected with the exercise of our regulatory functions in order to perform such functions, such as other regulators or official bodies (both in the UK and overseas), the Takeover Appeal Board and other third parties as required in the exercise of our regulatory functions;
      • with third party agents and contractors for the purposes of providing services to us (for example, the Board’s accountants, professional advisers, IT and communications providers). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy; and
      • to the extent required by law or regulation, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with our duty to cooperate with other regulators), or to establish, exercise or defend our legal rights.
    1. In certain circumstances, we may transfer your Personal Data to locations outside of your country, in particular where requested by an overseas regulator.
    2. Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:
      • the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
      • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
      • where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
      • in other circumstances, where the law permits us to otherwise transfer your Personal Data outside of the EEA.
    3. You can obtain more details of the protection given to your Personal Data when it is transferred outside of the EEA (including a copy of any standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 11 below.
    1. We have extensive controls in place to maintain the security of our information and information systems. Files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.
    2. As a condition of employment, the Board’s employees are required to follow all applicable laws and regulations, including in relation to data protection law and the statutory duties of confidence applied to the Board. Access to sensitive Personal Data is limited to those employees who need to it to perform their roles. Unauthorised use or disclosure of confidential personal information by a Board employee is prohibited and may result in disciplinary or punitive measures, in particular under the Companies Act 2006.
    1. How long we will hold your Personal Data for will vary and will be determined by the following criteria:
      • the purpose for which we are using it – the Board will need to keep the data for as long as is necessary for that purpose; and
      • legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
    1. In all of the cases described in this Privacy Policy in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
      • the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
      • the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation or to enable us to exercise our regulatory functions;
      • in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to the Board;
      • the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
      • the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
      • the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
      • the right to lodge a complaint with the Information Commissioner if you think that any of your rights have been infringed by us.
    2. There may be limitations or exemptions applicable to the exercise of your rights. If we do not comply with your request we will explain the reason when we respond to the request.
    3. You can exercise your rights by contacting us using the details listed in paragraph 11 below.
    1. This Cookies Notice provides you with information about the cookies we use and why we use them. It should be read together with the Privacy Policy outlining our practices regarding your Personal Data.
    2. Cookies are small text files that are sent to and temporarily stored on your computer, smartphone or other device for accessing the internet whenever you visit a website.
    3. We use Cookies for a variety of reasons, including:
      • to improve the functionality and performance of the Board Website (including your user experience) and to make sure the Board Website performs as you expect it to;
      • to distinguish you from other users of the Board Website; and
      • to analyse how you use the Board Website.
    4. We use the following types of cookies on the Board Website:
      Cookies Description Duration
      These help us analyse how you use the Board Website and allow us to identify what you like and do not like and how we can improve things for you. They also allow for site integrity. We use Google Analytics, a web analytics platform provided by Google which places text files on your computer to help analyse how visitors use the Board Website. These cookies will remain until they are deleted.
      These cookies are essential to ensure performance of the Board Website. You will be unable to load our pages if you block these cookies. We also use session cookies to display search queries. These cookies will expire when you leave the Board Website.
      These cookies remember selections or preferences that you have already made on the Board Website through the software (WordPress) which displays our website content. These cookies typically expire after 1 year
    5. Most of the cookies we use do not save any information that can identify you as an individual. Instead, we receive general and anonymised information from these cookies regarding all users of the Board Website.
    6. By using the Board Website and/or closing the pop-up cookie notice you consent to the use of cookies on the Board Website. If you do not consent to the use of cookies on the Board Website you should immediately leave the Board Website and/or change your browser settings to block cookies.
    7. The browsers of most computers, smartphones and other web-enabled devices are typically set up to accept cookies. If you wish to amend your cookie preferences for the Board Website, you can do this at any time and by changing your browser settings. Your browser’s ‘help’ function will tell you how to do this. You do not have to accept cookies. However, please note that cookies are often used to enable and improve certain functions on the Board Website. If you choose to block cookies through your browser settings, it is may affect how the Board Website works.
    8. For more information about how to disable cookies, visit
    1. If you have any questions or concerns about the Board’s handling of your Personal Data, or about either the Privacy Policy or the Cookies Notice, please contact our Privacy Officer using the following contact information:
      The Takeover Appeal Board
      1 Angel Court
      EC2R 7HJ
      Email address:

      We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction, which in the UK shall be the Information Commissioner’s Office (“ICO”). Upon request, the Board’s Privacy Officer will provide you with the contact information for that regulator.