Sodali & Co General Privacy Policy
Last Updated May 5, 2026
1. Introduction
Sodali & Co is a global advisory firm serving corporate clients worldwide as they navigate the complex dynamic of shareholder and stakeholder interests.
This Privacy Policy (“Privacy Policy”) sets out how Sodali & Co and its applicable affiliates (“Sodali & Co,” “we,” “our” or “us”) collect, store, process, transfer, share and use data that identifies or is associated with “you” (“personal information”) when you access and browse https://sodali.com/ or any other Sodali & Co-affiliated websites that reference this Privacy Policy (collectively, the “Sodali & Co Website”), and when we otherwise process your personal information as further detailed below. All collection, storing, processing, transferring, sharing and use of data as described in this Privacy Policy is subject to applicable law.
2. Who is responsible for your personal information
Morrow Sodali Global LLC (as it shall be known from time to time) is the relevant controller of your personal information if you are a Website Visitor or Subscriber (as defined in paragraph 3). If you are an Institutional Investor Contact, Vendor and Partner Contact, Job Candidate, Office Visitor, or Video Surveillance Subject (as defined in paragraph 3) then the relevant controller is the local Sodali & Co affiliate that you are dealing with, applying to, or whose premises you are visiting.
If you have any questions, comments and requests regarding this Privacy Policy or how we use your personal information, please contact privacy@sodali.com.
Morrow Sodali Global LLC has nominated the following affiliate as its representative in the European Union (“EU”):
-
Powerscourt Financial Media Limited
Carmichael House, 60 Lower Baggot Street
Dublin
Ireland D02 KP79
Email: privacy@sodali.com
Morrow Sodali Global LLC is established in the United States (“US”) and is located at:
-
430 Park Avenue, 14th Floor
New York, NY 10022
United States
Email: privacy@sodali.com
The Data Protection Officer / Data Protection Contact can be reached at dpo@sodali.com.
3. Personal information we collect about you and how we use it
We collect personal information that you voluntarily submit directly to us when you use the Sodali & Co Website or otherwise engage with us as set out below. This can include information you provide to us when you use or make a request on the Sodali & Co Website, correspond with us by phone, e-mail or otherwise, subscribe for our marketing communications, use some of the features of the Sodali & Co Website or otherwise provide in relation to our service. We will indicate to you if the provision of certain personal information is mandatory or is optional. If you chose not to provide any personal information marked as mandatory, we may not be able to respond to your queries or pursue the other purposes set out below.
We have set out the categories of personal information we collect and how we use them in the following paragraphs. We have also included information about the legal bases (and exemptions) we rely on to process such personal information, to the extent applicable (e.g., pursuant to the European Union General Data Protection Regulation 2016/679 (the “EU GDPR”) and the EU GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (as amended) (the “UK GDPR” and, collectively with the EU GDPR, the “GDPR”)). If you would like further information, please contact us using the contact details set out in paragraph 2 above.
Investor contacts
We may collect personal information about individual investors and representatives of institutional investors through our interactions with you, including communications, meetings, events, and other business activities. We may also collect personal information from publicly available sources, such as company websites, professional networking platforms, directories, social networks, and other public sources.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Contact and professional information, such as name, contact details (and for institutional investor contacts, employer, and job title) | To communicate, manage business relationships, maintain our records and send event-related communications. | We process this information based on consent where required by law and otherwise based on our legitimate interests in operating, promoting, and developing our business. |
| Government-issued identification numbers, where required. | We may use such personal information to take steps at your request prior to entering into a contract. | We process this information based on our legitimate (commercial) interests in promoting and conducting our business. |
Website Visitors or Subscribers
We may collect personal information when you browse the Sodali & Co Website or subscribe to our newsletter or web services. Such categories of data subjects are referred to as Website Visitors or Subscribers.
We typically collect this information through cookies and similar technologies. For more detailed information about the cookies we use, please refer to the Cookie Policy on our website.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Contact and Professional information (such as name, contact details, company, job title and professional interests) | To communicate with you, manage business relationships, organize or participate in events and meetings, and send marketing or promotional communications by mail, telephone, or electronic means. | We process this information based on our legitimate (commercial)
interests in providing our services and maintaining their
security. We process this information based on consent when required by law. |
| Technical and usage information (such as IP address, session identifiers, device / browser information) | To operate, secure, maintain and improve our website and support marketing activities, and to improve the services we provide. | We process this information based on our legitimate (commercial)
interests in providing our services and maintaining their
security. We process this information based on consent when required by law. |
Vendor and Partner Contacts
We may collect the personal information of the employees, agents, delegates (and similar) of companies and organizations that we enter business arrangements with (including when we enter into service contracts). We may also collect personal information when you enter business arrangements with us acting in your individual capacity.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Contact and professional information (such as name, contact details, company, job title, and professional interests) | To communicate with you, manage and develop business relationships, respond to inquiries, and take steps before entering into or performing a contract. | We process this information based on our legitimate interests in operating and developing our business. Where applicable, we also process this information to enter into or perform a contract with you, or to comply with legal and regulatory obligations. |
| Identification and financial information (such as government-issued identifiers and bank account details) | To conduct due diligence, manage contracts and projects, process payments, maintain financial and accounting records, and comply with legal, tax, and reporting obligations. | We process this information based on our legitimate interests in managing and operating our business. Where applicable, we also process this information for contract performance or to comply with legal and regulatory obligations. |
| Background check and compliance information (including criminal conviction or offence information where permitted by law) | To conduct compliance, screening, and background checks where required or permitted under applicable law. We generally retain only the outcome of such checks. | We process this information where necessary to comply with legal obligations and as otherwise permitted under applicable law. For more information, please contact us using the contact details set out in paragraph 2 above. |
Job Candidates
If you apply for a role with us or are otherwise being considered for Sodali & Co job opportunities, we may collect personal information directly from you and from other sources. This may include information you provide through applications, CVs or resumes, interviews, communications, job portals, social media platforms, and recruiting or networking events. We may also collect information from publicly available sources, professional networking platforms, references you authorize us to contact, and third-party service providers that conduct background or screening checks where and as permitted by applicable law.
Such data subjects are referred to as Job Candidates.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Recruitment and applicant information (such as name, contact details, CV/resume information, qualifications, employment history, interview notes, compensation expectations, and professional experience) | To assess applications, conduct recruitment and hiring activities, communicate with candidates, evaluate qualifications, and manage onboarding and employmentrelated processes. | We process this information for the legitimate interests of managing recruitment and workforce operations, and where applicable, to take steps prior to entering into a contract. |
| Reference and verification information (such as education and employment verification results and professional references) | To verify qualifications, employment history, references, and suitability for a role or assignment. | We process this information for the legitimate interests of assessing candidates and protecting our business. |
| Identity, right-to-work, and government-issued identification information (such as passport details, visa or work authorization information, tax or social security identifiers, and residency information) | To verify identity and work eligibility and to comply with applicable legal, tax and employment obligations. | We process this information where necessary to comply with legal and regulatory obligations and, where applicable, to perform a contract. |
| Background check and compliance information (including criminal conviction or offence information where permitted by law) | To conduct background screening and compliance checks where required or permitted under applicable law. We generally retain only the outcome of such checks. | We process this information where necessary to comply with legal obligations and as otherwise permitted under applicable law. For more information, please contact us using the contact details set out in paragraph 2 above. |
Office Visitors
In our offices and physical venues, we have security procedures in place to assess the identity and stated purpose of visitors. We may collect the data of Office Visitors as part of these security procedures.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Basic identifiers: first name and last
name. Contact information: telephone number, email address, and postal address. Government ID: (e.g., identity card, driving license, passport, and relevant ID numbers). Work details: company, job role, purpose of visit. |
To preserve and guarantee the security of premises and the safety of visitors. | We process this personal information on the basis that it is necessary to pursue our legitimate (commercial) interests in protecting our assets and rights (and those of our staff and of other visitors). |
| To keep a visitor presence register. | We may process this personal information on the basis that it is necessary for compliance with a legal obligation to which we are subject, and as otherwise permitted under applicable law. |
Video Surveillance Subjects
In some of our offices and physical venues, we may operate a video surveillance security system covering the access(es) and the inside of the premises to enhance the overall security of its premises, the safety of staff and visitors, and to deter any attempt to enter without authorization. The video stream may contain footage that constitutes or contains personal information of those captured within the stream. Such data subjects are referred to as Video Surveillance Subjects.
| Category of personal information | How we may use it | Legal basis for the processing under GDPR |
| Video: video footage and images. | We may use such personal information to: - Preserve and strengthen the security of premises and the safety of personnel and visitors. |
We process this information on the basis that it is necessary to
pursue our legitimate (commercial) interests in protecting our
assets and rights (and those of employees and visitors). If such information constitutes criminal conviction or offence data, we will process such personal information as permitted by applicable laws. For more information, please contact us using the contact details set out in paragraph 2 above. |
4. How long we keep your personal information
Unless a longer retention period is required or permitted by law, we will store the personal information we collect for no longer than necessary for the purposes set out above and in accordance with our legitimate business interests.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized user disclosure of your personal information, the purposes for which we process your personal information, and the applicable legal requirements.
Further information about our retention periods is available on request, by contacting us using the contact details set out in paragraph 2 above.
5. Recipients
As required in accordance with how we use your personal information, we may share your personal information with the following
| Recipient | Why we share personal information and how it may be used | Legal basis for the processing under GDPR |
| Affiliates. We may share your personal information with affiliated legal entities within our family of companies. Information on our affiliates can be found at: https://sodali.com/offices. | We may share personal information with affiliates, such as when we collaborate in pursuing the purposes described above. | We process this information based on the legitimate interests of administering, providing and receiving centralized intragroup services. |
| Service Providers such as providers of web hosting or other technical services, including enterprise software and platform providers such as Microsoft, NetSuite, and Salesforce. | These third-party vendors and other service providers may use personal information to perform services for us or on our behalf. These service providers will use your personal information as processors under our instructions. | We process this information for the legitimate interests of operating and supporting our business and, where applicable, to perform contractual obligations and comply with legal requirements. |
| Advisors (such as legal advisors or accountants) | These advisors may use personal information to provide advisory services to us. | We process this information based on legitimate interests, including obtaining legal, accounting and other professional advice. |
| Purchasers and third parties in connection with a business transaction. | These recipients may use your personal information to review and assess a
potential transaction to purchase our business or assets or otherwise in
connection with a transaction such as a merger, bankruptcy, sale of assets or
shares, reorganization, financing, change of control or acquisition of all or a
portion of our business. Recipients that purchase our business or assets may continue to use personal information they obtain through such transaction in accordance with applicable law. |
The legal basis we rely on for such processing and sharing is that it is necessary for our and the purchaser's legitimate interests, to conduct due diligence on our business and assets. |
| Law enforcement, regulators and other parties for legal reasons. | We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to: (i) comply with the law and the requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property or personal safety of Sodali & Co or others. | The legal basis we rely on for processing personal information and sharing it with these recipients is compliance with a legal obligation or for our legitimate interests. For more information, please contact us using the contact details set out in paragraph 2 above. |
Further information on the recipients of your personal information is available on request, by contacting us using the contact details set out in paragraph 2 above.
6. Marketing and Communications
From time to time we may contact you with information about our services.
If you have given consent to marketing, you can withdraw your consent at any time by clicking on the unsubscribe link in the footer of our marketing emails, or by contacting us using the contact details set out in paragraph 2 above.
7. Storing and transferring your personal information
Security and International Transfer of your personal information
We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or destruction. Because we and our service providers may operate globally, your personal information may be transferred to and processed in countries outside your jurisdiction, including outside the UK or European Economic Area (“EEA”). Where we transfer personal information internationally, we take steps to ensure appropriate safeguards are in place in accordance with applicable law, including transferring data to countries recognized as providing an adequate level of protection or relying on approved transfer mechanisms such as the UK or EU Standard Contractual Clauses.
In particular, your personal information may be processed by recipients in the following countries:
| Destination country | Safeguard used |
| Member States of the EEA | Adequacy (for transfers outside the UK) |
| UK | Adequacy (for transfers outside the EEA) |
| US and Australia | Standard Contractual Clauses |
| Philippines | Standard Contractual Clauses |
We will take appropriate steps designed to protect your personal information in accordance with applicable law and this Privacy Policy.
If you wish to enquire further about transfers of personal information, and the safeguards we use (including to receive a copy of them), please contact us using the details set out in paragraph 2 above.
8. Mobile SMS / MMS messaging
We may send SMS or MMS messages solely in connection with providing services to our clients. If you opt in to receive SMS / MMS messages:
- Message frequency may vary (typically 2–7 messages per year or as required by applicable governance or scheduling needs).
- Message and data rates may apply.
- Reply STOP to opt out or HELP for assistance.
- Support contact: +1 888-707-6311 or privacy@sodali.com.
9. Your rights in respect of your personal information under the GDPR
If your personal information is protected by the EU GDPR or UK GDPR, you have the following rights in respect of your personal information that we hold:
(a) Right of access.
You have the right to obtain:
- (i) confirmation of whether, and where we are processing your personal information;
- (ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
- (iii) information about the categories of recipients with whom we may share your personal information; and
- (iv) a copy of the personal information we hold about you.
(b) Right of portability.
You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine- readable format that supports re-use, or to request the transfer of your personal information to another person.
(c) Right of rectification.
You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
(d) Right to erasure.
You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
(e) Right to restriction.
You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information, such as where the accuracy of the personal information is contested by you.
(f) Right to withdraw consent.
Where we rely on your consent for processing your personal information, you have the right to withdraw your consent. Withdrawal of your consent will not affect the lawfulness of the processing of your personal information before you withdrew your consent.
(g) You have a right to object to any processing based on your legitimate interests. There may, depending on the particular circumstances, be compelling reasons for continuing to process your personal information despite your objection, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
if you wish to exercise these rights, please contact us using the contact details in paragraph 2, above.
We will not charge you a fee for complying with your request to exercise one of these rights other than where the request is manifestly unfounded or excessive (such as if you submit a number of repeated requests), in which case we may charge you a reasonable fee to cover our administrative costs, as permitted under applicable law.
You also have the right to lodge a complaint to a relevant data protection authority. If you are in the UK, your local data protection authority is the information Commissioner’s Office, which can be contacted using the details at https://ico.org.uk/global/contactus/. If you are in the EAA, you have the right to complain in the country where you live, work, or of an alleged infringement of the EU GDPR. Further information about how to contact your local data protection authority is available here.
10. Your rights in respect of your personal information under the US laws
If you are a resident of certain US states, including California, and to the extent applicable based on your jurisdiction, you may have rights regarding your personal information under those state privacy laws.
What personal information do we collect about you?
We may collect and process, and may have collected and processed in the past twelve months, the information described in paragraph 3 which fall into the following categories of personal information:
- (a) Identifiers and other personal information described in California law, such as name, telephone number, email address, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, SSN, driver’s license number, passport number, or other similar identifiers;
- (b) Characteristics of protected classifications under California or US federal law, such as preferred language;
- (c) Commercial information, such as records of, products or services purchased, obtained, or considered, or other purchasing or consumer histories or tendencies;
- (d) Internet or other electronic network activity information, such as browsing history and information regarding your interaction with our website or online advertisement;
- (e) Geolocation data, approximate location (derived from IP addresses);
- (f) Audio, electronic, visual, or similar information, such as video surveillance footage;
- (g) Professional or employment-related information, such as company, job role;
- (h) Education information (defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)), such as education history;
- (i) Sensitive personal information (when permitted and in accordance with applicable law and only when you voluntarily provide such information), such as account log-in or financial account credentials; and
- (j) Inferences drawn from any of the information identified in the following paragraph.
How do we collect your personal information?
We may collect your personal information in the manner and from the sources described in paragraph 3.
How do we use your personal information?
We may use your personal information for business purposes, as defined under applicable law and as described in paragraph 3.
How do we disclose your personal information?
We disclose your personal information to the parties described in paragraph 5.
How long do we keep your personal information?
We keep your personal information for the time periods described in paragraph 4.
What privacy rights do you have?
To the extent applicable based on the laws in your jurisdiction, you may have the following rights in and to your personal information:
- (a) Right to know. You may have the right to request that we disclose certain information to you about our collection and use of your personal information.
- (b) Right to delete. You may have the right to request that we delete personal information that we have collected about you. Please note if you have requested a service or have been offered a benefit that requires the use of your personal information, we may not be able to provide that service or benefit if you choose to delete your personal information.
- (c) Right to correct. You may have the right to request that we correct inaccurate personal information that we have collected about you.
- (d) Right to opt out. You may have the right to opt out of the sharing of your personal information.
- (e) Right to appeal. If you receive our refusal to fulfill a previous request that you submitted, you may have the right to appeal such refusal by contacting us as set forth below in paragraph 11.
- (f) Right to non-discrimination. We will not discriminate against you for exercising any of your rights described in this privacy policy, nor will we retaliate against you.
If you choose to assert any of these rights under applicable law, we will respond within the period prescribed by such law.
Certain requests you submit to us may be subject to a verification process as required or permitted under applicable law. We may not be able to fulfil your request unless you have provided sufficient information for us to appropriately verify you and your request as required or permitted under applicable law.
For the purpose of California’s “Shine the Light”(California Civil Code Section 1798.83-84) we do not share California residents’ Personal Information with third parties for their own direct marketing purposes.
11. How do you exercise your privacy rights?
To exercise any of your rights, please contact us using one of the following methods:
- (a) Contact the Controller or the Data Privacy Officer / Data Privacy Consultant using the contact details provided in Section 2.
- (b) Individuals located in the European Union may also contact our EU Representative using the contact details provided in Section 2.
- (c) California residents may exercise their rights under applicable California privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), by contacting us at +1 833-928-4474 or using the contact details provided in Section 2.
12. Links to third party sites
The Sodali & Co Website may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, social media platforms and affiliates. If you follow a link to any of these websites, please note these websites have their own Privacy Policies. We do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
13. Changes to this policy
We may update this Privacy Policy from time to time, so you should review this page periodically. When we change this Privacy Policy in a material way, we will update the “Last Updated” date at the top of this Privacy Policy and notify you to the extent required by and in accordance with applicable law. Changes to the Privacy Policy are effective when they are posted on this page.
Version 5.0 as of 5 May 2026