INFORMATION ON PROCESSING BY JT S.A. OF PERSONAL DATA OF SHAREHOLDERS, PERSONS PARTICIPATING IN A GENERAL SHAREHOLDERS MEETING OR EXERCISING THEIR RIGHTS ATTACHED TO SHARES
Information on processing by JT S.A. of personal data of shareholders, persons participating in a General Shareholders Meeting or exercising their rights attached to shares
JT S.A. hereby presents the following information required under provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”) concerning protection of personal data:
Terms used in the information:
Company, that is JT Spółka Akcyjna with its registered office in Warsaw, address: 03-044 Warszawa, ul. Płochocińska 111, NIP [tax ID no.] 7792298897, REGON [statistical number] 300454878, entered into the register of entrepreneurs of the National Court Register under number KRS 0000576198, with its registration files kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register.
Shareholder, that is a natural person whose personal data are processed by the Company in connection with participation in a General Shareholders Meeting of the Company or exercising rights attached to shares which are or will be issued by the Company. Within the meaning of this information, a „Shareholder” is also a natural person who is a proxy or legal representative of a Shareholder, or who is representing the Shareholder, or is a person authorized to exercise rights attached to shares of the Company on any other grounds.
Company – personal data controller, contact data of the Company and the data protection officer
The controller of your personal data is JT Spółka Akcyjna with its registered office in Warsaw; 03-044 Warszawa, ul. Płochocińska 111. The Company can be contacted at the e-mail address firstname.lastname@example.org. The personal data protection officer can be contacted at the e-mail address email@example.com.
For what purposes are Shareholder’s data processed?
The Company processes data for the purpose of:
¾ fulfillment of obligations resulting from provisions of the community law (European Union law) or the Polish law, in particular the Commercial Companies Code, applicable to the Company; fulfillment of other obligations provided for by the law, including drawing up lists of Shareholders, fulfillment of recording or reporting obligations;
¾ consideration of applications or performance of other acts related to the exercising by the Shareholder of rights attached to shares issued by the Company;
¾ exercising of rights resulting from legally justified interests of the Company, such as: ensuring proper convening and holding of a General Meeting, adopting and executing resolutions of the General Meeting, allowing contact with Shareholders, verification of identity and enforcement of possible rights, including claims by the Company, or defending its rights or rights of an entity represented by the Company;
¾ archiving the data,
What are the categories of processed data?
The Company processes mainly data related to identification or verification of rights to shares issued by the Company. Those are usually data included in share documents or documents confirming rights to shares regardless of their form, a share register, powers of attorney, minutes, extracts from respective registers, or other documents related to a General Shareholders Meeting or to the Shareholder exercising their rights attached to shares. If Shareholders contact the Company electronically, the e-mail address and possibly other data included in the electronic correspondence. Furthermore, the Company can process other personal data provided by a Shareholder or another authorized body or entity if the data cannot be assigned to any of the groups mentioned above and they are processed for the purposes described in the present information.
If data are provided directly to the Company, provision of data is required by regulations of the Commercial Companies Code and in order to allow verification of the Shareholder’s identity, and a failure to provide data results in a lack of possibility to participate in a General Meeting. In the case of an e-mail address, providing such an address is voluntary, however, it is necessary to allow contact between the Company and the Shareholder via e-mail. A failure to provide an e-mail address results in a lack of possibility to maintain contact in this way.
What are the legal grounds for the processing of shareholders’ data by the company?
JT S.A. processes personal data of shareholders based on the following regulations:
a) fulfillment of legal obligations (art. 6 section 1 letter c GDPR), in connection with art. 407 section 1(1) of the Commercial Companies Code;
b) legally justified interest of JT S.A. (art. 6 section 1 letter f GDPR) – for the purpose of handling, pursuing and defending mutual claims, should they arise.
What categories of data recipients are distinguished?
Personal data can be provided to the following entities or bodies:
¾ authorized based on provisions of the law,
¾ other Shareholders within the scope of fulfilment of obligations resulting from provisions of the law, including art. 407 of the Commercial Companies Code,
¾ which must be provided with the data in order to perform a given act which the Shareholder is a part to, or another act concerning the Shareholder,
¾ who can receive the data based on a consent or an authorization,
¾ which are clearing houses or other entities offering clearing and settlement, payment institutions or entities representing such entities if this is related to an act performed by the Shareholder or for their benefit,
¾ business, economic or legal counsels, accounting firms and auditors who provide services for the Company.
The Company does not plan to provide personal data to countries from outside the European Economic Area.
The Company does not process personal data of Shareholders automatically and it does not use data for profiling purposes.
How long are Shareholder’s data processed by the Company?
The Company processes personal data throughout a period when the given person is a Shareholder. Furthermore, the Company processes archived data after expiry of the given legal relationship throughout the archiving period, not shorter that the period of limitation on claims. The basic archiving period is 6 years, whereas it ends with the lapse of the last day of the calendar year, unless provisions of the law set forth a different period. It a dispute, a court case or other proceedings (in particular criminal proceedings) are pending, the archiving period shall be calculated from the day of a legally binding conclusion of proceedings, and in the case of multiple proceedings – a legally binding conclusion of the last of them, regardless of the manner of its conclusion.
Documentation of the Company, including documentation of General Shareholders Meetings, containing personal data is stored throughout the period of existence of the Company, and then can be provided to an entity appointed to store documents. The period of storing data processed based on a consent is indicated in the declaration on consent; in any case, if the Company processes data for this purpose, until the consent is revoked.
The Shareholder has the right:
¾ to request from the Company access to their personal data, and the right to correct them if they are not consistent with the facts, and furthermore, in cases provided for by the law, to claim removal of the data or limitation of their processing,
¾ to object against data processing,
¾ to move data or to obtain copies of data – whereas this right may have an adverse impact on rights and freedoms of persons, including trade secrets or copyrights, and it shall be executed within the scope of technical possibilities,
¾ to remove consents or authorizations granted in connection with data processing.
How does JT S.A. obtain Shareholders’ data from?
Personal data of Shareholders are obtained from Shareholders, proxies and representatives, in particular in connection with the requirement to prove rights attached to shares or the right to represent a Shareholder.
Requests related to exercising the rights can be submitted by Shareholders electronically at the address: firstname.lastname@example.org or email@example.com or in writing, at the address of the registered office of the Company.
The Company may request that the Shareholder specifies information or activities which the request concerns. In meeting the request to transfer data or to provide their copies, the Company provides data, informing about the electronic format or the medium used.
Has the Shareholder the right to file a complaint with a supervisory body concerning personal data?
Yes, a Shareholder can file a complaint concerning the data processing with the President of the Personal Data Protection Office.
This information fulfills a legal obligation. You are not required to take any action.