1. INTRODUCTION
1.1 This Privacy Statement explains how Monte Titoli S.p.A., a company of the Euronext Group (as defined below) having its registered office in Piazza degli Affari 6, Milano ("Monte Titoli" or “we”, “us” or “our”), acting in its capacity of data controller, collects information from you in the frame of this PROXY FORM TO THE APPOINTED REPRESENTATIVE PURSUANT TO ART. 135-UNDECIES OF LEGISLATIVE DECREE 58/1998
1.2 In the event of any conflict between this Privacy Policy and the terms of a contract you have with us, the relevant provision of that contract shall prevail. Nothing in this Privacy Policy shall apply to the extent that it is incompatible with applicable data protection laws.
1.3 Effective Date: 20th March 2023
2. WHAT PERSONAL DATA DO WE COLLECT
"Personal Data" refers to information which does or is capable of identifying you as an individual. In relation to the purposes described above, the Company processes your Personal Data (such as i.e. name, surname, address, telephone number, email address, date of birth, identity document, fiscal code, nationality).
3. HOW WILL WE USE ANY PERSONAL DATA THAT WE COLLECT AND ON WHICH LEGAL GROUND?
All Personal Data are processed, in compliance with legal provisions and privacy obligations, for activities strictly connected and necessary for the following purposes: (i) purposes that are strictly connected and functional to the execution of contractual obligations, arising from the mandate conferred by the Delegator (or his representative) to the Appointed Representative, concerning representation at the Shareholders' Meeting and the expression of the vote; (ii) purposes connected with law obligations, regulations, European laws, and instructions from competent Authorities or Supervisory and control or bodies. The provision of Personal Data for such purposes is mandatory. Failure to provide the Personal Data that are necessary for the previously indicated purposes (e.g., Personal Data required to have a valid proxy) will make it impossible for the Company to allow the delegate to participate in the Shareholders' Meeting. Legal ground is compliance with laws and execution of contractual obligations.
4. DISCLOSURE OF YOUR PERSONAL DATA
We may share your Personal Data with regulated authorities in order to carry out legal or regulatory obligations.
5. CROSS-BORDER TRANSFERS OF YOUR PERSONAL DATA
We are an international organisation, with businesses both inside and outside of the European Economic Area ("EEA"), in particular in USA third party service providers who handle data on our behalf may be based in locations around the world, and we may also be subject to scrutiny from courts or regulators in a number of different jurisdictions. For these reasons, your Personal Data may be transferred to other countries both inside and outside of the EU and the EEA. As privacy laws in other countries may not be equivalent to those in your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that Personal Data handled in other countries will receive at least the same level of protection as it is given in your home country, for instance by entering into contracts incorporating the European Commission approved model contract clauses.
6. MODALITIES OF PROCESSING OF YOUR PERSONAL DATA
Your Personal Data are processed in compliance with the provisions of the Privacy Law, by means of paper, computer or telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable to guarantee security and confidentiality in accordance with the Privacy Law.
7. RETENTION OF YOUR PERSONAL DATA
We will retain your Personal Data for as long as is reasonably necessary for the purposes for which they are collected, ie Personal Data collected for the Mandatory Purposes are retained for the period necessary to the provision of the required service, plus a maximum of 10 years from the termination of the services.
However, in some circumstances we may retain Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, tax or accounting obligations. In specific circumstances also we may also retain your Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
8. PROTECTION OF YOUR PERSONAL DATA
8.1 We will hold your Personal Data securely whilst it is under our control, including where it is processed by third party service providers on our behalf. We train our employees in respect of their obligations under data protection laws, and we ensure that only relevant Monte Titoli employees, contractors and agents have access to your Personal Data.
8.2 We take the security of our physical premises and our servers seriously and we will take all appropriate technical measures using recognized security procedures and tools in accordance
with good industry practice to protect your Personal Data across all of these platforms.
9. YOUR RIGHTS
9.1 Subject to applicable law, you may have some or all of the following rights in respect of your Personal Data:
9.2 Right to be informed: you have the right to know your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.
9.3 Right of access: you have the right to ascertain what type of Personal Data we hold about you and to a copy of this Personal Data.
9.4 Right to rectification: you have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
9.5 Right to erasure: in certain circumstances you may request that we delete the Personal Data that we hold on you. You have also the right to give post-mortem instructions regarding your Personal Data.
9.6 Right to restriction: you have the right to request that we stop using your Personal Data in certain circumstances including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing until the issue is resolved.
9.7 Right to object: where we rely on our legitimate interests to process your Personal Data, you have a right to object to this use. We will desist from processing your Personal Data unless we can demonstrate an overriding legitimate interest in the continued processing.
9.8 Right to portability: in case the processing is based on your consent or a contract conclude with you, you may request us to provide you with certain Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible.
9.9 In addition to the above, you have the right to lodge a complaint with the supervisory authority. In the Italy there is the Garante per la protezione dei dati personali.
9.10 If you wish to investigate the exercising of any of these rights, please contact us using the details set out below. You can exercise the rights mentioned above through the modalities set out in Section 10 below.
10. INFORMATION ABOUT THE DATA CONTROLLER AND CONTACT DETAILS
10.1 Your Data Controller will be Monte Titoli S.p.A. In all cases, if you have any complaints or queries relating to the processing of your Personal Data by Monte Titoli, or to exercise any rights in respect of your Personal Data, you should contact us in one of the following ways:
• By post: Monte Titoli S.p.A. - Legal Department - Piazza degli Affari, 6 - 20123, Milano
• By email: dpo@euronext.com