Atlantia S.p.A., with registered office in Piazza di S. Silvestro n.8, 00187 Rome, in its capacity as data Controller wished to inform you, pursuant to article 13 and 14 of the Regulation (EU) 2016/679 – General Data Protection Regulation (the “Regulation” or “GDPR”) provides you the information on the processing of personal data you supplied to the Company, also through credit Institutions and companies of Financial Intermediation, in relation to your status as a Shareholder and your participation in the General Meeting through the Appointed Representative.
The personal data to be processed will be, among others, your first name, surname and address and they will be used for the purpose of managing relations with you as a Shareholder, including corporate and General Meeting fulfilling and, in particular, for the following purposes:
updating of the Shareholders’ Ledger and activities related to your status as a Shareholder;
updating the mailing list (name, address and any other contact details) in order to send corporate communications and documentation;
registration for the attendance, in presence or by granting a proxy, even to the Appointed Representative Computershare S.p.A., at the General Meeting registration and recording of votes, statistics for the check of the shareholding base of the Company or OF participation in the Shareholders’ Meetings and other corporate events;
fulfilling further obligations provided by law, regulations or EU legislation and, in any case, in relation to the obligations connected with your status as a Shareholder of the Company;
enforcing or defending a right in court or in a preliminary phase to the judgment;
for purposed connected to extraordinary transactions (merger, transfer of going concern, etc.) on the basis of the legitimate interest of the Controller.
Under article 6, paragraph 1, letters b) and c) of the Regulation, personal data are necessary for executing contractual and pre-contractual measures, as well as necessary for meeting a legal obligation to which Atlantia is bound. Failure to provide the data would make it impossible for the Controller to manage the relationship with you as Shareholder, fulfill corporate formalities and allow your attendance at the General Meeting.
The processing of personal data is carried out with paper support (eg. Minutes) and/or by electronic means (audio and video tracks of the events and electronic documents) and, in any case, in compliance with the applicable laws ensuring that such means are equipped with security measures adequate to processing the date for which they are used.
The processing of personal data will be carried out according to the principles of proportionality and necessity, so that unnecessary personal data are not collected or processed.
In compliance with Article 5 of the GDPR, your data will be kept for the entire duration of your status as a Shareholder and for a period of 10 years as a precautionary measure in relation to the statute of limitations under civil law, plus a further 12 months, exclusively for purposes related to the performance of legal obligations or the defense of Atlantia's rights in court. In the event of any litigation, the above retention periods shall be suspended until the controversy will be finally settled.
Your data may be disclosed, to the extent necessary to perform the above activity and in compliance with the above purposes of the processing as well as in order to comply with obligations set out by applicable laws and regulations, to:
public administration bodies in compliance with legal obligations;
the judicial authority;
companies entrusted with managing the Shareholders’ Ledger of Atlantia S.p.a;
companies acting as Shareholders’ Representative designated by the Company pursuant to Article135-undecies of Legislative Decree No. 58/98 (TUF - Consolidated Law on Finance), to collect voting proxies/sub-proxy relating to the General Meeting as well as to fulfil the formalities with the obligations inherent in the representation in the General Meeting and the expression of the vote of the person represented;
companies involved in the management and maintenance of information systems, auditing firms, professional offices or freelancers for the performance of consultancy and assistance in corporate operations.
These parties will, as a rule, act as autonomous holders of the respective processing operations, except in the event that they act on behalf of the Data Controller in their capacity as Data Processors and have, therefore, entered into a specific contract that punctually governs the processing assigned to them, pursuant to Article 28 of the GDPR.
The data may be disclosed with the view to complying with specific legal or regulatory obligations, obligations deriving from EU legislation as well as under order issued by competent Authorities or by supervisory or control bodies. In particular, some personal data may be disclosed to the financial market, to the extent that such disclosure is strictly necessary and in compliance with the applicable laws and CONSOB regulations.
Personal data are not transferred to any third party located in countries not belonging to the European Economic Space or in case not subject to the GDPR.
In case it would be necessary to transfer your data to third parties located outside the European Economic Space for specific purposes, such transfer will take place only if the EU Commissions has confirmed an adequate level of protection of the data in such third country (EU Commissions decision on adequacy) or where adequate warranties of protection exist (by way of example EU standard contractual clauses for the data transfer to Third countries).
For lawful and grounded reasons the interested persons - consistently with existing legal and contractual obligations of the Controller, if any– have power to exercise the rights set forth under articles 15-22 of the Regulation.
In particular, according to applicable laws, the interested person has the right to:
• request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected;
• receive information on the logic, methods and purposes of the processing;
• receive the data in a structured, commonly used and machine-readable format;
• revoke the consent given to the processing of data at any time and to object, in whole or in part, to the use of the data;
• lodge a complaint with the Authority, as well as to exercise the other rights recognised to you by current legislation.
The Data Controller reserves the right to assess the applicability, with respect to the processing of personal data concerning you, of one or more of the rights mentioned above.
The above mentioned rights may be exercised by sending an email to firstname.lastname@example.org or by post, writing to the attention of the Data Protection Officer, to the following address: Piazza di S. Silvestro n.8, 00187, Rome.
Pursuant to and for the purposes of articles 37-39 of the Regulation, Atlantia appointed a Data Protection who can be consulted at the following e-mail address email@example.com