Atlantia S.p.A., with registered office in Via A. Nibby, 20, 00161 Rome, in its capacity as data controller pursuant to article 13 and 14 of the Regulation (EU) 2016/679 – General Data Protection Regulation (the “Regulation”) provides you the information on the processing of personal data you supplied to the Company, also through credit Institutions and companies of Financial Intermediation, in relation to your status as a Shareholder and your participation in the General Meeting through the Appointed Representative.
Personal data and purposes of the processing
The personal data to be processed will be, among others, your first name, surname and address and they will be used for the purpose of managing relations with you as a Shareholder, including corporate and General Meeting fulfilling and, in particular, for the following purposes:
- updating of the Shareholders’ Ledger and activities related to your status as a Shareholder;
- updating the mailing list (name, address and any other contact details) in order to send corporate communications and documentation;
- registration for the attendance, also by proxy, at the General Meeting and to other corporate events, registration and recording of votes, statistics for the check of the shareholding base of the Company or participation in the Shareholders’ Meetings and other corporate events;
- fulfilling further obligations provided by law, regulations or EU legislation and, in any case, in relation to the obligations connected with your status as a Shareholder;
- enforcing or defending a right in court or in a preliminary phase to the judgment;
Under article 6, paragraph 1, letters b) and c) of the Regulation, your consent is not required since personal data are necessary for executing contractual and pre-contractual measures, as well as necessary for meeting a legal obligation to which Atlantia, in its capacity as controller, is bound.
Processing arrangements and record-keeping duration
The processing of personal data is carried out manually (minutes) and/or by automated means (audio tracks and electronic documents) and, in any case, in compliance with the applicable laws. with the implementation of adequate technical and organizational measures in accordance with the provisions of Article 32 of the GDPR. The processing is carried out by specially trained and authorized parties, in compliance with the provisions of Article 29 of the GDPR. In any case, its logical and physical security and confidentiality will be guaranteed.
The processing of personal data will be carried out according to the principles of proportionality and necessity, so that unnecessary personal data are not collected or processed.
In compliance with the principles of lawfulness, limitation of purposes and minimization of data, pursuant to Article 5 of the GDPR, your data will be kept for the entire duration of your status as a Shareholder and for the time strictly necessary for the fulfilment of the related obligations and, in any case, according to the prescribed terms provided for the exercise of the rights deriving from the company relationship.
Categories of third parties to whom the data may be disclosed
Your data may be disclosed, to the extent necessary to perform the above activity and in compliance with the above purposes of the processing, to:
- public administration bodies in compliance with legal obligations;
- the judicial authority;
- companies entrusted with managing the Shareholders’ Ledger of Atlantia S.p.a;
- companies acting as Shareholders’ Representative designated by the Company pursuant to Article135-undecies of Legislative Decree No. 58/98 (TUF - Consolidated Law on Finance), to collect voting proxies/sub-proxy relating to the General Meeting. Limited to this purpose and in compliance with the obligations inherent in the representation in the General Meeting and the expression of the vote of the person represented in compliance with the instructions given by the same, the Appointed Representative acts as an independent data controller;
- companies involved in the management and maintenance of information systems, auditing firms, professional offices or freelancers for the performance of consultancy and assistance in corporate operations.
These parties will, as a rule, act as autonomous holders of the respective processing operations, except in the event that they act on behalf of the Data Controller in their capacity as Data Processors and have, therefore, entered into a specific contract that punctually governs the processing assigned to them, pursuant to Article 28 of the GDPR.
Disclosure of personal data
Some of your personal data may be disclosed to the financial market, to the extent that such disclosure is strictly necessary and in compliance with the applicable laws and CONSOB regulations.
Transfer of data to a foreign country
Except for any specific necessities which will be agreed from time to time, your personal data are not transferred to any foreign country.
Rights of the data subject
Atlantia – for lawful and grounded reasons and consistently with existing legal and contractual obligations – acknowledges your power to exercise the rights set forth under articles 15-22 of the Regulation (i.e. right of access to personal data, rectification and erasure of such data, restriction of processing, personal data portability, objection).
Furthermore, in the manner and within the limits provided for by the applicable laws, you have the right to lodge a complaint with the Authority for the protection of personal data pursuant to article 77 of the Regulation.
Your rights may be exercised sending an email to firstname.lastname@example.org or by post, writing to the attention of the Data Protection Officer, to the following address: via A. Bergamini, 50, 00159 Roma.
The controller is Atlantia S.p.A., with registered office in Via A. Nibby, 20, 00161 Rome and operating branch in via A. Bergamini, 50, 00159 Rome.
Data Protection Officer
Pursuant to and for the purposes of articles 37-39 of the Regulation, Atlantia appointed as Data Protection Officer the manager pro tempore of the Group Compliance and Security Department, professionally residing at the operating branch in via A. Bergamini, 50, 00159 Rome.
The controller has designated more than one person responsible for the processing of personal data. The list of data processors, pursuant to art. 28 of the GDPR, is available to interested parties upon request to be sent by e-mail to dpo@Atlantia.it.