ARO-PALACE S.A. also known as Society, as an operator of personal data, is taking the responsability of processing personal data of shareholders according to Regulation (EU) 2016/679 from the European Parliament and Council from April 27 2016, regarding of proctecting natural persons of processing personal data and to ensure the free flow of personal data (GENERAL DATA PROTECTION REGULATION GDPR).
The current information is required due to processing by the Society of personal data from its shareholders, according to the following legal provisions:
- In accordance with Art. 36 from the Law no. 297/2004 regarding the capital market with susbequent changes and fillings all financial instruments admitted at transactions on a regulated market or under an alternative transaction system will be recorded in the central depository system that ensures the support for processing corporate events in the accordance with the legal provisions, the rules emitted by it and the contracts concluded with the issuers and participants in its system.
- In accordance with the contract for providing registry services concluded between the Society and the Central Depository, the Central Depository is the processor for personal data regarding registry services, since the activity of processing personal data according Regulation GDPR is in accordance with (i) rules applied to the law, that can be applied to the activity from Central Depository and (ii) own rules contained in the Procedures, Regulations, Policies issued of Central Depository, rules that are applied regardless of the will of issuer or its indications related to the processing methods, the role of processing or personal data required for the provision of the registry service.
Section 1 – Processing personal data from the shareholders
We inform you that the Society collects, process and stores the following personal data of shareholders provided from the Central Depository (Personal Data), based on the colaboration at the Status of Society in the role of issuer, as how will be completed with legal provisions: first name, last name, personal identification number (CNP for romanian persons or similar code for foreigner persons), serie and card number, address, citizenship, country, email address, financial and bank datas (bank, office, IBAN code).
Section 2 – The purposes for processing Personal Data and the legal basis of processing
Society request from the Central Depository and process personal data from the shareholders in the following purposes:
- Regarding for payment of dividends to the shareholders. The legal basis for this processing is provided by Article 6 (1), (b) and (c) from GDPR, respectively the processing is essential for concluding a legal action.
- For the purpose of participating and using the right to vote in General Meeting of Shareholders; processing personal data is required regarding using the rights gained from owning shares from the Society since the reference date according the shareholders registry emitted by Central Depository. The legal basis for this processing is provided by Article 6 (1), (b) and (c) from GDPR, respectively: processing is a legal obligation.
- Regarding of submission of accounting documents of Society to public institutions and perfoming payments needed in the name of the shareholder (e.g. tax on dividends), for compliance of legal obligations of Society. The legal basis for this processing is provided by Article 6 (1), (c) from GDPR, respectively: processing is necceseary to fulfill the legal obligations from the Society according to fiscal legislation.
Section 3 – The Transfer of Personal Data from the Shareholder
Within the actions of processing for the purposes mentioned in Section 2 above, Personal Data of the Shareholder will be transferred only to the authorities in Romania for fulfill the legal obligations of the Society.
Section 4 – The storage life of Personal Data
The data mentioned at Section 2 are stored on a determinant period for the purpose fulfillment of legal obligations from the Society, including the protection of shareholders’s rights and for the purpose of accounting evidence and for the relationship with the investors.
Section 5 Shareholder’s Rights regarding the Personal Data
We inform you that any modifications of personal data in the registry of shareholders (name changing, address etc.) will be done only by the Central Depository at the request of the shareholder/the rightful person. The shareholders’s rights performed in the relation with registred data in registry of shareholders can be used only in the relation with Central Depository, that is in possession of the Society, can be performed in the relation with Society.
5.1. The right to be informed: the shareholder will be informed about the activity of processing Personal Data performed by the Society;
5.2. The right of accessing data: the shareholder has the right to receive a confirmation from the Society that is processing their data or not, and in any positive case, they can access their respective data and receive any information about data processing;
5.3. The right of correcting data: the shareholder can obtain from the Society, without unjustified delays, the right of correcting incorrect data or for filling the incomplete data.
5.4. The right of deleting data (the right to be forgotten): the shareholder can receive from the Society, without unjustified delays, for deleting their own personal data, when the following situations provided by GDPR happens:
- data are not neccesary anymore for fulfillling any purpose of the Society;
- data was used illegally by the Society;
- data must be deleted for respecting any legal obligation for the Society.
5.5. The right of restritions of processing: the shareholder has the right to input the Society restrictions for processing Personal Data in any situations provided by GDPR.
5.6. The right of data portability: the shareholder has the right to request from the Society their personal data provided to the Society in a structured format, used in present and can be read automatic and to transfer these data to another operator when the tehnical ways can perform this action. The shareholder has this right only when the data was obtained from the shareholder, the processing is based only on the consent of the shareholder or when the processing is performed by automatic actions.
5.7. The right at opposition: the shareholder has the right to oppose, from legal reasons in relation with the current situation, to processing data by the Society having the legal basis the legitimate interest.
5.8. The right of shareholder of not making the subject of a decision based exclusely on automated process, inclusing creating profiles (any automatic process that uses personal data to evaluate certain personal aspects, like performance at workplace, personal preferences, health, etc.), which creates legal effects that concern the shareholder or it will affect the shareholder in any smiliar way in a significant meassure.
5.9. The shareholder’s right of filling a complaining to Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP).
For performing any right mentioned above, the shareholder can fill a complaining on the official website [www.dataprotection.ro].
Section 6 Other informations
The Society will perform any techincal and organizational meassures suitable and reasonable for protecting Personal Data from the shareholder against losing, illegal using or to unauthorized access, the transfer, modifying or destryoing personal data, and, also, will maintain the privacy and intengrity of Personal Data received from the shareholder in the mentioned situations in the present information.
For perfoming these rights, and for any questions regarding this information or in any relation with the process of personal data performed by the Society, you can contact using any method of communication mentioned above, and also mentioning your full name, phone number, address or email address (depending which method you will prefer):
- mail, at the address B-dul Eroilor, no. 27, Brasov, Romania, cod 500030;
- fax, at number 40-(0)268-475250;
- email, at email@example.com
More details you will find on www.aro-palace.ro, in the Aro-Palace SA tab, at Protection of Personal Data.
Any modification and completing the policies of ARO-PALACE regarding the process of personal data with significant impact for Society’s shareholders, will be bring to knowledge by publishing on the Society’s website.