Menu
Přehled závodů

Information on Processing of Personal data for Shareholders of Company Tereos TTD, a.s.

The company

Tereos TTD, a.s.,

having its registered office at Dobrovice, Palackého náměstí 1, Postal Code 294 41, ID No.: 16193741, registered in the Commercial Register maintained by the Municipal Court in Prague, Section B, Insert 625 (the “Company”), hereby informs its shareholders about the processing of their personal data and the personal data of their potential representatives, carried out in connection with the General Meetings of the Company, the maintenance of the list of shareholders, and the fulfilment of other obligations pursuant to Act No. 90/2012 Coll. on Business Companies and Cooperatives, as amended (the “Business Corporations Act”) in accordance with the relevant provisions of Act No. 101/2000 Coll., on the Protection of Personal data, as amended (the “Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the “GDPR”).

The Company is obliged to inform the shareholders and their potential representatives of their rights from the perspective of the processing and protection of personal data, as well as the purpose of the processing the personal data provided, and to secure the processing of the personal data received in an appropriate manner.

Types of personal data processed

The Company processes various types of personal data in relation to shareholders or their representatives that may include:

    • First name and surname, academic degree;
    • Date of birth;
    • Place of residence;
    • ID of the holder in the share issue statement (does not apply to the shareholder’s representative);
    • Designation of the type of share and the nominal value of the share;
    • Email address;
    • E-mailová adresa,
    • Confirmation of tax residency;
    • Type, number, and expiry date of the identity card and the issuing authority/state;
    • Other data required by the Company or by the law for legitimate interest; and
    • Where applicable, information provided voluntarily by the shareholder

Personal data is obtained by the Company directly from the shareholder or their representative (in particular when disclosing data or changes for the purpose of maintaining the list of shareholders, when attending the General Meeting, when voting by correspondence), from the Company’s share issue statement maintained by the Central Securities Depository (CSD), from public administration authorities, or on the basis of legal regulations.

Personal data is obtained by the Company directly from the shareholder or their representative (in particular when disclosing data or changes for the purpose of maintaining the list of shareholders, when attending the General Meeting, when voting by correspondence), from the Company’s share issue statement maintained by the Central Securities Depository (CSD), from public administration authorities, or on the basis of legal regulations.

The Company expressly notifies the shareholders that within the list of shareholders and within the statement of the Company’s share issue maintained by the Central Securities Depository, the Company is also provided with birth numbers of shareholders - natural persons. The birth number is processed to a limited extent in order to fulfil the legal obligation to uniquely identify the shareholder (in particular with regard to the very large shareholder structure, where it is necessary to uniquely identify the shareholder not only for the purposes of verifying the eligibility of participation and voting at the

General Meeting, but also for the payment of dividends, and in the event of ambiguous identification, the shareholder’s rights could be violated, but also the Company could be exposed to the risk of admitting an unauthorised person to exercise shareholder rights or to be paid a dividend, and it is not used further in any manner whatsoever.

Kdo je správcem osobních údajů

Who the controller of personal data is

    • The controller of personal data is the Company.
    • Tereos TTD, a.s., ID No.: 16193741
    • Palackého náměstí 1, 294 41 Dobrovice
    • Kontaktní email: gdpr.cz@tereos.com
Purpose of processing of personal data

The Company processes the personal data of its shareholders or their representatives, namely in connection with the organisation and holding of the General Meetings, where the obligation to hold such meetings is based on the Business Corporations Act, and the processing of personal data is necessary for preparing and holding the General Meetings. In particular, the company must know who its shareholder on the record date is, how many shares this shareholder holds, which of the shareholders or their representatives are attending the General Meeting, what requests for explanations, proposals, or protests have been made. The personal data contained in the share issue statement on the record date must also be processed in order to determine the results of individual votes at the General Meeting. Personal data may also be processed in the minutes of the General Meeting and its schedules that the Company is obliged to take of the proceedings of the General Meeting. The Company must also be able to prove how each individual shareholder voted in the event of a dispute. If the General Meeting decides to distribute a share in profit, the Company must clearly identify the shareholders to whom the dividend is to be paid.

The Company processes personal data of shareholders or their representatives on the basis of the following legal grounds (titles):

  1. Performance of legal obligations;
  2. Legitimate interest of the Company; and
  3. Valid consent of the shareholder or representative to the processing of personal data./span>
Ad A. Performance of legal obligations The Company processes the personal data of shareholders or their representatives in connection with the exercise of rights and obligations arising from the shareholder-Company relationship, in particular for the purposes of voting by correspondence on relevant matters of the agenda of the Company’s General Meeting prior to the General Meeting, preparation for and participation in the Company’s General Meeting and the exercise of rights and obligations at the General Meeting, the payment of a share of profits (dividends), and other grounds provided for by the Business Corporations Act, or the Articles of Association of the Company, and other legal regulations. These include:
  1. The CSD’s share issue statement as of the record date - the right to attend, vote, and exercise rights as the shareholder at the General Meeting is exclusively vested in the shareholder who is listed in the Company’s share issue statement as of the record date that the Company obtains from the CSD.
  2. The registration of shareholders at the General Meeting - for this purpose, the data is processed on the basis of the CSD’s share issue statement, so as to enable the Company to uniquely identify and verify the identity of the shareholder or their representative.
  3. Written and oral requests for explanations, proposals, protests, and the minutes - the Company processes written and oral requests from its shareholders for explanations, proposals, and/or protests made by shareholders or their representatives at the General Meeting, including personal data, if any, provided in such requests. The Company is then required by the Business Corporations Act and the Articles of Association of the Company to prepare the minutes of the General Meeting a copy of which may be requested by shareholders or their representatives.

The consent of the shareholder or their representative to the processing of personal data for the performance of a legal obligation is not required.

The Company provides personal data of shareholders or representatives to other processors (always on the basis of an agreement on personal data processing entered into) and to recipients of personal data that include state administration authorities and other entities within the exercises of statutory rights and the fulfilment of statutory obligations.

The period of processing of personal data will not exceed 10 years after the termination of the shareholder’s shareholding in the Company unless a longer period is provided for by legal regulations.

Ad B. Legitimate interest of the Company

This is a legal ground for the processing of personal data which applies where the legitimate interests or rights of the Company, as the controller, override the interests or rights of (their representatives), as data subjects, considering the reasonable expectations of the data subjects based on their relationship with the controller. Where the legitimate interest of the Company is established, the consent of the data subject to the processing of their personal data is no longer required.

These are in particular the following legitimate interests of the Company – the protection of the fundamental or other important rights of the Company, arising from generally binding legal regulations, in connection with the preparation and holding of the General Meetings. The purpose of the processing of personal data is thus to ensure the proper conduct of the General Meeting, to document the results of voting, to prepare the minutes of the General Meeting, to resolve issues related to the distribution and payment of dividends, etc. In the cases required by the Act, the Company also has a notarial record prepared certifying the proceedings of the General Meeting and the vote on the adoption of the certified decisions, where the notarial record may serve as the basis for the registration of certain facts in the Commercial Register; the notarial record may also contain personal data of the subjects.

The duration of processing depends on the specific purpose of the processing. This will be for the period defined by generally binding legal regulations, but no longer than 10 years after the termination of the shareholder’s ownership interest in the Company.

Ad C. Valid consent of the shareholder or representative to the processing of personal data

In the event that the Company processes the personal data of the shareholder or their representative for other purposes which cannot be classified under the above-stated purposes, it may do so only on the basis of a valid consent to the processing of personal data granted by the shareholder that is an expression of the shareholder’s free will, and it constitutes a specific title for such handling of personal data.

The consent to the processing of personal data is voluntary and free. The shareholder, or their representative, is entitled to withdraw their consent at any time, either in part or in full.

Where personal data are stored

Personal data of shareholders or their representatives may be stored on secure servers in the Company’s IT systems in the Czech Republic. Personal data is collected, processed, and stored exclusively in the Czech Republic.

Further, certain personal data may be captured in a documentary form (e.g. for the needs of the preparation of the minutes of the General Meeting in a documentary form, the preparation of a notary record certifying the course of the General Meeting in a documentary form); these written documents, if they contain personal data, are locked in lockable cabinets or safes in the offices provided that access to the offices and the building in which the offices are located is regulated for authorised persons only (security system for entry including coding, code/ID card entry regime, premises guarded by security service).

Means of the processing of personal data

Personal data are processed both automatically and manually and may be disclosed to the Company’s employees if it is necessary for the performance of their working activities or to processors with whom the Company has entered into an agreement on the processing of personal data. The list of processors of personal data will be provided to the shareholder upon request.

Rights of the personal data subject (shareholder or shareholder’s representative)

The shareholder and their representative have the following rights under the conditions set out in the GDPR Regulation or the Act, i.e. the right to:

  1. access, rectify, erase, or restrict the processing of personal data;
  2. object to such processing;
  3. lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection, having its registered office at Pplk. Sochora 27, Postal Code 170 00 Prague 7, www.uoou.cz;
  4. withdraw consent to the processing of personal data at any time, with future effects, in part or in full (if consent is required for the processing of personal data);
  5. obtain confirmation from the controller whether or not their personal data are processed;
  6. have inaccurate personal data concerning them rectified by the controller without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed;
  7. have the controller erase without undue delay the personal data (also the right to be forgotten) relating to the data subject, and the controller is obliged to erase the personal data without undue delay in the exhaustive grounds listed in the GDPR, i.e. (i) the personal data is no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the data subject withdraws consent to the processing of the personal data, and there is no further legal grounds for the processing, (iii) the data subject objects to the processing, and there are no overriding legitimate grounds for further processing, (iv) the personal data have been unlawfully processed, (v) the personal data must be erased in order to comply with a legal obligation under Union or national law to which the controller is subject, (vi) the personal data have been collected in connection with the offering of information company services. The details and exceptions to the exercise of this right are regulated by the GDPR;
  8. have the controller to restrict processing, in any of the following cases: (i) the data subject contests the accuracy of the personal data for the period of time necessary for the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, and the data subject refuses to erase the personal data and requests instead that the controller restrict their use; (iii) the controller no longer needs the personal data for the purposes of the processing but the data subject requires the data for the establishment, exercise, or defence of legal claims; (iv) the data subject objects to the processing until it is verified that the controller’s legitimate grounds override those of the data subject;
  9. the portability of personal data, i.e. to obtain personal data concerning them which they have provided to the controller in a structured, commonly used, and machine-readable format, and the right to transfer those data to another controller without being prevented from doing so by the controller to whom the personal data have been provided, where: (i) the processing is based on consent or on an agreement; (ii) the processing is carried out by automated means;
  10. object at any time to the processing of personal data concerning them, including profiling based on the provisions of the GDPR. The controller does no longer process the personal data if the controller demonstrates compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, or for the establishment, exercise, or defence of legal claims;
  11. and k. not to be subject to any decision based solely on automated processing, including profiling, which has legal effects concerning them or similarly significantly affects them. Exceptions and details are defined in the GDPR.

If the data subject believes or becomes aware that the Company or third parties authorised by the Company are carrying out processing of the personal data of data subject which is contrary to the protection of their personal life or contrary to applicable legal regulations, in particular if the data subject’s personal data are inaccurate with regard to the purpose of their processing, they may request the completion, rectification, blocking, or destruction of the personal data.

The Company does not make any decision based solely on automated processing, including profiling, which would have legal effects on or significantly affect data subjects.