Shareholders’ Information Note On The Protection Of Personal Data
In accordance with the provisions of Regulation (EU) no. 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called “EU General Data Protection Regulation” or “GDPR”), and of the domestic normative acts approved for the implementation of the EU General Data Protection Regulation, the company Rompetrol Well Services SA, which is a member of KMG International Group (hereinafter called the “Company”), with its headquarters in Ploieşti, Str. Clopoţei no. 2 bis, Prahova County, registered with Constanța Trade Registry under no. J29/110/1991, duly represented by Mr. Georgian Ștefan Florea, in his capacity as General Manager, has the obligation to process your personal data, provided under safety conditions, in good faith and in accordance with the legal provisions in force, exclusively for the performance of the specified purposes.
1. Personal Data Controller
Rompetrol Well Services SA is a Romanian company organized and existing under the laws of Romania, whose shares are traded on a regulated market operated by the Bucharest Stock Exchange. As an effect of this legal situation, in its capacity as Controller, Rompetrol Well Services SA stores in good faith the personal data of the following categories of data subjects:
- Its natural person shareholders;
- Legal representatives of its legal person shareholders or entities devoid of legal status;
- General or special proxy holders of the shareholders of the company Rompetrol Well Services SA;
- Natural persons members of the management bodies, administration bodies or who are employees of the credit institution which provides custody services for the Controller’s shareholders.
2. Personal Data
For the call and performance of the General Meetings of the Shareholders, the Company hereby expressly informs you, by this Information Note, in accordance with Articles 12 and 13 of GDPR, of the processing and storage of your personal data under the conditions described in this Information Note.
The processed data are:
- name and first name;
- series and number of the identity document (identity card, passport);
- bank account;
- capacity held, based on which the processing takes place (shareholder, legal representative of the shareholder, special or general proxy of the shareholder, authorized person or employee of the credit institution);
- Handwritten and electronic signature;
- Opinions, questions addressed to the Controller, according to the capacity held.
3. Purposes of Personal Data Processing
Such data are processed by the Company, according to art. 6, para. 1 letter c) of GDPR, namely for compliance with the legal obligations incumbent upon the Controller according to Law no. 24/2017 on the issuers of financial instruments and market operations and to Law no. 31/1990, as subsequently amended, for:
- Exercising the right of the data subjects, in the capacity they hold within the legal relationship with the Controller, to address questions regarding the agenda of the General Meeting of the Shareholders (briefly GMS);
- Exercising the right of the data subjects to take part in the GMS;
- Access to the meeting room and/or exercising the vote by correspondence;
- Distribution and payment of dividends, according to the legal provisions.
If the Company decides to process your personal data for other purposes, in particular based on Article 6 para. (1) letter (a) of the EU General Data Protection Regulation and based on the domestic normative acts approved for the implementation of the EU General Data Protection Regulation, namely based on your consent, you shall be sent a separate information note in order to allow you to freely state your express consent.
4. Duration of Personal Data Processing
Your personal data shall be stored for a maximum term of 3 years from the date when the respective GMS meeting was held. The data necessary for payment (bank account, name, first name, address, ID card, personal identification number) shall be kept for a period of maximum 10 years (term for keeping accounting documents).
5. Processors and Recipients of Data
The personal data may be transmitted, as the case may be, to:
- The Trade Registry Office;
- The Stock Exchange;
- The Central Depository;
- Courts of law or other authorities of the judiciary;
- Technical secretariat of the GMS meeting.
6. Transfer of Personal Data
The personal data may not be accessed by other companies within KMG International Group from other countries.
The data transmitted to third parties shall be adequate, pertinent and non-excessive by reference to the purpose for which they were collected and which allows transmission to a certain third party.
7. Rights of the Data Subject
For a complete information, in your capacity as data subject, you have the following rights exclusively regarding your personal data, provided by the General Data Protection Regulation:
a) right of information and access to your personal data;
b) right to rectification of your data;
c) right to be forgotten/right to erasure of data;
d) right to restriction of processing;
e) right to data portability;
g) right of not being subject to individual decision-making, which means that you have the right to request and obtain withdrawal, cancellation and reconsideration of any decision producing legal effects on you, made exclusively based on an automated personal data processing operation, for the assessment of personality traits, such as your behaviour at the work place;
h) right to notify the National Supervisory Authority for Personal Data Processing or any competent courts.
All these rights may be exercised by a written request, signed and dated, transmitted to the headquarters of the controller Rompetrol Well Services SA in Ploiești, Clopoței street no. 2Bis, Prahova County.
If you have any questions regarding the personal data processing, you may contact the Data Protection Officer at the e-mail address: [email protected] or you can also call 021-2009177.
Also, as data subject, you have the right to address the National Supervisory Authority for Personal Data Processing and the courts of law.
If you submit a request regarding the exercise of your rights regarding data protection, the Controller shall answer such request within 30 days under the conditions provided by the EU General Regulation 2016/679 on data protection.
8. Other Issues
The data Controller guarantees that it processes your data under conditions of legitimacy, implementing at the same time adequate technical and organizational measures for ensuring integrity and confidentiality of the data as per Art. 25 and 32 of the General Data Protection Regulation.
Data Protection Officer