Your personal data will be processed for the following purposes:

1. to comply with legal obligations related to the exercise and enforcement of shareholder rights and obligations, in particular those arising under the Commercial Companies Code, the Act on Trading in Financial Instruments, and reporting obligations applicable to joint-stock companies – pursuant to Article 6(1)(c) GDPR in conjunction with the relevant legal provisions;
2. to organize and conduct the General Meeting, including its facilitation through electronic communication, fulfilling the obligation to provide the list of shareholders upon request, properly verifying your identity for participation in the General Meeting, enabling your right to vote, and managing and verifying proxies, as provided in §4 of the “Regulations of the General Meeting of Asseco Poland S.A." and §4 of the "Regulations on the Rules for Participation in the General Meeting of Asseco Poland S.A. using electronic means of communication" - pursuant to Article 6(1)(c) GDPR;
3. to review requests and perform other actions related to the exercise of rights attached to shares issued by the controller – pursuant to Article 6(1)(b) GDPR, to the extent that the requirement to process such data is not determined by law (Article 6(1)(c) GDPR);
4. to conduct analyses necessary to implement the controller’s business strategy and to establish, pursue, or defend against potential claims – based on the controller’s legitimate interests, namely the implementation of its business strategy and the ability to pursue or defend against claims (Article 6(1)(f) GDPR).

Your personal data, including your name, surname, and place of residence, have been obtained either directly from you or from the Krajowy Depozyt Papierów Wartościowych S.A.

Your personal data, including your telephone number, email address, type and identification number of your identity document, image contained on your identity document, PESEL number of both the principal and proxy, and login credentials, have been obtained directly from you.

Your personal data may be shared with: other shareholders, in accordance with the Commercial Companies Code, entities authorized under applicable laws, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Your personal data will not be transferred outside the EEA.

Your personal data will be processed for as long as the company exists. After its dissolution, your data will be processed for the period required under applicable laws relevant to the purposes of processing.

In relation to the processing of your personal data, you have the right to:

1. access your personal data and request rectification;
2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
3. request restriction of processing, under the conditions provided in Article 18 GDPR;
4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Providing your personal data is necessary for acquiring shares and for exercising the rights and obligations arising under applicable law.

We do not make any decisions that significantly affect you through automated means, including profiling.