I. Controller

Please be advised that the controller for your personal data is Mostostal Płock Spółka Akcyjna with its registered office in Płock, ul. Targowa 12, 09-400 Płock (hereinafter: Controller). You may contact the Controller via the contact form available at: www.mostostal-plock.pl or by emailing us at: sekretariat|mostostal-plock.pl| |sekretariat|mostostal-plock.pl. In matters related to the protection of your personal data, you may also contact the Data Protection Inspector appointed by the Controller by writing to the following e-mail address: iod|mostostal-plock.pl| |iod|mostostal-plock.pl.

II. Purpose, legal basis and period of processing

Your personal data will be processed for the purpose of entering into a contract with you and performing the Controller’s rights and obligations arising thereunder as well as to enable the Controller to secure and pursue claims against you under the contract.
The basis for the processing of your data is Article 6 (1) point (b) of the GDPR* – processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. The basis for the processing of your data after the completion of the contract is Article 6 (1) point (f) – processing is necessary for the purposes of the legitimate interests pursued by the Controller i.e. to allow the Controller to secure or pursue claims under the contract.

Providing your personal data is voluntary; nonetheless, failure to provide data may result in the inability to enter into a contract or to perform some of its provisions.

Your personal data will be processed by the Controller no longer than until the expiry of the limitation periods for claims provided for under the contract, unless the Controller's obligation to store your data for a longer period results directly from the relevant legal provisions.

III. Data recipients

If you are a subcontractor to the Controller in connection with a contract for construction works entered into by the Controller, your data may be transferred by the Controller to entities to which the Company is obliged to provide the data of its subcontractors under the law. Your personal data will not be transferred by the Controller to third countries (i.e. non-EEA countries) or international organisations.

IV. Rights related to processing of personal data

In connection with the processing of your personal data by the Controller, you have the following rights:

• right to request the Controller to access your personal data, including to obtain a copy of your data from the Controller;
• right to obtain from the Controller the rectification of your inaccurate personal data and to have incomplete personal data completed;
• right to obtain from the Controller the erasure of your personal data;
• right to obtain from the Controller restriction of processing of your data;
• right to data portability (i.e. the right to receive the personal data from the Controller and to transmit those data to another controller without hindrance from the Controller as well as the right to have the personal data transmitted directly from one controller to another);
• right to object – on grounds relating to your particular situation –  to processing of your data on grounds of the legitimate interests of a Controller;
• right to lodge a complaint with a supervisory body if you believe that the processing of your data by the Controller violates the law.

You can exercise your rights (except for the right to lodge a complaint) by submitting appropriate requests / statements to the Data Protection Officer or directly to the Controller, using the contact details indicated in Section I of this Disclaimer.

V. Profiling

Your personal data is used by the Controller neither to make automated decisions about you nor for profiling.

* Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

Pursuant to Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter ‘GDPR’, please not the following:

I. Controller

Please be advised that the controller for the personal data of the Company’s shareholders is Mostostal Płock Spółka Akcyjna with its registered office in Płock, ul. Targowa 12, 09-400 Płock (hereinafter: Controller). In matters related to the protection of your personal data, you may also contact the Data Protection Inspector appointed by the Controller by writing to the following e-mail address: iod|mostostal-plock.pl| |iod|mostostal-plock.pl 

II. Source of data

We have obtained your personal data from the National Depository for Securities, in connection with your intention to participate in the General Meeting of Shareholders and to exercise your voting rights, in accordance with Article 406³ of the Commercial Companies Code.

III. Purpose, legal basis and period of processing

We process your personal data pursuant to Article 6 (1) point (c) of the GDPR for the following purposes:

1. to enable you to participate in the General Meeting of Shareholders of Mostostal Płock S.A. (Article 406³ § 1, 2 , 4 and 5 of the Commercial Companies Code);
2. for the proper performance of services to entities holding shares in Mostostal Płock S.A. - the legal basis for processing is the necessity of processing to fulfil the legal obligations incumbent on Mostostal Płock S.A., in particular:
   1. obligations arising from the Act of 15 September 2000 – Commercial Companies Code – such as the obligation of the Management Board of Mostostal Płock S.A. to sign a list of shareholders entitled to participate in the general meeting and present the same at the headquarters of the Management Board for three business days prior to the general meeting, in order to make it available to other shareholders, make copies thereof and send them to other shareholders (Article 407 § 1, 11 and 2 of the Commercial Companies Code);
   2. exercising the shareholder's right to profit (Article 347 of the Commercial Companies Code);
   3. the disclosure obligation provided for in the Act of 29 July 2005 on public offering and conditions for introduction of financial instruments to the organized trading system and on public companies;
   4. d) the disclosure obligation provided for in the Regulation of the Minister of Finance of 19 February 2009 on current and interim reports published by issuers of securities and on conditions for recognition of information required by the non-Member State regulations as equivalent.

IV. Categories of personal data concerned

The categories of personal data concerned include common data, i.e. name and surname, address.

V. Data sharing

The recipients of personal data may include authorized employees of the Controller and other persons acting under the authority of the Controller, notary public, tax offices, courts and other institutions and persons authorized to receive your data under relevant legal provisions, including other shareholders (in connection with their rights to view the list of shareholders, in connection with the presentation of the list of shareholders at the headquarters of the Management Board and the right to receive a copy of this list). Your personal data may also be published in a current report and transferred to the Polish Financial Supervision Authority pursuant to Article 70 (3) of the Act of 29 July 2005 on public offering, conditions governing the introduction of financial instruments to organized trading system and on public companies if you hold at least 5% of the votes at the general meeting of shareholders.

VI. Rights related to processing of personal data

In connection with the processing of personal data contained in the share register by the Controller, the persons required to be entered in the shareholder register have the following rights:

1. right to access his or her data and receive a copy thereof;
2. right to rectify his or her data;
3.  right to erasure of personal data or restriction of processing thereof;
4. right to lodge a complaint with a supervisory authority (President of the Office for Personal Data Protection) should it be found that the processing of personal data violates the provisions of the GDPR.

VII. Profiling

Your personal data is used by the Controller neither to make automated decisions about you nor for profiling.

VIII. Basis for requesting the data

Providing your personal data is a statutory requirement, necessary to achieve the goals set out in Section III above.