Data Protection Conditions for Shareholders

Data Protection Conditions for Shareholders of AS Tallinna Vesi (Privacy Policy)

In the course of convening and conducting the general meeting of the shareholders (hereinafter referred to as the General Meeting) of AS Tallinna Vesi (hereinafter referred to as the Company) (including the adoption of written resolutions of shareholders without convening an extraordinary General Meeting) and in connection with the preparation of reports, personal data of shareholders are processed. The data controller is the Company.

The purpose of the processing of personal data is to enable the Company’s shareholders to participate in the General Meeting and to exercise their rights in accordance with the Articles of Association of the Company and the Commercial Code. The legal basis for the processing of personal data is the fulfilment of the obligations arising from the Articles of Association of the Company, the Commercial Code, and the rules of the stock exchange applicable to the Company.

The personal data processed include:

  • data necessary for the identification of the person: the name and surname of the shareholder or his/her representative (including a shareholder who is legal person), personal identification code, details of the identification document, details of the document certifying the representative’s right of representation (proxy, etc.);
  • contact details of the shareholder or his/her representative: in particular e-mail address, other contact details (postal address, telephone);
  • details relating to the shares: number of shares, size of holding, number and bank of securities account and current account;
  • information on voting and attendance at meetings, including information on the exercise of voting rights;
  • other data related to reporting.

The processing of personal data consists in particular of:

  • notice of and registration for the General Meeting;
  • verifying the right to attend and vote at the General Meeting and adding the details to the list of participants;
  • participation in voting and checking of electronic and paper ballot papers;
  • the processing of requests for information submitted by the shareholder to the Management Board of the Company, of questions submitted in relation to items on the agenda of the General Meeting, of requests for the inclusion of additional matters in the agenda of the General Meeting, and of draft resolutions submitted in relation to items on the agenda of the General Meeting;
  • preparation of the minutes of the General Meeting and annexes thereto and sending them to the notary and the Business Register;
  • preparation of reports related to the share ledger.

The Company is collecting the personal data necessary to attend at the General Meeting and to prepare the reports directly from the shareholders, the Estonian Central Register of Securities, and the Business Register.

The Company will only share personal data of a shareholder with third parties to the extent required and where legally justified. If necessary, the shareholder’s personal data will be provided to a notary, the Business Register, or the Estonian Central Register of Securities. These bodies process the shareholder’ personal data as independent controllers.

The Company may involve other persons (authorised processors of personal data) in the processing of the data, for example, to carry out procedures related to voting.

The persons involved will process the personal data of shareholders only for the purposes and to the extent related to the relevant data processing, as processors authorised on behalf of the Company.

As a data subject, a shareholder has the following rights under the General Data Protection Regulation:

– the right to access the data;

– the right to request the correction of the data;

– the right to request the erasure of the data;

– the right to restrict processing of the data;

– the right to object to the processing of the data;

– the right to request the transfer of the data;

– the right to lodge a complaint with the Data Protection Inspectorate or take legal action if a shareholder believes that the Company has violated his or her right to the protection of personal data.

Shareholders can exercise their rights in accordance with the conditions set out in the General Data Protection Regulation and other applicable legislation. Shareholders can contact the Company by email at tvesi@tvesi.ee.

The contact details of the Company’s Data Protection Specialist can be found on the Company’s website https://tallinnavesi.ee/en/kontaktid/.

The Company will retain shareholders’ personal data in order to comply with its legal obligations as follows: minutes of General Meetings and annexes thereto, as well as all materials relating to the conduct of General Meetings, will be retained for at least the duration of the Company’s existence and data relating to the preparation of reports will be retained for seven years.