Shareholder and investor communication register
Last updated 3.12.2019 at: 10:15
Consti Yhtiöt Oyj
Hopeatie 2, 00440 Helsinki
What are the principles for processing personal data and how is the data used?
Consti Group’s processing of shareholder data is based on law (Limited Liability Companies Act) and Consti Group’s legitimate interest. Section 15 of the Limited Liability Companies Act stipulates that a shareholder register be maintained. In addition, the purpose of the processing of personal data is to secure the rights vested with shareholders under the Limited Liability Companies Act, such as the payment of dividend, payment of capital loans, and communications.
Also, personal data is processed for the purpose of holding a general meeting of shareholders. This means that personal data is processed for the purpose of registration of the attendees, for informing them, for verifying their identity and right of attendance, and for other meeting arrangements. Additionally, the data is used for preparing a list of votes for the general meeting of shareholders, and for printing out voting slips, for arranging potential votes, and for exercising and fulfilling other rights and obligations set out in the Limited Liability Companies Act and in Consti Group’s Articles of Association.
The data is also used for preparing and carrying out various kinds of events and travel arrangements relating to the company.
In relation to investor communication, personal data is processed for the purpose of distributing investor news concerning Consti Group to parties who have subscribed to the investor newsletter.
What personal data do we use?
The register contains the following kinds of personal data about a shareholder or the shareholder’s representative, and a subscriber of the investor newsletter:
- Basic information, such as the name of the data subject
- Contact information, such as the address and email of the data subject
- Shareholder information, such as the social security number and number of shares owned by the data subject
- Information concerning the general meeting, such as attendance and information of a possible assistant
- Other information relevant for the register, such as marketing bans
How do we collect personal data?
We collect the information directly from the data subjects.
To whom or where do we release and/or transfer personal data?
Consti Yhtiöt does not share any of the information in the register with any outside parties.
Consti Yhtiöt uses an outside service provider in the technical implementation and maintenance of the shareholder register and in the processing of personal data. Consti Yhtiöt has outsourced IT management to external service providers, who manage and secure the servers in which the personal data is stored.
Due to the technical implementation of data processing, some of the data may be physically located on external subcontractors’ servers or equipment, from which the data is processed using a technical access connection. No personal data will not be transferred outside the EU or EEA unless this is necessary for the technical implementation of the service. In this case, Consti Yhtiöt will ensure a sufficient level of data protection in the manner required by legislation.
Who can use my personal data and how does Consti secure the data?
Access to the system is limited to those who are entitled to process shareholder data in the course of their work duties. Each user has a unique username and password to access the system. The data is saved in databases protected by firewalls, passwords and other technical means. The databases and their back-up copies are located in locked rooms and can only be accessed by pre-designated individuals.
How long do we store personal data?
The data contained in the shareholder register will be retained for a period of ten years following the cessation of shareholding.
The personal data entered in, or enclosed with, the minutes of the general meeting of shareholders will be retained as part of the minutes in the manner required under the Limited Liability Companies Act. Other data will be destroyed as soon as they are no longer necessary for the preparation of the minutes or for verifying the correctness of the data contained therein.
Information gathered for shareholder communication is stored for as long as it is necessary for the processing purposes. Data subjects have the right to cancel their subscription to the newsletter at any point, at which time their personal data will be removed from the investor communication register.
What are your rights as a data subject?
The data subjects have the right to inspect the information recorded about them in the personal data register and to demand the rectification or erasure of any erroneous, out-dated or unlawful information. To the extent the processing is based upon consent, the data subject also has the right to withdraw their consent or to modify it.
Pursuant to the General Data Protection Regulation (as of May 25th 2018), the data subject has the right to object to or to request a restriction of the processing of personal data, as well as to lodge a complaint regarding the processing of personal data to the supervisory authority.
On account of special personal circumstances, the data subject also has the right to object to processing measures related to them in cases when the processing of personal data is based upon a legitimate interest. The special circumstances underlying the objecting to the processing must be specified in connection with presenting the demand. Consti Yhtiöt may refuse to carry out the request concerning the objecting only upon grounds stipulated for in legislation.
Hopeatie 2, 00440 Helsinki