Privacy Notice for Shareholders, Annual General Meetings and Extra-ordinary General Meetings
Protecting your privacy is a high priority of Tele2. This Privacy Notice is applicable to shareholders of Tele2 AB, as well as any other individual visiting or otherwise connected to Tele2s Annual General Meetings (“AGM”) or Extra-ordinary General Meetings (EGM) of shareholders, together General Meetings.
This notice explains what types of personal data are collected about you, how the personal data is used, with whom the personal data is shared, and the rights you have over it.
Who is responsible for processing your personal data?
Tele2 AB, Box 62, 164 94 Kista, Sweden, is responsible (controller) for the processing of personal data described within this privacy notice, unless otherwise explicitly stated below. The controller is throughout this privacy notice referred to as “we” “us” or “Tele2”.
What types of personal data do we process?
We may process the following categories of personal data:
- contact details, such as name, title, postal address, telephone number and e-mail address
- date of birth
- identification documentation such as social security number
- company and organization number (if it is possible to connect to you as a person)
- shareholder records (including shares held, share purchases, share disposals, dividend entitlements and payments, votes, proxy appointments, shareholder options, exercise conditions and exercise dates)
- photo, video, and audio
Why do we process your personal data?
We will use and process your personal data when you register as a shareholder and when you interact with us in relation to your shareholding with us. This includes when we receive your personal data from third parties such as Euroclear Sweden AB (publ), banks and law firms.
We may also process your personal data to handle communication that you as a shareholder or contact person at a company that is a shareholder initiates, respond to inquiries and, handle comments.
If you are a major shareholder, we may also process your personal data by publishing names and shareholdings in annual reports and on our website.
To manage the General Meetings, we will process personal data, including managing registration of participants record and transcript of the General Meetings. Including audio and video recordings, to the extent resolved by the General Meetings. We may also handle personal data when managing notes in the minutes from the General Meetings (e.g. dissenting opinions or when exercising the right as shareholder to propose business, express an opinion or ask questions at the General Meetings).
We will also use personal data to manage power of attorneys and corporate registration certificates for attendance to the General Meetings.
Information on how you have voted may be processed, e.g. if voting devices are used or vote counting is carried out and to the extent your voting is possible to connect to you based on your holdings (e.g. in some cases a certain number of votes may be connected to a certain number of shares held by you).
What is the legal basis to process your personal data?
When we process your personal data necessary to meet the requirements imposed on us by applicable law, such as register shareholders’ presence at the meeting, the legal basis for processing your personal data is “legal obligation”.
For all other processing purposes mentioned in this privacy notice, we rely on the legal basis “legitimate interest”.
How long do we save your personal data?
Personal data related to the General Meetings is kept for as long as necessary given the purpose of the processing, unless otherwise required or permitted by applicable laws or regulations. Personal data that is only required to carry out the General Meetings will normally be deleted shortly after the conclusion of the General Meetings.
Personal data regarding attendance, holdings, voting etc. which is processed to carry out and document the General Meetings according to law will be stored as required or permitted by applicable laws or regulations. For example, personal data included in the General Meetings share register must be stored for a period of ten years following the General Meetings, in accordance with an EU-regulation called the Central Securities Depository Regulation (CSDR).
Personal data included in the minutes from the General Meetings will be stored during a period of ten years following the General Meeting, unless storage during a longer period is justified based on the resolutions adopted at the General Meeting or otherwise.
Where does your personal data come from?
The personal data we collect about you comes from the following sources:
(i) Personal data you give us, e.g., when you send us personal data on forms, e-forms, and e-mails, provide us personal data via the phone or provide us personal data during the General Meetings.
(ii) Personal data we receive from other sources, e.g., through: information received from public records; information received from third party service providers in connection with the General Meetings (such as Euroclear Sweden AB or legal advisors); or the shareholder you represent or your proxy (if relevant).
With whom do we share your personal data?
We may transfer personal data to other affiliated entities or business partners to the extent necessary to fulfil the intended purpose. We may disclose personal data to our auditors, advisors, legal representatives, and similar agents as may be necessary in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the personal data for any other purpose.
We take precautions to allow access to personal data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the personal data for any other purpose.
We may share personal data to any competent law enforcement body, regulatory, government agency, court or other third party such as but not limited to, the police, the financial supervisory authorities, and the tax agency, where we believe disclosure is necessary as a matter of applicable law or regulation, or to exercise, establish or defend our legal rights.
We may disclose personal data to our third party vendors, service providers and partners who provide services to us (e.g. third party consultants working with the General Meetings, law firms/advisors or security agents), which are or will be involved in providing services in connection with the General Meetings or who otherwise process personal data for purposes that are described in this privacy notice or as notified to you when we collect your personal data.
We may disclose personal data to other shareholders who request a copy of the minutes from the General Meetings.
We may also publish certain information containing personal data on our website, to the extent we are obliged to do so according to law or other regulation (e.g., minutes from the General Meetings).
Where do we process your personal data?
The data that Tele2 collects from you is generally processed and stored within the European Economic Area (“EEA”) but may also, whenever necessary, be transferred to and processed in a country outside of the EEA. Any cross-border transfer of your personal data will be carried out in compliance with applicable laws.
Whenever applicable, for transfers of personal data from a country within the EEA to a country outside of the EEA which has not been qualified for an adequacy decision by the European commission, Tele2 uses Standard Contractual Clauses as well as other permitted safeguard measures to protect your privacy and other rights during and after the cross-border transfer.
How do we keep your personal data safe?
To keep your personal data secure we have implemented several security measures, such as the following.
- Secure operating environments – We store your data in secure operating environments and only accessible to our employees, agents, and contractors on a need-to-know basis. We also follow generally accepted industry standards in this respect.
- Encryption – We use industry-standard encryption to provide protection for information that is transmitted to us.
- Prior authentication for IT access and access to premises – We require our staff and contractors to verify their identity (e.g., through login ID, password, pin codes and badges) before they can access IT bases and business premises. This is aimed to prevent unauthorized accesses of personal data.
What are your rights in respect to your personal data?
- The right to be informed - We are publishing this privacy notice to keep you informed as to what we do with your personal data. We strive to be transparent about how we use your personal data.
- The right to access - You have the right to access your personal data. You have a right to receive a copy of your personal data processed by us.
- The right to rectification - If your personal data kept by us is inaccurate, not complete, or up to date, you have the right to ask us to rectify or update the data. If such personal data has been disclosed to a third party in accordance with this privacy notice, we will also ask them to rectify or update your personal data (if relevant).
- The right to erasure - You have the right to request that we erase your personal data and if we do not have a legal reason to continue to process and hold it, we will erase the data.
- The right to object - You have the right to object to processing of your personal data based on our legitimate interest.
- The right to restriction - You have the right to request that Tele2 restricts the process of your personal data under the following circumstances; if you object to a processing operation based Tele2’s legitimate interest, Tele2 shall restrict all processing of such data pending the verification of the legitimate interest; if you have claim that your personal data is incorrect, Tele2 must restrict all processing of such data pending the verification of the accuracy of the personal data; if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead; if Tele2 no longer needs the personal data but it is required for you to make of defending legal claims.
- The right to data portability - In some cases, you are allowed to obtain your personal data kept by us in a structured, commonly used, and machine-readable format and to transmit those personal data to another controller.
How can you exercise your rights?
You can send in your request in the following ways: email request to: firstname.lastname@example.org.
We have appointed a Data Protection Officer (DPO) to ensure that we continuously process your personal data in an open, accurate and legal manner. You reach our Data Protection Officer at: email@example.com.
If you consider Tele2 to process your personal data in an incorrect way, we expect you to contact us immediately. You also have the right to turn in a complaint to the competent supervisory authority. “Integritetsskyddsmyndigheten/Swedish Authority for Privacy Protection” e-mail: firstname.lastname@example.org”
Updates to this Privacy Notice
We may need to update our Privacy Notice from time to time to comply with changing legal or technical requirements as well as business developments. You will always find the latest version on tele2.com.