GDPR

Starting with 25.05.2018, SNN applies the provisions of the EU Regulation 670/2016 regarding the protection of natural persons in relation to the processing of personal data and regarding the free circulation of these data.

In this regard, SNN brings to your attention the policy for the processing of personal data, in view of presenting the applicable conditions and your rights.

For any additional  information regarding SNN’s policy for the processing of personal data, please address the company, either by email to the personal data protection officer (email dpo@nuclearelectrica.ro) or in writing by fax: 021.316.94.00 or to the mailing address: 65 Polona street, district 1, Bucharest to the attention of the “Personal data protection officer”

Policy on personal data processing and protection within SNN

We are the National Company Nuclearelectrica SA based in Bucharest, 65 Polona Street, registered with the Trade Office Register under no. J40/7403/1998, having Sole Identification Code RO10874881, website www.nuclearelectrica.ro, telephone 021.203.82.00, fax 021.316.94.00, email address office@nuclearelectrica.ro, dully represented by the General Manager, Cosmin Ghita

  • SNN SA staff and their relatives/next of kin, including children,
  • Visitors of offices/premises of SNN, including children,
  • SNN SA shareholders,
  • Public, mass media, nongovernmental organizations, trade unions having relations with SNN SA staff,
  • Staff and representatives of authorities,
  • Staff and representatives of organizations – legal entities collaborating with SNN SA in the performance of a business relationship or during its preceding stages in order to establish such business relationship
  • Candidates to vacant positions at SNN,
  • Persons using the whistleblower platform available on SNN website, in case they choose to communicate their personal data.

This list is not exhaustive and SNN must protect the rights and liberties of all collaborating targeted persons, in terms of their personal data processing.

 

Via SNN website:

For job offers:

• Your contact details, CV, certifications, degrees and information about desired job.

• Name, address, email address, telephone number and other contact details;

• CV or letter of intent, previous work experience and/or relevant work experience or other skills, studies and other information you provide in support of an application and/or in support of the application and recruitment process;

• Any other demographic data obtained during the application or recruitment process, like gender, information of your citizenship, medical or health data communicated by candidates, criminal record

• Reference data and/or information obtained based on background checks (where applicable), including information provided by third parties; including but without limitation to recommendation forms.

• Information related to any previous conditions associated to prior employment relations.

 

For the whistleblower:

• Identification data (name, surname, date of birth, profession, mailing address, e0mail address, contact telephone number) in order to register your notice and the possibility to contact you for future clarification/information about the investigation progress;

• Supporting documents related to the notice submitted;

• Other personal data obtained from you during the investigation process related to the notice submitted by you (historic data, financial data, social and demographic data, etc.), depending on the relevant case and only insofar as such data will be absolutely needed to conduct the investigation.

Directly collected data:

•Name, surname, citizenship, work place, ID card series and number, date of issuance and of expiry, personal numeric code, series number for cameras brands, sticks, memory cards, laptops and other similar equipment, registration number and brand of vehicle, data required to prepare the credentials file in case of visits to SNN, CNE Cernavoda and FCN Pitesti premises.

•Commercial data from contractors: name of company, headquarters, trade registry number, sole identification code, address, legal representatives, bank accounts, personal data of legal representatives, financial data required to submit tenders for public procurement procedures, CVs of employees, certifications, approvals

•Personal data obtained from third parties based on exercising various legal rights, these data being sent by email or mail

•Personal data from the shareholders register, required to execute capital market operations according to the legislation applicable. SNN shall not directly collect personal data of shareholders but is receiving these data in a secure way from the Central Repository. The exception to these provisions is the additional request for documents required to pay the dividends for non-resident shareholders.

•Personal data related to employees

• Information we obtain from other sources, like credit agencies, fraud prevention agencies, as well as other data providers.

 

Processing of special personal data categories  

We do not collect data regarding your health condition, ethnicity, religious or political beliefs, trade union membership, etc., except when this is strictly required by law and/or for the protection of your interests, rights and/or liberties or when such information is provided by you. In the cases where we collect such data, we are restricted only to specific circumstances.

 

Data of minors 

We collect data related to minors in the following cases:

– Children of our employee (or assimilated personnel, like mandate-based manager), with the consent of parents or guardians,

– When a visit is organized at SNN head office or one of its branches and where access is allowed only based on a credentials file which includes personal data,

– When endorsement requests are received from non-governmental organizations, provided based on the consent of parents and guardians of relevant minors.

 

Personal data processing activities performed by SNN shall be restricted to fulfilling the purpose such data were collected for and may include: collection, registration, organization, structuring, storing, adapting or changing, extraction, viewing, use, disclosure by transmission, dissemination or availability, aligning or combining, restricting, deletion or destruction

SNN processes personal data only if and insofar as at last one of the following conditions applies:

  • You grant your consent for the processing of personal data for one or several specific purposes;
  • processing is required for the execution of a contract you are party to or to take action, upon your request, prior to the conclusion of a contract;
  • processing is required in order to fulfill a legal obligation imposed on SNN SA;
  • processing is required to protect your essential interests or those of another natural person;
  • processing is required in relation to the legitimate interests sought by SNN or by a third party, except when your fundamental interests or rights and liberties prevail, requiring the protection of personal data especially when the targeted person is a child.

 

Information presented on www.nuclearelectrica.ro shall be deemed as public interest data and may be distributed or copied, except when there are specifications prohibiting such actions.

If the visitors of www.nuclearelectrica.ro website are providing certain personal data, especially requested for the recruitment process by SNN Jobs online app or by the form related to the “Whistleblower” domain, including name, surname, professional history, CV, mailing address, telephone numbers, photographs and other data provided by you, such data shall be managed securely and by complying with all provisions applicable pursuant to EU regulation no. 2016/679.

SN NUCLEARELECTRICA SA (SNN SA) shall take all actions required to guarantee the security of personal data. In performing its services, the company shall use only employees and third party companies which are subjected to the obligation of observing the professional secret principles. Interested persons may contact SNN SA, anytime, in order to exercise the rights applicable pursuant to the provisions of regulation no. 679/2016 (access, correction, deletion or restricting, portability or opposition of stored personal data processing, or in order to revoke the consent for personal data processing.

At SNN SA level, a series of procedural actions shall be established for the compliance and protection of physical and electronic security of personal data collected.  Your personal data shall not be distributed to other institutions or public authorities except when there is a legal obligation or your consent for such distribution.

Website visitors shall enjoy the rights guaranteed by law, namely the right to information, the right to data access, the right to oppose, the right of not be subjected to an individual decision and the right to go to court in case of a breach of rights provided by the European regulation no. 2016/679 regarding the protection of natural persons in relation to personal data processing.

The www.nuclearelectrica.ro website does not collect data for commercial purposes.

 

If you are a media representative included in the SNN’s database, you need to send your express consent to the processing and storage of your personal data by SNN in response to the email sent by Valentina Dinu, Head of SNN’s Communication and Investors Relations Department. In case you wish to be included in SNN’s database, you need to send an email to vdinu@nuclearelectrica.ro <mailto: vdinu@nuclearelectrica.ro> as well as to send your express consent based on SNN’s personal data processing policy.
By submitting inquiries, interviews, opinions, etc. as journalists, you agree to the collection, processing and transfer of your data as described in this policy. If you do not wish for your information to be collected, used and transferred as described in this policy, you may withdraw your consent.
To withdraw your consent, please email us at vdinu@nuclearelectrica.ro <mailto: vdinu@nuclearelectrica.ro>. If you revoke your consent, your information will be removed from our database. The information collected and our applications are stored in the European Union and are subject to the provisions of Regulation 679/2016.

The information we collect
We collect information about you when you send us by email or mail information such as:
Your contact information: surname, first name, email address, job information, address, telephone number and other contact information
– Surname, first name, citizenship, workplace, ID card series and number, issue and expiry date, personal identification number, serial number of cameras, memory cards, laptops and other similar tools, vehicle brand and no., necessary data for the elaboration of the accreditation file in case of on-site visits to SNN, CNE Cernavoda and FCN Pitesti.
Any other demographic information obtained during the process of accrediting or organizing a press event (either formal or informal) such as gender, information about your citizenship, medical or health-related sent information.
SNN Recommendations
The information you submit should not contain data from the special categories indicated by the GDPR regarding:
1. Racial or ethnic origin;
2. Political, philosophical or religious beliefs;
4. Membership in a trade union or political party;
5. History of offenses, criminal proceedings, sanctions and/or fines;
6. Any national personal identification number.
Should you provide any or all of the information mentioned in this section via mail, you will be held entirely responsible for the associated risks, as SNN shall have no obligation or liability in this respect, since SNN does not process any data indicated in this section of recommendations.

Use of collected information
Your information will be used by SNN to carry out the communication process both under Law 544/2001 and for the purpose of organizing technical on-site visits at SNN, CNE Cernavoda and FCN Pitesti.
To draw up and/or send the requested information according to the legislation in force.
To build the accredited journalists database, SNN will collect, process and store your information.
Who can access your information?
SNN restricts the access to the personal information that you provide strictly to the personnel employed and specialized in managing the communication process and, in accordance with internal procedures, to the executive and non-executive management of SNN.
SNN may be required to disclose your information to third parties such as
local authorities, courts and tribunals, regulatory bodies and/or law enforcement or national security defense (as appropriate) bodies/authorities, to comply with applicable laws and regulations or in response to a legal procedure.

Minors
SNN does not deliberately collect information about minors.

How long will we keep your personal data?
To manage the communication flow, SNN will store your data for unlimited time in the database related to the communication process, while the data related to on-site visits will be stored for a period of one year and then deleted. Personal data collected to fulfill our obligations under Law 544/2001 will be stored for a period of 5 years.
We will not store personal data for periods longer than necessary for the purpose for which we have kept it or to comply with a statutory law or requirement.

SNN website is using cookies. The following explanations are designed to provide information related to the cookies management on SNN website when you browse our website.

The term “cookie” means cookie modules and similar technologies used to automatically acquire data.

An “Internet Cookie” (term also known as “browser cookie” or “HTTP cookie” or “cookie”) is a small size file, composed of letters and digits, which will be stored on the PC, mobile terminal or other equipment of one user and that are used to access the internet.

Cookies are set up based on a request sent by a web-server to a browser (for instance: Internet Explorer, Firefox, and Chrome). Once set-up, cookies have a predetermined life cycle, remaining “passive” in the sense that they do not include software, viruses or spyware and will not access the information stored on the hard-drive of the user on whose equipment they were installed.

Cookies used by SNN website are designed to provide the users of this webpage with a better browsing experience for each user to:

• improve the use of this webpage, including by identifying any errors which occur during the viewing/use of the page by the users;

• provide anonymous statistics related to the way this webpage is used by SNN as owner of the page;

• determine the language used to view the webpage;

 

Based on the feedback sent by the cookies with regard to the way this webpage is being used, SNN may implement actions for a better efficiency and accessibility of the webpage.

As such, the use of cookies shall enable the storage of certain settings/preferences established by this webpage users, like: frequency of access, pages viewed, search engine used to aces this website, most of the cookies being WordPress specific (this being the platform where SNN website was created). SNN website does not use advertising cookies.

List of cookies used by SNN website:

_ga 

used by Google Analytics to distinguish between users and other metadata.  Validity term: 2 years

_gat

Used by Google Analytics to regulate the number of requests. Validity term: 1 minute

__gid 

used by Google Analytics to identify users and other metadata.  Validity term of 24 hours

PHPSESSID

Used by PHP to initiate a session 

_drip_client_6994213

Persistent cookie with average validity term of 730 days.

_icl_current_language.

Cookie used by Multilanguage plugin of WordPress to store the language used by the user on this website

_mcnc

Cookie used by the website’s micro caching module

wordpress_test_cookie

Test cookie initialized by wordpress to test http protocol

wp-settings-1

Initialized by WordPress for settings

wp-settings-time-1

Initialized by WordPress for hour and time zone settings

SNN website cookies have a validity term which depends on the purpose of each cookie:

• Session cookies – A “session cookie” is a cookie being automatically deleted when you close the browser.

• Persistent of fixed cookies – A “persistent cookie” or “fixed cookie” is one being stored on your terminal until it reaches a certain expiry date.

SNN website accessing involves your agreement for cookie installation on your PC.

Deactivation and refusal to receive cookies may render this webpage difficult to view, generating restrictions related to the possibilities of its use.

Users are able to configure their browser to reject cookie files or to accept cookie files form a certain webpage. All current browsers are providing the possibility to change cookie settings.  Usually, these settings may be accessed under “options” domain or in “preferences” menu of the browser.

 

The only persons authorized to access the data specified in this Policy are those who require such data to perform their professional activity. Data shall not be distributed unofficially neither within the organization nor outside the organization. When access to personal data is required, the employee may request the approval of such access to their hierarchic managers.

SNN SA shall ensure training for all employees in order to assist them in understanding their responsibilities related to the personal data management. Employees shall keep all data secures, taking all technical and/or organizational actions for the data protection.

Data shall be regularly reviewed and updated when it is found that these are obsolete/outdated. When no longer required, such data shall be deleted or eliminated.

 

When data are stored on conventional support, these shall be kept in a secured location where unauthorized persons cannot view and/or access them.

When data are stored on electronic format, these shall be protected against unauthorized access, accidental deletion and hacking attempts:

• Data shall be protected by strong passwords which must be changed regularly and kept secret.

• If data are stored on portable support (like CD or DVD), these shall be kept locked and adequately secured when not in use.

• Data shall be stored only on designated units and servers and shall be uploaded only by authorized persons (including persons with access rights/approvals).

• Personal data servers shall be installed in a secure location, separately/away from the general office space.

• Backups shall be executed frequently for the data. These backups shall be regularly tested, according to the standard procedures for valid backup execution at company level.

• Data shall not be saved directly on laptops or other portable devices, like tablets or smartphones.

• All Servers and PCs with data shall be protected by approved security software and firewall.

 

1. Right to information: the right to receive information related to personal data processing operations executed by SNN. Compliance of SNN with this right shall be achieved based on this notice;

2. Right to access: the right to obtain from SNN a confirmation whether SNN is processing or not his/her personal data and if yes, the right of access to such data and the right to receive information about the data processing procedures;

3. The right to revoke consent: the right to withdraw, at any time, the consent for personal data processing.

4. The right to rectify: the right to obtain from SNN, without unjustified delays, the rectification of inaccurate data related to you or supplementation of incomplete personal data;

5. The right to delete data: the right to obtain from SNN, without unjustified delays, the deletion of personal data related to you, when any of the following events, specified in regulation GDPR, occurs:

– personal data are no longer required to fulfil the purposes they were collected or processed for by SNN;

– you revoke your consent for data processing related to the above mentioned purposes;

– personal data were illegally processed by SNN;

– personal data must be deleted to comply with a legal obligation imposed on SNN.

6. The right to restrict processing: the right to obtain from SNN a limitation of personal data processing in any of the following situations specified by regulation GDPR:

– you challenge the accuracy of data processed by SNN. Processing shall be restricted for a time frame which enables SNN to verify the accuracy of relevant data;

– personal data processing by SNN is illegal and you do not want the deletion of such personal data but a limitation of their use by SNN;

– SNN no longer requires your personal data and you are asking this limitation for the purpose of establishing, exercising or protecting a right in a court of law or through an administrative procedure;

7. The right to data portability: the right to receive from SNN the personal data provided in your candidate file and which were supplied by SNN in a structured format, regularly used and which can be automatically read, as well as the right to send these data to another data operator when the technical means enables this operation. You enjoy this right only when processing is based on your consent or when processing is performed using automatic means. SNN shall not be entitled to send your candidate file to other companies or own branches, being your responsibility to apply for each desired job.

8. The right to oppose: the right to oppose, due to reasons related to your particular circumstances, the processing performed by SNN, based on the legal ground of your legitimate interest.

9. The right to not be subjected to a decision exclusively based on automatic processing, including the request for profiles (any automatic processing which uses your personal data to assess certain personal aspects, like automatic selection of CVs executed by a dedicated software app of ATS type – Applicant Tracking System, personal preferences, health condition, etc.) which generates legal effects and relates to the targeted person.

10. The right to submit a complaint: You shall be entitled to submit a complaint with SNN’s person in charge of personal data processing (dpo@nuclearelectrica.ro) and when you feel that your complaint is not solved, you may submit a complaint with the National Authority for Personal Data Processing Supervision (ANSPDCP) in case you wish to protect your rights and ask that your situation be remedied, as well as in case of SNN breach of personal data processing protection.

 

In order to exercise your rights, you may send a written request

(i) via email at: dpo@nuclearelectrica.ro ,

(ii) by mail/express courier at the following address: Bucharest, 65 Polona Street, District 1 or

(iii) you may hand it directly at SNN head office. After receipt of such request, SNN shall sent you a reply, for free and without unreasonable delays, within maximum 30 days as of the receipt date.

NOTIFICATION AND SHAREHOLDER’S CONSENT REGARDING THE PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH THE GENERAL DATA PROTECTION REGULATION

The undersigned NATIONAL COMPANY NUCLEARELECTRICA S.A., hereinafter referred to as “SNN”, acting as personal data controller, undertakes the processing of the Shareholder’s personal data of in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation – hereinafter referred to as “GDPR”).
In compliance with Art. 13 of GDPR, “data subject” representing the shareholders of the company are informed hereinafter about the following:

Legal aspects
– In compliance with the provisions of art. 36 of Law no. 297/2004 regarding the capital market as subsequently amended and supplemented, “all financial instruments admitted to trading on a regulated market or within an alternative trading system shall be registered in the system of the central depository providing the support for the processing of corporate events in compliance with the legal provisions, the rules issued by it and the agreements concluded with the issuers and participants to its system.”
– Under the register service agreement concluded between SNN and the Central Depository, the Central Depository is a controller in relation to the data it processes in order to provide the register services, since the data processing activity set out in the GDPR Regulation is carried out in compliance with (i) the statutory rules applicable to the activity of the Central Depository and (ii) own rules included in the Procedures, Regulations, Policies issued by the Central Depository, rules that apply regardless of the issuer’s will or its indications related to processing methods, processing purpose or personal data required for the provision of the register service.
– In compliance with other legal requirements applicable to the capital market and issuers (Law no. 31/1990, Law no. 24/2017, OUG [Emergency Government Ordinance] No. 109/2011, ASF [Financial Supervisory Authority] Regulations), SNN collects, processes and stores a series of personal data of the shareholders for purposes established autonomously (other than the shareholders’ register).

Section 1. – Processing the Shareholder’s Personal Data
The Shareholder understands and acknowledges that SNN collects, processes and stores the following personal data of the Shareholder provided either the Central Depository or the Shareholder (“Personal Data”), as the case may be, in order to protect the legitimate interest of the SNN’s Shareholder and to fulfil the legal obligations of SNN, as issuer, such as:
1.1. Personal Data: Last Name and First Name, home address, telephone, identity document number and series, date and place of birth, CNP [Personal Identification Number], IBAN, certificate of tax residence, including supporting documentation that such personal data is provided on;
1.2. Contact details: landline and/or mobile phone number, home and/or residence address, personal email address;

Section 2. – Purposes of the processing for which the personal data are intended as well as the legal basis for the processing
2.1. Data provided by the Central Depository:
SNN requests from the Central Depository and processes the Shareholder’s personal data for the following purposes:
1. In order to pay the dividends to the Shareholder. The legal basis for this processing is provided by art. 6, par. 1), let. c) GDPR, i.e.: processing is necessary for compliance with the legal obligations to which SNN is subject.
For General Personal Data, the legal basis is provided by art. 6, par. 1), let. c) GDPR: processing is necessary for compliance with the legal obligations to which SNN is subject.
2. In order to exercise the right to vote in the General Meetings of Shareholders of SNN, the processing is necessary for exercising the rights acquired as a result of holding a number of shares issued by SNN at the reference date according to the shareholders’ register issued by Depozitarul Central S.A. The legal basis for this processing is provided by art. 6, par. 1), let. c) GDPR, i.e.: processing is necessary for compliance with the legal obligations to which SNN is subject.
3. In order to submit SNN accounting documents to public institutions and to perform the necessary payments in the name of the Shareholder (e.g. dividend tax), in order to comply with the legal obligations to which SNN is subject. The legal basis for this processing is provided by art. 6, par. 1), lit. c) GDPR, i.e.: processing is necessary for compliance with the legal obligations to which SNN is subject to under the applicable tax legislation.
4. In order to elaborate certain reports for administrative purposes. The legal basis for this processing is provided by art. 6, par. 1), let. f) GDPR, i.e.: the legitimate interests pursued by SNN for complying with the reporting requirements related to certain information on the activity of SNN.
5. For the purpose of controlling the Shareholder’s access to SNN’s headquarters/secondary offices, as well as trade secret documents subject to approval in the GMS, which may be disclosed to shareholders only to the extent that they can prove the capacity of shareholder at a certain date. The legal basis for this processing is provided by art. 6 par. 1), let. f) GDPR, i.e.: the legitimate interests pursued by SNN for checking the access to SNN’s headquarters/secondary offices.

2.2. Data provided directly by shareholders:
SNN requests from the shareholders and processes their personal data for the following purposes:
The Certificate of tax residence, submitted by shareholders wishing to apply the more favorable provisions of the Double Taxation Convention concluded between Romania and their country of residence, in order to establish the dividend tax due. The legal basis for this processing is provided by art. 6, par. 1), let. c) GDPR, i.e.: processing is necessary for compliance with the legal obligations to which SNN is subject. 2. Correspondence ballots/ Special/General Powers of Attorney for shareholders for General Meetings of Shareholders, with the purpose of facilitating voting. Correspondence ballots/ Special/General Powers of Attorney for shareholders shall be submitted by the shareholders based on the consent for the processing of personal data, in compliance with the provisions of this policy and their transmission represents the implicit agreement for processing for the purpose of establishing the vote within the GMS.
3. The Confirmation of Company Details, in original or a true certified copy, issued by the Trade Register or any other document, in original or in a true certified copy, issued by a competent authority of the State in which the shareholder is legally registered, certifying the existence of the legal entity and the name/capacity of legal representative, not older than 3 months in relation to the date of publication of the convocation of the general meeting, allowing their identification in the SNN shareholders’ register kept by SC Depozitarul Central S.A. The legal basis for this processing is provided by art. 6, par. 1), let. c) GDPR, i.e.: processing is necessary for compliance with the legal obligations to which SNN is subject.
4. Contact details such as e-mail address, phone number, including localization data by means of the internet connection (IP address) for the SNN database, in order to send invitations to corporate events, such as meetings with shareholders for the presentation of financial results, arrangement of teleconferences in line with the corporate governance standards adopted by the company.
For the purposes referred to under point 2.2 above, the Shareholder’s refusal to provide SNN with the personal data for its autonomous purposes results in SNN being unable to comply with the legal obligations to which SNN is subject under the applicable law, including the payment of dividends to the Shareholder (certificates of residence), organizing the GMS and validating the voting within the GMS (by guaranteeing equal rights to all shareholders in order for them to vote) and organizing conferences/teleconferences in line with the corporate governance code adopted by SNN.

Section 3. – Transfer of Shareholder’s Personal Data
As part of the processing operations performed for the purposes referred to in Section 2 above, the Shareholder’s Personal Data shall be transferred to the following third parties, as follows:
3.1 – To the service providers used by SNN, as follows:
(a) banking institutions for the payment of monetary entitlements, through bank transfer;
(b) courier service providers that SNN is collaborating with, only when there is a need to send documents involving the Shareholder and only the minimum Personal Data necessary to perform the delivery services (last name, first name, telephone, address);
(c) external advisers (agents) that SNN is collaborating with on issues related to capital increases/decreases in line with its legal obligations;
(d) providers providing physical protection of the SNN’s headquarters or other secondary offices.
3.2. – To authorities, as follows:
a) The National Agency for Fiscal Administration, for filing the various accounting documents in compliance with the applicable legal provisions;
b) Other public authorities for fulfilling other legal obligations to which SNN is subject.
The list of SNN providers mentioned above having access, storing and/or processing in any other way the Shareholder’s personal data is available in hardcopy and electronic format in each SNN location. The list is updated periodically whenever changes occur in the collaboration of SNN with suppliers and shall be available in hardcopy or electronic format at each SNN location, upon each moment of change.
All data transfers referred to above are carried out with the observance by the SNN of the principles regarding the processing of personal data, in particular the principle of minimizing personal data – SNN transmits to third parties all personal data that are strictly necessary for the fulfillment of the purposes mentioned.
c) Partner or affiliated organizations in the European Union
For the purpose of improving the actions of conferences, visits etc.
d) Partner or affiliated organizations outside the European Union
For the purpose of improving the actions of conferences, visits etc.
SNN shall transfer personal data only to third parties that:
– present adequate safeguards (art. 46), or
– adhere to approved codes of conduct (art. 40),
– adopt / adhere to mandatory corporate rules (art. 47),
– have obtained certifications / adhere to an approved certification mechanism (art. 42), and
– have implemented technical and organizational measures.

Section 4 – Storage Duration of Personal Data
The data referred to under point 2.1., obtained from the Central Depository, as well as data received directly from the shareholders, are stored for an indefinite period in order to fulfill the legal obligations of SNN, including the protection of shareholders’ rights, as well as for the purpose of accounting records and investor relationship.

Section 5 – Shareholder’s Rights regarding the Protection of Personal Data
We hereby inform you that any changes to personal data in the shareholders’ register (changes of name, address etc.) shall only be made by the Depozitarul Central S.A. at the request of the shareholder/authorized person. The shareholders’ rights exercised in relation to the data recorded in the shareholders’ register (point 2.1 above) may only be exercised in relation to the Central Depository.
In relation to SNN, the Shareholder has the following rights regarding the protection of Personal Data provided directly to the Company for the autonomous purposes referred to under point 2.2.
5.1. Right to information: the Shareholder’s right to receive information related to personal data processing operations executed by SNN. Compliance of SNN with this right shall be achieved based on this notice;
5.2. Right to access: the Shareholder’s right to obtain from SNN a confirmation whether SNN is processing or not his/her personal data and if yes, the right of access to such data and the right to receive information about the data processing procedures;
5.3. Right to rectification: the Shareholder’s right to obtain from SNN, without unjustified delays, the rectification of inaccurate data related to him/her or supplementation of incomplete personal data;
5.4. Right to delete data: the Shareholder’s right to obtain from SNN, without unjustified delays, the deletion of personal data related to him/her, when any of the following events, specified in GDPR, occurs:
– personal data are no longer required to fulfil the purposes they were collected or processed for by SNN;
– The Shareholder may also object to the processing carried out for the purposes referred to under point 2.2 above, but only if the SNN has no overriding legitimate interests and legitimate grounds for the processing;
– Shareholder’s personal data were illegally processed by SNN;
– personal data must be deleted to comply with a legal obligation imposed on SNN.
5.5. Right to restriction of processing: the Shareholder’s right to obtain from SNN a limitation of personal data processing in any of the following situations specified by GDPR:
– The Shareholder challenges the accuracy of data processed by SNN. Processing shall be restricted for a time frame which enables SNN to verify the accuracy of relevant data;
– Personal Data processing by SNN is illegal and the Shareholders does not want the deletion of such Personal Data but a limitation of their use by SNN;
– SNN no longer requires the Personal Data, but they are required by the Shareholder for the establishment, exercise or defense of legal claims;
– The Shareholder objects to the processing in compliance with point 5.7 below. In this situation, the processing shall be restricted pending the verification whether the legitimate grounds of SNN override those of the Shareholder.
In the event that the Shareholder has obtained restriction of processing, the Shareholder shall be informed by the SNN before the restriction of processing is lifted.
5.6. Right to data portability: the Shareholder’s right to receive from SNN the personal data concerning him/her and which he/she provided to SNN, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller, when the technical means allow this. The Shareholder has this right only if the data were obtained from the Shareholder, the processing is based on the Shareholder’s consent or when the processing is carried out by automated means.
5.7. Right to object: the Shareholder’s right to object, on grounds relating to his or her particular situation, to processing carried out by SNN having as legal basis the legitimate interest of the latter.
When the Shareholder object to such processing, SNN shall no longer process the personal data unless SNN demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Shareholder or that the purpose is the establishment, exercise or defence of legal claims by SNN.
5.8. The Shareholder’s right to not be subjected to a decision exclusively based on automatic processing, including profiling (any automatic processing which uses personal data to assess certain personal aspects of the Shareholder, such as performance of the job, personal preferences, health etc.), which produces legal effects concerning the Shareholder or similarly significantly affecting him or her.
5.9. The Shareholder’s right to lodge a complaint The Shareholder shall be entitled to lodge a complaint with SNN’s personal data protection officer at the e-mail address (dpo@nuclearelectrica.ro) and, subsequently, in case of an unfavorable settlement, with the National Supervisory Authority for Personal Data Processing (ANSPDCP) should it want to defend its rights and to request the remedy of its situation, in case of a breach of the protection of Personal Data processing by SNN.
In order to exercise the above-mentioned rights, the Shareholder may send a written request (i) via e-mail to the address: office@nuclearelectrica.ro, (ii) by mail/express courier at the following address: Bucharest, Polona Street no. 65, District 1 or (iii) you may hand it directly at SNN seat. After receipt of such request, SNN shall sent the Shareholder a reply, for free and without unreasonable delays, within maximum 30 days as of the date of receiving the Shareholder’s request.

Section 6 – Other information
SNN shall implement reasonable and appropriate technical and organizational measures in order to protect the Shareholder’s Personal Data against loss, misuse or unauthorized access, transfer, alteration or destruction of personal data, and shall also keep the confidentiality of any Personal Data received from the Shareholder under the conditions mentioned in this notification.
For any questions, requests for clarification, uncertainties related to the information included in this notification, the Shareholder may address the Data Protection Officer appointed by SNN, any time, having the following contact details: E-mail: dpo@nuclearelectrica.ro

X