You may also be interested

Privacy Policy for STAK X5 Retail Group and X5 Retail Group N.V.

Effective Date: 26 September 2024

This Privacy Policy describes how STAK X5 Retail Group (“STAK”) and X5 Retail Group N.V. (“X5”) collect, use, share, and protect the personal data of Depositary Receipt (“DR”) holders in compliance with the General Data Protection Regulation[1] (“GDPR”).

STAK and X5 are committed to protecting your privacy and ensuring that your personal data is handled in compliance with GDPR.

[1] Regulation (EU) 2016/679

1. Data Controller Information

For the purposes of GDPR, STAK and X5 act as joint data controllers with respect to the personal data provided by DR holders, such as in the context of the Declaration Form and accompanying documents.

  • STAK X5 Retail Group N.V.
    Address: Zuidplein 196, 1077 XV Amsterdam, The Netherlands
    Email: stak@x5.com
  • X5 Retail Group N.V. 
    Address: Zuidplein 196, 1077 XV Amsterdam, The Netherlands
    Email: info@x5.com

2. What Personal Data We Collect

We may collect the following types of personal data from DR holders and other relevant parties:

  • Identification Data: Full name, date of birth, nationality.
  • Contact Information: Address, email address, phone number.
  • Verification Documents: Passport copies, ID documents, proof of address.
  • Financial Information: Details of DR holdings, account information, holding statements.
  • Communication Records: Emails, correspondence with STAK or X5.

3. How We Collect Your Data

We collect personal data directly from you in the following ways:

  • When you complete and submit the Declaration Form.
  • When you send us copies of passports or other identification documents.
  • When you provide holding statements or other supporting documents.
  • When you correspond with us via email or other communication channels.

4. Purpose of Processing Personal Data

We collect and process personal data for the following purposes:

  • Legal Compliance: To comply with legal obligations under corporate, securities, and tax laws.
  • Verification: To verify the identity and DR holdings of individuals submitting Declaration Forms.
  • Register Maintenance: To maintain an accurate and up-to-date register of DR holders.
  • Communication: To communicate with DR holders regarding their holdings, corporate actions, or relevant updates.
  • Voting and Corporate Governance: To facilitate the exercise of voting rights and other shareholder matters.

5. Legal Basis for Processing

Our legal basis for collecting and processing personal data under GDPR includes:

  • Legal Obligation: Compliance with obligations under applicable laws and regulations.
  • Legitimate Interests: Processing is necessary for the legitimate interests pursued by STAK or X5, such as maintaining accurate records and facilitating shareholder communications.
  • Consent: Where applicable, we may seek your consent for specific processing activities (e.g., sharing personal data with third parties).

6. How We Share Your Data

We may share your personal data with the following third parties:

  • Service Providers: We may share personal data with third-party service providers, such as entities involved in maintaining shareholder records or providing administrative support.
  • Regulatory Authorities: We may disclose personal data if required by law or in response to lawful requests from regulatory authorities.
  • Successor Organizations: In case of a corporate restructuring, transfer, or other organizational change, personal data may be transferred to the successor organization.

In each case, we will ensure that these third parties are bound by appropriate data protection obligations and will only process personal data in accordance with applicable law.

7. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, or accounting requirements. Typically, personal data will be retained:

  • For Legal Purposes: As long as you hold DRs, and for a period following the termination of your DR holding as required by law.
  • For Communications and Support: For the duration of any active inquiries or ongoing communications with STAK or X5.

We securely delete or anonymize data when it is no longer required.

8. Your Rights as a Data Subject

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to obtain a copy of the data we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where processing was based on your consent and you withdraw that consent.
  • Right to Object: You may object to our processing of your personal data based on legitimate interests, or request restriction of processing in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another data controller, where technically feasible.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the contact details provided in Section 1.

9. Security of Your Data

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, accidental loss, destruction, or damage. These measures include access controls: restricted access to personal data based on role and necessity.

However, no data transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Data Transfers Outside the EEA

We may transfer your personal data to recipients located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place to protect your personal data in compliance with GDPR.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on our website, and where necessary, notified to you directly.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, or if you wish to exercise your rights under GDPR, please contact us using the details provided in Section 1.

This website uses cookies. By continuing to use this site, you agree to our use of cookies to deliver a better user experience

Learn more