PCF Group S.A. acts as the data controller for the personal information of its shareholders, agents, and representatives, primarily sourced from the National Securities Depository.
See it on page 1Data processing is strictly limited to fulfilling legal obligations under Polish corporate law, public offering statutes, and EU GDPR, including the management of general meetings and shareholder records.
See it on page 1Personal data is retained for the duration of the shareholder's status, with potential extensions for legal claims or mandatory accounting requirements.
See it on page 2Video surveillance footage recorded at company premises is subject to a strict retention limit of no more than three months.
See it on page 2Data may be shared with authorized third-party service providers, such as cloud or telecommunication firms, with transfers outside the EEA restricted to those covered by European Commission-approved contractual safeguards.
See it on page 1Shareholders have the right to access, rectify, erase, or restrict their data, though providing this information is a mandatory prerequisite for participating in general meetings or receiving corporate communications.
See it on page 1PCF Group S.A. does not utilize automated decision-making or profiling processes regarding the personal data of its shareholders.
See it on page 1The notice explains that PCF Group S.A., headquartered in Warsaw, is the data controller for personal information of its shareholders, their agents and representatives. Data are sourced from the National Securities Depository or directly supplied by shareholders to verify ownership, share quantity, voting rights and representation. Processing activities cover the preparation of shareholder lists for general meetings, attendance records, agent authorisations, and other legal obligations under Polish corporate law, public offering statutes, and EU GDPR. The company may also use contact details for communication and employ video surveillance within its premises, with recorded footage retained no longer than three months.
Recipients of the data include other shareholders and authorised parties under legal provisions, as well as service providers assisting business processes such as cloud or telecommunication services. Transfers outside the European Economic Area are permitted only under contractual safeguards, such as standardised data‑processing agreements approved by the European Commission.
Personal data are retained for the duration of shareholder status, extended if necessary to pursue or defend legal claims, and thereafter only as required by accounting regulations. Shareholders and their agents retain rights to access, rectify, erase or restrict processing, object to lawful interest‑based processing, and lodge complaints with the Polish Data Protection Authority. Providing personal data is voluntary but essential for participation in general meetings or to receive corporate communications; failure to provide required information will preclude such engagement. No automated decision‑making or profiling is applied to the data set.