General information

KBC Group NV, Havenlaan 2, 1080 Sint-Jans-Molenbeek, Belgium, VAT BE 0403.227.515, RLP Brussels, www.kbc.com (referred to hereinafter as ‘KBC’) is the data controller of your personal data for the purposes of organising its General Meetings. Please read this Data Protection Statement carefully, because it contains essential information about how KBC processes your personal data. It also contains more information about your privacy rights and how you can exercise them.

KBC’s aim is to process personal data in a manner that is lawful, fair and transparent. This Data Protection Statement provides more information on which personal data KBC collects and processes. Whenever KBC uses the term ‘data’ in this Data Protection Statement, this refers to your data as a shareholder or shareholder’s representative. Regardless of the capacity in which you act, your rights are the same and KBC will treat your data with equal care.

Personal data

1. How does KBC obtain personal data?
KBC receives personal data because you or your financial intermediary has provided certain data in the context of the General Meetings.

2. Which personal data does KBC collect?

• Category 1: your identification details
• Category 2: financial data such as the number of KBC shares with which you wish to participate in the General Meetings, your account number, etc.
  
• Category 3: your contact details such as your address, e-mail address, etc.
  

3. Purposes and legal ground for data processing
KBC processes your personal data for the following purposes: for the organisation of the General Meetings, to facilitate remote participation using an electronic means of communication, and for the analysis and management of the attendance and voting procedures. KBC invokes as a legal ground for data processing a legal requirement it is subject to, in particular the organisation of the General Meetings.

4. Duration of data processing
KBC uses your personal data for the purpose described above, following which your personal data is erased. In principle, KBC considers a retention period of one year necessary and sufficient for the fulfilment of the predefined purpose for which your personal data is processed.

Your rights

When KBC processes your personal data, you have certain rights:

• Right of access and right to inspect: you have the right to know what personal data we hold on you at any time, and also how KBC uses your personal data.
• Right to rectification, erasure and restriction: It is possible that certain data KBC holds on you is not (or no longer) accurate. You can ask for the data to be corrected or completed at any time. You can ask us to erase your personal data at any time. If KBC no longer has an overriding ground for processing your personal data, KBC will erase it.
• Right to object: You also have a right to object to the processing of your personal data that is based on the justified interests of KBC.
• Right to free data transfer: You have the right to obtain your personal data as processed by KBC in a structured, usual and machine-readable form and/or to transfer your personal data to another data controller. 

Please be as specific as possible when you exercise your rights. KBC can only properly answer queries for which sufficient detail is provided. To exercise your rights, you can contact the ‘Data Protection Officer’ at KBC by writing a letter to KBC Group NV, Group Data Protection Unit (Group Compliance), Havenlaan 2, 1080 Brussels, Belgium, or sending an e-mail to dataprotection@kbc.be.
KBC will need to be able to verify your identity in case someone else tries to exercise your rights. KBC may therefore ask for a copy of your identity card when you make such a request.

If you would like more information or if you do not agree with KBC’s point of view, you also have the right to submit a complaint to the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) at: Drukpersstraat 35, 1000 Brussels, Belgium (Tel: +32 (0)2 274 48 00 Fax: +32 (0)2 274 48 35 E-mail: contact@apd-gba.be)

Security and confidentiality

In order to be able to process your personal data, KBC grants access to your data to its employees. KBC ensures that strict rules are followed and that the employees concerned:

• Only have access to the data they need in order to perform their tasks;
• Are obliged at all times to treat personal data discreetly, securely and confidentially and only to use the data for the performance of their tasks.

KBC takes internal technical and organisational measures to prevent personal data finding its way into the hands of, or being processed by, unauthorised parties or being accidentally altered or deleted.

Disclosure of information to third parties

KBC will not sell, lease, distribute or make your personal data commercially available to third parties in any other way without your prior consent.
In rare cases KBC may be required to disclose your personal data to third parties pursuant to a court order or in order to comply with other mandatory legislation or regulations. KBC will make reasonable efforts to inform you of this in advance, except in cases where the law imposes restrictions.

Support by third parties

KBC may make use of processors for the processing of personal data. These are companies which are permitted to process personal data on contract from KBC, such as external service providers that KBC uses in the context of the aforementioned purposes, such as:

• ICT and/or ICT security service providers
• Companies specialising in providing support for virtual meetings
• Printers for printing and addressing
• Translators and translation agencies

In addition to using processors for data processing, KBC may use other service providers or third parties, such as lawyers or notaries, who themselves are data controllers.

Amendments

KBC may amend this Data Protection Statement at any time. The most recent version can always be found at www.kbc.be/en/privacy. In order to keep you informed of the most recent amendments to the Data Protection Statement, KBC will update the revision date each time it is changed. The amended Data Protection Statement is valid on that date. KBC will inform you in advance of any important substantive amendments. You can also find more information about the Belgian Data Protection Act in general on the website of the Belgian Data Protection Authority, at www.dataprotectionauthority.be.