General.

We view protecting your privacy as a matter of the utmost importance. We would like to keep you informed as best as possible, respect you and give you control over what happens to your personal information. Set out below you will find information about what data we collect, why we do so, how long we keep it, what your privacy rights are and how you can exercise these rights.

Data controller.

Telenet Group Holding SA/NV, with its registered office at Neerveldstraat 105, 1200 Sint-Lambr/echts-Woluwe and registered at the Crossroads Bank for Enterprises (CBE) under 0477.702.333 (hereinafter referred to as “Telenet”) is the data controller of your personal data. This means that Telenet determines the objectives and resources used to process your personal information.

1) Who is protected by this privacy policy?

 This privacy policy applies to (future and former) shareholders of and/or investors in Telenet and their proxy holders and/or representatives.

2) What personal data does Telenet process?

Telenet only processes those personal data that are required for the purposes as described in point 3. This includes the following personal data:

• Identification of data (name, date of birth, copy of identity card, national registration number, nationality, title and job title);
• Contact details (address, e-mail address);
• Financial details (bank account number, identification of the bank - only for distributions to registered shareholders);
• Information regarding the shares held (e.g. number and type of shares);
• Voting instructions (in case of power of attorney or postal voting) and/or voting behavior; and the above information with regard to represented companies that are (future or former) shareholders and/or investors of/in Telenet.

This personal data can be supplied to Telenet directly by the shareholders and/or proxy holders for shareholders, or can be obtained through a third party - where this third party collects and/or processes personal details on behalf of Telenet.

3) What are the purposes for processing personal data?

Telenet always processes the personal data for a specific, legitimate purpose and will always limit the processing of personal data to what is strictly necessary to achieve that purpose. More specifically, Telenet will process personal data for one of the following purposes:

• Preparation and management of the attendance and voting procedures for shareholders' meetings;
• The analysis of Telenet's shareholding and investor base;
• Keeping a register of shareholders;
• The payment of dividends and other distributions to shareholders;
• Marketing activities towards (future or former) shareholders, including roadshows and presentations to potential investors.

4) What is the lawful basis for the processing of personal data?

Telenet processes these personal data on the basis of:

• a legal obligation, following the applicable provisions of the Company Code, accounting obligations, as well as anti-money laundering obligations.    

• Telenet’s legitimate interest – to the extent that this is not overriden by the interests or fundamental rights and freedoms of the shareholder.
  • For fraud prevention
  • Aligning Telenet's investor relations activities with those of the investor base.

5) With whom is your personal data shared?

The personal data may be shared with third parties. These parties shall only process personal data for one of the aforementioned purposes and always on the express instruction of Telenet.

In the context of distributions to shareholders, for example, a paying agent is used, which processes bank details on behalf of Telenet in order to process payments.

In addition, personal data is shared with ABN AMRO Bank N.V. This party processes personal data for the following purposes:

• Preparation and management of the attendance and voting procedures for shareholders' meetings.
• The analysis of the composition of the shareholder base of the participating investor base.

ABN AMRO keeps this personal information for a maximum period of 7 years.
Also, it is possible that Telenet is asked to share your personal data with any regulators, police or public prosecutors in the context of their investigations, such as the FSMA (Financial Services and Market Authority).  

6) Location of the processing of personal data

Telenet does not process any personal data outside the European Economic Area. If Telenet makes use of third party processors, it ensures that - to the extent that these processors process personal data outside the EEA – every transfer of personal data is supported by appropriate safeguards, such as the signing of the model clauses issued by the European Commission, or the signing of Binding Corporate Rules.

7) How long are these personal data stored?

Personal data will be kept only for as long as is necessary for the purposes for which it was collected.

The retention periods will depend on several factors. Indeed – to the extent that the law provides for a retention period – the statutory period will be followed. Telenet will, for example, keep the accounts and all documents for a period of seven years, in accordance with Article 60 § 4 of the VAT Code. In addition, the retention period may depend on the statutory limitation periods for civil and/or criminal claims – being, for example, five years in accordance with Article 198 of the Company Law Code.

Once the retention periods have expired, the personal data concerned will be anonymised or destroyed. In addition, personal data that no longer need to be processed will be archived separately.

8) How do we protect your personal data?

The personal data of shareholders or authorised representatives of shareholders is protected to the same level and by the same procedures as the security provided for personal data of residential and professional customers. This means that Telenet takes appropriate technical and organisational measures, taking into account the risk that applies to the processing of the latter personal data. For example, Telenet's security requirements, management standards and information security policy are fully aligned with the international ISO27002 standard. Telenet also employs specialised persons who are responsible for the security of the network, infrastructure and information systems. In addition, Telenet uses a variety of technical measures to protect personal data against unauthorized access, unauthorized use and loss or theft of personal data, such as: password protection, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection and access controls for Telenet employees. In the event of a data leak with adverse consequences for personal data, the persons concerned will be notified personally in the circumstances provided for by the law.

The number of Telenet employees who have access to the relevant personal data is limited and the employees entitled to it are carefully selected. They shall be granted access to personal data only to the extent necessary for the proper performance of their tasks.

9) What are your privacy rights are and how can you exercise them?

Overview of your privacy rights

• Your right of access

You are entitled to find out from Telenet at any time whether or not we process your personal information, and if we do process it to have access to this data and to receive additional information about:

• the purposes of the data processing;
• the categories of personal information involved;
• the recipients or categories or recipients (in particular, recipients in third-party countries);
• if possible, the retention period or, if that is not possible, the criteria to determine this period;
• the existence of your privacy rights;
• the right to submit a complaint to the supervisory authority;
• the information that we have at our disposal about the source of the data if we obtain personal information via a third party; and
• the existence of automated decision making.

You are also entitled to receive a free copy of the data being processed, in some intelligible form. Telenet can request a reasonable payment for covering its administrative costs for any additional copy that you request.

• Your right to update personal information

You are entitled to have incomplete, incorrect, inappropriate or out-of-date personal information corrected without delay.

• Your right to the erasure of your data (the ‘right to be forgotten’)

You are entitled to have your personal information deleted in the following instances, and without any reasonable delay:

• your personal information is no longer needed for the purposes for which they were collected or have otherwise been processed by Telenet;
• you withdraw your prior consent to the processing of data and there is no other legal basis that Telenet can invoke for (continued) processing thereof;
• you object to the processing of your personal information and there are no preeminent, legitimate grounds for (continued) processing of data by Telenet;
• your personal information is being processed unlawfully;
• your personal information needs to be deleted to meet a statutory obligation;

Please note, however, that Telenet cannot always delete all requested personal data, for example if their processing is necessary for the institution, exercise or substantiation of a legal claim or for the operation of Telenet as a company in accordance with the Belgian Company Code. We will inform the person concerned of this in more detail in our response to a request.

• Your right to restrict the processing of data

You are entitled to obtain a restriction on the processing of your personal information if one of the following elements applies:

• you contest the accuracy of this personal information: its use is restricted for a period, which enables Telenet to check the accuracy of the data;
• the processing of your personal information is unlawful: rather than deleting your data, you request its use to be restricted;
• Telenet no longer requires your data for its original data processing purposes, but you need it for instituting, exercising or substantiating a legal claim: rather than deleting your data, its use is restricted to instituting, exercising or substantiating the legal claim;
• while a decision has not yet been made about exercising your right to object against the processing of your data, you request that the use of your personal information be restricted.

• Your right to the portability of personal information (‘data portability’)

You are entitled to ‘recover’ your personal information, for example to be able to change service provider more easily. This is only possible in respect of the personal information, which you yourself have provided to Telenet, based on consent or pursuant to an agreement. In all other cases, therefore, you may not enjoy this right (for example, if the processing of your data is based upon a statutory obligation).

There are 2 aspects associated with this right:

• you can invite Telenet to recover the personal information in question in a structured, current and machine-readable format; and
• you can request that Telenet directly pass on the personal information in question to another data controller. In so doing, you yourself are responsible for the accuracy and security of the (e-mail) address, which you specify for the transfer. Telenet is entitled to refuse to do this if the transfer is not technically feasible.

• Your right to object against the processing of your personal information

You are entitled to lodge an objection against the processing of your personal information on grounds of your special situation if processing it is in line with Telenet's legitimate interests or in line with general interests. Telenet will discontinue the processing of your personal information unless Telenet is able to demonstrate compelling and legitimate grounds for processing it, which override your grounds or if the processing of personal information is associated with the instituting, exercising or substantiating of a legal claim (for example, submitting an appeal to a court of justice).

In practice.

How do I exercise my privacy rights? By contacting privacy@telenetgroup.be. In order to exercise your right of access and to prevent any unauthorised disclosure of your personal data, we must verify your identity. In case of doubt or lack of clarity, we will first ask you for additional information (preferably a copy of the front of your identity card). In order to be able to help you smoothly, Telenet requests that you always mention your capacity as a shareholder when exercising your rights.

Are there costs associated with this? You can exercise your privacy rights free of charge unless your request is manifestly unfounded or disproportionate, in particular due to its repetitive nature. In such a case - in accordance with the privacy legislation - we have the right and choice (i) to charge you a reasonable fee (in which case the administrative costs are taken into account to provide the requested information or communication and the costs, which are associated with taking the requested measures), or (ii) to refuse to follow up your request.

When will I receive an answer? We will respond as quickly as possible to your request, and in any case within one month of receipt of your request. Depending on the complexity of the requests and the number of requests, this period may be extended for a further two months, if required. In case of an extension of the period, we will notify you of this within one month of receipt of the request.

What if Telenet does not follow up my request? We will in each case inform you in our response about the option of submitting a complaint to a supervisory authority and lodging an appeal to the court.

10) Cookie policy

For the use of cookies, please refer to point 11 of the general Telenet Privacy Policy. This is available at www.telenet.be/privacy.

11) Contact Telenet

For more information about this privacy policy or for complaints about the processing of your personal data, please contact the Data Protection Officer of Telenet at privacy@telenetgroup.be

12) Escalation to the supervisory authority

In case of complaints in connection with the processing of your personal information by Telenet, you can contact the Data Protection Authority, Drukpersstraat 35, 1000 br/ussels, Belgium / +32 (0)2 274 48 00 / contact@apd-gba.be  / www.gegevensbeschermingsautoriteit.be.