PRIVACY POLICY ON CA FRIULADRIA PTO FOR SHAREHOLDERS THAT ARE CRÉDIT AGRICOLE CUSTOMERS

Your privacy is important!

This is the reason why we are giving you this privacy policy (published the 6th July 2021 supplementing the information you received when you opened your current account, available in the “La tua privacy” section (also “Privacy policy” section) of Crédit Agricole Italia website (or in the same section of OPA’s website), in the “Informativa privacy clientela” area, where you can find all information under Articles 13 and 14 of the GDPR which is not expressly given hereinafter.

Who is the Controller of your personal data processing?

The Controller is the Bank of the Crédit Agricole Italia Banking Group who hold your account (hereinafter also “Bank”), then:

• Crédit Agricole Italia S.p.A. with Registered Office at Via Università, 1 - 43121 Parma, Italy, Parent Company of the Crédit Agricole Italia Banking Group (hereinafter referred to also as “CA Italia”, or the “Controller”) and/or
• Crédit Agricole FriulAdria S.p.A. with registered Office at Piazza XX Settembre, 2 – 33170 Pordenone, Italy (hereinafter referred to also as “CA FriulAdria”, or the “Controller”).

The Bank processes the data in its capacity as Depositary Bank of the shares in Crédit Agricole FriulAdria S.p.A (hereinafter also “CA FriulAdria Shareholder”).

What type of data will be processed?

• First name, last name, e-mail address/phone number and number of CA FriulAdria shares held;
• Personal data resulting from the CA Friuladria shareholders' register (consulted by CA Italia as shareholder): your role as shareholder and the number of CA FriulAdria shares you hold;
• Any other data provided to the Bank directly by the data subject, such as contact details other than those already held by the Bank.

Please bear in mind also that your data shall not be processed with automated means.

What are the purposes of the processing?

The Personal Data will be processed in order to inform the shareholders in Crédit Agricole FriulAdria S.p.A. (“CA FriulAdria Shareholders”) of the features of the voluntary public tender offer for all CA FriulAdria shares made by CA Italia and to give any clarifications.

What is the legal basis and optionality of processing?

The data processing falls within the Bank – Customer relationship and, as such, the legal basis lies in the current management of accounts (e.g. “securities accounts”, etc.). The Bank also pursues its legitimate interest to make its tender offer for CA FriulAdria ordinary shares (Article 6(1)(f) of Regulation (EU) 2016/679.

Whom may your personal data be communicated to?

The Personal Data will be processed by natural persons who have been authorized by the Bank to process Personal Data; parties that operate as External Data Processors. The Personal Data will not be communicated to other parties, other than those strictly necessary to pursue the set purposes and as requested by competent Authorities.

Where do your Personal Data circulate?

The Bank will not transfer the Personal Data outside the European Economic Area.

For how long are your personal processed?

The Personal Data will be stored for the time set forth in the general information to data subjects.

What is the address of the Data Protection Officer (“DPO”) of the Crédit Agricole Italia Banking Group?

The DPO’s e-mail address is: dpo@credit-agricole.it

What are your rights?

As the data subject, you are entitled to exercise your rights provided for by the GDPR (e.g. access, erasure, objection, rectification, etc.) writing to privacy@credit-agricole.it. For more exhaustive information, please see the “Informativa privacy clientela”. In any case, you are entitled to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority).