Tesmec

Proxy Solicitation & Information Statement • Mar 6, 2019

CERTIFICATE OF THE PROXY HOLDER IN CASE OF DELIVERY OR TRANSMISSION OF A COPY OF THE PROXY

____________________________________________________________________

I, the undersigned

Decree no. 58/1998 ("TUF"), hereby

__________________________________________________________________________ 1 , as a proxy holder/substitute of the proxy holder to attend the ordinary shareholders' meeting of TESMEC S.p.A. ("TESMEC" o "Company"), which will be held on 16 April 2019, at 14:30 p.m., at the premises of Tesmec S.p.A in Grassobbio (BG), Via Zanica, 17/O, on my own responsibility, pursuant to and for the purposes of Article 135-novies, paragraph 5, of the Italian Legislative

CERTIFY

(i) the conformity of the original copy of the proxy to attend the above-mentioned shareholders' meeting delivered/handed over to TESMEC S.p.A.; and (ii) the identity of the appointer __________________________________________________________

I acknowledge that, pursuant to Article 135-novies, paragraph 5, of Italian Legislative Decree no. 58/1998, the proxy holder keeps the original of the proxy and keeps track of the voting instructions possibly received for one year from the conclusion of the shareholders' meeting.

______________________ _______________________

____________________________________________________________________________

Date and place Signature of the proxy holder

2 .

¹ Indicate the name, surname or company name, tax code or VAT number, full address of the domicile or registered office of the proxy holder or of the substitute of the proxy holder.

² Indicate the name, surname or company name (as it appears in the notice to attend the shareholders' meeting set forth in Article 83-sexies of Italian Legislative Decree no. 58/1998), tax code or VAT number, full address of the domicile or registered office of the appointer.

PRIVACY NOTICE PURSUANT TO ART. 13 OF THE EU REGULATION No. 679/2016

The company Tesmec S.p.A., with registered office in Milan, Piazza Sant'Ambrogio no.16, tax code and VAT number 10227100152, in the person of the legal representative pro tempore Mr. Paolo Mosconi as data controller (hereafter "Data Controller") invites you to read this notice pursuant to art. 13 of the EU Reg. no. 679/2016 (hereafter "GDPR") concerning the processing of your personal data that you will provide through the filling in the forms regarding your attendance to the Shareholders' Meeting of April 16th, 2019 and the exercise of your voting rights.

1. Data being processed

The Data Controller will process the following personal data (hereafter "Data"):

• personal identification data. This category of data includes by way of a non-limiting example name, surname, address, telephone number, e-mail, bank details etc.
• relating to legal relationships in force with Tesmec S.p.A. to exercise the right of vote at the Shareholders' Meeting.

The Data are voluntarily provided by the Data Subject.

2. Purpose of processing

Your data will be legally and properly processed for the purposes described below:

A. exercise of the voting rights and related formalities;

• B. execution and administrative and organizational management of the Shareholders' Meeting;
• C. compliance with legal obligations related to the legal relationship in force.

3. Modalities of processing

Processing of your data is carried out through the operations mentioned in art. 4 no. 2) of the GDPR and more precisely: collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, disclosure or any other form of supply, comparison or interconnection, limitation, cancellation or destruction of Data.

Your Data are subject to both paper and electronic processing.

Your Data are inserted in the relevant databases and are treated by the persons authorised by the Data Controller, who may carry out operations of consultation, use, processing, comparison and any other appropriate operation, even automated, in compliance with the provisions of law necessary to ensure, inter alia, the confidentiality and security of data as well as accuracy, updating and the relevance of the data in relation to the stated purposes.

Processing of Data belonging to minors is not envisaged.

4. Data retention period

The Data Controller retains Data in compliance with local laws and internal company policies and procedures for the time necessary to fulfil the aforementioned purposes and to meet its legitimate business interests, legal obligations or to establish, exercise or defend legal rights. Once the data retention is no longer required for said purposes, Data will be deleted in a secure manner. For further information on the retention periods for documents, please refer to the abstract of Tesmec Spa Data Retention Policy available on the website http://www.tesmec.com/it/privacy.html.

5. Legal ground for processing

Processing of the aforementioned Data is necessary for the execution of your legal relationship with the Data Controller and is grounded in the legal title on the shares or in the power of attorney to exercise the rights, arising from such title, on behalf of the owner.

6. Access to Data

Your Data may be made accessible for the purposes described above:

• to employees and collaborators of the Data Controller in Italy and abroad, as internal data processors and/or sub-processors/people responsible for processing and/or system administrators;
• to third persons charged by the Data Controller to manage the relationships with the shareholders;
• to other third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors, including suppliers or individuals appointed to perform ancillary or instrumental services for the purposes specified above, with whom the Data Controller concludes special agreements.

The Data Controller also reserves the right to share personal data with some third parties, including: IT providers for system development purposes and technical assistance, auditors and consultants to ascertain the compliance with external and internal requirements, as well as compliance with laws; bodies, agencies and Authority/ies responsible for the application of laws, counterparts, pursuant to legal obligations to transmit information; potential successor and/or assignors in case of sale – purchase of shares and other m&a operations; police, armed forces and other public administrations for the fulfilment of obligations set by laws, regulations or by European legislation.

Should said parties be located in extra-EU countries, the Data Controller ensures that extra-EU data transfer will take place in accordance with the applicable legal provisions.

7. Data transfer

Data will be stored on servers located within the European Union. In any case, it is understood that the Data Controller has the right to share data with the other companies of the Tesmec Group and/or to transfer Data also to other extra-EU areas, if needed; in this case, the Data Controller hereby ensures that the extra-EU data transfer will take place in accordance with the applicable legal provisions.

The Data Controller shall apply all the necessary protections to the aforementioned transfers pursuant to the legislation on privacy in force.

8. Type of Data provision and consequences of failure to provide Data

Provision of Data for the above purposes is mandatory. Without them, it will not be possible to execute your contract and the legal obligations.

9. Rights of the Data Subject

As Data subject, you have the rights set forth in articles 13, paragraph 2, letters b), c) and d), 15, 16, 17, 18, 19 and 21 of the GDPR and precisely the rights to:

• receive confirmation of the existence or absence of Data concerning you, even if not yet registered, and their communication in an intelligible form;
• to receive information on: a) the origin of Data; b) the purposes and methods of processing; c) the logic applied in case of processing performed with the aid of electronic devices; d) the identification details of the Data Controller, Data Protection Officer, data processors and the designated representative pursuant to art. 3, paragraph 1, of the GDPR; e) the subjects or categories of subjects to whom Data may be disclosed or who may become aware of them as designated representative in the territory of the State and as processors;

• to obtain: a) the updating, correction or, when they are interested, integration of the Data; b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed. c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

• to object, in whole or in part, for legitimate reasons to the processing of data concerning you, even if linked to the purpose of collection;

• where applicable, the Data subject also has the rights referred to in articles 16 21 of the GDPR (right to correction, right to be forgotten, right to processing limitation, right to data portability, right to object), as well as the right to file a complaint to the Competent Authority;
• to revoke any consent given at any time.

As regards to the right to data portability, the Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format for personal uses or to transmit those data to another controller.

With reference to the contractual relationship, in general terms the data that shall be object of portability are the personal and contact data.

10. How to exercise rights

You may exercise your rights or submit a request at any time by sending a registered letter with notification of receipt to Tesmec S.p.A., Via Zanica 17/O, 24050 Grassobbio (BG) or an e-mail to info@tesmec.com.

The deadline for the reply is one month. The aforementioned deadline may be extended by two months in particularly complex cases: if this occurs, within one month the Data Controller will provide a communication concerning the reasons for the extension.

The Data Controller has the right to request the information necessary for the identification of the applicant.

In general terms the exercise of rights is free, except in the case of manifestly unfounded or excessive requests, for which the Data Controller may reserve the right to request the Data Subject a reasonable contribution based on the administrative costs to be incurred.

11. Data Controller and Data Processors

The Data Controller is Tesmec S.p.A. with registered office in Milan, Piazza Sant'Ambrogio no. 16, tax code and VAT number 10227100152, in the person of the legal representative pro tempore Mr. Paolo Mosconi.

The list of Data Processors is available at the headquarter of the Data Controller.