One Bank, One UniCredit.

3. Appointment of the Board of Statutory Auditors and of the substitute Statutory Auditors

Information on the appointment process of UniCredit S.p.A. Statutory Auditors

2019 Ordinary and Extraordinary Shareholders' Meeting

Index

Notice

1. General information	4
2. Filing of the lists	5
3. Documentation to be filed with the lists	6
4. Minority lists and connections among lists	7
5. Appointment process	8
6. Requirements	9

The contents of this document are made available to the UniCredit Shareholders merely for information purposes and as such, consequently, do not in any way intend to replace or complete the provisions brought by law, by regulation or by the Company's Articles of Association that regulate the appointment of the Statutory Auditors, which Shareholders are kindly asked to refer to.

General information

The appointment of the Statutory Auditors is governed by the Italian Civil Code, the Legislative Decree no. 58/98 (Consolidated Law on Finance, hereinafter also "TUF"), the Legislative Decree no. 385/93 (Consolidated Law on Banking, hereinafter also "TUB") and the related regulations as well as by Clause 30 of UniCredit's Articles of Association, to all of which reference may be made.

Procedure for the Statutory Auditors' appointment

Pursuant to the Articles of Association, the Ordinary Shareholders' Meeting must appoint five permanent Auditors and four substitute Auditors. The Board of Statutory Auditors' term in office lasts three financial years and ends on the date of the Shareholders' Meeting called for the approval of the financial statements relating to the last financial year in which they are in office.

The permanent Auditors and the substitute Auditors are appointed on the basis of lists filed by the persons entitled to, in which the candidates must be listed using progressive numbers. The candidates must be divided into two sublists, containing respectively up to five candidates for the seat as permanent Auditor and up to four candidates for the seat as substitute Auditor.

Who may file the lists

Holders of at least 0.5% of the share capital in the form of ordinary shares with voting rights at the Ordinary Shareholders' Meeting. The number of shares that gives the right to file lists may be held by one or more Shareholders.

Term for filing the lists

Lists of candidates, together with the necessary documentation, must be filed no later than the 25th day prior to the date of the Shareholders' Meeting (March 18, 2019) in the manner specified in the relevant notice of call.

Term for disclosing the lists

Lists of candidates will be made available to the public at least 21 days prior to the date of the Shareholders' Meeting (March 21, 2019) at the Registered Office of UniCredit S.p.A., on the Company's website and with the other manner specified in the notice of call.

Filing of the lists

Each party having the right thereto may submit, or contribute to the submission of, only one list (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a shareholders' agreement concerning UniCredit shares may not submit more than one list (including via proxies or trustee companies).

Each candidate may be included in one list only, under penalty of forfeiture.

The ownership of the minimum number of shares required for filing lists is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the lists are filed with the Company. The certification, pursuant to the current rules, on the ownership of the number of shares necessary for filing lists may be submitted to the Company also after the filing but strictly by the deadline within which the Company must make the lists public (i.e. at least 21 days prior to the date of the Shareholders' Meeting).

At least the first two candidates as permanent Auditors and the first candidate as substitute Auditor given in the respective lists must be listed in the Legal Auditors Register and must have practiced the activity of legal auditing of accounts for at least three years total experience.

Each list for the appointment as permanent Auditor and substitute Auditor must present a number of candidates belonging to the least represented gender such as to ensure, within the list itself, the abidance by the balance of genders at least in the minimum quantity established by the provisions, also of a regulatory nature, in being. In fact, the procedure for the formation of the lists and the supplementary criteria for the determination of the members of the Board of Statutory Auditors must allow that the least represented gender obtains at least one-third of the appointed Auditors.

Documentation to be filed with the lists

The following documents, dated and signed, must also be filed together with each list:

information relating to the identity of the Shareholders who filed the lists specifying the total percentage of the shareholding held;
a statement of the Shareholders, other than those who hold, also jointly, a control or relative majority shareholding, certifying the absence of connecting relationships with the latter pursuant to Sec. 144-quinquies of the CONSOB Issuers Regulation no. 11971/99, after having become acquainted with the recommendations given by CONSOB with its Communication no. DEM/9017893 dated 26 February 2009;
exhaustive information on the personal and professional characteristics of the candidates (detailed curriculum vitae) as well as a list of the management and control offices held in other companies pursuant to Article 2400 of the Italian Civil Code1;
a statement by each candidate irrevocably accepting the position (subject to his/her appointment) and attesting, under his/her own responsibility, that there is no reason for his/her ineligibility or incompatibility, as well as the possession of the requirements set out by current laws and regulatory provisions, in particular of those regarding professional experience, integrity and independence. At the end of this document you will find a facsimile of declaration of candidacy that can be used for this purpose.

Any list that does not meet the above requirements shall be deemed not to have been filed.

In filing the lists Shareholders are invited to take into account also the results of the analysis carried out by the UniCredit Board of Directors, in agreement with the outgoing Board of of Statutory Auditors, on the composition of the control body deemed optimal in order to ensure the proper performance of the functions assigned to it, contained in the document "Profile of UniCredit S.p.A. Board of Statutory Auditors". In this regard, it is also recommended to provide together with the lists also the information regarding the possessed competences in two or more of the areas envisaged by said Profile.

Finally, we remember that each candidate must read the information notice on the processing and protection of personal data at the end of this document.

¹ We invite you to provide this documentation both in Italian and English.

Minority lists and connections among lists

Without prejudice to current laws and regulations requiring that at least one permanent member of the Board of Statutory Auditors shall be elected by the minority shareholders that are not in any way linked, not even indirectly, with the Shareholders who filed, or voted for, the list which come out first as to number of votes, the UniCredit Articles of Association provide that there should be 2 permanent Auditors and 2 substitute Auditors elected by the minorities, according to the modalities described in the following paragraph "Appointment process".

CONSOB - in order to ensure full transparency on any connection between lists - has given detailed recommendations to the Shareholders filing a minority list for the appointment of the Statutory Auditors² . More in detail, CONSOB requires Shareholders filing "minority lists" to declare, in the statement mentioned in paragraph "Documentation to be filed with the lists" attesting the absence of any of the relationships specified in Sec. 144 quinquies of the CONSOB Issuers Regulation, also:

the absence of significant relationships with Shareholders who jointly or severally hold a controlling or a relative majority shareholding; or
any existing relations, where significant, with said Shareholders together with the reasons for which such relations have been deemed not crucial for the existence of such relationships.

The Company makes said declaration available to the public together with the list.

CONSOB specified that the notion of connection is "non-technical" and "cannot be limited to the cases envisaged by law consisting in control and link-up" and that said notion "considering its anti-elusive purpose, must be attributed a wide meaning".

² See CONSOB Communication no. 9017893 dated February 26, 2009.

Appointment process

All those entitled to vote may only vote for one list.

The permanent Auditors and the substitute Auditors are chosen from the majority and the minority lists - in the consecutive order in which the candidates are given - as follows:

as far as concerns the election of the permanent Auditors, the votes obtained by each list are divided in succession by one, two, three, four and five. The ratios obtained are progressively given to the candidates in the first directory of each list in the same order as in the directory and are reported in one single decreasing graduation: the persons elected are the first three candidates in the list that obtains the majority of the votes and the first two candidates that have obtained the highest ratio among those belonging to the minority lists. The candidate who has obtained the highest share of votes among the candidates belonging to the list that obtained the highest number of votes among the minority lists, is elected as Chairman of the Board of Statutory Auditors;
instead, as far as concerns the election of the substitute Auditors, the votes obtained by each list are divided in succession by one, two, three and four. The ratios obtained are progressively given to the candidates in the second directory of each list in the same order as in the directory and are reported in one single decreasing graduation: the persons elected are the first two candidates in the list that obtains the majority of the votes and the first two candidates that have obtained the highest ratio among those belonging to the minority lists.

	Majority list	Minority lists
Permanent Auditors	the first 3 candidates	the 2 most voted candidates among all the minority lists
Substitute Auditors	The first 2 candidates	the 2 most voted candidates among all the minority lists
Chairman of the Board of Statutory Auditors		the first candidate belonging to the list receiving the most votes among the minority lists

In the chart that follows there are briefly reported the above nomination criteria.

Requirements

The Statutory Auditors must met the requirements envisaged by current laws and regulations, in particular those regarding professional experience, integrity and independence (herein below mentioned), and must not be in situations of ineligibility, forfeiture or incompatibility. They must also comply with the limits upon the maximum number of offices to be held established by current provisions and be able to dedicate the time necessary to perform effectively their office.

Professional requirements

At least two permanent Auditors and at least one substitute Auditor must be chosen among the persons appearing in the Legal Auditors Register who have practiced the activity of legal auditing of accounts for at least three years total experience.

Auditors who do not qualify pursuant to the above mentioned requirement must be chosen among those who have an overall experience of at least three years in:

practising professional activities as business accountant or lawyer, undertaken mainly in the banking, insurance and financial sectors; or
teaching, at University level, subjects concerning in the law field banking, commercial and tax matters, as well as the running of financial markets, and - in the business/finance field - banking operations, business economics, accounting, the running of the securities markets, the running of the financial and international markets and corporate finance; or
performing managerial/executive functions in public organizations or offices of the Public Administration operating, as well as in the banking, financial or insurance sector, in the investment services sector and the collective investment-management sector, both of which as defined in TUF; or
performing managerial or control activities, or managerial positions in joint stock companies with registered capital of not less than €2 million.

Integrity requirements

The members of the Board of Statutory Auditors must possess the integrity requirements set out by Treasury Decree no. 161 dated 18 March 1998, as well as by Justice Decree no. 162 dated 30 March 2000.

Independence requirements

The Statutory Auditors shall perform their duties with objectivity and integrity and without direct or indirect interests that may affect their independence of mind.

Without prejudice to the ineligibility cases provided by law, according to the Corporate Governance Code for Listed Companies the Statutory Auditors are chosen among persons who may be qualified as independent also based on the criteria set out by Sec. 3 of such Code with regard to Directors.

Reasons for ineligibility, forfeiture or incompatibility

The following persons may not be elected as Auditors and, where elected, shall be disqualified from office (Section 148 TUF):

a) persons who are in the conditions referred to in Article 2382 of the Italian Civil Code;
b) spouses, relatives and relatives-in-law, up to the fourth degree of kinship, of the directors of the company, spouses, relatives and relatives-in-law, up to the fourth degree of kinship, of the directors of the companies it controls, of the companies it is controlled by and of those subject to common control;
c) persons who are linked to the company, to the companies it controls, to the companies it is controlled by and to those subject to common control, or to the directors of the company or to the persons referred to in subparagraph b), by self-employment or employee relationships or by other relationships of an economic or professional nature that might compromise their independence.

Moreover, persons who are/have been in situations or have been subject to measures envisaged by the Treasury Decree no. 161 dated March 18, 1998, as well as the Justice Decree no. 162 dated March 30, 2000, and persons who fall under the incompatibility cases provided for by the Legislative Decree no. 39/2010, may not hold the office as Statutory Auditors.

We also remind that, according to Supervisory Regulations on banks corporate governance (Circular no. 285/13 of Bank of Italy), the the Board of Statutory Auditors' members shall not hold posts in corporate bodies different from the ones with control functions in other companies belonging to the UniCredit Group in which UniCredit holds, even indirectly, a strategic shareholding, which means a shareholding at least equal to 10% of the share capital or of the voting rights in the ordinary shareholders' meeting of the subsidiary as well as equal to 5% of the consolidated regulatory capital of the banking Group.

Interlocking provisions

Section 36 of Law Decree no. 201³ dated December 6, 2011, provides that "holders of a seat in managerial, supervisory and control bodies, as well as officers charged with managerial duties in companies or group of companies acting in banking, insurance and financial markets are forbidden from holding, or to exercising, similar offices in competing companies or group of companies".

Individuals who hold positions that fall within the sphere of prohibition application are duty‐bound within 90 days of their appointment to provide notification of the option between said positions they have exercised. Should this period expire without such a choice being made, the person concerned shall forfeit both positions.

Limits upon the maximum number of office to be held – time commitment

According to the Company's Articles of Association, Statutory Auditors may assume management and control positions within other Companies within the limits established by the provisions, also of a regulatory nature, in being.

In compliance with the CONSOB Issuers Regulation no. 11971/99 in application of section 148-bis of TUF the position of member of the control body of an issuer may not be assumed by those who hold the same position in five issuers.

A member of the control body of an issuer may assume other management or control positions in the companies mentioned by the said provisions up to the limits established. Exempt positions and management and control positions in small companies (as defined by the aforementioned provisions) are not material for the purposes of the cumulation of the positions.

A member of the control body who - for reasons not attributable to him/herself - exceeds such limits, shall resign from one or more of the offices previously held within ninety days of becoming aware of having exceeded such limits.

In any case, it should be noted that the legislation concerning banks establishes that corporate officers must dedicate the time necessary to perform effectively their duties, also taking into account the nature and quality of the commitment requested and the functions performed in them, as well as other offices held in companies or bodies, commitments or work activities (time commitment)⁴ .

With specifc reference to the limits upon the maximum number of offices established for banks' corporate officers by the Directive 2013/36/EU (CRD IV) expressly referred to by Bank of Italy Circular no. 285/13 (Supervisory Regulations for banks), without prejudice to the different requirements on this matter which may result from the Decree which will be issued by the Ministry of Economy and Finance implementing Sec. 26 TUB, Shareholders should be aware of the specific provisions on the matter contained in the Profile of UniCredit S.p.A. Board of Statutory Auditors.

******

³ Converted with amendments by Law no. 214 dated December 22, 2011.

⁴ See, in particular, Sec. 26 TUB and Bank of Italy Circular. no. 285/13.

Requirements

Finally, it is recalled that the appointed Statutory Auditors will also be subject to the assessment of the European Central Bank. For this reason, the Shareholders who intend to file a list, in assessing the candidacies to be proposed, are invited to read the indications issued in this matter by such Authority in the document "Guide to fit and proper assessments".

STATEMENT CONCERNING CANDIDACY AND ATTESTING THE INEXISTENCE OF REASONS FOR INELIGIBILITY, FORFEITURE AND INCOMPATIBILITY, AS WELL AS REGARDING THE MEETING OF THE REQUIREMENTS PROVIDED FOR BY CURRENT PROVISIONS, ALSO BY REGULATORY ONES.

I, the undersigned _________________________________ (fiscal code _________), born in _____________on ______________, _______________nationality, in relation to the appointment of the UniCredit S.p.A. Board of Statutory Auditors on the Agenda of the Ordinary Shareholders' Meeting convened on April 11th, 2019, under my own responsibility:

STATE THAT

I accept my candidacy / I stand for election as permanent Statutory Auditor / stand-in Statutory Auditor and I irrevocably accept my possible appointment as Statutory Auditor.

In view of the provisions, inter alia, contained in: Sec. 26 of the Legislative Decree no. 385 dated September 1, 1993, Sec. 148 of the Legislative Decree no. 58 dated February 24, 1998 ("TUF"), the Treasury Decree no. 161 dated 18 March 1998 and the Ministry of Justice Decree no. 162 dated March 30, 2000 ("DM 162"), Supervisory Regulations on banks' corporate governance (Bank of Italy Circular no. 285/2013, Part I, Title IV, Chapter 1, Section III, Subsection 3.2) and Clause 30 of UniCredit S.p.A. Articles of Association

CERTIFY THAT

there are no reasons for my ineligibility, forfeiture or incompatibility and that I meet the requirements provided for by both current provisions and the Articles of Association of UniCredit S.p.A., for the appointment as Statutory Auditor and

STATE THAT

1) I am enrolled with the Register of Chartered Accounting Auditors AND have practised the legal auditing of accounts for a period of no less than three years

[enrollment with the Register of Chartered Accounting Auditors: no. ____________; period of the activity: from ______________ (month/year) to _________________ (month/year)] /

2) in the absence of the conditions indicated under previous point 1, I possess the experience requirements envisaged by Clause 30 of the Articles of Association and Sec.1 DM 162, having in particular gained at least three years' total experience through one or more of the following activities:

a) undertaking professional activities as a business accountant or lawyer, undertaken primarily in the banking, insurance and financial sectors : _____________________________________________________________________________________

[please specify the relevant Firm and period]

b) teaching, at University level, subjects concerning - in the field of law – banking, commercial and/or fiscal law, as well as the running of financial markets and – in the field of business/finance – banking operations, business economics, accountancy, the running of the securities markets, the running of the financial and international markets and corporate finance:

_____________________________________________________________________________________ [please specify the teaching field, the relevant University and period]

c) performing managerial/executive duties within public organizations or offices of the Public Administration, as well as in the credit, financial or insurance sector, and the investment services sector and collective investment-management sector, both of which are defined in the TUF:

_____________________________________________________________________________________

[please specify the duties performed, the relevant organizations and period]

With reference to Sec. 148, Sub-sec. 3, of the TUF and Sections 3 and 8 of the Italian Corporate Governance Code approved by the Corporate Governance Committee ("Corporate Governance Code for listed companies")

STATE THAT

I meet the independence requirements envisaged by Sec. 148(3), of the TUF

and

I meet the independence requirements envisaged by Sec. 3 of the Corporate Governance Code for listed companies /

I DO NOT meet the independence requirements envisaged by Sec. 3 of the Corporate Governance Code for listed companies

I, the undersigned, also:

- UNDERTAKE, if appointed:

to dedicate the time necessary to carry out effectively the office, also taking into account the indications on the activity carried out by the Statutory Auditors of UniCredit S.p.A. during 2018 contained in the Report "Appointment of the Board of the Statutory Auditors and of the substitute Statutory Auditors" and published on the Company's website;
not to take on administration and control positions within other companies beyond the limits established by the current provisions;
UNDERTAKE to promptly inform UniCredit S.p.A. of any changes in the above circumstances and, on request by the Company, to produce any documentation suitable to confirm the truthfulness of the facts declared;
DECLARES to have read the information notice reported below concerning the use of personal data from UniCredit S.p.A. and the rights pursuant to the articles 13 and 14 General Data Protection Regulation - GDPR (EU) 2016/679.

Date, _________________ Signed ______________________

Annexes:

Curriculum vitae containing the personal and professional characteristics of the candidate
List of the supervisory and controlling offices held in other companies
Information notice concerning the use and the protection of personal data

INFORMATION NOTICE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA¹

The following information notice aims at providing you with an overview on the use of your personal data by UniCredit S.p.A. and of your rights pursuant to the General Data Protection Regulation - Regulation (EU) 2016/679 (hereinafter also GDPR).

1. Data Controller and Data Protection Officer

The Data Controller is UniCredit S.p.A., with registered office in Milan, Piazza Gae Aulenti n. 3, Tower A, 20154 Milan (UniCredit).

The Data Protection Officer (DPO) can be contacted at:

UniCredit S.p.A. Data Protection Office, Piazza Gae Aulenti n. 3, Tower A, 20154 Milano, E-mail: [email protected], PEC: [email protected].

2. Purpose and legal basis of processing

UniCredit processes the personal data in its possession, that is collected directly from you, or from the relevant local administrations to verify, among others, their accuracy for the following purposes:

A. Need to fulfill legal obligations deriving from your role as a Member of the UniCredit's Corporate Officers.

These obligations imply, among others, verifying - both during the selection procedures and on an ongoing basis - the compliance: i) with the eligibility requirements for taking on and maintaining the role of Corporate Officers as well as of specific positions (such as integrity requirements, criteria of correctness, professional experience requirements and competence, independence, time commitment, maximum number of offices covered, respect of the prohibition of interlocking) as required by applicable law, by UniCredit's Articles of Association and by the Corporate Governance Code for listed companies (i.e. Codice di Autodisciplina delle società quotate) as well as ii) with the regulations on the transaction with related parties, and iii) with social security and fiscal obligations linked to the remuneration provided.

To comply with the above-mentioned obligations, in some cases, UniCredit is required to carry out analyses that concern also your relatives² . For this reason, we kindly ask you to let them aware of this Information Notice.

These needs represented above are the legal basis legitimizing the related data processing. Data provided by you is necessary to comply with the obligations arising from your role of Corporate Officers; without your personal data, UniCredit would not be in a position to establish a relationship with you or to comply with the law obligations.

B. Fulfilment of legal obligations and requests from Public and Supervisory Authorities, concerning the process, communication and/or disclosure - also during the selection procedures - on the website www.unicreditgroup.eu and/ or on specific corporate documents (e.g. Prospectus / Corporate Governance Report, Financial Statements) of your data (such as data contained in your curriculum vitae and in the list of the tasks carried out by you, as required by the applicable law, and according to the Articles of Association and the Corporate Governance Code for listed companies).

The needs represented above are the legal basis legitimizing the related data processing. Data provided by you is necessary to comply with the legal obligations, the requests from the Authorities, as well as to take on the role of Corporate Officers of UniCredit; without your personal data, UniCredit would not be in a position to establish a relationship with you or to comply with the law obligations.

3. Categories of personal data processed

UniCredit processes personal data collected directly from you, or from third parties (e.g. relevant local administrations), which include, but are not limited to, personal data (e.g. name, surname, address, date and place of birth), banking data, information on the financial situation (e.g. patrimonial status, information on credit requests/relationships), positions held and related income, employment relationships, commercial/professional relationships.

This information may concern existing or past relationships with UniCredit as well as with Group Legal Entities or third parties.

¹ Directors, Statutory Auditors and related relatives.

²The relatives scope is identified on the basis of the specific applicable regulations.

3.1 Judicial data

UniCredit may process judicial data (i.e. personal data relating to criminal convictions and offences or related security measures, including information on pending proceedings) referring to you, in order to verify the subjective and integrity requirements and/or conditions that prevent from being appointed as Corporate Officers.

In such cases, the processing is necessary to fulfill legal obligations as well as to comply with requests coming from Public or Supervisory Authorities (e.g. filling the questionnaire requested by the ECB). This need represents the legal basis that legitimizes the related data processing. Data provided by you is necessary to comply with the legal obligations; without your personal data, UniCredit would not be in a position to establish a relationship with you or to comply with the law obligations.

4. Recipients or categories of recipients of personal data

Your data may be communicated to the natural and legal persons that are acting as "Data Processors", listed in the UniCredit premises and on the website www.unicredit.it, as well as – in the quality of persons authorized to process personal data in relation to the data necessary for the performance of the duties they are assigned to – the natural persons belonging to the following categories:

employees or temporary employees or trainees assigned to the UniCredit HR, PL & BS Management Functions / IAD Budget & Administrative Support / Individual Reports, as well as the UniCredit Group Corporate Affairs, consultants and other natural persons occasionally assigned to these functions;
employees, temporary workers, interns and consultants of external companies appointed as Data Processors.

Your data may be communicated:

to those subjects to whom this communication must be carried out in compliance with an obligation established by law (e.g. Bank of Italy and ECB), by a regulation or by EU legislation. Further information can be found on the website www.unicredit.it in the "Privacy" section;
to Legal Entities belonging to the UniCredit Group (also foreign Legal Entities), subsidiaries or associates under the terms of article 2359 of the Italian Civil Code, when such communication is permitted on the basis of a Garante per la Protezione dei Dati Personali's measure or by a law provision.

The detailed list of subjects to whom the data can be communicated is available on the website www.unicredit.it, in the "Privacy" section.

5. Data transfer to third countries

UniCredit informs you that your personal data may also be transferred to the Countries outside the European Union or the European Economic Area (so called "Third Countries") if the EU Commission states that the Third Country ensures an adequate level of protection of personal data or in case of other appropriate safeguards, namely when the supplier of UniCredit located in the Third Country contractually ensures an appropriate level of personal data protection (e.g. through the signing of the standard contractual clauses provided by the European Commission), including enforceable and effective data subject rights. Further information can be requested by writing to [email protected].

6. Data processing modalities

The processing of personal data involves the usage of manual and IT instruments with modalities closely connected with the purposes defined above and, in any case, in such a way to guarantee the security and confidentiality of the data.

7. Data subject' rights

GDPR grants and assures specific rights, including the right to know what data concerning you are held by UniCredit, as well as how they are used, and the right to obtain, under certain conditions, the copy, the erasure, the update, the rectification or, if interested, the integration of your data, as well as the right to data portability.

7.1 Data retention period and right to erasure

UniCredit processes and stores your personal data for all the time you keep the role of Director, to execute the related and connected obligations, to comply with the applicable legal, contractual and regulatory obligations, as well as for its own defensive purposes or those of third parties until the expiration of the longest mandatory retention period provided by the applicable law (i.e. 11 years) starting from the date of termination of the relationship with you.

At the end of the applicable mandatory retention period, your personal data will be erased or kept in a form which does not permit your identification (e.g. irreversible anonymization), unless the further processing is necessary for one or more of the following purposes: i) for resolution of pre-litigation and/or litigation, started before the expiration of the mandatory retention period; ii) to follow up with investigations/inspections by internal control functions and/or external authorities, started before the expiration of the mandatory retention period; iii) to follow up with requests from the Italian and/or foreign Public Authorities, received/notified to UniCredit before the expiration of the mandatory retention period.

8. Procedure to exercise the rights

The e-mail address which you can refer to for the exercise of your rights described in the paragraph 7 is the following one: [email protected].

The deadline for the reply is one (1) month, that may be extended for two (2) further months in cases of particular complexity; in these cases, UniCredit informs you about such extension within one (1) month from the receipt of the request.

The exercise of rights is, in principle, free of charge.

9. Complaint or reporting to the "Garante per la protezione dei dati personali"

UniCredit informs you that you have the right to lodge a complaint with, or to report to the Garante per la Protezione dei Dati Personali, or else to appeal to the Judicial Authority. The contacts of the Garante per la Protezione dei Dati Personali can be consulted on the website http://www.garanteprivacy.it.

AI assistant

Unicredit — AGM Information 2019

4272_bfr_2019-02-19_2695c6f7-cad0-4c53-a74d-fe3b1b47ce72.pdf

One Bank, One UniCredit.

3. Appointment of the Board of Statutory Auditors and of the substitute Statutory Auditors

Index

Notice

General information

Procedure for the Statutory Auditors' appointment

Who may file the lists

Term for filing the lists

Term for disclosing the lists

Filing of the lists

Documentation to be filed with the lists

Any list that does not meet the above requirements shall be deemed not to have been filed.

Minority lists and connections among lists

Appointment process

Requirements

Professional requirements

Integrity requirements

Independence requirements

Reasons for ineligibility, forfeiture or incompatibility

Interlocking provisions

Limits upon the maximum number of office to be held – time commitment

Requirements

STATEMENT CONCERNING CANDIDACY AND ATTESTING THE INEXISTENCE OF REASONS FOR INELIGIBILITY, FORFEITURE AND INCOMPATIBILITY, AS WELL AS REGARDING THE MEETING OF THE REQUIREMENTS PROVIDED FOR BY CURRENT PROVISIONS, ALSO BY REGULATORY ONES.

STATE THAT

CERTIFY THAT

STATE THAT

STATE THAT

INFORMATION NOTICE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA1

1. Data Controller and Data Protection Officer

2. Purpose and legal basis of processing

3. Categories of personal data processed

3.1 Judicial data

4. Recipients or categories of recipients of personal data

5. Data transfer to third countries

6. Data processing modalities

7. Data subject' rights

7.1 Data retention period and right to erasure

8. Procedure to exercise the rights

9. Complaint or reporting to the "Garante per la protezione dei dati personali"

More from Unicredit

Unicredit AGM Information 2019

INFORMATION NOTICE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA¹