back BACK

Data Protection Notice for Shareholders and other participants to the General Shareholders' Meeting

On May 25, 2018 Regulation (EU) 2916/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR") and new German provisions concerning data protection law came into force. The GDPR contains i.a. informational duties in relation to collecting personal data (transparency of data processing). We take data protection for our shareholders and other participants to the shareholders' meeting very seriously. With the subsequent notice we aim to inform you about the processing of your personal data by Brenntag AG (the "Company") and the rights you are vested with under data protection law.
  1. Who is responsible for the processing?
    Brenntag AG
    Messeallee 11
    45131 Essen
    Tel.: +49 (0) 201 6496-0
    Email: gdpo@brenntag.de

    Shall you have questions about the information provided in this notice, you may contact our Group Data Protection Officer. He is available by phone, e-mail or by post under the postal address of the aforementioned corporation (by adding "Group Data Protection Officer").

  2. For what purposes and on which legal grounds is your data being processed? By whom is the Company receiving what sort of data?
    We are processing your personal data in compliance with the GDPR, the Federal Data Protection Act, the German Stock Corporation Act (hereinafter AktG) as well as any other applicable law.

    The shares of the Company are registered shares. Under Sec. 67 AktG registered shares must be listed in the Company’s share register stating the name, date of birth and the address of the shareholder as well as the number of shares held or the share number. The shareholder is obligated to provide the Company with these details. The credit institutes involved in the acquisition or holding of your registered shares will transfer the relevant data on your behalf (in addition to further details, such as nationality, gender and submitting bank) to the share register. This process is taking place via Clearstream Banking AG, Frankfurt, which is acting as a central securities depository for carrying out all technical aspects relating to security transactions and for holding the shares for the credit institutes. Should your shares be sold, Clearstream Banking AG, Frankfurt will notify us accordingly.

    The Company is using your personal data in accordance with the purposes as envisaged by the German Stock Corporation Act. In particular, these purposes include keeping of the share register, communication with the shareholders as well as various processes regarding the administration of the shareholders’ meeting (such as the registration for the shareholders’ meeting, the documentation of participation rights and the creation of the list of participants).

    According to Sec. 67 para. 6, sentence 4 AktG data recorded in the share register may solely be used for advertising the Company, if the shareholder does not object. The shareholders have to be informed about their right to object in a proper form (Sec. 67 para. 6, sentence 5 AktG). The Company complies with this obligation e.g. by way of instructing shareholders about the right to object in section 5 of this document. In case the data recorded in the share register is used for advertising of the Company, processing shall be carried out on the legal base of article 6 para. 1 f) GDPR.

    In addition, we may possibly use your data for purposes that are compatible with these purposes (in particular with regards to creating statistics, e.g. for depicting the development of shareholders, number of transactions or for overviews about the largest shareholders). Furthermore, we also process your personal data in order to fulfill further legal obligations, e.g. supervisory requirements as well as retention obligations under stock corporation, commercial and tax law.

    The German Stock Corporation Act in conjunction with article 6 para. 1 c) GDPR serves as the legal basis for the Company processing your personal data. As explicitly laid down in the GDPR, the processing of personal data is also justified on grounds of special legal obligations (meaning outside the scope of the GDPR itself).

    In certain cases, the Company may also process your data in order to safeguard the legitimate interests of the Company or of those of a third party pursuant to article 6 para. 1 f) GDPR. A legitimate interest of the Company exists for example, if we have to exempt individual shareholders or a group of shareholders from information regarding preemptive rights offering on grounds of their nationality or domicile during a capital increase in order not to violate the legal requirements of certain countries. For the right to object to the processing of data for purposes of safeguarding legitimate interests, see below under section 5.

    In connection with the shareholders’ meeting, the processing of personal data (in particular name, date of birth, address and other contact details of the shareholder, number of shares, type of ownership of the share, access data for the access-protected online service for the General Shareholder’s Meeting, if applicable name and address of the shareholder representative authorized by the respective shareholder) is aiming at facilitating the registration and participation of the shareholders at the shareholders’ meeting (e.g. verification of participation rights) as well as enabling the shareholders to exercise their rights within the shareholders’ meeting (including the granting and revocation of powers of attorney), in particular with regards to the registration for the shareholders’ meeting and granting and revocation of powers of attorney via the encrypted online service for the General Shareholders’ Meeting (www.brenntag.com/hauptversammlung).

    When granting power of attorney to a representative of the Company, the document containing the power of attorney must be contained by the Company in a verifiable way and kept away from unauthorized access (Sec. 134 para. 3 sentence 5 AktG).

    The legal grounds for the processing are also in these cases the respective legal provisions in conjunction with article 6 para. 1 c) GDPR.

    Should we wish to process your personal data for a purpose that has not been named before, we will inform you in accordance with the governing legal provisions.

  3. Will your data be transferred to third country?
    In order to comply with the above purposes, it may be necessary that your personal data will be transferred outside the European Economic Area (EEA) for one of the above purposes. If we transfer personal data to service providers or group companies outside the EEA, the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate rules or EU standard contractual clauses) are in place.

  4. To which categories of recipients may we disclose your data?
    Third-party service providers:
    We are employing third-party service providers (e.g. share register management, IT service providers, service providers for the management of shareholders’ meetings, service providers for printing and sending the shareholders’ correspondence as well as legal consultants) for the administration and technical maintenance of the share register as well as for preparing and holding the shareholders’ meetings. Said third parties only receive personal data that is essential to the fulfillment of the ordered service and they process such data solely upon the Company’s instructions.

    Further recipients:
    Should you participate at the shareholders’ meeting, we are obligated to include you as a participant stating your name and residence as well as the shares held in the list of participants pursuant to Sec. 129 para. 1 sentence 2 AktG. Such information can be viewed by other shareholders and participants to the shareholders’ meeting for the duration of the shareholders’ meeting and in particular by other shareholders for up to two years after the shareholders’ meeting (Sec. 129 para. 4 AktG). Moreover, personal data is being publicly disclosed under certain circumstances in connection with the disclosure of shareholders’ requests regarding items on the agenda of the shareholders’ meeting and the shareholders’ countermotions as well as nominations.

    Should a shareholder request that specific items be added to the agenda (Sec. 122 para. 2 AktG), the Company will publish said items given the conditions as laid down in the German Stock Corporation Act stating the name of the respective shareholder. The Company will likewise publish countermotions and nominations of shareholders on the internet given the conditions pursuant to AktG stating the name of the respective shareholder (Sec. 126 para. 1, 127 AktG).

    Furthermore, we may be obligated to disclose your personal data to further recipients, as per example to state authorities in order to fulfill our legal notification obligations (e.g. voting rights notification).

  5. How long is your data being stored?
    Generally, we anonymize or erase your personal data as soon as and to the extent that it is no longer necessary for the above-mentioned purposes, unless we are obligated to prolong the storage due to legal requirements regarding the provision of evidence or retention obligations (pursuant to the German Stock Corporation Act, the Commercial Code, the Fiscal Code or other regulations). Data collected in connection with shareholders’ meetings is regularly being stored for a time period of up to three years.
    We are obligated under the German commercial law as well as the German tax law to maintain storage of data stored in the share register for another ten years after the sale of the respective shares. Furthermore, we are solely storing personal data in certain cases, if such storage is necessary in connection with claims brought against our Company (the legal limitation period amounts to up to thirty years).

  6. Do you use Browser Cookies & Logfiles?
    We are using a so-called “cookie” that is technically required for the seamless func-tioning of our website (registration for the general meeting) (article 6 para. 1 f) GDPR). The cookie is being deleted when you leave our website. You can configure yourself the setting of cookies at any time. For example: you can set your browser so that it informs you in advance when cookies are set or when cookies are completely rejected.

    When you access our website, the following data is logged in a file (log file), unless otherwise stated elsewhere in this data protection notice: The requested website URL as well as the URL of the website from which the file was requested, the status of the access (file transferred, file not found etc.), date and time of the access, amount of data transferred in the context of the connection, type and version of the browser used, language used, name of the Internet service provider and your IP address. We process this data to identify and eliminate technical faults and to improve the quality of our services (article 6 para. 1 f) GDPR). For these purposes, your IP address will be shortened by the last octet.

    In principle, log files are being deleted at the latest seven days after creation. In the event of a violation of legal interests or in a corresponding suspicious cases, the af-fected log files may, however, be retained in individual cases until clarification and, if necessary, for further prosecution (e.g. in the case of criminal offences such as fraud). This applies accordingly to errors and malfunctions until they have been recti-fied.

  7. What are your rights under Data Protection Law?
    You can request information about personal data stored as well as request the correction, erasure and restriction of processing of said data. You also have the right to data portability. Requests for erasure can conflict under certain circumstances with the Company’s legal obligations. Pursuant to Sec. 67 para. 6 sentence 5 AktG and article 21 para. 2 GDPR, you have the right to object the use of your personal data for advertising the Company:
    Objection right against the use of data for advertising the Company:
    You may object the use of your personal data stored within the share register for advertising purposes at any given time by contacting

    Brenntag AG
    Group Data Protection Officer
    Messeallee 11
    45131 Essen
    Tel.: +49 (0) 201 6496-0
    Email: gdpo@brenntag.de

    We will then terminate the use of your data for advertising purposes relating to the Company.
    Pursuant to article 21 para. 1 GDPR, you have the right to object the processing of your data for purposes of safeguarding the Company’s legitimate interests or those of third parties:
    Right to object the data processing for purposes of safeguarding the Company’s legitimate interests:
    If we are processing your data for purposes of safeguarding the Company’s legitimate interests or those of third parties, you may object under the following address

    Brenntag AG
    Group Data Protection Officer
    Messeallee 11
    45131 Essen
    Tel.: +49 (0) 201 6496-0
    Email: gdpo@brenntag.de

    on grounds relating to you or your particular situation. We will then terminate such processing of your data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests,
  8. Do you have any complaints regarding the processing of your data?
    For complaints regarding the processing of your personal data you may contact the Company’s Group Data Protection Officer in order to initiate an immediate clarification of the matter. Furthermore, you have the right to lodge a complaint with a competent data protection authority. The data protection authority competent to supervise the Company is the following:

    Regional Commissioner for Data Protection and Freedom of Information Nordrhein-Westfalen

    Address
    Kavalleriestr. 2-4
    40213 Düsseldorf
    Germany

    Correspondence
    P.O Box 20 04 44
    40102 Düsseldorf
    Germany

    Availability
    Tel.: +49 (0) 211 38424 0
    Fax: +49 (0) 211 38424 10
    Email: poststelle@ldi.nrw.de

    Last update of this document: May 2019

    If any relevant changes occur, we will update this notice and publish the updated version on our website. In addition, we will verify if changes to this data protection notice require in certain cases further notification and we will fulfill the notification obligation accordingly.
back BACK