The company, as the responsible body within the meaning of Article 4 no. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the “General Data Protection Regulation
”), processes personal data (first and last name, title, address, e mail address, number of shares, class of shares, type of ownership of shares and number of the admission ticket) based on applicable data protection laws. In addition, the company also processes personal data of a proxy nominated by a shareholder, if any (in particular such proxy’s name and place of residence). If a shareholder or proxy contacts the company, the company also processes the personal data required to respond to any inquiries (such as the contact information provided by the shareholder or proxy, e.g., telephone numbers).
Depending on individual cases, this may also apply to additional personal data. For example, the company processes information on motions, questions, election proposals and requests from shareholders at the general meeting. In the event of countermotions and election proposals which must be made publicly available, the company will also publish such proposals together with the shareholder’s name, online at
The processing of personal data of shareholders is mandatory pursuant to the Articles 53 et seq. of the SE Regulation in conjunction with Sections 118 et seq. of the German Stock Corporation Act as well as Section 50 of the German SE Implementation Act in order to prepare, carry out and follow up on the general meeting, and to enable shareholders to exercise their rights in connection with the general meeting. Without the provision of such personal data, a participation of shareholders at the general meeting and the exercise of voting rights and other rights in connection with the general meeting would not be possible. The German SE Implementation Act as well as the German Stock Corporation Act, in each case in conjunction with Article 6 para. 1 c) of the General Data Protection Regulation, form the legal basis for the processing. Given that all shares in the company are bearer shares, the company does, however, point out that shareholders may be represented by a bank (Article 53 of the SE Regulation in conjunction with Section 135 para. 5 of the German Stock Corporation Act), a shareholders’ association or any other person or institution equal thereto pursuant to Article 53 of the SE Regulation in conjunction with Section 135 para. 8 of the German Stock Corporation Act or Article 53 of the SE Regulation in conjunction with Section 135 para. 10 in conjunction with Section 125 para. 5 of the German Stock Corporation Act, while maintaining their anonymity and without providing personal data, respectively.
The company may also process personal data to fulfil other legal obligations, such as regulatory requirements as well as obligations to retain data under stock corporation laws, securities laws, commercial laws and tax laws. The relevant statutory provisions in conjunction with Article 6 para. 1 sentence 1 c) of the General Data Protection Regulation form the legal basis for such processing.
The company’s service providers that are commissioned for the purpose of organizing the general meeting only receive personal data from the company to the extent such data is required to provide the requested services and only process the data in accordance with instructions from the company.
Furthermore, personal data is made available to the shareholders and shareholder representatives in accordance with applicable laws, namely in the form of the list of participants. Shareholders and shareholder representatives have the right to inspect the list of participants during the general meeting (Article 53 of the SE Regulation in conjunction with Section 129 para. 4 sentence 1 of the German Stock Corporation Act) and for a period of up to two years after the general meeting (Article 53 of the SE Regulation in conjunction with Section 129 para. 4 sentence 2 of the German Stock Corporation Act).
The company does not use personal data recorded in connection with the general meeting for any decision based on automated processing (profiling) within the meaning of Article 4 no. 4 of the General Data Protection Regulation.
The company and the service providers ordered to do so, respectively, generally receive personal data of shareholders via the registration office of the credit institutions such shareholders have commissioned to hold their shares in the company (so called custodian banks).
The storage period for the data recorded in connection with the general meeting regularly amounts to up to three years, unless the company is legally required to provide evidence and retain data for a longer period of time or where the company has a legitimate interest in further retention, for example in case of judicial and extrajudicial disputes in connection with the general meeting. After the expiration of the relevant period, personal data will be deleted.
If certain statutory requirements are met, shareholders have information, correction, limitation, objection and deletion rights with respect to their personal data and the processing thereof, respectively. If personal data of shareholders is inaccurate or incomplete, such shareholders have the right to request a correction and supplement. Shareholders may at any time request the deletion of their personal data, unless the company is legally required or entitled to further process their data. Furthermore, shareholders have a right to data portability pursuant to Chapter III of the General Data Protection Regulation.
Shareholders can assert these rights vis à vis the company free of charge via the following contact details, which also allow shareholders to contact the company with respect to questions on data protection:
Greifswalder Straße 212-213
Telefax: +49 30 2016329499
Moreover, shareholders have the right to file a complaint with the data protection supervisory authorities pursuant to Article 77 of the General Data Protection Regulation.
The data protection supervisory authority responsible for the company is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13889 0
Fax: +49 30 2155050
E Mail: mailbox@datenschutz berlin.de
The company’s operative data protection officer can be contacted at:
Greifswalder Straße 212-213
This convocation has been provided for publication to such media as can be expected that they will disseminate the information throughout the entire European Union.
Berlin, May 2019
The management board