Data protection notice for shareholders

A primary objective of the EU General Data Protection Regulation (GDPR) is the transparency of data processing. We take data protection very seriously for our shareholders, for their representatives and for visitors at the Annual General Meeting. We would like to explain in the following guidelines how Munich Reinsurance Company (Munich Re) processes your personal data, and inform you of your rights under data protection law.

Who is responsible for processing data?

Münchener Rückversicherungs-Gesellschaft
Aktiengesellschaft in München
Königinstrasse 107
80802 München Germany

Phone: +49 (89) 38 91- 22 55
Fax: +49 (89) 39 91 7 22 55
Email: shareholder@munichre.com

If you have any questions about this information, you can contact our Data Protection Officer. You can contact the Data Protection Officer by writing to the above-mentioned postal address; please include “Data Protection Officer / Group Compliance & Legal 1.5” in the address. Alternatively, you can send an email to datenschutz@munichre.com.

For what purposes and on what legal grounds will your data be processed?
Who provides what data to us?

Munich Re shares are registered shares. Section 67 of the German Stock Corporation Act (AktG) stipulates that the following information regarding registered shares is to be entered into the Company's share register: the shareholder’s name, date of birth and street address as well as the quantity of shares or the share certificate number. Shareholders are fundamentally obliged to provide this information to the Company. The banks involved in the acquisition or safekeeping of Munich Re registered shares regularly forward to us the information pertinent to maintaining the share register – more specifically, the relevant information (such as the above-mentioned data as well as citizenship, sex and remitting bank) of shareholders and, where applicable, the information of their statutory or legal representatives. This is handled by Clearstream Banking Frankfurt, a central securities depository that is responsible for the settlement of securities transactions and the safekeeping of shares for banks. In addition, Clearstream Banking Frankfurt notifies us when a shareholder sells their Munich Re shares.

Shareholders who are unable to personally attend the Annual General Meeting can authorise a representative to attend instead. In such an instance, the shareholder must properly inform us of the representative’s name and place of residence for inclusion in the list of Annual General Meeting attendees. The shareholder might also need to provide the representative’s full mailing address so that the admission card can be sent directly to the representative.

We use personal data for the purposes specified in the German Stock Corporation Act. The primary purposes are maintaining the share register; communicating with you as shareholder or shareholder representative, and the banks involved on your behalf; and managing the Annual General Meeting every year. AGM tasks include compiling statistics that portray shareholder developments, the number of transactions, or overviews of the most significant shareholders. The legal basis for processing your personal data is the German Stock Corporation Act in conjunction with Article 6[1]{c} of the GDPR.

We may also process your personal data in order to comply with other statutory obligations, such as supervisory requirements and data retention requirements pursuant to corporate law, commercial law and tax law. In conformity with the provisions of the German Stock Corporation Act, we must – for example in cases where the proxies appointed by our Company have been authorised to exercise voting rights – manifestly keep the data serving as proof of authorisation. In such cases, the legal basis for processing personal data comprises the respective statutory regulations and Article 6[1]{c} of the GDPR.

In individual cases, we also process your data to protect our legitimate interests as per Article 6[1]{f} of the GDPR One such instance of this concerns capital increases. We sometimes must exclude individual shareholders – on account of their citizenship or their residence – from rights offerings in order to comply with securities regulations of countries outside Europe. We record the names and addresses of visitors, such as guests and representatives of the press, who participate in our Annual General Meeting so that we can issue personalised admission cards for authorised access. Without this data, we could not guarantee a safe and secure Annual General Meeting – and you would not be granted access to it.

Should we wish to process your personal data for a purpose not listed above, we will inform you of this in advance pursuant to applicable law.

To which categories of recipients do we forward your data?

External service providers and consultants:
We rely in part on external service providers for the administration and technical maintenance of the share register (service company for share register, IT service providers) as well as for managing the Annual General Meeting every year (AGM service providers, service providers for printing and sending notifications to shareholders). In this context, our most important external service provider is Computershare Deutschland GmbH & Co. KG, Elsenheimerstr. 61, 80687 Munich, Germany. We may also hire advisors or lawyers in connection with the Annual General Meeting, who may have access to personal data.

Additional recipients:
If you take part in the Annual General Meeting as a shareholder or shareholder representative, other Munich Re shareholders as defined in Section 129 of the German Stock Corporation Act can see your personal data – provided that it appears in the list of AGM attendees. If a shareholder or shareholder representative authorises the proxies appointed by our Company to exercise voting rights, the proxies will have access to the personal data needed to exercise voting rights as instructed. If there are requests to amend the agenda in accordance with Section 122 para. 2 of the German Stock Corporation Act and/or countermotions and nominations pursuant to Section 126 para. 1 and Section 127 of the Stock Corporation Act, we will describe them in the respective invitation to the AGM as specified in the Stock Corporation Act and, if necessary, make them available to the public.

In addition, we can be obliged to provide personal data to additional recipients. One example would be the transmission of personal shareholder data in order to meet statutory notification requirements (for example if statutory thresholds on voting power are exceeded).

How long will we store your data?

In principle, we will anonymise or delete your personal data as soon as it is no longer needed for the above-mentioned purposes – unless we must retain the data for a longer period pursuant to statutory documentation and data retention requirements, such as in the German Stock Corporation Act, German Commercial Code and/or the German Fiscal Code. Data collected on account of the Annual General Meeting generally must be stored for as long as three years. We must keep data stored in the share register for ten years after shares are sold. In addition, we retain personal data in individual cases only if necessary in connection with claims that are asserted against our Company (statutory period of limitation as long as 30 years). 

How do we transmit data to non-European countries?

If we need to transmit personal data to service providers outside the European Economic Area (EEA), we will do so only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example, through binding, in-house data protection provisions, or the European Commission’s standard contractual clauses). You can write to the above-mentioned address to obtain detailed information and to learn more about the level of data protection at our service providers in non-EEA countries.

What data protection rights do you have?

You may request information from the address indicated above about the personal data we have stored under your name. Shareholders can use the shareholder portal on Munich Re’s website (www.munichre.com/register) to access their key personal data that appears in the share register and can write to the above-mentioned address to inform us of any necessary changes. Moreover, you can under certain circumstances demand that your data be deleted or that its processing be restricted – if, for example, your data has been processed unlawfully.

Right to object:
If we process your data to safeguard our legitimate interests, you may object to this processing on grounds relating to your particular situation. To do so, contact the above-mentioned address. We will then stop the processing, unless we have compelling legitimate grounds to do so which override your interests, or it serves the establishment, exercise or defence of legal claims.

Would you like to file a complaint about how your data is being handled?

You may contact our above-mentioned Data Protection Officer or the responsible data protection authorities. The data protection authorities responsible for Munich Re are:
Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Authority of Bavaria for the Private Sector), Promenade 27, 91522 Ansbach, Germany
https://www.lda.bayern.de/de/kontakt.html.