Munich Re logo Not if, but how
EN

Information about data protection for shareholders

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    0:00
    0:00

    Transparency regarding how data is processed is a key element of data protection. Our responsibility to ensure that your data is protected in line with the valid data protection regulations is one we take very seriously. This information on data protection is designed to provide you with information on how your personal data is processed by the Munich Re Group and on your rights under data protection law.

    1. Scope of application

    This information on data protection is aimed at shareholders.

    2. Who is responsible for processing your data?

    Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München
    Königinstr. 107
    80802 Munich
    Germany

    Tel.: +49 (89) 38 91 22 55
    Fax: +49 (89) 39 91 7 22 55
    email:     shareholder@munichre.com
    (hereinafter referred to as “Munich Re” or “we”)

    You can contact our Data Protection Officer at the postal address above – please include “Data Protection Officer/ Group Compliance & Legal” in the address – or send an email to datenschutz@munichre.com.

    3. For what purposes, and on what legal grounds, will your data be processed? What categories of data do we process and who could we get your data from?

    Munich Re shares are registered shares. For registered shares, Section 67 of the German Stock Corporation Act (AktG) states that the shareholder’s name, date of birth, and both a postal and electronic address, must be entered into the Munich Re share register, as well as the quantity of shares or share number. Shareholders are fundamentally obliged to provide this information to Munich Re. The intermediaries within the meaning of Section 67(4) of the AktG (e.g. banks) involved in the acquisition or safekeeping of Munich Re registered shares regularly forward to us the information pertinent to maintaining the share register – more specifically, the relevant information (such as the above-mentioned data as well as citizenship and remitting bank) concerning shareholders and, where applicable, the information regarding their statutory or legal representatives. This is done both by the intermediaries in response to enquiries by Munich Re for disclosure of shares held by nominees (Sections 67(4) sentences 2 and 3, and 67d of the AktG), as well as by Clearstream Banking AG, which acts as a central depository that processes securities transactions and holds the shares for the banks. In addition, intermediaries such as Clearstream Banking AG notify us when a shareholder sells their Munich Re shares.

    Shareholders who do not exercise their shareholder rights in person may appoint a proxy. These shareholders regularly inform us of the proxy’s name and place of residence and, if applicable, their exact address.

    We use this personal data, and further information that you communicate to us as a shareholder (proxy), particularly via our electronic shareholder portal (e.g. registration for electronic mailing, or voting instructions for the AGM), for the purposes set out in the German Stock Corporation Act (AktG), Implementing Regulation (EU) 2018/1212, and the German Securities Trading Act (WpHG). In particular, this includes maintaining the share register, communicating with you as a shareholder (proxy) and any intermediaries acting on your behalf, as well as preparing, organising and following up on Annual General Meetings. This also includes compiling statistics (e.g. to present shareholder development, the number of transactions or for overviews). The legal basis for processing your personal data is the German Stock Corporation Act (AktG, particularly Sections 67 and 67e) in conjunction with Article 6(1c) and (4) of the GDPR.

    In the context of the Annual General Meeting, we process your personal data in order to enable you to exercise your rights and opportunities at the Meeting. Processing your personal data is necessary for you to vote, or to exercise your other shareholder rights under stock corporation law (Sections 118 ff. of the AktG); Art. 6(1c) of the GDPR). If you submit a statement as part of a virtual Annual General Meeting, your personal data will be processed on the basis of Section 130a of the AktG in conjunction with Art. 6(1c) of the GDPR and, if you register to receive the invitation documents to the Annual General Meeting by email, on the basis of your consent (Section 49(3) of the WpHG, Art. 6(1a) of the GDPR). You may withdraw your consent for the future at any time. However, withdrawing consent does not affect the lawfulness of any processing done based on the consent before it was withdrawn.

    In addition, we may process your personal data to comply with other legal obligations such as capital-market or other supervisory requirements, document-retention obligations under stock corporation, commercial or tax law, or when comparing your data against sanctions lists in order to comply with legal provisions on combating terrorism (e.g. Council Regulation (EC) 2580/2001). To comply with stock corporation law, we must – for example in cases where the AGM proxy nominated by our Company has been authorised by a shareholder to exercise voting rights – transparently and securely record the data serving as proof of the authorisation. In such cases, the legal grounds for processing personal data are the relevant statutory regulations and Article 6(1c) of the GDPR.

    In certain cases, we also process your data to protect our legitimate interests as per Article 6(1f) of the GDPR. This is particularly the case if it is necessary to comply with legal requirements outside Europe, e.g. we may therefore have to exclude individual shareholders from the information on subscription offers in the case of capital increases, due to their nationality or place of residence. We record the names and addresses of other parties who wish to attend our Annual General Meeting (e.g. guests) so that we can issue personalised admission cards for authorised access. Without this data, we could not guarantee a safe and secure Annual General Meeting – and no admittance would be possible.

    Should we wish to process your personal data for a purpose not listed above, we will inform you of this in advance pursuant to applicable law.

    No automated decision-making is used.

    4. Who receives your data?

    4.1 External service providers and consultants:

    We rely in part on external service providers for the administration and technical maintenance of the share register (service company for share register, IT service providers) as well as for managing the Annual General Meeting every year (AGM service providers, operating the shareholder portal, service providers for printing and sending notifications to shareholders, and for internet transmission and video streaming). In this context, our most important external service provider is Computershare Deutschland GmbH & Co. KG, Elsenheimerstr. 61, 80687 Munich, Germany. In addition to the notary who drafts the Annual General Meeting minutes, we may also hire other advisors or lawyers in connection with the AGM, who may have access to personal data.

    4.2 Additional recipients:

    If you take part in the Annual General Meeting as a shareholder or proxy, other Munich Re shareholders or their representatives, as defined in Section 129 of the AktG, can view your personal data if it appears in the list of AGM attendees. At virtual Annual General Meetings, a statement submitted by the shareholder (proxy) prior to the Annual General Meeting must also be made available to other shareholders in accordance with Section 130a(3) of the AktG. If a shareholder or proxy authorises the proxies appointed by our Company to exercise voting rights, those proxies will have access to the personal data needed to exercise voting rights as instructed. In the case of requests for additions to the agenda in accordance with Section 122(2) of the AktG and in the case of countermotions and election proposals in accordance with Sections 126(1) and 127 of the AktG, we will also make these publicly accessible as provided for in the AktG or described in the respective invitation to the Annual General Meeting.

    In addition, we may be obliged to share personal data with other recipients, for example the disclosure of shareholder data to government agencies to fulfil our statutory reporting duties (for example, if statutory thresholds on voting power are exceeded, or when the supervisory authority requests information under Section 306(1) of the German Insurance Supervision Act (VAG)).

    5. Will your data be transferred to a third country?

    As a general principle, we process your personal data in Germany or in countries that are European Union (EU) or European Economic Area (EEA) member states. If we need to transfer personal data to service providers or subcontractors outside the EEA, we will do so only if the European Commission has confirmed that the country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example, through Binding Corporate Rules, or the European Commission’s Standard Contractual Clauses). You can write to the above-mentioned address to obtain detailed information and to learn more about the level of data protection at our service providers in non-EEA countries. If necessary, we also transfer personal data contained in mandatory notifications to shareholders to third countries on the basis of Art. 49(1b) of the GDPR (e.g. in the case of requests for additions to the agenda).

    6. How long will your data be stored for?

    As a rule, we anonymise or delete your personal data as soon as it is no longer necessary for the aforementioned purposes, unless statutory documentation and retention rules (e.g. in the Stock Corporation Act, German Commercial Code (HGB) or German Fiscal Code (AO)) require us to keep it for longer. The data collected in connection with Annual General Meetings is routinely stored for up to three years. We usually have to retain the data stored in our share register for a period of 10 years after the shares are sold. We will store your personal data for longer than that only in exceptional cases, where necessary in connection with claims asserted against Munich Re (statutory limitation period for potential claims of up to 30 years).

    7. Log data and cookies when using our shareholder portal

    When you register for the shareholder portal, we compare your registration data with the data stored with us in the share register/shareholder portal (in particular shareholder number and PIN or self-assigned password) or, if applicable, the data stored with your admission ticket (ticket number and PIN) in order to ensure that only authorised persons have access to the information, and can use the services, available in the shareholder portal. We document your login to and use of the shareholder portal as well as the data you enter and services you use, in order to document the actions you undertake.

    The following data and device information is temporarily logged in the web server log files and is only analysed in the event of errors or cyber attacks: retrieved or requested data, date and time of retrieval, notification as to whether the retrieval was successful, type of web browser and operating system used, IP address, session ID, login and account service functions, as well as acknowledgement and acceptance of the terms of use.

    Whenever you use the shareholder portal, “local storage technology” stores small cookie-like files in your browser’s cache – in local storage, in other words. These files are needed to ensure smooth operation and security, thus allowing you to use the shareholder portal and its features. On the one hand, these files contain a user’s authentication data and session data after they log in to the shareholder portal. This means that you remain logged in even after switching to another page of the portal, and your user-specific configuration of the portal functions (e.g. the selected language) is retained during the session. For security reasons, a second file automatically logs a user out after 30 minutes of inactivity. The cookie-like files that we use – which are stored temporarily in your browser cache – are called session cookies. They are automatically deleted when you log out of the portal, or after one day in the case of video transmission.

    The legal basis for the use of these files is Section 25(2) no. 2 of the German Telecommunications Digital Services Data Protection Act (TDDDG), as this is necessary to provide the Internet communication you have requested. The further processing of the information collected by means of the strictly necessary cookies is based on legitimate interests in accordance with Art. 6(1f) of the GDPR. Our legitimate interest in data processing lies in the reliable operation of our shareholder portal and its features.

    You can delete local storage content, including the above-mentioned cookie-like files, while you are still logged in. To do so, delete the cookies in your browser; depending on the browser you use, select the “History” or “Local data” settings. Please note that our shareholder portal might not work as desired if you delete cookies while logged in.

    You are not obliged to use our shareholder portal or, by extension, to provide us with your personal data. But if you would like to use the shareholder portal and its features (with regard to the AGM), you must provide the corresponding data to us. Without your data, Munich Re cannot offer these features securely. We only collect the data that is actually required.

    8. What measures do we take to protect your data?

    We take state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties.

    9. What data protection rights can you assert as a data subject?

    You can request information about the personal data we have stored under your name, from the address above. In addition, under certain circumstances, you may request that your data be rectified or erased. Furthermore, you may have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format. If you have given your consent, you have the right to revoke it at any time with effect for the future; if you were not informed of any other way to do so when you gave your consent, you can send your revocation to the above address.

    If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves the assertion, exercise or defence of legal claims.

    Please contact us at the address above to exercise these rights. 

    10. Who can you contact if you wish to make a complaint?

    If you believe that we have breached applicable data protection law when processing your personal data, you can contact the aforementioned Data Protection Officer or the data protection authorities to make a complaint. The public authority responsible for Munich Re is:

    Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Authority of Bavaria for the Private Sector)
    Promenade 18
    91522 Ansbach
    Germany

    11. Changes to this information on data protection

    We have to amend our data protection information from time to time to make ongoing improvements to our website and to reflect technological advances. When you visit our website, please read the current version of our information on data protection (current version: June 2025).