Data protection notice for Munich Reinsurance Company shareholders and Annual General Meeting (AGM) attendees
Who will be responsible for processing your data?
Aktiengesellschaft in München
80802 München Germany
Tel.: +49 (89) 38 91- 22 55
Fax: +49 (89) 39 91 7 22 55
If you have any questions about our notice, please contact our Data Protection Officer. You can reach him by regular mail to the aforementioned address, marked for the attention of “Data Protection Of-ficer, Group Compliance& Legal 1.5”, or by email to: firstname.lastname@example.org.
For what purposes, and on what legal grounds, will your data be processed? Who do we receive what data from?
We will process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Stock Corporation Act (AktG) and all other applicable laws.
Munich Re shares are registered shares. For registered shares, Section 67 of the Stock Corporation Act provides that the shareholder’s name, date of birth and address must be entered into the company’s share register, as well as the quantity of shares or share number. The shareholder is required to provide this information to the company. The financial institutions involved in acquiring or holding Munich Re registered shares regularly forward to us the shareholder information (including citizenship, sex, and submitting bank, in addition to the aforementioned data) necessary for maintaining the share register. This is done via Clearstream Banking Frankfurt, the central depository responsible for processing securities transactions and for holding the shares for the financial institutions. When shareholders sell their shares, Clearstream Banking Frankfurt reports this to us as well.
Shareholders who cannot attend the Annual General Meeting personally may nominate a proxy to attend in their stead. The shareholder usually discloses to us the proxy’s name and place of residence for entering into the list of attendees, and potentially also their exact address for us to directly mail them their admission card.
We will use your personal data for the purposes set out in the Stock Corporation Act. They include maintaining the share register, communicating with you as a shareholder, and organising the Annual General Meetings. Beyond that, we will use your data for purposes that are compatible with those mentioned above (particularly to generate statistics – for example, to track shareholder changes, numbers of transactions, or overviews of our major shareholders). The Stock Corporation Act in combination with Articles 6 (1) c) and (4) of the GDPR constitute the legal grounds for our processing of your personal data.
In addition, we may also process your personal data to fulfil further statutory requirements, such as supervisory regulations, or data retention requirements under securities, commercial or tax law. To comply with securities law, we must – for example in cases where the AGM proxy nominated by our Company has been authorised by a shareholder to exercise voting rights – demonstrably and securely retain the data serving as proof of the authorisation. In that case, the processing is allowed by the respective statutory provision and Art. 6 (1) c) of the GDPR.
In certain cases, we will also process your data to safeguard our legitimate interests, as permitted by Article 6 (1) f) of the GDPR. This would be the case, for example, if we had to exclude certain share-holders – based on their citizenship or place of residence in a non-European country – from information about a subscription offer following a capital increase, in order to comply with securities law in such country. For security reasons, we record the names of guests who attend our Annual General Meeting.
Should we wish to process your personal data for a purpose not listed above, we would inform you of this in advance, in accordance with the law.
What categories of recipient might we disclose your data to?
External service providers and advisors:
We use external service providers to perform some administrative and technical tasks related to maintaining the share register (share register service provider, IT service provider) and to organise our Annual General Meetings (AGM service provider, supplier for printing and mailing the shareholder notifications). We may also hire advisors or lawyers in connection with the Annual General Meeting.
If you attend the Annual General Meeting, other Munich Re shareholders will have access to any personal data recorded under your name in the list of attendees, as per Section 129 of the Stock Corporation Act. In addition, we may be obliged to share your personal data with other recipients (for example government agencies) in order to fulfil our statutory reporting duties (for example, if statutory thresh-olds on voting power are exceeded).
How long do we store your data?
What are your data protection rights?
Right to object:
If we are processing your data to safeguard our legitimate interests, you may, by contacting the address indicated above, object to this processing on grounds relating to your particular situation. We will then stop the processing, unless we have compelling legitimate interests to do so which override your grounds.
Would you like to file a complaint about how your data is being handled?
Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Authority of Bavaria for the Private Sector), Promenade 27, 91522 Ansbach, Germany.