Data protection declaration for shareholders of Talanx AG
Below we provide you with specific information on data protection for shareholders of Talanx Aktiengesellschaft and their representatives, on registration and use of our Shareholder Portal, and on participation in our Annual General Meeting. Above and beyond this, please refer to our General Data Protection Declaration pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) on our website under https://www.talanx.com/en/data_protection.
1. Person responsible for data processing/contact details of the Data Protection Officer
Talanx Aktiengesellschaft
HDI-Platz 1
30659 Hannover/Germany
+49 511 3747 2227
ir@talanx.com
You can reach the Data Protection Officer of Talanx Aktiengesellschaft by mail at the above address with the addition – Data Protection Officer – or by e-mail privacy@talanx.com
2. Purposes and legal bases of data processing, categories of data processed
Talanx Aktiengesellschaft processes your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Stock Corporation Act (AktG).
The shares of Talanx Aktiengesellschaft are no-par-value registered shares. Pursuant to § 67 AktG, personal data must be entered in the Company’s share register when such registered shares are issued. These include first and last names, postal and electronic address data, date of birth of the shareholder and the number of shares or share number. Pursuant to § 67 (1) Sentence 2 AktG, the shareholder is obligated to notify the Company of this information. This notification is generally made by the financial institutions involved in the purchase or sale and custody of the shares. The transmission to Talanx Aktiengesellschaft by the financial institutions is carried out via Clearstream Banking AG, Frankfurt am Main/Germany, which, as the central depository, is responsible for the technical processing of securities transactions and the custody of shares for the financial institutions. Insofar as shareholders provide personal data of authorized representatives or representatives of Talanx Aktiengesellschaft (e.g. in the context of registration for the Annual General Meeting), this data will be collected and stored accordingly (regularly first and last name as well as address).
Personal data is processed primarily for purposes under stock corporation, commercial and tax law such as
Data processing is conducted on the legal basis of Art. 6 (1) c) and (4) GDPR in conjunction with the German Stock Corporation Act (AktG). As a consequence, the legal basis for the processing of personal data of shareholders for the purposes of identification, communication with shareholders, the exercise of shareholders’ rights, the maintenance of the share register and for cooperation with shareholders is Art. 6 (1) c) GDPR in conjunction with § 67e (1) AktG.
In individual cases, Talanx Aktiengesellschaft also processes your data in order to safeguard legitimate interests pursuant to Art. 6 (1) f) GDPR. This is the case, for example, when personal data are processed for statistical purposes, such as in relation to changes in the shareholder structure or trading volumes, or when, in the case of capital increases, individual shareholders must be excluded from information on subscription offers due to their nationality or place of residence in order to comply with securities regulations of such countries.
If you utilize the electronic registration procedure for the Annual General Meeting via our Shareholder Portal, we will process your data with your consent pursuant to Art. 6 (1) a) in conjunction with Art. 7 GDPR. Your consent is voluntary. You may revoke your consent at any time with effect for the future. However, we would like to point out that in the event of your revocation, it may no longer be possible for us to provide you with the Shareholder Portal in whole or in part.
If you provide comments on the Annual General Meeting electronically via our Shareholder Portal, we will process your data with your consent pursuant to Art. 6 (1) c) GDPR in conjunction with § 130a (1), (3) AktG.
If the intention exists to process your personal data for another purpose, you will be informed in advance within the context of statutory provisions.
Annual General Meeting
It is possible for shareholders to voluntarily opt for the Annual General Meeting documents to be sent to their own e-mail address. Shareholders must register for this in the registration tool of the Shareholder Portal. In order to successfully complete the registration, Talanx Aktiengesellschaft requires and processes the shareholder number, the shareholder name and the e-mail address (and optionally the telephone number). After successful registration, Talanx Aktiengesellschaft stores the required data (in particular the e-mail address) in the share register and processes it in order to send Annual General Meeting documents to the e-mail address of the respective shareholder known to us. Without the provision of the data in the Shareholder Portal’s registration tool, the registration cannot be completed successfully and the dispatch of the Annual General Meeting documents to the e-mail address is not possible. In this case, Talanx Aktiengesellschaft will continue to send the Annual General Meeting documents to the postal address.
In connection with the registration of a shareholder for the Annual General Meeting, Talanx Aktiengesellschaft processes the required data stored in the share register as well as the data provided by the shareholder or transmitted by the shareholder’s custodian bank for this purpose (in particular, first name, place of residence or address, e-mail address, number of shares, class of shares and type of ownership).
The Annual General Meeting is held virtually in 2024; the data processing required for this is justified on the basis of § 118a Abs. 1 German Stock Corporation Act (AktG) and § 13 Abs. 3 Articles of Association of Talanx Aktiengesellschaft.
Insofar as the exercise of rights in the context of the Annual General Meeting is carried out by an authorized representative, Talanx Aktiengesellschaft processes the personal data of the shareholder specified in the granting of the power of attorney as well as the first and last name, place of residence or address and e-mail address of the authorized representative. In the event that power of attorney and instructions are issued to a proxy appointed by Talanx Aktiengesellschaft, the instructions issued will also be processed and the declaration of power of attorney will be recorded by the Company in a verifiable manner for three years.
In the event that voting rights are represented by proxies appointed by the Company, a register of participants containing the following personal data will be kept at the Annual General Meeting pursuant to § 129 AktG: first name, last name and place of residence of the shareholder represented and of the shareholder’s representative, number of shares, class of shares, number of voting rights and type of ownership. If a shareholder requests that items be placed on the agenda, Talanx Aktiengesellschaft will announce these items, stating the name of the shareholder if the prerequisites are met pursuant to the provisions of stock corporation law. Likewise, Talanx Aktiengesellschaft will make countermotions and election proposals of shareholders available on the website of Talanx Aktiengesellschaft if the prerequisites pursuant to the provisions of stock corporation law are met, stating the name of the shareholder §§ 122 (2), 126 (1), 127 AktG.
3. Categories of recipients of personal data
External service providers:
Talanx Aktiengesellschaft makes recourse to external service providers in order to maintain the share register as well as for the technical handling of the Annual General Meeting. Examples of service providers we engage in this context include:
Further recipients:
As part of the Annual General Meeting of Talanx Aktiengesellschaft, a list of participants is compiled which contains participants’ personal data. This list may be inspected by other shareholders of the Company during the Annual General Meeting (§ 129 (4) AktG). In addition, personal data is disclosed in accordance with statutory provisions when shareholder rights are exercised. For example, this is carried out in the context of the announcement of requests for additions to the agenda (§ 124 (1) AktG) as well as motions and nominations by shareholders (§§ 126, 127 AktG). If shareholders are given the right to ask questions during the virtual Annual General Meeting by means of electronic communication, this will be disclosed and processed pursuant to § 131 (1), (1f) AktG. In addition, it may be necessary by law for your personal data to be transferred to other recipients such as authorities for the fulfilment of certain matters (e.g. when statutory voting thresholds are exceeded, in relation to tax authorities and law enforcement agencies).
4. Data transfer to a third country
No intention exists to shareholders’ transfer personal data to countries outside the European Economic Area (EEA). However, if your personal data are transferred to third countries, the transfer will only be realized if the third country has been confirmed by the EU Commission to possess an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding corporate data protection regulations or EU standard contractual clauses) are in place, or if this is permitted for certain cases on the basis of a legally recognized exception, e.g. if shareholder notifications are also transmitted to third countries and these notifications contain personal data (in particular motions for the Annual General Meeting including the name of the applicant) or to the extent necessary for the assertion, exercise or defence of legal claims.
5. Duration or criteria for determining the duration of data storage
Your personal data will be deleted as soon as they are no longer required for the aforementioned purposes and insofar as other legal obligations to provide proof and to retain data do not require further storage. Corresponding obligations to provide evidence and to keep records derive from, inter alia, § 257 of the German Commercial Code (HGB), § 147 of the German Fiscal Code (AO) and § 8 of the German Money Laundering Act (GwG).
The data stored in the share register will be saved for the holding period and, once your shares have been sold in full, will be stored for ten years on the basis of statutory obligations to provide evidence and to retain records, and will then be anonymized. If legal claims are asserted by you or raised by Talanx Aktiengesellschaft, this will result in the personal data being stored. In principle, this serves to clarify claims and to enforce them in individual cases. Based on the legal statute of limitations, this can lead to a retention period of between three and thirty years (§ 199 of the German Civil Code (BGB)).
For personal data arising in connection with Annual General Meetings, the storage period is regularly up to three years. If you authorize the proxy appointed by the Company for the Annual General Meeting, it is a legal requirement that the data serving as proof of authorization be recorded in a verifiable manner and stored for three years in a manner protected against access (§ 134 (3) Sentence 5 AktG). If possible, your personal data will be anonymized.
Retention periods begin at the end of the calendar year in which the event triggering the period occurs (e.g. end of shareholder status).
6. Automated decision making and profiling
At present, no provision is made for automated decision-making and profiling. Insofar as automated processing of your personal data consists of utilizing this data to evaluate or analyse or predict certain personal aspects relating to you, this is referred to as profiling. Talanx Aktiengesellschaft will inform you of any changes in accordance with legal requirements.
7. Data subject rights
You can request information about the data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data. You also have a right to restrict the processing of your data and a right to receive the data you have provided in a structured, common and machine-readable format. You can revoke any consent you have given at any time with effect for the future.
You can reach our Shareholder Portal directly via https://www.talanx.com/shareholder_portal or via our corporate homepage https://www.talanx.com/agm. In the Shareholder Portal, you have access to the main information about you recorded in the share register and can notify us of any corrections at our address provided above.
8. Right of objection
If we process your data to protect legitimate interests, you can object to such processing by contacting our Data Protection Officer at the above address if reasons arise from your particular situation that speak against the data processing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
9. Right of appeal
You have the option of contacting the data protection officer (see above for contact details) or a data protection regulator.
The data protection regulator responsible for Talanx Aktiengesellschaft is:
The Data Protection Commissioner for Lower Saxony , Prinzenstrasse 5, 30159 Hannover/Germany,
Phone: +49 511 120 45 00, Fax: +49 511 120 45 99, Email: poststelle@lfd.niedersachsen.de
Hannover, March 2024
Talanx Aktiengesellschaft
The Board of Management