Information on data protection regarding registered shares of FUCHS SE
1. General information
a) IntroductionFUCHS SE ("FUCHS", "we", "us", "our") takes the protection of your personal data very seriously. As you know, the shares issued by FUCHS are registered shares within the meaning of Section 10(1) sentence 1 of the German Stock Corporation Act (AktG) ("registered shares"), which means that we are legally obliged to keep a share register in accordance with Section 67 of the German Stock Corporation Act (AktG). According to Art. 9(1) lit. c) ii) SE-Regulation, these provisions also apply to FUCHS as a European public limited-liability company (Societas Europaea).The following information explains the collection and processing of your personal data in relation to the share register and your rights in this regard in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), the Federal Data Protection Act (BDSG) and the German Stock Corporation Act (AktG) in conjunction with the SE-Regulation (SE-Reg).
b) Data processing controller as defined in Art. 4 No. 7 GDPRFUCHS SEEinsteinstr. 1168169 Mannheim, GermanyTelephone: +49 621 3802-0Email: firstname.lastname@example.org
c) Contact information for the data protection officerAttorney at Law Dr. Karsten Kinast, LL.M.KINAST Rechtsanwaltsgesellschaft mbHHohenzollernring 54D-50672 KölnEmail: email@example.com
2. The personal data concerned and the legal basis for data processingWe process the following personal data of shareholders:
- First name and surname of the shareholder
- Date of birth
- Postal address
- Email address
- Number of shares / shareholder number
3. Technical procedure for data collectionAs a shareholder, you are legally obliged pursuant to Section 67(1) sentence 2 of the German Stock Corporation Act (AktG) to provide us with your personal data mentioned above under number 2. Your personal data will be processed on the basis of Art. 6(1) lit c.) GDPR in conjunction with Section 67(1) sentence 1 of the German Stock Corporation Act (AktG) and Art. 9(1) lit. c) ii) SE-Reg.Insofar as you do not provide us with your personal data yourself, the banks involved in the transfer or custody of your FUCHS registered shares will forward the information required for the maintenance of our share register to us on your behalf. This is done through Clearstream Banking AG, Frankfurt, which is responsible for the technical processing of securities transactions and the custody of the shares for the credit institutions. If you sell your FUCHS registered shares, the credit institution of the purchaser and new holder of your FUCHS registered shares will notify us. In these cases, we receive the personal data from the credit institutions mentioned. The legal basis for this is Art. 6(1) lit c.) GDPR in conjunction with Section 67(1) sentence 1, 67(4) sentence 1 of the German Stock Corporation Act (AktG) and Art. 9(1) lit. c) ii) SE-Reg.
4. Purpose of data processingWe process your personal data mentioned above under number 2 solely for the purpose of maintaining the share register, communicating with you as a shareholder and conducting the Annual General Meeting.Changes to the personal data in the share register are made exclusively by the custodian bank.In this case, we will process the personal data provided by you or your custodian solely for the purpose of updating our share register in accordance with your information. The legal basis in the meaning of Art. 6(1) lit. c) GDPR for the processing of your personal data is our legal obligation to correct and update our share register pursuant to Section 67(1) sentence 1 of the German Stock Corporation Act (AktG) in conjunction with Art. 9(1) lit. c) ii) SE-Reg.
5. Other recipients of the personal dataFor the management and technical management of the share register, we partly usevarious external service providers in the EU (e.g. share register service company, IT service provider), which – where necessary – are bound by order processing agreements under data protection law pursuant to Art. 28 GDPR. FUCHS only provides these service providers with personal data required to deliver the contracted service and they will only process the data on our behalf and according to our instructions. In these cases, FUCHS remains responsible for protecting your personal data.We may be obliged to transmit personal data to other recipients who process the personal data under their own responsibility (Art. 4 No. 7 GDPR), in particular to public bodies such as the competent supervisory authority or to other authorities for the fulfilment of statutory (notification) obligations (such as when statutory voting thresholds are exceeded).If we forward personal data to providers outside the European Economic Area (EEA), this will require the third country to have a suitable level of data protection verified by the EU Commission or to provide other suitable data protection guarantees (e. g. binding internal corporate data protection guidelines or an agreement with the standard contractual clauses of the EU Commission).
6. Storage periodWe are obliged to store your personal data in our share register for as long as you are a shareholder of FUCHS. We anonymize or delete your personal data as long as it is no longer required for these purposes. This does not apply if and when we are bound by legal proof and storage obligations (e. g. in the German Stock Corporation Act (AktG), the German Commercial Code (HGB), the German Money Laundering Act (GwG) or in the German Tax Code (Abgabenordnung – AO)) to store the data for longer or if the data is pertinent to judicial or extra-judicial proceedings, such as in the case of actions for annulment and rescission; in these cases we will store the data for as long as the proof and storage obligations apply or until the legally effective or otherwise final conclusion of the relevant proceedings, including any enforcement proceedings.
7. Your rights according to the GDPRYou can contact our data protection officer or us directly with an informal message at any time and free of charge to exercise your rights according to the GDPR if the relevant conditions are met. According to this, you have the right:
- pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of the personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us, and about the existence of automated decision-making, including profiling and possibly meaningful information about the details thereof;
- pursuant to Art. 16 GDPR, to demand the correction of inaccurate or completion of your personal data stored with us;
- pursuant to Art. 17 GDPR, to demand the deletion of your personal data stored with us, provided that processing is not required in order to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
- pursuant to Art. 18 GDPR, to demand that the processing of your personal data be restricted, if you contest the accuracy of the data (the restriction then applies for the duration of the review), if processing takes place unlawfully and you refuse deletion, if we no longer require the personal data but you still need it to assert, exercise, or defend legal claims, or if you filed an objection to the processing pursuant to Art. 21 Para. 1 GDPR (while the legitimacy of the objection is being reviewed);
- pursuant to Art. 20 GDPR, to be given your personal data that you provided to us, in a structured, standard and machine-read-able format, or to demand that it be sent to another person responsible;
- pursuant to Art. 7 (3) GDPR, at any time to revoke the consent that you have given us. As a result, in future we will not be able to continue the data processing that relied on this consent and
- pursuant to Art. 77 GDPR, to complain to a supervisory authority. See Section 7 for further information on this.