Data Protection Information on registered shares of BAUER Aktiengesellschaft
BAUER Aktiengesellschaft takes the protection of your personal data very seriously and treats your personal data confidentially, in accordance with the statutory data protection regulations and the company's privacy policy and data protection information.
Below, we provide specific information about the processing of personal data.
Further information on data protection, including the use of our website, can be found in our privacy policy.
The share capital of BAUER Aktiengesellschaft is divided into registered ordinary shares/no-par value shares (registered shares), so that pursuant to Section 67 of the German Stock Corporation Act (AktG) there is an obligation to keep a share regsiter. We herby inform you about the processing of your personal data as a shareholder of BAUER Aktiengesellschaft and the rights to which you are entitled under data protection law.
Who is sesponsible for data processing and who is the data protection officer?
The controller responsible for data processing is
BAUER Aktiengesellschaft
BAUER-Straße 1
86529 Schrobenhausen
Germany
Phone: +49 8252 97-0
Fax: +49 8252 97-2900
E-Mail: investor.relations@bauer.de
You can reach our data protection officer at
BAUER Aktiengesellschaft - Data Protection Officer
BAUER Straße 1
86529 Schrobenhausen
Deutschland
Phone: +49 8252 97-0
Fax: +49 8252 97-1329
E-Mail: bag-datenschutz@bauer.de
What personal data is processed and where does it come from?
The division of the share capital into regsitered shares requires the maintenance of a share regsiter in which the shareholders, insofar as they are natural persons, are entered stating their surname and first name as well as their address, an electronic address and their date of birth as well as the number of shares held. In the case of legal entities, the company name, the business address, the registered office and the numbers of shares held are entered in the share register. Entry in the share register is important for the individual shareholder because only those who are entered as shareholders in the company's share register are deemed to be shareholders of the company and are therefore entitled, among other things, to participate in and exercise their voting rights at the General Meeting.
As a shareholder, you are legally obliged pursuant to Section 67 (1) AktG to provide us with the above-mentioned personal data. If you do not provide us with your personal data yourself, the banks/intermediaries involved in the transfer or custody of your registered shares will forward the information required for the maintenance of our share regsiter to us. This is done both via intermediaries in response to Bauer's requests for disclosure of third-party shareholdings (Sections 67 (4) sentences 2 and 3, 67 d AktG) and via Clearstream Banking AG, which as central securities depository handles the technical settlement of securities transactions and safekeeping of the shares for the banks. If shareholders sell theri shares, this is also reported to us via intermediaries, in particular Clearstream Banking AG.
Shareholders who do not exercise their shareholder rights in person may authorize a representative. The shareholder regularly informs us of the proxy's name and place of residence and, if applicable, their exact address.
For what purposes and on what legal basis is data processed?
We process your aforementioned personal data to keep the share regsiter, to communicate with you as a shareholder, to hold the General Meeting and, if applicable, to distribute a dividend and to carry out capital increases. The legal basis for the processing of you personal data is the AktG (in particular Sections 67 and 67e AktG) in conjunction with Art. 6 para. 1 lit c, para. 4 GDPR.
As part of the Annual General Meeting, we process your personal data in order to enable you to exercise your rights and opportunities at the General Meeting. The processing of your personal data is necessary for you to cast your vote or to exercise your other shareholder rights in accordance with the provisions of stock corporation law (Section 118 at seq. AktG; Art. 6 para. 1 lit. c GDPR). If you submit a statement as part of a virtual General Meeting, your personal data will be processed on the basis of Section 130a AktG in conjunction with Art. 6 para. 1 lit. c GDPR.
In addition, we may also process your personal data to fulfill other legal obligations, such as money laundering regulations, capital market and other regulatory requirements, retention obligations under stock corporation, commercial and tax law or when comparing your data with so-called sanctions lists in order to comply with anti-terrorism legislation. In order to comply with the provisions of stock corporation law, we must, for example, verifiably record the data that serves as proof of authorization when authorizing the proxies appointed by the company for the General Meeting. In this case, the legal basis for the processing is the respective statutory provisions and Art. 6 para. 1 lit. c GDPR.
In individual cases, we also process your data to protect our legitimate interests in accordance with Art. 6 para 1 lit. f GDPR. This is the case in particular when providing shareholder information or if it is necessary to comply with non-European legal requirements, e.g. to exclude individual shareholders from information on subscription offers in the event of capital increases due to their nationality or place of residence.
Who receives your data?
Within our company, those departments that need your personal data to fulfill our legal obligations ant to hold General Meetings will have access to it. Service providers, processors, vicarious agents and other third parties used by us, in particular for keeping the share register, may also receive data for the aforementioned purposes. These are companies in the categories IT services, logistics, payment services, telecommunications, public bodies and institutions (e.g. financial and customs authorities, law enforcement authorities, courts) in the event of a legal or official obligation, insolvency administrators in the context of insolvency proceedings, auditors, taxt consultants, lawyers.
For the administration and technical management of the share register, we use a share register service company that is bound by a data processing agreement in accordance with Art. 28 GDPR and that processes the data exclusively on our behalf and in accordance with our instructions.
In addition to the notary who prepares the minutes of the General Meeting, we also sometimes involve stenographers, consultants and lawyers in connection with the Deneral Meeting, who may have access to personal data.
If you attend the General Meeting as a shareholder or your representative, other shareholders of BAUER Aktiengesellschaft or their representatives may view any personal data recorded in the list of participants in accordance with Section 129 AktG. At virtual General Meetings, a statement submitted by the shareholder (proxy) prior to the General Meeting must also be made available to other shareholders in accordance with Section 130a (3) AktG. If the shareholder or their representative authorizes the proxies appointed by the company, they will receive the personal data required to exercise their voting rights in accordance with their instructions. In the case of requests for additions to the agenda in accordance with Section 122 (2) AktG and in the case of countermotions and election proposals in accordance with Section 126 (1) and 127 AktG, we will also make these publicly accessible as provided for in the AktG or described in the respectiveinvitation to the General Meeting.
We may be obliged to transfer personal data to other recipielnts who process the personal data on their own rsponsibility, in particular to public bodies such as the competent supervisory authority or to other authorities to fulfill legal (notification) obligations (e.g. due to money laundering regulations or if legally prescribed participation thresholds are exceeded).
Will your data be transferred to a third country or an international organization?
Data is transferred to bodies in countries outside the EU or the EEA (so-called third countries) if this is necessary to fulfill legal obligations, if you have given us your consent or as part of order processing. However, the transfer will only take place if the third country has been confirmed by the EU Comission to have an adequate level of data protection, other appropriate data protection guarantees (such as standard contractual clauses) are in place or an exception within the meaning of Art. 49 GDPR exists.
How long will your data be stored?
In principle, we anonymize or delete your personal data as soon as it is no longer required for the above-mentioned purposes, unless we are obliged by law to continue storing it (e.g. in the German Stock Corporation Act, the German Commercial Code or the German Fiscal Code). The storage period for data collected in connection with General Meetings is generally up to 3 years. We must regularly retain the data stored in the share register for 10 years after the shares have been sold. In addition, we only retain personal data in individual cases if this is necessary in connection with claims asserted against our company (statutory limitation period of up to thirty years.)
Is there an obligation to provide data
As a shareholder, you are legally obliged to provide us with the aforementioned personal data in accordance with Section 67 (1) AktG. Further obligations exist due to identification obligations under money laundering law or sanctions list checks. If you wish to participate in our General Meeting as a shareholder, you must also provide us with the personal data required to hold the General Meeting. Without this data, you may not be able to attend our General Meeting, for example.
To what extent do automated individual case decisions or profiling measures take place?
We do not use purely automated processing to make decisions.
What rights can you assert as a data subject?
You have the right of access (Art. 15 GDPR). the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to object of processing (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure. To assert your rights, please contact the data protection officer named above.
If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the option of lodging a complaint with the data protection officer named above or with a data protection supervisory authority.
Information about your right to object in accordance with Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. We will no longer process the personal data in response to your objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. The objection can be addressed informally to the data protection officer named above.