Below, we provide specific information on data privacy information for shareholders of Hannover Rück SE (Hannover Re) and their representatives, on registering and using our shareholder portal, and participating in our Annual General Meeting (AGM).

For further information, please refer to our "General Data Protection Declaration pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)" on our website at https://www.hannover-re.com/en/data-privacy.

Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Email: Hauptversammlung[at]hannover-re.com

You can contact the Data Protection Officer at Hannover Re by post at the above address, adding "Data Protection Officer / Group Data Protection Officer" to your correspondence, or by email at privacy[at]hannover-re.com.

Hannover Re processes your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the relevant legal provisions on the European Company (SE) such as the SE Regulation (SE-VO), the German Stock Corporation Act (AktG) and other relevant legal provisions.

Personal data is processed primarily for purposes relating to stock corporation, commercial and tax law, such as:

2.1 Identification and interaction with shareholders, maintenance of the share register

Hannover Re shares are registered no-par-value shares. Pursuant to Section 67 of the German Stock Corporation Act (AktG), personal data must be entered in the company's share register when such registered shares are issued. This data includes the shareholder's first and last name, postal and electronic address details, date of birth and the number of shares or share number. Pursuant to Section 67 (1) sentence 4 AktG, shareholders are obliged to provide this information to the company. This information is usually provided by the credit institutions involved in the purchase, sale and custody of the shares. The credit institutions transmit this information to Hannover Re via Clearstream Europe AG, Mergenthalerallee 61, 65760 Eschborn, which, as a central securities depository, handles the technical processing of securities transactions and the custody of shares for the credit institutions. If shareholders provide personal data from authorised representatives or representatives of Hannover Re (e.g. when registering for the AGM), this data is collected and stored accordingly (usually first and last name and address).

The data processing is based on the legal basis of Art. 6 para. 1 sentence 1 c) GDPR in conjunction with the German Stock Corporation Act, in particular §§ 67 et seq. AktG and § 118 AktG (holding a physical AGM with live stream). Pursuant to Section 67e AktG, companies may process shareholders' personal data for the purposes of identification, communication with shareholders, companies and intermediaries, the exercise of shareholders' rights, the maintenance of the share register and cooperation with shareholders.

2.2 Shareholder portal

If you use the electronic registration procedure for the AGM via our shareholder portal, we will process your data for registration on the portal, creation of your user account and electronic communication within the scope of the corresponding user relationship. The legal basis for this is Art. 6 (1) (b) GDPR. If you additionally give your consent to data processing (e.g. consent to receive invitations to the AGM by email), the legal basis is Art. 6 (1) (a) in conjunction with Art. 7 GDPR. Your consent is voluntary. You can revoke your consent at any time with effect for the future. However, we would like to point out that in the event of your revocation, we may no longer be able to provide you with the shareholder portal in whole or in part, or that you will no longer be able to use it in the event of termination.

When using the shareholder portal, data is stored in a log file (in particular IP address, time stamp, actions performed, shareholder number (encrypted), session ID, possible "error logs") in order to operate the portal securely.

Cookies that are necessary for the operation of the portal are also used in the shareholder portal. Cookies are used exclusively by Hannover Re and not by the portal service provider itself. The legal basis for this data processing is Section 25 (2) No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).

We use the following technical cookies without your explicit consent, as they are necessary for the smooth operation of our website:

2.3 Annual General Meeting (AGM)

In the context of the AGM, we process the following personal data of participating shareholders, proxies ("representatives") and guests, although not all of the personal data mentioned is always processed for all of the data subjects mentioned:

If shareholders or their representatives contact us ("enquiry"), we also process the personal data provided in the enquiry that is necessary to respond to the enquiry (e.g. the contact details provided by the shareholder or representative, such as email address or telephone number). Where applicable, we also process information on motions, questions, election proposals and requests from shareholders or their representatives at the AGM. The legal basis for this is the relevant provisions of stock corporation law in Art. 56 sentences 2 and 3 SE-VO, § 50 (2) SEAG, §§ 122 (2), 126 (1), 127 AktG), in conjunction with Art. 6 (1) (c) GDPR.

If we do not receive this data directly from the shareholder or representative concerned, it will be provided to us by the financial or credit institutions acting on behalf of the shareholder. If the shareholder concerned is a registered shareholder, we have taken their contact details from the share register.

The personal data is processed for the following purposes:

The legal basis for the processing of personal data is the provisions of stock corporation law (Sections 118 et seq. of the German Stock Corporation Act (AktG)), in conjunction with Art. 6 (1) (c) GDPR. In addition, we process personal data to fulfil legal obligations under supervisory, tax and commercial law. The legal basis here is also Art. 6 (1) (c) GDPR.

In addition, we process personal data to protect legitimate interests such as preparing for the AGM and ensuring that it runs smoothly or complying with securities trading regulations in non-European countries. In these cases, the legal basis for data processing is Article 6(1)(f) GDPR.

If you provide us with personal data in connection with an enquiry, the legal basis for processing this data for the purpose of responding to your enquiry is Art. 6 (1) (a) or (c) GDPR.

When answering questions during the AGM, the name of the questioner may be mentioned if the questioner has consented to this, if there is a legal obligation to do so, if this is necessary to answer the question or if it is otherwise in the legitimate interest of the company (legal basis: Art. 6 (1) (a), (c) or (f) GDPR).

The entire AGM will be broadcast live on the shareholder portal and can be accessed worldwide. The live stream does not allow participation in the AGM within the meaning of Section 118 (1) sentence 2 and Section 118a AktG. In this context, shareholders who speak during the AGM may be visually and/or acoustically recognisable. The image and sound recordings made in this context will be processed in accordance with Art. 6 (1) lit. f) GDPR in conjunction with Section 23 (1) No. 3 German Art Copyright Act (KunstUrhG).

2.4 Statistical evaluations

In individual cases, Hannover Re also processes your data to safeguard legitimate interests pursuant to Art. 6 (1) (f) GDPR. This is the case, for example, when personal data is processed for statistical purposes, such as developing the shareholder structure or trading volumes.

3.1 External service providers and other commissioned third parties:

Hannover Re commissions the following categories of external service providers and other third parties to maintain the share register and handle the technical aspects of the AGM, who receive personal data:

3.2 Other recipients: Participants in the AGM, users of the livestream

A list of participants containing the personal data of the participants is compiled for Hannover Re's AGM. In accordance with Section 129 (4) of the German Stock Corporation Act (AktG), this list must be made available to all participants before the first vote. Upon request, every shareholder is entitled to inspect the list of participants for up to two years after the AGM.

In addition, personal data is disclosed in accordance with legal requirements when exercising shareholder rights. This is the case in connection with the announcement of requests to supplement the agenda (Art. 56 SE Regulation in conjunction with Section 124 (1) of the German Stock Corporation Act (AktG)) and of countermotions and election proposals by shareholders (Art. 53 SE Regulation in conjunction with Sections 126 and 127 AktG). In addition, it may be necessary by law for your personal data to be transferred to other recipients, such as authorities, in order to fulfil certain requirements (e.g. when legally prescribed voting thresholds are exceeded, to tax authorities or law enforcement agencies).

The AGM will be broadcast via livestream. In this context, shareholders who speak during the AGM may be visually and/or acoustically recognisable and thus seen and heard by viewers of the livestream. The image and sound recordings made in this context will be processed in accordance with Art. 6 (1) (f) GDPR in conjunction with Section 23 (1) No. 3 of the German Art Copyright Act (KunstUrhG).

If we pass on personal data to service providers outside the European Economic Area (EEA), this will only be done if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection safeguards (e.g. an agreement on the EU Commission's standard contractual clauses) are in place.

Your personal data will be deleted as soon as it is no longer required for the above-mentioned purposes.

Our obligation to store your personal data in our share register remains in force for as long as you are a shareholder of Hannover Re. We anonymise or delete your personal data as soon as it is no longer required for these purposes, usually no later than one year after we become aware that you are no longer a shareholder (Section 67e (2) sentence 1 AktG). This does not apply if and to the extent that we are obliged to store the data for a longer period due to statutory documentation and retention obligations (e.g. under the German Stock Corporation Act, section 257 of the German Commercial Code, section 8 of the German Money Laundering Act or section 147 of the German Fiscal Code) or if the data is relevant for judicial or extrajudicial proceedings, for example in the case of actions for annulment and nullity; in these cases, we store the data for as long as the corresponding documentation and retention obligations exist or until the corresponding proceedings, including any enforcement proceedings, have been legally concluded or otherwise finally concluded (Section 67 (2) sentence 1 AktG). Based on statutory limitation periods, this may result in storage for three to thirty years (Section 199 BGB).

For personal data processed in connection with the AGM, the storage period is generally up to three years. We anonymise or delete this personal data as soon as it is no longer required for the above-mentioned purposes. This does not apply if and to the extent that we are obliged to store the data for a longer period due to statutory documentation and retention obligations (e.g. in the German Stock Corporation Act (AktG), the German Commercial Code (HGB) or the German Fiscal Code (Abgabenordnung)) or if the data is relevant for judicial or extrajudicial proceedings, for example in the case of actions for annulment and nullity; in these cases, we store the data for as long as the relevant documentation and retention obligations exist or until the relevant proceedings, including any enforcement proceedings, have been legally concluded or otherwise finally settled. If you authorise the proxy appointed by the company for the AGM, it is a legal requirement to record the data serving as proof of authorisation in a verifiable manner and to store it in an access-protected manner for three years (Section 134 (3) sentence 5 AktG). Where possible, your personal data will be anonymised.

Retention periods begin at the end of the calendar year in which the event triggering the period occurs (e.g. end of shareholder status).

Automated decision-making and profiling are not currently planned. If the automated processing of your personal data involves using this data to evaluate, analyse or predict certain personal aspects relating to you, this is referred to as profiling. Hannover Re will inform you of any changes in accordance with the legal requirements.

You can request information about the data stored about you at the above address. In addition, under certain circumstances, you can request the correction or deletion of your data.

You may also have the right to restrict the processing of your data and the right to have the data you have provided released in a structured, commonly used and machine-readable format. You can revoke your consent at any time with effect for the future. Further legal information regarding your data can be found in Articles 15 et seq. GDPR and Sections 67, 67 e AktG (German Stock Corporation Act).

You can access our shareholder portal directly at www.hannover-re.com/de/aktionärsportal or via our company website www.hannover-re.com/en/investors/annual-general-meeting/. In the shareholder portal, you have access to the essential information about yourself recorded in the share register and can notify us of any corrections there.

You have the option of contacting the data protection officer (see above for contact details) or a data protection supervisory authority.

The data protection supervisory authority responsible for Hannover Re is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover

Telephone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
Email: poststelle[at]lfd.niedersachsen.de

We reserve the right to change this privacy policy at any time in accordance with applicable law.

As of March 2026