Data Privacy Statement for shareholders of Hannover Rück SE

We provide below specific data privacy information for shareholders of Hannover Re and their representatives regarding use of our registration and Shareholder Portal as well as participation in our Annual General Meeting.

In addition, we refer to our "General Data Privacy Statement pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)" on our website.

1. Responsible data controller/contact information for the data protection officer

Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover, Germany
E-mail: Hauptversammlung[at]hannover-re.com

You can contact Hannover Re's data protection officer by post using the aforementioned address (please add the address line "Group Data Protection Officer") or via e-mail at: privacy[at]hannover-re.com.

3. Categories of recipients of personal data

External service providers:

Hannover Re makes use of external service providers for the management of the share register and for technical matters connected with holding the Annual General Meeting. Examples of the tasks performed by service providers that we commission in this regard are:

  • administration and technical management of the share register by a share register service company,
  • organisation of the AGM by AGM-service-providers and service providers for printing and sending shareholder communications,
  • holding and technical execution of the AGM (primarily: attendance checks, technical infrastructure for voting and documentation of Annual General Meetings)
  • Preparation of the minutes of the Annual General Meeting by a notary

Additional recipients:

In the context of Hannover Re's AGM a list of attendees is compiled containing personal data of the participants. Pursuant to Section 129 AktG (4), the list must be made available to all attendees before the first vote, and in the case of a virtual AGM, to all shareholders and representatives of shareholders who are electronically connected to the meeting. Each shareholder shall be granted access to the list of attendees upon request for up to two years after the AGM.

Furthermore, personal data is disclosed in accordance with legal requirements in connection with the exercise of shareholder rights. This is the case in the context of publishing requests to amend the agenda (Article 56 SE Regulation in conjunction with Section 124 (1) AktG) as well as countermotions and election nominations received from shareholders (Article 53 SE Regulation in conjunction with Sections 126 and 127 AktG). Insofar as shareholders are given the opportunity to ask questions by means of electronic communication during the virtual Annual General Meeting, this will be announced on the basis of Article 53 SE Regulation in conjunction with Section 131 (1) and (1f) AktG. In addition, it may become legally necessary to pass on your personal data to other recipients such as public authorities in the event of certain facts and circumstances applying (e.g. if statutory voting rights thresholds are exceeded, to financial authorities or criminal prosecution authorities).

4. Data transmission to a third country

The transfer of shareholders' personal data to countries outside the European Economic Area (EEA) is not envisaged. Should, however, your personal data be transferred to third countries, such transfer will only take place if the third country has been confirmed by the European Commission as having an appropriate level of data protection, if other appropriate data protection guarantees (e.g. mandatory internal company data protection regulations or EU standard contractual clauses) are in place or if this is permitted based on a legally recognised exception for certain cases, e.g. if shareholder communications are also transmitted to shareholders in third countries and these communications contain personal data (in particular motions for the Annual General Meeting with disclosure of the name of the person proposing the motion) or if it is necessary for the establishment, exercise or defence of legal claims.

5. Duration of data storage and criteria for determining such duration

Your personal data is deleted as soon as it is no longer required for the purposes mentioned above. This does not apply if and to the extent that statutory obligations to provide evidence and to retain data (e.g. under the German Stock Corporation Act, Section 257 of the German Commercial Code, Section 8 of the German Money Laundering Act or Section 147 of the German Fiscal Code) oblige us to retain the data for a longer period of time or if the data is relevant for judicial or extrajudicial proceedings, for example in the case of actions for avoidance or nullity; in these cases, we shall retain the data for as long as the relevant obligations to provide evidence and to retain data exist or until the relevant proceedings, including any enforcement proceedings, have been finally and conclusively concluded by a court of law or otherwise.

Data stored in the share register will be stored for the holding period and a period of ten years following the complete sale of your shares based on the legal documentation and retention obligations and subsequently anonymised. Based on the legal principles governing the statute of limitations, this can lead to a storage period of three to thirty years (Section 199 of the German Civil Code).

For personal data arising in connection with Annual General Meetings, the period of storage is normally up to three years. Insofar as you authorise the representative exercising voting rights designated by the Company for the Annual General Meeting, there is a statutory requirement to record the data used to document the authorisation in a verifiable form and retain it under access protection for three years (Section 134 (3) sentence 5 AktG). Wherever possible, your personal data is kept in an anonymised form.

Retention periods commence at the end of the calendar year in which the event triggering the retention period occurs (e.g. termination of shareholder status).

6. Automated decision-making and profiling

Automated decision-making and profiling is not currently envisaged. Should automated processing of your personal data involve such data being used to evaluate, analyse or predict certain personal aspects relating to you, this is known as profiling. In the event of changes Hannover Re will inform you in accordance with the legal requirements.

7. Rights of data subjects

You can request information regarding the personal data stored about you from the aforementioned address. Under certain conditions, you can also request that your data be corrected or deleted.

You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect. Further legal information regarding your data can be found in Article 15 ff GDPR and Sections 67, 67 e AktG.

You can access our Shareholder Portal directly or via our Company's homepage. The Shareholder Portal gives you access to the most important personal information recorded about you in the share register; you can inform us of any corrections here or via the aforementioned address.

8. Right of objection

If we process your data to protect legitimate interests, you may register your objection to this processing with our data protection officer at the aforementioned address if there are reasons associated with your particular situation that could mean such data processing is inappropriate. We shall then no longer process your personal information unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.

9. Right to complain

You have recourse to our data protection officer (contact details as above) or a data protection supervisory authority.

The responsible data protection supervisory authority for Hannover Re is:

Der Landesbeauftragte für den Datenschutz Niedersachsen (Data Protection Commissioner for Lower Saxony)
Prinzenstrasse 5
30159 Hannover, Germany

Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle[at]lfd.niedersachsen.de

10. Reservation of the right of modification

We reserve the right to modify this data privacy information at any time within the limits set by applicable laws.

Information valid as of February 2024