Data protection information for shareholders and guests of Vanguard AG
Vanguard AG comprehensively protects the personal data of its shareholders and guests.
With the following data protection declaration, we fulfil our obligations in accordance with the GDPR and inform you about the processing of your personal data by the company and the rights to which you are entitled.
1. name and contact details of the controller and the company data protection officer
The controller responsible for the processing of your personal data is
Vanguard AG, Landsberger Str. 222, 12623 Berlin, Tel. +49 30 804 84-0.
You can contact the data protection officer at the above address or by e-mail to datenschutz@vanguard.de.
2. collection and storage of personal data and the nature and purpose of their use
Your personal data is processed in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Stock Corporation Act (AktG) and other relevant legislation.
The company’s shares are registered in accordance with Section 4 (1) of the Articles of Association. A share register is therefore kept in which all shareholders are entered with the following details, among others: Name, date of birth, postal address and electronic address of the shareholder. The company is therefore generally aware of who is a shareholder of the company and, if so, how many shares they hold. We also regularly receive personal data of shareholders and guests in connection with the organisation of the Annual General Meeting. This is personal data provided to the company by shareholders and guests when registering for the Annual General Meeting and transmitted to the company.
In accordance with Section 21 (1) of the Articles of Association, prior registration for the Annual General Meeting is a prerequisite for attending the Annual General Meeting and exercising voting rights. The registration must include the surname, first name, place of residence of the shareholder or, if applicable, the authorised representative and the number of shares. Only the surname and first name must be provided for guests. If you register for the Annual General Meeting by fax or email, we may also collect connection identifiers (e.g. IP addresses), email address and the subject and content of your message to us. To send the admission tickets, the receipt of which is not a prerequisite for participation but makes it easier for us to organise the Annual General Meeting and for you to authorise a third party, we ask you to provide your address.
When organising the Annual General Meeting, we also process personal data of shareholders and guests, although not all of the personal data mentioned is always processed for all of the persons concerned: First name and surname, address, telephone number, e-mail address, number of shares and type of ownership of shares, admission ticket number. Where applicable, we also process information on voting behaviour, motions, questions or other speeches, election proposals and requests from shareholders or their representatives at the Annual General Meeting. This is done to ensure that your shareholder rights are exercised properly.
We use your personal data, which we collect in the course of maintaining the share register, possibly also in connection with special statutory notification obligations or registration for the Annual General Meeting, for the purposes provided for in the German Stock Corporation Act. In addition to the organisation and holding of the Annual General Meeting and its documentation in accordance with Section 67e (1) AktG, these include the purposes of identification, communication with shareholders, companies and intermediaries, the exercise of shareholders’ rights, the maintenance of the share register and cooperation with shareholders. In accordance with Section 134 para. 3 sentence 5 AktG, this also includes in particular the storage of voting proxies for any proxy appointed by the company. We also use your personal data for purposes that are compatible with the aforementioned purposes. This includes, in particular, the preparation of statistical analyses in connection with the shareholder structure. The legal basis for the processing of your personal data in this respect is the German Stock Corporation Act (in particular Sections 67, 67e, 134 AktG) and other relevant legal provisions in conjunction with Art. 6 para. 1 sentence 1 lit. c) and para. 4 GDPR, in the case of the dispatch of admission tickets in conjunction with Art. 6 para. 1 sentence 1 lit. f) GDPR.
Your personal data will also be processed to fulfil legal obligations. These are, in particular, retention obligations, which regularly arise, for example, from stock corporation law, commercial law or tax law. The legal basis for the processing of your personal data in this respect is also the German Stock Corporation Act and other relevant legal provisions in conjunction with Art. 6 para. 1 sentence 1 lit. c) GDPR.
In certain cases, we also process your personal data to protect the legitimate interests of the company. This includes, for example, legal disputes in connection with the Annual General Meeting and its resolutions. The legal basis for the processing of your personal data in this respect is the German Stock Corporation Act and other relevant legal provisions in conjunction with Art. 6 para. 1 sentence 1 lit. f) GDPR.
If your personal data is only processed on the basis of your consent, the legal basis for this is Art. 6 para. 1 sentence 1 lit. a) GDPR.
If the company wishes to process your personal data for purposes other than those explained above, it will inform you in advance in compliance with the statutory provisions. We would like to point out that in certain cases we are not in a position to do this and therefore information may not be provided in accordance with Art. 11 GDPR.
3. access to and disclosure of personal data
At the company, only those persons who require your personal data for the aforementioned purposes will have access to it. This also includes consultants and other service providers or vicarious agents commissioned by the company. If third parties process your personal data exclusively on our instructions in this context, they are obliged to comply with data protection regulations in accordance with Art. 28 GDPR by means of an order processing contract, whereby the company remains responsible to you for the protection of your personal data. As part of the organisation and holding of the Annual General Meeting and its documentation, we commission the following categories of consultants and other service providers or vicarious agents: (legal) advisors and service providers for IT, preparation and realisation as well as documentation of the Annual General Meeting (in particular Link Market Services GmbH) and for keeping the share register.
We would like to point out that the company is obliged to keep a register of those attending the Annual General Meeting in accordance with Section 129 AktG. The personal data listed there can be viewed by participants in the Annual General Meeting during the meeting and by shareholders for up to two years thereafter in accordance with Section 129 (4) AktG.
The company will make requests for additions to the agenda, countermotions and election proposals from shareholders available on the company’s website, stating the name of the shareholder, if the requirements of the provisions of the German Stock Corporation Act (Sections 122 para. 2, 126 para. 1, 127 AktG) are met.
If you ask questions at the Annual General Meeting, your name may be used to answer your questions if you have consented to this, if there is a legal obligation to do so or if this is necessary to answer the question or is otherwise in the legitimate interest of the company (legal basis: Art. 6 para. 1 sentence 1 lit. a), c) or f) GDPR). If you do not wish your name to be mentioned, you have the option of informing us of your objection when registering your speech. The objection can also be communicated later. However, in order for us to be able to take your objection into account, you must inform our employees on site in good time before your speech.
In addition, we may be legally obliged to transfer your personal data to recipients who process it as controllers. These are, for example, authorities that receive corresponding notifications in the case of statutory reporting obligations.
4. data transfer to third countries
The company does not currently transfer any personal data to a third country or an international organisation.
If the company transfers personal data to consultants and other service providers or vicarious agents outside the EU and the EEA, this will only be done to the extent permitted by Art. 44-50 GDPR.
5. duration of storage of personal data
The company deletes your personal data or removes the personal reference by anonymisation as soon as the data or the personal reference is no longer required for the aforementioned purposes and we are not obliged to continue to store or retain the personal reference due to statutory retention and verification obligations, in particular those arising from stock corporation law, commercial law or tax law.
In accordance with Section 67e (2) AktG, we delete your personal data subject to retention obligations in other legal provisions and the necessity for any legal proceedings 12 months after the date on which you are no longer a shareholder of the company. Personal data processed for the organisation and holding of the Annual General Meeting and its documentation is generally stored for a period of three years, subject to specific legal requirements. Insofar as retention obligations under commercial and tax law are applicable, the data must regularly be stored for ten years (see Section 257 (5) HGB and Section 147 (3) and (4) AO). If we process your personal data in connection with claims made by you against us or the company against you, the duration of storage corresponds to the expiry of the statutory limitation period of up to thirty years.
IP addresses are shortened by our hosting provider immediately after checking the geographical origin in such a way that a personal reference can no longer be established, unless there is a concrete reason in individual cases that makes further storage necessary for the assertion or defence of legal claims or the prosecution of unlawful acts.
6. obligation to provide personal data
If you wish to attend the company’s Annual General Meeting as a shareholder – either in person or by proxy – and exercise your voting rights, you must register – either in person or by proxy – in due time (see Section 21 of the Articles of Association). The personal data required for this purpose will be collected in this context. In accordance with Section 135 para. 5 sentence 2 AktG, you can authorise a bank or equivalent shareholders’ associations in accordance with Section 135 para. 8 or persons who offer to exercise voting rights at the Annual General Meeting on a commercial basis to represent you at the Annual General Meeting and exercise your voting rights.
If you attend the Annual General Meeting as a guest, this also requires that you register and provide the necessary personal data.
7. automated decision-making including profiling
The company does not use automated decision-making, including profiling.
8. your rights as a data subject
You have the right to
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
- in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- in accordance with Art. 7 para. 3 GDPR, to revoke any consent you may have given us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
The supervisory authority responsible for the company is the
Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin
As a rule, you can also contact the supervisory authority of your usual place of residence or workplace or the place of the alleged infringement.
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. If you wish to exercise your right of cancellation or objection, simply send an email to datenschutz@vanguard.de.