Information about the processing of personal data of our investors and shareholders
As of May 25, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation - "GDPR") and new national data protection legislation enters into force. Among other things, the GDPR provides for information obligations in connection with the processing of personal data. With the information below, we would like to comply with this requirement of transparency and inform you about the nature and scope of the data processing in connection with your position as investor and/or shareholder as well as the rights to which you are entitled.
1. Who is responsible for the protection and processing of your personal data?
Responsible for data protection is zooplus AG (hereafter: zooplus), Sonnenstraße 15 in 80331 Munich, represented by the Management Board members Andrea Skersies, Dr. Cornelius Patt and Mr. Andreas Grandinger at phone:+49/89/21129211 or email: firstname.lastname@example.org.
You can contact our Data Protection Officer, Mr. Nikolaus Bertermann, via daspro GmbH, Neues Kranzler Eck Kurfürstendamm 21 in 10719 Berlin, or by phone: +49/30/878774150 or email: email@example.com.
2. Which data do we process?
The legal basis for the processing of your personal data in connection with your position as a shareholder is the EU General Data Protection Regulation (GDPR) in addition to the (new) Federal Data Protection Act (BDSG), the Stock Corporation Act (AktG), as well as all other relevant legislation.
The legal basis for the processing of your personal data by zooplus is the Stock Corporation Act in conjunction with Article 6 (1) lit. c) and (4) GDPR. In specific cases, zooplus may also use your data to safeguard the legitimate interests of zooplus or a third party pursuant to Article 6 (1) lit. f) GDPR. This would be the case, for example, if we were to exclude individual shareholders or groups of shareholders from information on subscription rights on the basis of their nationality or place of residence so as not to violate the laws of certain countries. For information on the right to object to the processing of data for the purposes of legitimate interests, please see below.
In connection with the processing of annual general meetings, zooplus processes personal data (specifically the name, date of birth, address and other contact details of the shareholder, number of shares, type of share ownership and, if applicable, the name and address of the shareholder representative authorized by the respective shareholder) on the basis of the Stock Corporation Act and applicable data protection regulations. In addition to the personal data of the shareholders, zooplus processes data provided by the shareholders to zooplus in connection with the registration for the annual general meeting or from custodian banks for the shareholders, for this same reason. The processing of personal data in connection with annual general meetings is for the purpose of processing the registration and participation of the shareholders in the annual general meeting (e.g., examination of the authorization to participate) and enable shareholders to exercise their rights in the context of the annual general meeting (including the granting and revoking of proxies) especially when registering for the annual general meeting and granting and revoking of proxies. When authorizing the proxies nominated for the annual general meeting, the proxy statement of zooplus shall be verifiably retained and kept access-protected for three years (Section 134  sentence 5 AktG).
In addition, zooplus processes data transmitted to us by shareholders or other persons subject to the notification obligations in accordance with voting rights notifications under the Securities Trading Act. In these cases, the legal basis for the processing is also the respective statutory provisions and Article 6 (1) lit. c) GDPR. If we wish to process your personal data for a purpose that was not mentioned above, we will inform you in advance within the framework of the statutory provisions.
3. With whom do we share data?
We use external service providers to assist in the execution of the annual general meetings (AGM service providers, service providers for printing and dissemination of shareholder communications, legal advisers). Commissioned service providers will only receive personal data from zooplus that are required for the execution of the commissioned service and process the data exclusively in accordance with instructions and on behalf of zooplus. If you would like further information, please contact the contact persons mentioned above.
When you attend an annual general meeting, we are required pursuant to Section 129 (1) sentence 2 AktG to enter you in the list of participants, stating your name, place of residence, number of shares and type of ownership. These data can be viewed by other shareholders and annual general meeting participants during the meeting and by shareholders up to two years thereafter (Section 129  AktG). When a shareholder requests that items be placed on the agenda (Section 122  AktG), zooplus discloses these agenda items when the requirements have been met in accordance with the provisions of the Stock Corporation Act, stating the name of the shareholder. zooplus will also make countermotions and election proposals from shareholders available on the zooplus website if the requirements are met in accordance with the provisions of Stock Corporation Act, stating the shareholder's name (Sections 126, 127 AktG). In addition, we may be required to submit your personal information to other parties, for example, in order to publish voting rights notifications in accordance with the provisions of the Securities Trading Act and to notify authorities in order to meet the legal disclosure requirements.
For the dissemination of press releases and company information, we use an external IR and communication agency. Personal data can be included in these providers' distribution lists only at the express request of shareholders, investors and interested third parties and only to the extent necessary for the execution of the commissioned service. Processing of the data takes place exclusively according to instructions and on behalf of zooplus.
4. How long do we store your data?
We generally anonymize or delete your personal data as soon as and as far as they are no longer required for the purposes stated herein, unless legal obligations to provide proof and/or retention (according to the Stock Corporation Act, the Commercial Code, the Tax Code or other legal provisions) require us to continue storage. For the data collected in connection with annual general meetings, the storage period usually lasts up to three years. In addition, we only retain personal data in specific cases when this is necessary in connection with claims asserted against our company (statutory limitation periods of up to thirty years).
5. How do we transfer data to non-European countries?
We do not transfer your personal data to a third country outside the EU, the European Economic Area (EEA) or to an international organization. Otherwise, we will ensure that they are passed on only if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees exist (e.g., binding internal company data protection regulations or the agreement of the standard contractual clauses of the EU Commission).
6. What rights do you have as the affected person?
You have the right at any time to request a confirmation from zooplus about whether we are processing your personal data and the right to information about this personal data. You also have the right to rectification, erasure and restriction of processing your personal data, as well as the right at any time to object to the processing of personal data or to revoke your consent for the processing of data or to request the transfer of data.
Complaints regarding the processing of your personal data may be submitted to the zooplus data protection officer via the contact details mentioned above, in order to clarify the matter immediately with zooplus. Irrespective of this, you can contact a data protection supervisory authority. The data protection supervisory authority responsible for zooplus is the Bavarian State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach (mailing address: PO Box 606, 91511 Ansbach); phone: +49 (0) 981 53 1300; Fax: +49 (0) 981 53 98 1300; Email: firstname.lastname@example.org.
Right to object to data processing for the legitimate interests of zooplus
If we process your data in order to safeguard the legitimate interests of zooplus or a third party, you may contact Mr. Nikolaus Bertermann at daspro GmbH, Neues Kranzler Eck, Kurfürstendamm 21, 10719 Berlin, by phone: +49/30/878774150, or via email: email@example.com to object, if your particular situation gives rise to reasons that oppose this data processing. We will terminate this processing if we cannot demonstrate that there are compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subjects, or the processing serves to assert, exercise or defend of legal claims.