Information on Shareholder Privacy Policy

The EU General Data Protection Regulation (GDPR) regulates the data protection. In the following we would like to inform our shareholders about the processing of their personal data and their rights

In the EU General Data Protection Regulation (GDPR), new rules and regulations on data protection have been in force since 25 May 2018. United Internet AG (hereinafter “we” and “us”) places great emphasis on compliance with data protection provisions. By providing the information below, we would like to inform our shareholders about the processing of the Per-sonal Data and the rights accruing to them under data protection law. For more information on data protection at United Internet AG, please see our Privacy Policy

Responsible persoN

The responsible for the processing of Personal Data is United Internet AG. You can contact United Internet AG at:

United Internet AG
Elgendorfer Straße 57
56410 Montabaur
Germany
Telephone: +49 (0)2602 96 1100
Fax: +49 (0)2602 96 1013
email: info@united-internet.de

If you have comments on or inquiries about the processing of Personal Data, please contact United Internet AG’s Data Protection Officer at:

United Internet AG
The Data Protection Officer
Elgendorfer Straße 57
56410 Montabaur
Germany
email: info@united-internet.de

Purpose and legal basis of processing

We process your Personal Data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Stock Corporation Act (AktG) and all other relevant legal provisions.

The shares of United Internet AG shares are registered shares. In the case of registered shares, Section 67 of the German Stock Corporation Act (AktG) stipulates that these shares must be entered into the company’s share register, indicating the name, date of birth and the address of the shareholder as well as, in the case of nopar shares, the number of shares or the share certificate number. Shareholders are obliged to provide the company with this information.

When registered shares are bought, sold or kept in safe custody, the participating credit institutions/custodian banks generally pass on the mandatory disclosures and all other infor-mation (e.g., along with the aforementioned data, nationality, gender and remitting bank) necessary for keeping the share register to us. In some cases, United Internet AG may also receive Personal Data directly from the shareholders.

We use your Personal Data (e.g., name and contact data, number of shares, share class, form of share ownership, number of the admission ticket to the Annual General Meeting) as well as the Personal Data of your shareholder representative for the purposes provided for under the German Stock Corporation Act (AktG), in particular for keeping the share register, communication with yourselves as shareholders and conducting annual general meetings. The processing of Personal Data is required by law for these purposes. The legal basis for the processing of your Personal Data is established under the German Stock Corporation Act in conjunction with Art. 6 (1) sentence 1 lit. c) GDPR.

In addition, we use your data on the basis of Art. 6 (1) sentence 1 lit. c) and (4) GDPR for purposes compatible with the aforementioned (in particular, for preparing statistics, e.g., for mapping shareholder development, the number of transactions or for obtaining an overview of the largest shareholders).

In addition, we process your Personal Data if necessary also for compliance with other mandatory obligations, such as regulatory requirements and retention requirements relating to shares, trading and tax law. To fulfil the provisions under German stock corporation law, we must, for example, maintain the data pertaining to the documented proof of the authorization granted to the proxy appointed by the company for the Annual General Meeting. The legal basis for processing in this case is established by the respective statutory provisions and Art. 6 (1) sentence 1 lit. c) GDPR.

In individual cases, we also process your data to the extent that this is necessary to safeguard the legitimate interests of United Internet AG (Art. 6 (1) sentence 1 lit. f) GDPR), also for statis-tical purposes, processing contact and service enquiries and for participation as a guest in the Annual General Meeting.

On our shareholder portal, we use your Personal Data only for the purpose for which you have provided us with the data. This includes, for instance, enabling you to access to our Annual General Meeting Service, to set up a personalized registration and electronic application on the shareholder portal, for documenting your online registration for the Annual General Meeting and ordering admission tickets, for documenting online ordering, for documenting your authorization for representation through the respective proxy in the Annual General Meeting, for making contact in the event of contact and service enquires and to give you ac-cess to certain information.

If you have given your consent on our shareholder portal to making contact via electronic communication for the dispatch of the invitation to the Annual General Meeting, for the dis-patch of admission tickets to the Annual General Meeting, for the dispatch of our email news-letter, for the dispatch of annual reports, for participation in a shareholder competition or the dispatch of other information from United Internet AG, we will process your email address on the basis of the consent given in the respective case (Art. 6 (1) sentence 1 lit. a) GDPR).

If we intend to process your Personal Data for a purpose which is not one of the aforementioned, we will inform you before doing so in accordance with the statutory provisions.

Recipients of your data

For the purpose of keeping the share register and for conducting the Annual General Meeting (e.g., for the printing and dispatching of invitation material or conducting the Annual General Meeting) we use external service providers and affiliated companies in part who are granted access to your Personal Data within the scope of the tasks entrusted to them. Our partners are carefully selected in the context of order processing and are taken under obligation in accord-ance with Art. 28 GDPR to comply with United Internet AG’s data protection standards.

Our shareholder portal is operated by Computershare Deutschland GmbH & Co. KG on behalf of United Internet AG in accordance with instructions from United Internet AG in the context of order processing pursuant to Art. 28 GDPR. Computershare does not use your Personal Data for its own purposes.

The service providers and affiliated companies we work with process your Personal Data exclusively in line with our instructions and only to the extent necessary for carrying out the contracted service. All the employees of United Internet AG, of the group of companies and the employees of the service providers who have access to your Personal Data or process them are under obligation to treat these data confidentially.

Moreover, we may be taken under obligation to transfer your data to further recipients such as the authorities for the purpose of complying with statutory reporting.

If you participate in the Annual General Meeting, the other shareholders of United Internet AG are able to view the data collected in the list of participants for a period of up to two years after the Annual General Meeting pursuant to Section 129 (4) of the German Stock Corporation Act. Counter motions and nominations by shareholders must be made accessible under the conditions laid down by Sections 126 and 127 of the German Stock Corporation Act, including the name of the shareholder. Any applications made in accordance with Section 122 (2) of the German Stock Corporation Act to supplement the agenda are published by United Internet AG, also including the name of the applicant.

Transfers to non-EU countries

If we pass on Personal Data to service providers outside the European Economic Area (EEA), the relaying of data only takes place if the non-EU country has had a suitable level of data protection confirmed by the EU Commission or if other suitable data protection guarantees are in place (e.g., binding data protection rules within the company or an agreement making use of the EU Commission’ standard contractual clauses).

You are welcome to request detailed information on this as well as on the data protection level of service providers in non-EU countries by using the aforementioned contact address.

Data security

When transferring data, we use Secure Sockets Layer (SSL) in conjunction with a 256 Bit encryption. This technology offers the highest level of security and is therefore also used by banks for data protection with online banking, for instance. You can recognize the transfer of encrypted data from the icon showing a closed lock in the lower status or browser's address bar.

United Internet AG secures the shareholder portal and other systems by setting in place technical and organizational measures against the loss, destruction, access, changing and dissemination of your data by unauthorized persons. Access to your user account is only possible if your personal password has been entered. Please always treat your access information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.

Retention period

We always anonymize or delete your Personal Data as soon as they are no longer necessary for the designated purposes, or if the Personal Data are no longer required for any administrative or legal processes and no other statutory obligations for proof and retention (e.g., under the German Stock Corporation Act, the German Commercial Code, the fiscal code) or other justifications for retention exist.

The retention period for data collected in connection with the Annual General Meeting is up to three years as a rule.

The data stored in the share register must generally be kept for ten years after the shares have been sold. In addition, we store Personal Data only on a case-by-case basis if, for instance, this is necessary in connection with claims.

Rights of the data subject

Under the statutory requirements, you have the right to obtain information on your Personal Data being processed from the aforementioned contact address (Art. 15 GDPR) and to the rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR) of your Personal Data or to a restriction on their processing (Art. 18 GDPR).

Furthermore, you have the option of consulting the competent supervisory authority.

Right to object (Art. 21 GDPR): If we process your data to safeguard legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR), you can object to this processing except when reasons arise on the grounds of your particular situation which prevent this processing. Please submit your objection to the aforementioned contact address.

Right to withdraw consent (Art. 7 (3) GDPR): If we process your Personal Data based on your consent (Art. 6 (1) sentence 1 lit. a) GDPR), you can withdraw this consent at any time. To withdraw your consent please use the aforementioned contact address.

Right to data portability (Art. 20 GDPR): If we process your Personal Data based on your consent (Art. 6 (1) sentence 1 lit. a) GDPR), you have the right to receive your Personal Data in a structured, commonly used and machine-readable format.