Information on data protection for shareholders of Infineon Technologies AG
Since 25 May 2018, when the EU’s General Data Protection Regulation (Datenschutzgrundverordnung – “GDPR”) came into force, we are required to comply with new data protection regulations. One of the main concerns is the transparency of data processing. We take privacy for our shareholders very seriously. We would therefore like inform you about the processing of your personal data by Infineon Technologies AG and your rights under data protection law.
If you have any questions about the following information, please contact the Infineon Data Protection Officer.
Infineon Technologies AG
Data Protection Officer Department BC DPC
Am Campeon 1-15
We process your personal data according to the requirements of the GDPR, the German Federal Data Protection Act (Bundesdatenschutzgesetz), the German Stock Corporation Act (Aktiengesetz) and all further relevant legal provisions.
Infineon shares are registered shares. Section 67, Paragraph 1 of the German Stock Corporation Act stipulates that registered shares must be entered in the Company’s stock register with the name, date of birth, address and electronic mail address of the shareholder as well as the number of shares held or the share certificate number. The shareholder is under obligation to provide this information to the Company in general. The credit institutions involved in the purchasing or custody of your Infineon registered shares regularly pass information to us that is relevant for the management of the stock register and for communication with the shareholders (and may, for example, include nationality and gender in addition to the above-mentioned data). This process takes place via Clearstream Banking AG, which is responsible as the central depository for the technical processing of securities transactions and the custody of the shares on behalf of the credit institutions. If you sell your shares, we are also informed of this via Clearstream Banking AG.
We use your data for the purposes stipulated in the Stock Corporation Act. These are in particular (i) the management of the stock register, (ii) communication with you as shareholder and (iii) the organization of Annual General Meetings. For example, if, as you have the option of doing, you would like to attend our Annual General Meeting, we require your name and the number of your shares, in order to send you the necessary voting papers. These data will later appear in the participants’ register that we are obliged by law to produce. If certain conditions are met, we are also required to publish your name when you submit any additions to the agenda, countermotions or nominations. In all these cases, sections 124, 125, 126 et seq. and 129 Stock Corporation Act in conjunction with article 6 paragraph 1, sentence 1 c) and f) GDPR provide the legal basis for processing your data.
In addition, we use your data for purposes related to the above-mentioned purposes (i) to (iii), for example for presenting changes in the shareholder structure or overviews of the largest shareholdings. The legal basis for the processing of your personal data in all these cases is the Stock Corporation Act, in conjunction with article 6, paragraph 1 c) and paragraph 4, GDPR.
We also process your personal data to fulfill further legal obligations. In order to meet the requirements of stock corporation law, we are obliged, for example, when authorizing employee proxies nominated by the Company for the Annual General Meeting, to record data that function as proof of authorization in a verifiable format. We also have retention obligations under stock corporation, commercial and tax law. The legal basis for processing your data in this case is provided by the relevant legal provisions in conjunction with article 6, paragraph 1 c) GDPR.
If you have provided your e-mail address to us for the electronic distribution of Annual General Meetings documents, we process this with your permission in accordance with article 6, paragraph 1 a) GDPR. You can withdraw your permission at any time without giving any reason.
In individual cases, we also process your data to safeguard our legitimate interests in accordance with article 6, paragraph 1 f) GDPR. One example of this is when, in the case of share capital increase, we are required to withhold information about subscription rights from individual shareholders because of their nationality or their place of residence in order to comply with the securities regulations of the countries concerned.
On rare occasions, we process also personal data of third parties. If, for example, you authorize another person to attend the Annual General Meeting and to exercise the associated rights on your behalf, we process the name and address of your proxy in order to ensure that the Annual General Meeting is properly conducted. The legal basis for this is provided by the relevant provisions of the Stock Corporation Act in conjunction with article 6, paragraph 1 c) GDPR.
The InvestorPortal offers shareholders of Infineon Technologies AG the opportunity to register, vote, submit questions and comments pertaining to the Annual General Meeting by means of video messages or in text form and file objections.
As a user of the InvestorPortal, you can find out more about how your personal data are handled below.
1. Your data
Initially, the following personal data from the share register are processed in the InvestorPortal: Salutation, surname, first name, type of person (natural/legal), date of birth, nationality, address (where applicable also mailing address and address of authorized proxy), number of shares owned, type of ownership, and shareholder number.
We also process additional information pertaining to your registration for the Annual General Meeting (e.g. e-mail address, consent to send documents electronically).
2. Purposes of processing
We process your personal data for the following purposes:
- Identification pertaining to:
- Your login to the InvestorPortal
- Your registration for the Annual General Meeting
- The mail ballot for the Annual General Meeting
- The granting, amendment and/or revocation of powers of attorney to proxies and, if applicable, instructions for participation in the Annual General Meeting
- The submitting of questions and comments in text form or by means of video messages
- The lodging of an objection
- Correspondence with you as a shareholder
- Registration of your participation in the electronic mailing of documents pertaining to the Annual General Meeting.
3. Legal basis
Your personal data are processed on the basis of one or more of the following legal grounds:
- Compliance with statutory obligations, such as those resulting from the German Stock Corporation Act
- On the basis of your consent, which you give by voluntarily deciding to use the InvestorPortal and registering, for example, to participate in the electronic dispatch of AGM documents, by informing us of your e-mail address or by changing it, as well as
- To protect Infineon's legitimate interests.
Infineon has a legitimate interest in offering its shareholders additional channels of communication and services in connection with the preparation and conducting of the Annual General Meeting.
4. Categories of recipients
The InvestorPortal is operated on behalf of Infineon Technologies AG by the external service provider Computershare Deutschland GmbH & Co. KG, Elsenheimerstr. 61, 80687 Munich.
Each of our service providers is contractually obliged to comply with all relevant data protection laws. These include, in particular, the obligation to respect the rights and freedoms of data subjects and the implementation of appropriate technical and organizational measures to protect personal data.
5. Technically required cookies
Infineon's legitimate interests form the legal basis for the processing of personal data with the help of cookies of this category – assuming that any of your personal data are indeed processed. These interests include, for example, Infineon's interest in presenting a professional outward image and optimally distributing the workload on the server for technical reasons.
In case the Annual General Meeting takes place as a virtual event based on section 1, paragraphs 2 and 6 of the Act Concerning Measures Under the Law of Companies, Cooperative Societies, Associations, Foundations and Commonhold Property to Combat the Effects of the COVID-19 Pandemic (“COVID-19 Act"), published as section 2 of the Act on Mitigating the Consequences of the COVID-19 pandemic in Civil, Insolvency and Criminal Procedural Law dated 27 March 2020, last amended by section 15 of the Reconstruction Assistance Act dated 10 September 2021 (Federal Law Gazette Part I, Page 4147), the processing of personal data is legally required for the proper preparation and conduct of the virtual Annual General Meeting (in particular for the electronic exercise and confirmation of the votes, the opportunity to submit questions electronically and to object to one or more resolutions electronically as well as for following the entire event online via video and audio transmission). Legal basis for the processing is section 6, paragraph1 c), GDPR in conjunction with sections 118 et seq. Stock Corporation Act or section 1 COVID-19 Act in conjunction with section 1 GesRGenCOVMVV respectively. An objection for record to one or more resolutions transmitted via the Internet service is forwarded to the notary in charge for the minutes of the virtual Annual General Meeting together with the required personal data.
In connection with providing video messages, the personal data of shareholders and shareholders representatives are processed and published according to section 6, paragraph1 a), GDPR. The video messages will be deleted after the virtual Annual General Meeting.
Shareholders’ questions in the context of a virtual Annual General Meeting are only published together with the shareholder’s name if consent according to section 6, paragraph1 a), GDPR is given. In addition requests for additions to the agenda, counterproposals or election proposals might also be published together with the name, section 6, paragraph1 c), GDPR in conjunction with section 1, paragraph 2, no. 3, COVID-19 Act in conjunction with section 1 GesRGenCOVMVV.
External service providers:
To some extent, we use external service providers for the management of our stock register and the organization of the (virtual) Annual General Meeting. We make your data available to the service providers to the extent this is required for the proper completion of their task.
If you or a person authorized by you attend the Annual General Meeting, other attendees can see your or your proxy’s data in the participants’ register. The participants’ register is also available to Infineon shareholders on request for up to two years after the Annual General Meeting.
In addition, we may be obliged to pass on your data to further recipients, for example to authorities in order to meet statutory reporting requirements (for example when statutory voting thresholds are exceeded or undercut).
As a general rule, we only store your data for the length of time necessary for the above-mentioned purposes unless we are obliged by statutory record-keeping and retention requirements to retain that data for a longer period.
You can request information concerning the data stored about you directly from our data protection officer at the above address.
You can access the main information stored about yourself in the stock register via the internet service on the Infineon website (www.infineon.com/agm). If anything is incorrect, please contact your custodian bank, which will ensure that any necessary changes are made in the Infineon stock register.
In addition, under certain circumstances you can require us to delete your data or restrict its processing (for example if your data should have been unlawfully processed).
If we process your data based on legitimate interests, you can object to this by contacting us at the above business address, if you can present reasons for so doing based on your particular situation. We will then terminate the processing of your data, unless it serves interests of our own which are vital for us to protect.
If you have a complaint about the handling of your data, you can contact the Infineon Data Protection Officer (for address see above) and/or a public data protection authority. The relevant data protection authority for Infineon Technologies AG is as follows:
Bayerisches Landesamt für Datenschutzaufsicht
Status of this information: November 2018