Information on data protection for shareholders of Infineon Technologies AG

Since 25 May 2018, when the EU’s General Data Protection Regulation (Datenschutzgrundverordnung – “GDPR”) came into force, we are required to comply with new data protection regulations. One of the main concerns is the transparency of data processing. We take privacy for our shareholders very seriously. We would therefore like inform you about the processing of your personal data by Infineon Technologies AG and your rights under data protection law.

Infineon Technologies AG
c/o Investor Relations
Am Campeon 1–15
D-85579 Neubiberg
Germany

Telephone: +49 89 234-26655
Telefax: +49 89 234-955 2987
investor.relations@infineon.com

If you have any questions about the following information, please contact the Infineon Data Protection Officer.

Infineon Technologies AG
Data Protection Officer Department BC DPC
Am Campeon 1-15
D-85579 Neubiberg
Germany
dataprotection@infineon.com

We process your personal data according to the requirements of the GDPR, the German Federal Data Protection Act (Bundesdatenschutzgesetz), the German Stock Corporation Act (Aktiengesetz) and all further relevant legal provisions for the following purposes.

(i) Maintaining the Company’s Stock register

Infineon shares are registered shares. Section 67, Paragraph 1 of the German Stock Corporation Act stipulates that registered shares must be entered in the Company’s stock register with the name, date of birth, address and electronic mail address of the shareholder as well as the number of shares held or the share certificate number. The shareholder is under obligation to provide this information to the Company in general. The credit institutions involved in the purchasing or custody of your Infineon registered shares regularly pass information to us that is relevant for the management of the stock register and for communication with the shareholders (and may, for example, include nationality and gender in addition to the above-mentioned data). This process takes place via Clearstream Banking AG, which is responsible as the central depository for the technical processing of securities transactions and the custody of the shares on behalf of the credit institutions. If you sell your shares, we are also informed of this via Clearstream Banking AG.

(ii) Organisation and Conduct of Annual Shareholder Meetings

If the Annual General Meeting is held as a virtual Annual General Meeting based on section 118a AktG in conjunction with article 13a of the Articles of Association, the processing of personal data is legally necessary for the proper preparation and conduct of the virtual Annual General Meeting in order to enable you to exercise your rights in connection with the Annual General Meeting (in particular for registration, electronic exercise of voting rights and confirmation thereof, the granting, amendment and revocation of powers of attorney and, where applicable, proxy voting instructions for participation in the Annual General Meeting, the submission of statements in textform or by video, the exercise of the right to speak and the right to information by means of video communication and the electronic possibility to object to resolutions of the Annual General Meeting as well as for following the complete transmission of the virtual Annual General Meeting in image and sound). The legal basis for the processing is Art. 6 (1) c) DSGVO in conjunction with the provisions of stock corporation law, in particular sections 118a et seq. of the AktG.

If you have provided your e-mail address to us for the electronic distribution of Annual General Meetings documents, we process this with your permission in accordance with article 6, paragraph 1 a) GDPR. You can withdraw your permission at any time without giving any reason. For example, if, as you have the option of doing, you would like to attend our Annual General Meeting, we require your name and the number of your shares, in order to send you the necessary voting papers. These data will later appear in the participants’ register that we are obliged by law to produce. On rare occasions, we process also personal data of third parties. If, for example, you authorize another person to attend the Annual General Meeting and to exercise the associated rights on your behalf, we process the name and address of your proxy in order to ensure that the Annual General Meeting is properly conducted. The legal basis for this is provided by the relevant provisions of the Stock Corporation Act in conjunction with article 6, paragraph 1 c) GDPR.

If certain conditions are met, we are also required to publish your name when you submit any additions to the agenda, countermotions or nominations. In all these cases, sections 124, 125, 126 et seq. and 129 Stock Corporation Act in conjunction with article 6 paragraph 1, sentence 1 c) and f) GDPR provide the legal basis for processing your data. Insofar as you use the opportunity to exercise your shareholder rights via the InvestorPortal and submit comments in text form or by video are connected for speeches in the form of video communication, we process your name and your registration confirmation number as well as the content of your contribution.

(iii) Communication with you as Shareholder

In addition, we use your data for purposes related to the above-mentioned purposes (i) to (iii), for example for presenting changes in the shareholder structure or overviews of the largest shareholdings. The legal basis for the processing of your personal data in all these cases is the Stock Corporation Act, in conjunction with article 6, paragraph 1 c) and paragraph 4, GDPR. We also have retention obligations under stock corporation, commercial and tax law. The legal basis for this is provided by the relevant provisions of the Stock Corporation Act in conjunction with article 6, paragraph 1 c) GDPR.

In individual cases, we also process your data to safeguard our legitimate interests in accordance with article 6, paragraph 1 f) GDPR. One example of this is when, in the case of share capital increase, we are required to withhold information about subscription rights from individual shareholders because of their nationality or their place of residence in order to comply with the securities regulations of the countries concerned.

As a user of the InvestorPortal of Infineon Technologies AG, you can find out more about how your personal data are handled below.

1. Your data

Initially, the following personal data from the share register are processed in the InvestorPortal: Salutation, surname, first name, type of person (natural/legal), date of birth, nationality, address (where applicable also mailing address and address of authorized proxy), number of shares owned, type of ownership, and shareholder number.

We also process additional information pertaining to your registration for the Annual General Meeting (e.g. e-mail address, Telephone number, IP address, authentication and access data as well as log files, data on the electronic exercise of voting rights and the issuing of proxies/instructions, written, image, video and sound files as well as consent to send documents electronically).

2. Purposes of processing

We process your personal data for the following purposes:

  • Identification pertaining to:
    • Your login to the InvestorPortal
    • Your registration for the Annual General Meeting
    • The electronic exercise of voting rights and confirmation thereof
    • The granting, amendment and/or revocation of powers of attorney to proxies and, if applicable, instructions for participation in the Annual General Meeting
    • The submitting of questions and statements in text form or by means of video messages
    • The exercise of the right of speech and information by means of video communication
    • The lodging of an objection against resolutions of the AGM
  • Correspondence with you as a shareholder
  • Registration of your participation in the electronic mailing of documents pertaining to the Annual General Meeting (which you may withdraw at any time in the future).

3. Legal basis

Your personal data are processed on the basis of one or more of the following legal grounds:

  • Compliance with statutory obligations, such as those resulting from the German Stock Corporation Act
  • To protect Infineon's legitimate interests which is to enable shareholders to exercise their shareholder rights, to offer them additional communication channels and services as well as to ensure a smooth conduct of the Annual General Meeting and, if necessary, to enable you to defend yourself in the event of legal disputes as well as
  • If applicable, on the basis of your consent

4. Categories of recipients

Your data will be processed within Infineon Technologies AG by the employees responsible for organizing the Virtual General Meeting.

The InvestorPortal is operated on behalf of Infineon Technologies AG by the external service provider Computershare Deutschland GmbH & Co. KG, Elsenheimerstr. 61, 80687 Munich.

Each of our service providers is contractually obliged to comply with all relevant data protection laws. These include, in particular, the obligation to respect the rights and freedoms of data subjects and the implementation of appropriate technical and organizational measures to protect personal data. 

When publishing or making available requests for additions to the agenda, countermotions, election proposals and statements, the name and place of residence of the applicant or submitter will be stated. Shareholders and shareholder representatives can view the list of participants at the Annual General Meeting. The speeches are part of the virtual Annual General Meeting and are broadcast live on the website (www.infineon.com/hauptversammlung).

Any objection to the minutes submitted via the InvestorPortal will be forwarded to the notary public responsible for recording the minutes of the virtual shareholders' meeting, including the personal data required for this purpose. 

5. Technically required cookies

The InvestorPortal only uses cookies that are technically required. By technically required we mean those cookies needed to ensure that the online service can be technically provided. Essential services cannot be provided without these cookies. We also assign so-called "functional cookies" to this category, as functional cookies store information that you have already entered on a particular website (e.g. language selection) in order to make your use of our InvestorPortal as convenient as possible.

Infineon's legitimate interests form the legal basis for the processing of personal data with the help of cookies of this category – assuming that any of your personal data are indeed processed. These interests include, for example, Infineon's interest in presenting a professional outward image and optimally distributing the workload on the server for technical reasons.

In case the Annual General Meeting takes place as a virtual event based on section 1, paragraphs 2 and 6 of the Act Concerning Measures Under the Law of Companies, Cooperative Societies, Associations, Foundations and Commonhold Property to Combat the Effects of the COVID-19 Pandemic (“COVID-19 Act"), published as section 2 of the Act on Mitigating the Consequences of the COVID-19 pandemic in Civil, Insolvency and Criminal Procedural Law dated 27 March 2020, last amended by section 15 of the Reconstruction Assistance Act dated 10 September 2021 (Federal Law Gazette Part I, Page 4147), the processing of personal data is legally required for the proper preparation and conduct of the virtual Annual General Meeting (in particular for the electronic exercise and confirmation of the votes, the opportunity to submit questions electronically and to object to one or more resolutions electronically as well as for following the entire event online via video and audio transmission). Legal basis for the processing is section 6, paragraph1 c), GDPR in conjunction with sections 118 et seq. Stock Corporation Act or section 1 COVID-19 Act in conjunction with section 1 GesRGenCOVMVV respectively. An objection for record to one or more resolutions transmitted via the Internet service is forwarded to the notary in charge for the minutes of the virtual Annual General Meeting together with the required personal data.

In connection with providing video messages, the personal data of shareholders and shareholders representatives are processed and published according to section 6, paragraph1 a), GDPR. The video messages will be deleted after the virtual Annual General Meeting.

Shareholders’ questions in the context of a virtual Annual General Meeting are only published together with the shareholder’s name if consent according to section 6, paragraph1 a), GDPR is given. In addition requests for additions to the agenda, counterproposals or election proposals might also be published together with the name, section 6, paragraph1 c), GDPR in conjunction with section 1, paragraph 2, no. 3, COVID-19 Act in conjunction with section 1 GesRGenCOVMVV.

External service providers:
To some extent, we use external service providers for the management of our stock register and the organization of the (virtual) Annual General Meeting. We make your data available to the service providers to the extent this is required for the proper completion of their task.

Further recipients:
If you or a person authorized by you attend the Annual General Meeting, other attendees can see your or your proxy’s data in the participants’ register. The participants’ register is also available to Infineon shareholders on request for up to two years after the Annual General Meeting.

In addition, we may be obliged to pass on your data to further recipients, for example to authorities in order to meet statutory reporting requirements (for example when statutory voting thresholds are exceeded or undercut).

As a general rule, we only store your data for the length of time necessary for the above-mentioned purposes unless we are obliged by statutory record-keeping and retention requirements to retain that data for a longer period.

You can request information concerning the data stored about you directly from our data protection officer at the above address.

You can access the main information stored about yourself in the stock register via the internet service on the Infineon website (www.infineon.com/agm). If anything is incorrect, please contact your custodian bank, which will ensure that any necessary changes are made in the Infineon stock register.
In addition, under certain circumstances you can require us to delete your data or restrict its processing (for example if your data should have been unlawfully processed).
If we process your data based on legitimate interests, you can object to this by contacting us at the above business address, if you can present reasons for so doing based on your particular situation. We will then terminate the processing of your data, unless it serves interests of our own which are vital for us to protect.

If you have a complaint about the handling of your data, you can contact the Infineon Data Protection Officer (for address see above) and/or a public data protection authority. The relevant data protection authority for Infineon Technologies AG is as follows:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
D-91522 Ansbach
Germany

Status of this information: November 2018