All distribution sites

Search for subsidiaries and agencies
x
Search
Previous
DEU - en
logo
ALL DISTRIBUTION

Data Protection Notice for Shareholders

For us, R. STAHL, the security and protection of your personal data is a very serious matter, so we hereby inform you about the processing of your personal data in our company in accordance with Article 13 GDPR.

 

1. Who is responsible for the processing of my personal data?

Controller of the data processing according to Article 4 No. 7 GDPR is (hereinafter we):

R. STAHL Aktiengesellschaft
Am Bahnhof 30
74638 Waldenburg

Data protection requests should be addressed to our data protection officer:

Data Protection Officer
Am Bahnhof 30
74638 Waldenburg
data.protection@r-stahl.com

 

2. Which personal data are processed for which purposes?

We process personal data within the company in various processes. In this specific case, we mainly process your data for commercial, tax, and stock corporation law purposes, such as maintaining the stock register, identifying shareholders or their representatives, communicating and cooperating with shareholders, and organising and conducting shareholders' meetings. The following personal data is primarily processed in this context:

  • Name, date of birth, and address
  • Number of shares you hold
  • Shareholder and login names
  • Nationality
  • Email address and communication and traffic data (IP address, log files)

 

3. What is the lawful basis for the data processing?

We process personal data only on the basis of the legal regulations of the GDPR. The processing of your personal data for the above-mentioned purposes is necessary to fulfill legal obligations (Art. 6 (1) lit. c GDPR) to which the controller is subject in accordance with the provisions of the German Stock Corporation Act. In specific cases, R. STAHL AG processes your personal data to protect legitimate interests in accordance with Art. 6 (1) (f) GDPR, unless the legitimate interest or the rights and fundamental freedoms of the data subject outweigh these interests. Such legitimate interests arise mainly in relation to statistical analysis, for example to analyze the development of the shareholder structure or trading volume. Furthermore, processing may be necessary to comply with legal requirements in other countries.

 

4. Storage and deletion of data

Personal data relating to shareholders or their representatives will be deleted or anonymized once it is no longer required for the purposes described and there are no longer any legal retention obligations. The standard retention period for data stored in the share register is ten years after the sale of the shares. The storage period for personal data processed in connection with the Annual General Meeting is generally three years. In individual cases, data may also be stored for longer (until the end of the statutory retention periods) if this data is necessary for the enforcement of legal claims by the company or the defense against claims directed against the company.

 

5. Data recipients

The company relies on the support of external service providers (e.g., IT service providers, Annual General Meeting service providers) for certain (technical) processes (e.g., maintaining the share register, preparing and conducting the Annual General Meeting), who have access to your personal data in order to provide these services. These service providers are carefully selected and meet high data protection and data security standards. They are bound to strict confidentiality and only process data on behalf of and in accordance with the instructions of the company. Except in the cases explained in this privacy notice, we will only disclose your data to third parties without your express consent if we are required to do so by law or by an official or court order (e.g., to authorities if legal reporting thresholds are exceeded).

 

6. Data transfer to third countries

The transfer of shareholders' personal data to countries outside the European Union (EU) or the European Economic Area (EEA) is generally not planned. However, if in individual cases a transfer to a third country is necessary, this will only take place on condition that either an adequate level of data protection has been established by an adequacy decision of the European Commission or that appropriate safeguards within the meaning of the GDPR are in place – for example, through the conclusion of EU standard contractual clauses. A transfer may also take place if there is a legally recognized exception in accordance with Art. 49 GDPR for the specific individual case.

 

7. Data subject rights

In the event of data processing, data subjects have the right to request information about their personal data processed by us.

These rights include in particular the right to Information about

  • the purposes of processing,
  • the category of personal data,
  • the recipients to whom your data
  • have been or will be disclosed,
  • the planned storage period,

as well as the right to correction, deletion or restriction of processing and the right to objection, withdrawal and the right to lodge a complaint.