1. Overview
The following data protection information informs you about the type and scope of the processing of so-called personal data of shareholders and their legal representatives of DOUGLAS AG. The following information is limited solely to processing based on the status of shareholder or shareholder representative.
Personal data is information that can be directly or indirectly assigned to your person.
2. Name and Contact Details of the Controller and the Company Data Protection Officer
This data protection information applies to data processing by the
DOUGLAS AG
("Controller" or "we", "us" etc.)
Luise-Rainer-Straße 7-11
40235 Düsseldorf
E-mail: ir@douglas.de
Phone: +49 211 16847 8326 | Fax +49 211 16847 778326
The company Data Protection Officer of DOUGLAS AG can be reached at the above address, for the attention of the Data Protection Department, or by e-mail to datenschutz@douglas.group.
3. Purposes of Data Processing, Legal Bases and Legitimate Interests Pursued by us or a Third Party and Categories of Recipients
We process the personal data of shareholders and their representatives for the following purposes:
3.1 Entry in the Share Register
Shares of Douglas AG are registered shares. Against this background, we are obliged in accordance with the legal regulation of Section 67 (1) of the German Stock Corporation Act (AktG) to maintain a share register that lists the name, date of birth, postal address and electronic address of the shareholder as well as the number of shares or the share number. As a shareholder of Douglas AG, you are obliged to provide the Company with this information.
In the case of the acquisition or custody of DOUGLAS AG registered shares, the participating intermediaries (e.g. credit institutions) within the meaning of Section 67 (4) AktG forward the information of the shareholders relevant to the maintenance of the share register (e.g. in addition to the aforementioned data, nationality and submitting bank) and, if applicable, their legal representatives to Computershare Deutschland GmbH & Co. KG (see Section 4). Computershare Deutschland GmbH & Co. KG manages the share register and thus the information technology processing of securities transactions on behalf of DOUGLAS AG. We can only view the data via the share register operated by Computershare Deutschland GmbH & Co. KG.
This is done both via intermediaries in the context of requests from DOUGLAS AG for the disclosure of third-party ownership (Sections 67 (4) sentences 2 and 3, 67d AktG), and via Clearstream Banking AG, which, as a central securities depository, handles the technical processing of securities transactions and the custody of shares for credit institutions (see Section 4). If shareholders sell their shares, this is also reported to us via intermediaries, in particular Clearstream Banking AG.
Shareholders who do not personally exercise their shareholder rights can authorize a representative. The shareholder regularly informs us of the representative's name and place of residence, as well as his or her exact address, if applicable.
We use this personal data as well as other information that you provide to us as a shareholder representative, in particular via our electronic shareholder portal (e.g. registration for electronic dispatch or voting instructions for the Annual General Meeting), for the purposes provided for in the German Stock Corporation Act, the Implementing Regulation (EU) 2018/1212 and the German Securities Trading Act (WpHG). These include, in particular, the maintenance of the share register, communication with you as a shareholder representative and the intermediaries working for you, as well as the preparation, conduct and follow-up of Annual General Meetings. This also includes the preparation of statistics (e.g. for the presentation of shareholder development, number of transactions or for overviews).
The legal basis for the processing of your personal data is Art. 6 para. 1 c) GDPR in conjunction with Sections 67 and 67e AktG.
Data deletion is carried out in accordance with the statutory provisions, in particular if the personal data is no longer necessary for the original purposes of collection or processing, the data is no longer required in connection with any administrative or judicial proceedings and there are no statutory retention obligations.
3.2 Fulfilment of Other Legal Obligations
In addition, we may also process your personal data to comply with other legal obligations, such as capital market and other regulatory requirements, retention obligations under stock corporation, commercial and tax law, or when your data is compared with so-called sanctions lists in order to comply with counter-terrorism legislation (e.g. EU Regulation 2580/2001). In order to comply with the provisions of stock corporation law, for example, when authorizing the proxies appointed by the Company at the Annual General Meeting, we must record the data that serves to prove the authorization in a verifiable manner.
The legal basis for the processing is Art. 6 para. 1 c) GDPR in conjunction with the respective legal regulations.
Data deletion is carried out in accordance with the statutory provisions, in particular if the personal data is no longer necessary for the original purposes of collection or processing, the data is no longer required in connection with any administrative or judicial proceedings and there are no statutory retention obligations.
3.3 Holding a Virtual Annual General Meeting
3.3.1 Accessing the InvestorPortal
When you access the InvestorPortal, information is automatically sent to the website's server by the browser used on your device and temporarily stored in a so-called log file. The following information is also collected without your intervention and stored until it is automatically deleted after seven days:
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed below:
3.3.2 Registration and Holding of a Virtual Annual General Meeting
In connection with the registration and conduct of a virtual Annual General Meeting, we essentially require the following information from you as a shareholder or representative:
We need this data in order to be able to register you as a shareholder or representative for the Annual General Meeting. Furthermore, we process them in order to be able to grant you the exercise of your shareholder rights and to hold the Annual General Meeting properly.
When you log in to use the InvestorPortal, you must enter your shareholder or proxy card number and your password or access code. We use this data to ensure that only authorised persons access the InvestorPortal.
If the personal data is not provided by the data subjects in the context of the registration for the Annual General Meeting, the custodian bank will transmit the personal data to us.
The legal basis for data processing in connection with registration management and the organisation of the virtual Annual General Meeting is Art. 6 para. 1 lit. c) GDPR in conjunction with Sections 118 et seq., in particular Section 130a AktG.
In addition, we may also process personal data to comply with other legal obligations, such as regulatory requirements as well as retention obligations under stock corporation, securities, commercial and tax law. The legal basis for the processing is the respective legal regulations in conjunction with Art. 6 para. 1 lit. c) GDPR.
In addition, we process personal data to safeguard the following legitimate interests (Art. 6 para. 1 lit. f) GDPR):
Data deletion is carried out in accordance with the statutory provisions, in particular if the personal data is no longer necessary for the original purposes of collection or processing, the data is no longer required in connection with any administrative or judicial proceedings and there are no statutory retention obligations.
3.3.3 Submission of Comments
As a shareholder or representative, you have the option of submitting statements in text form in advance of a virtual Annual General Meeting via the InvestorPortal provided at the time. These will be published in the InvestorPortal in accordance with the deadlines defined in the convening notice, disclosing your name and, if applicable, the shareholder representative.
We process the data relating to your statement in order to be able to take it into account and discuss it at the respective virtual Annual General Meeting. This data can be viewed by all users of the InvestorPortal. You have the option of objecting to the publication of your statement with effect for the future. Please note the separate terms and conditions of use for the submission of contributions in text form, which can be accessed in the footer of the InvestorPortal provided in advance of the Annual General Meeting under "Terms of Use".
The legal basis for data processing in connection with registration management and the organisation of the virtual Annual General Meeting is Art. 6 para. 1 lit. c) GDPR in conjunction with Sections 118 et seq., in particular Section 130a AktG.
In addition, we may also process personal data to comply with other legal obligations, such as regulatory requirements as well as retention obligations under stock corporation, securities, commercial and tax law. The legal basis for the processing is the respective legal regulations in conjunction with Art. 6 para. 1 lit. c) GDPR.
In addition, we process personal data to safeguard the following legitimate interests (Art. 6 para. 1 lit. f) GDPR):
Data deletion is carried out in accordance with the statutory provisions, in particular if the personal data is no longer necessary for the original purposes of collection or processing, the data is no longer required in connection with any administrative or judicial proceedings and there are no statutory retention obligations.
3.3.4 Acknowledgment of Requests to Speak, Voting Behavior and Similar Matters
In the context of the Annual General Meeting, we also process information on motions, requests to speak, questions and other requests from shareholders or their representatives, as well as on your voting behaviour. Requests to speak and motions will be submitted live so that all participants of the Annual General Meeting can see and hear you via their camera as soon as you are no longer in the virtual waiting room and have been called by the chairperson of the meeting.
We process this data in order to be able to grant you the legal exercise of your shareholder rights and thus to enable you to actively participate in the Annual General Meeting.
The legal basis for data processing in connection with registration management and the organization of a virtual Annual General Meeting is Art. 6 para. 1 lit. c) GDPR in conjunction with Sections 118 et seq., in particular Section 130a AktG.
In addition, we may also process personal data to comply with other legal obligations, such as regulatory requirements as well as retention obligations under stock corporation, securities, commercial and tax law. The legal basis for the processing is the respective legal regulations in conjunction with Art. 6 para. 1 lit. c) GDPR.
In addition, we process personal data to safeguard the following legitimate interests (Art. 6 para. 1 lit. f) of the GDPR):
Data deletion is carried out in accordance with the statutory provisions, in particular if the personal data is no longer necessary for the original purposes of collection or processing, the data is no longer required in connection with any administrative or judicial proceedings and there are no statutory retention obligations.
3.3.5 Use of Cookies
For the proper operation of the investor and shareholder portal, we only use technically necessary cookies.
This includes, among other things, the so-called web storage functions. For this purpose, small text files are stored in the local memory of your browser on your device. As part of the session storage technology, we collect information about the respective authentication token (i.e. your "virtual" ticket) and your session data (so-called session data), including your consent to our Terms of Use. This will recognise you as a user if you need to switch to another page of the portal, return to our website or reload the page during an active session.
We also use the so-called local storage function to store the timestamp of your login, which enables an automatic logout after a predefined period of inactivity for security reasons. When you close the browser, this data is automatically deleted. In your browser menu, you will find information on how to technically prevent the approval of web storage objects and the setting with which your browser informs you about the placement of a new web storage object. Please note that some functions of our website may no longer be available in the event of deactivated web storage objects.
In addition to the technically necessary cookies mentioned above, we use the security cookie X-CSRF token. It is checked that requests come from a trustworthy source. We use this security cookie to prevent Cross-Site Request Forgery (CSRF) attacks.
When holding a virtual Annual General Meeting, we also use so-called session cookies to enable the video application to store user session data across requests (e.g. login status or user settings), to create a seamless user experience and to ensure the operation of the media library for viewing the statements.
We process your data in connection with the use of technically necessary cookies in order to ensure that you as a user of the investor or shareholder portal run smoothly in our portals and to offer you the opportunity to use the live speech tool and the media library to view the statements during the virtual Annual General Meeting.
The legal basis for data processing in connection with the operation of the investor or shareholder portal and the organisation of the virtual Annual General Meeting is Art. 6 para. 1 lit. c) GDPR in conjunction with Sections 118 et seq., in particular Section 130a AktG tG.
4. Categories of Recipients
For certain tasks, we may commission external service providers to process data. Whenever we work with such service providers, they are obliged to observe data protection by contractual agreements in the same way as we do.
One of these external service providers is Clearstream Banking AG, Mergenthalerallee 61, 65760 Eschborn, Germany, which, as a central securities depository, is responsible for the technical processing of securities transactions and the custody of shares for credit institutions. The data is processed by Clearstream Banking AG mainly in the European Union. Nevertheless, it is possible that, to the extent necessary for the settlement of securities transactions, data may be transferred to third parties outside the European Union using the EU Standard Contractual Clauses. Further information on data protection at Clearstream Banking AG can be found under Privacy Policy.
In addition, we work together with Computershare Deutschland GmbH & Co. KG, Elsenheimerstrasse 61, 80687 Munich, Germany for the information technology processing of securities transactions as well as the organization and implementation of the virtual Annual General Meeting. The data is processed by Computershare exclusively in the European Union. Further information on data protection at Computershare can be found under Privacy Policy.
In addition, we use the external service provider Wige SOLUTIONS GmbH & Co. KG, Buschstraße 9,53340 Meckenheim, Germany for the technical implementation of the virtual Annual General Meeting. The data is processed by Wige SOLUTIONS GmbH & Co. KG exclusively in Germany. Further information on data protection at Wige SOLUTIONS GmbH & Co. KG can be found under Privacy Policy.
Furthermore, your personal data will be processed by the custodian bank of your choice. The bank processes your data by first passing on all personal data relevant to the registration about you as a shareholder or representative to Clearstream Banking AG as the transmitter, which then transmits the data to Computershare Deutschland GmbH & Co. KG for the purpose of processing the securities transactions in terms of information technology and organising the Annual General Meeting.
In addition, personal data of shareholders or representatives who are connected electronically to the Annual General Meeting or who exercise their rights are accessible to other shareholders and their representatives within the framework of the statutory provisions (in particular the list of participants, Section 129 AktG).
In addition, personal data may also be transmitted to:
5. Your Rights
5.1 Overview
In accordance with the requirements of the GDPR, you have various rights that you can assert against us. This includes, among other things, the right to object to selected data processing, in particular data processing for advertising purposes. In addition to the right to revoke the consent you have given to us, you are entitled to the following further rights if the respective legal requirements are met:
5.2 Right to Object
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In addition, it is possible to contact the Supervisory Authority responsible for DOUGLAS AG, the Data Protection Officer or datenschutz@douglas.group.
6. Updating Privacy Information
We adapt this data protection information to changed functionalities or changed legal situation. We will publish the changes here.
Last update: 29.08.2025