Data protection

Data protection

Data protection information for shareholders of TOM TAILOR Holding SE

New data protection regulations will apply throughout Europe from 25 May 2018 when the EU General Data Protection Regulation takes effect. Protecting your data and processing them in compliance with the law is a matter of high priority for us. The following information is designed to advise you about the processing of your personal data by TOM TAILOR Holding SE, and your rights in accordance with data protection law.

Controller responsible for data protection

TOM TAILOR Holding SE, Garstedter Weg 14, 22453 Hamburg, Germany, is responsible for data processing.

You can contact the Data Protection Officer of TOM TAILOR Holding SE via the following address: TOM TAILOR Holding SE, Data Protection Officer, Garstedter Weg 14, 22453 Hamburg.

TOM TAILOR Holding SE has appointed Link Market Services (Frankfurt) GmbH, Mergenthalerallee 15-21, 65760 Eschborn, Germany, to maintain its shareholder register.

Purpose and legal basis for processing your personal data

TOM TAILOR Holding SE processes your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Stock Corporation Act (AktG) and all other relevant legislation.

Shares of TOM TAILOR Holding SE are no-par-value registered shares. In this respect, Section 67 AktG states that these shares must be entered into the Company"s shareholder register by specifying the name, date of birth and address of the shareholder together with the number of shares or share number. The shareholder is obligated to provide the Company with this information; failure to provide this information will make conclusion of the contract impossible. The bank involved in the acquisition, safe custody or disposal of your TOM TAILOR Holding SE shares passes this information on to the shareholder register together with any other information relevant for managing the shareholder register (e.g. nationality). This is done via Clearstream Banking AG, Mergenthalerallee 61, 65760 Eschborn, Germany, which handles the technical execution of securities transactions and the holding of shares in safe custody for banks.

TOM TAILOR Holding SE uses your personal data for the purposes set out in the German Stock Corporation Act, particularly in managing the shareholder register, communicating with you as a shareholder and conducting the Annual General Meeting. Your data can also be used to produce internal statistics, e.g. presenting shareholder development or an overview of the largest shareholders. The German Stock Corporation Act forms the legal basis for processing your personal data together with Article 1 (1)c) and (4) GDPR.

Where required, your personal data is also processed to fulfil additional statutory obligations such as retention periods in accordance with stock corporation, commercial and fiscal legislation. In this respect, the legal basis for processing your personal data is the relevant statutory provision together with Article 6 (1)c) GDPR.

In individual cases, TOM TAILOR Holding SE also processes your data to safeguard legitimate interests in accordance with Article 6 (1)f) GDPR. This is the case if, in the case of capital increases for example, individual shareholders have to be excluded from information about pre-emptive rights offerings due to their nationality or place of residence in order to comply with securities regulations in the relevant countries.

Where data is processed for a purpose other than those stated above, we will inform you of this in advance in accordance with statutory provisions.

Categories of recipients to whom data is disclosed

External service providers: TOM TAILOR Holding SE uses external service providers (shareholder register service company; AGM service providers) for administration and technical management of the shareholder register and to conduct the Annual General Meeting. External service providers that process personal data on our behalf are contractually bound as processors in accordance with Article 28 (3) GDPR.

Additional service providers: We can transmit your personal data to additional recipients insofar as is required to meet statutory requirements (e.g. to the authorities in the event that legally prescribed voting rights thresholds are exceeded). If you participate in an Annual General Meeting, other TOM TAILOR Holding SE shareholders can see the data collected about your person in the list of participants required in accordance with stock corporation law.

Transferring data to countries outside Europe

Your personal data is not currently transmitted to service providers in countries outside the European Economic Area (EEA).

If this is considered in future, your data will only be transferred if the EU Commission has confirmed that the country in question has an appropriate level of data protection or where other appropriate data protection guarantees exist (e.g. binding internal data protection regulations or agreement with the standard contractual clauses of the EU Commission). You can request detailed information on this topic and on the level of data protection offered by our service providers in countries outside the EEA using the contact information stated above.

Data retention period

In principle, your personal data is deleted or anonymised as soon as it is no longer required for the aforementioned purposes and we are not obliged by law to retain it any longer. In particular, the German Commercial Code (Handelsgesetzbuch) and German Tax Code (Abgabenordnung) contain obligations to furnish evidence and retain documentation for up to 10 years.

In addition, TOM TAILOR Holding SE only retains personal data if required to do so in relation to claims asserted against the Company (statutory limitation period of up to 30 years).

Rights of the data subject

You are entitled to request information on all personal data stored about you by the controllers named in this privacy statement. Under certain conditions, you can also request the rectification, erasure, restriction of processing and release of the personal data you have provided in a structured, commonly used and machine-readable format.

If your data is processed to safeguard legitimate interests, you can object to this processing at any time via the controller address stated above, provided that there are compelling reasons arising from your specific situation prejudicing this data processing. Data processing will then cease unless the Company can demonstrate that it has compelling legitimate grounds for this processing which override the interests, rights and freedoms of the data subject or where processing is necessary for the establishment, exercise or defence of legal claims.

Right to lodge a complaint

You have the right to refer matters to the aforementioned data protection officer or to a data protection supervisory authority. Our relevant data protection supervisory authority is:

Free and Hanseatic City of Hamburg
Hamburg Representative for Data Protection and Freedom of Information
Prof. Dr. Johannes Caspar
Kurt-Schumacher-Allee 4
20097 Hamburg

Tel.: +49 (0)40 / 428 54 - 4040
Fax: +49 (0)40 / 428 54 - 4000
E-Mail: mailbox@datenschutz.hamburg.de

Information accurate as at: July 2018