Data Protection Information for OSRAM Shareholders

with supplement due to C19-Measures Act*) 

This privacy policy provides information on the collection and processing of your personal data by OSRAM Licht AG (OSRAM) in connection with your position as shareholder of the Company, and information on the rights you have under current data protection legislation.

Introduction

The protection of personal data is of great importance to OSRAM. OSRAM therefore processes your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (BDSG–German Data Protection Act), the Aktiengesetz (AktG–German Stock Corporation Act), and other applicable legal provisions on the protection of personal data and on data security.

1. The Controller

OSRAM Licht AG
Marcel-Breuer-Strasse 6
80807 Munich Germany
Telephone: +49 (0)89 62130
Fax: +49 (0)89 6213 2020
Email: privacy@ams-osram.com

You can contact the data protection officer by mail at the above postal address, using ‘data protection officer’ as an added reference, or by email at privacy@ams-osram.com.

Virtual Annual General Meeting on 10 May 2022

The Annual General Meeting of OSRAM Lich AG on 10 May 2022 will be held as a virtual General Meeting without physical presence of the shareholders or their proxies. Shareholders and shareholder representatives can follow the entire General Meeting by video and audio transmission via our shareholder portal. The shareholder portal also allows the exercise of meeting related rights, in particular voting rights. Your personal data (in particular the name, address and e-mail address of the shareholders, number of shares, class of shares, type of ownership of the shares, as well as, if applicable, voting by (electronic) mail, the granting of any proxies and the name of the shareholder representative authorized by the respective shareholder) are also processed for the purpose of preparing, holding and processing this virtual General Meeting, in particular for communicating with the shareholders, for preparing the minutes of the General Meeting and to enable you to exercise meeting related rights, in particular the right to vote. Where appropriate, the Company also processes personal data relating to questions submitted in advance of the General Meeting, motions sent, election proposals and requests by shareholders or shareholder representatives in connection with the General Meeting and objections to resolutions of the General Meeting. If you visit our shareholder portal on the Internet, we also collect data on access to and use of this portal (in particular data accessed or requested, date and time of access, notification whether the access was successful, type of web browser used, IP address, shareholder number, password, granting of consent to our terms of use, as well as login and timestamp of your login and logout), which your browser transmits to us.

2. Processing Purpose, Categories of Data, and Legal Basis of Processing Activities

OSRAM shares are registered shares. The credit institutions involved in the purchase, management and/or custody of your registered OSRAM shares regularly share with us such information as required by us for the purpose of maintaining the share register. This includes information required under section 67 para. 1 AktG, such as the name, date of birth, and address, and also the nationality of the shareholder. Data is transmitted through Clearstream Banking AG Frankfurt (CBF), the central securities depository that handles the technical processing of securities transactions and holds the shares in custody for the credit institutions.

We process your personal data for the purposes described in the Stock Corporation Act. These include, in particular, the maintenance of the share register, communications with you as a shareholder, and the organization and hosting of General Meetings.

The legal basis for the processing of personal data are the provisions of the German Stock Corporation Act (sections 67 para. 1, 67e para. 1, 118 et seqq. AktG), including the relevant provisions of the Act on Mitigation of the Consequences of the COVID19 Pandemic in Civil, Insolvency and Criminal Procedure Law (Art. 2 sec. 1), in each case in conjunction with Art. 6 para. 1 sentence 1 lit. c GDPR. If you as a shareholder submit questions in the run-up to the virtual General Meeting and your questions are answered at the General Meeting by stating your name, we will process your data to safeguard legitimate interests in accordance with Art. 6 (1) lit. f) GDPR. This data processing is necessary to safeguard the legitimate interests of OSRAM Licht AG in order to enable the virtual General Meeting to run smoothly (without the physical presence of shareholders or their representatives).

In addition, we may also process your personal data to fulfill other legal obligations such as regulatory requirements or storage obligations pursuant to stock corporation, commercial and tax law.

In the context of the authorization of the proxies appointed by the Company for the General Meeting, for example, we are obliged under the provisions of the AktG to keep a verifiable record of the data provided by shareholders as proof of authorization. In this case, the relevant provisions of the AktG and Article 6 (1) c GDPR constitute the legal basis for the processing of personal data.

In certain individual cases, we also process your data as necessary to pursue our legitimate interests in accordance with Article 6 (1) f GDPR. This occurs, for example, in the event of the preparation of statistics (to illustrate shareholder trends, the number of transactions, or overviews of the largest shareholders) or in the event of a capital increase, when individual shareholders have to be excluded from the communication of a rights offering based on their nationality or place of residence, in order to ensure compliance with applicable securities laws in the relevant non-European countries.

If you request voting cards for the General Meeting for a person you have authorized to attend on your behalf, it is your responsibility to inform this authorized person about the collection of personal data by OSRAM. OSRAM collects the personal data of the authorized person exclusively for the purposes of sending the voting cards and organizing the participation in the person at the General Meeting, including their exercise of relevant rights and, especially, the voting right.

In the event that we want to process your personal data for a purpose that is not specified in this privacy policy, we will notify you of this planned processing activity in accordance with the relevant statutory requirements.

3. Transfer and Sharing of Personal Data

External service providers:

We use external service providers for certain tasks in relation to the administration and technical maintenance of the share register (share register service provider, IT service provider) and the organization and hosting of General Meetings (AGM service provider, providers of printing and mailing services for shareholder notifications). Such service providers process personal data exclusively in accordance with our instructions on the basis of corresponding contracts on data processing and only insofar as this is necessary for the performance of the commissioned services. All our employees and all employees of the external service providers who have access to and/or process personal data of shareholders and/or shareholder representatives are obligated to treat this data confidentially.

The OSRAM shareholder portal is made available and operated on behalf of OSRAM Licht AG by Computershare Deutschland GmbH & Co. KG, Elsenheimerstrasse 61, 80687 Munich, Germany (‘Computershare’). On this portal, your personal data will be collected, processed, and used only within the scope of a commissioned data processing agreement concluded between OSRAM Licht AG and Computershare. Computershare is not permitted to use your personal data for its own purposes.

Other recipients:

Personal data is shared with service providers outside the EU or EEA only if the European Commission has confirmed that the relevant third country maintains appropriate data protection standards or if appropriate data protection guarantees (e.g. binding internal data protection requirements of the company or an agreement based on the standard contractual clauses issued by the European Commission) are in place. Detailed information on this issue and on the data protection standards of our service providers in third countries can be requested from the address specified in Item 1 of this privacy policy.

4. Storage Periods

We generally anonymize or erase your personal data as soon as it is no longer required for the abovementioned purposes, unless we are required to continue storing it under statutory record-keeping and retention obligations, e.g. pursuant to relevant provisions of the AktG, the Handelsgesetzbuch (HGB–German Commercial Code), or the Abgabenordnung (AO–German Tax Code). The standard statutory retention period for data collected in connection with Annual General Meetings is three years.

The standard statutory retention period for data recorded in the share register is ten years from date of sale of the shares. Personal data is retained beyond these retention periods only where required in specific cases for the assertion of claims against our Company (in such cases, the statutory retention period may be up to 30 years).

5. Right to Object

You have the right to object, for reasons arising from your particular personal circumstances, to processing activities in relation to your personal data carried out on the basis of Article 6 (1) f GDPR (pursuit of legitimate interests).

Upon receipt of your objection, we will cease to carry out such processing activities, unless the processing activity is required in connection with overriding legitimate interests of our Company that must be protected.

6. Your Rights to Access, Rectification, and Erasure

You can demand access to your personal data stored by OSRAM Licht AG by contacting ams OSRAM at the address specified in Item 1. Any relevant data about you that is recorded in the share register can be accessed from the shareholder portal on the ams OSRAM website (https://ams-osram.com/about-us/investor-relations/osram-investor-relations). You can also notify us of any necessary corrections through the shareholder portal or by contacting the address specified in point 1. Under certain circumstances, you can also demand the erasure or a restriction of the processing of your personal data (e.g. if your data is being unlawfully processed). OSRAM's data protection organization will be happy to provide you with detailed information on your rights as a data subject. To request information, please contact privacy@ams-osram.com.

7. Right to Lodge a Complaint

If you have a question or complaint, you can contact our data protection officer (see point 1) or a data protection supervisory authority.

The competent data protection supervisory authority for OSRAM is:
Bavarian Data Protection Authority (BavLDA)
Promenade 18
91522 Ansbach
Germany
https://www.lda.bayern.de/en/contact.html

Information correct as of: March 2022 – due to C19-Measures Act - In the event of any material changes to this privacy policy, we will inform you again as necessary.

 

*) Act Concerning Measures Under the Law of Companies, Cooperative Societies, Associations, Foundations and Commonhold Property to Combat the Effects of the COVID-19 Pandemic dated March 27, 2020, last extended by the Law on the Establishment of a Special Fund „Aufbauhilfe 2021“ and on the Temporary Suspension of the Obligation to File for Insolvency due to Heavy Rainfall and Flooding in July 2021 and on the Amendment of Other Laws dated September 10, 2021