Mister Spex : Data privacy information for shareholders and their proxies

Published: 2024-04-29 05:43:25 ET MRX.DE

Convenience Translation

Mister Spex SE

Berlin

ISIN: DE000A3CSAE2

WKN: A3CSAE

Annual General Meeting on 7 June 2024

Data Privacy Information

for Shareholders and their Proxies

Mister Spex SE will process personal data of shareholders and their proxies in connection with the virtual Annual General Meeting.

You will find below information on the party responsible under data protection law ("Controller") and the data protection officer (1.). We also provide you below with the information regarding the processing of personal data (2.) and the rights of data subjects in connection with this processing (3.).

1. Controller and data protection officer

Page 1/8

Convenience Translation

Germany

Email: [email protected]

Please note however that if you use this email address, your messages will not be read solely by our data protection officer. Therefore, if you wish to exchange confidential information with our data protection officer, please first request direct contact to our data protection officer via this email address.

2. Processing of personal data

2.1. Personal data and its sources

Mister Spex SE will process the following personal data of shareholders and their proxies in connection with the virtual Annual General Meeting to enable shareholders and their proxies to exercise their shareholder rights in relation to the virtual Annual General Meeting:

Page 2/8

Convenience Translation

If this personal data has not been provided by the shareholders when registering for the virtual Annual General Meeting or received during conducting the virtual Annual General Meeting including the use of the password-protected internet service, their depositary bank or their ultimate intermediary within the meaning of section 67c(3) of the German Stock Corporation Act (Aktiengesetz, AktG) ("German Stock Corporation Act") will send their personal data to Mister Spex SE. The access data assigned to the shareholder for the password-protected internet service of the Company as well as the IP address from which the shareholder or the proxy uses the password-protected internet service of the Company shall be communicated to the Company by the service provider commissioned by the Company to conduct the virtual Annual General Meeting.

2.2. Purpose of processing and legal basis

Mister Spex SE will process the data of the shareholders and their proxies to the extent necessary to process the shareholder rights exercised by them in connection with the virtual Annual General Meeting. The legal basis for this processing is Article 6(1) lit. c) of the General Data Protection Regulation ("GDPR") in conjunction with section 67e(1) of the German Stock Corporation Act (compliance with legal obligations).

Mister Spex SE will process the IP address from which the shareholder or the proxy uses the password-protected internet service of the Company, as well as other log data that is generated for technical reasons when using the password- protected internet service of the Company, to the extent necessary to provide the password-protected internet service of the Company and to ensure the security of the IT infrastructure used for this purpose. The legal basis for this processing is Article 6(1)(c) GDPR (compliance with legal obligations) in conjunction with Section 67e(1) of the German Stock Corporation Act and Article 6(1)(f) GDPR

Page 3/8

Convenience Translation

(balancing of interests). The legitimate interest of Mister Spex SE is the provision of the password-protected internet service of the Company and the guarantee of the security of the IT infrastructure used for this purpose.

Furthermore, Mister Spex SE will store personal data of its shareholders and proxies to the extent that this is necessary to comply with statutory obligations to retain data. The legal basis for this processing is Article 6(1)(c) GDPR in conjunction with section 67e(2) of the German Stock Corporation Act (compliance with legal obligations) in connection with the respective statutory retention obligations.

Moreover, Mister Spex SE will possibly continue to store personal data of its shareholders and proxies to the extent that this is necessary to establish, exercise or defend legal claims. The legal basis for this processing is Article 6(1)(f) GDPR (balancing of interests). Mister Spex AG's legitimate interest is to establish, exercise or defend legal claims.

2.3. How long do we keep your personal data?

Mister Spex SE will store this personal data for the above purposes only for as long as this is necessary for the above purposes.

Log data that is technically generated when using the password-protected internet service of the Company is stored in so-called log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, log files are stored until the security- relevant event has been eliminated and fully clarified.

Otherwise, the storage period for the aforementioned purposes is regularly up to three years.

If a shareholder is no longer a shareholder of the Company, Mister Spex SE will only store his or her personal data for a maximum of twelve months on the basis of section 67e(2) sentence 1 of the German Stock Corporation Act and subject to other statutory provisions.

Data will only be stored for a longer period on the basis of section 67e(2) sentence 2 of the German Stock Corporation Act and subject to other statutory provisions as long as this is necessary for any possible legal proceedings to establish, exercise or defend legal claims. In this case, Mister Spex SE will store the data until the end of the legal proceedings.

Page 4/8

Convenience Translation

2.4. Who else receives your personal data?

The following service provider will process the above data for the above purposes on behalf of Mister Spex SE (as "processor"):

Better Orange IR & HV AG Haidelweg 48

81241 München Germany

The service provider will only receive personal data from Mister Spex SE that is required to perform the commissioned service and will process the data exclusively in accordance with Mister Spex SE's instructions.

Otherwise, Mister Spex SE will only make the personal data available to shareholders and their proxies as well as to third parties in connection with the virtual Annual General Meeting within the framework of the statutory provisions. In particular, if shareholders and their proxies are to be represented at the virtual Annual General Meeting by a proxy appointed by the Company disclosing their name, Mister Spex SE will enter their names, place of residence, number of shares and type of ownership in the list of attendees of the Annual General Meeting to be drawn up in accordance with section 129(1) sentence 2 of the German Stock Corporation Act. All shareholders who are electronically connected to the virtual Annual General Meeting and their proxies can view this data on the password-protected internet service during the virtual Annual General Meeting and shareholders may also inspect it up to two years later pursuant to section 129(4) sentence 2 of the German Stock Corporation Act. With regard to the transfer of personal data to third parties in connection with the announcement of shareholder requests for additions to the agenda, statements submitted as well as countermotions and election proposals by shareholders, please refer to the explanations in Part VI.no. 7 of the invitation to the virtual Annual General Meeting on 7 June 2024.

If shareholders or their proxies make use of their right to request information pursuant to section 131(1) of the German Stock Corporation Act or otherwise speak, this might be done by stating the name and, if applicable, the place of residence or registered office of the shareholder asking the question and/or his*her proxy. Requests for information and other requests to speak can only be acknowledged by other participants in the virtual Annual General Meeting. Pursuant to Section 130a(3) of the German Stock Corporation Act, comments submitted will be made available to other users of the password-protected internet service as described in Part VI.no. 7 of the invitation to the virtual Annual General Meeting. In the case of requests for supplements pursuant to Art. 56 sentence 2 and sentence 3 SE Regulation, Section 50(2) SEAG, Section 122(2) of the

Page 5/8

Convenience Translation

German Stock Corporation Act and in the case of countermotions and election proposals pursuant to Sections 126(1), 127 of the German Stock Corporation Act, these will be made publicly accessible as explained in more detail in Part VI.no. 7 of the invitation to the virtual Annual General Meeting and, if applicable, be proposed for voting in the virtual Annual General Meeting.

Page 6/8

Convenience Translation

3. Rights of data subjects in relation to the processing

The shareholders and their proxies have the following rights with respect to the processing of their personal data:

The following right to object under Article 21(1) GDPR is especially highlighted:

Right to object on grounds relating to the data subject's particular situation (Article 21(1) GDPR)

Shareholders and their proxies have the right as data subjects pursuant to Article 21(1) GDPR to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1) lit. f) GDPR (see clause 2.2.).

If an objection is raised, Mister Spex SE will no longer process the personal data unless Mister Spex SE demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the shareholders and their proxies as data subject or for the establishment, exercise or defense of legal claims.

Data subjects can contact Mister Spex SE or its data protection officer using the contact details referred to above in order to exercise their rights. In addition, shareholders and their proxies have a right to appeal to a data protection supervisory authority (Article 77 GDPR). Data subjects can assert this right to appeal in particular to the supervisory authority of the (federal) state in which they have their domicile or permanent residence or the data protection supervisory authority for the nonpublic sector of the federal state of Berlin (Berliner Beauftragte für Datenschutz und Informationsfreiheit), where Mister Spex SE has its registered office.

Page 7/8

Convenience Translation

For more information on the General Data Protection Regulation and the rights of data subjects in relation to theprocessing of their personal data, please refer to the online information brochure (in German only) of the Federal Commissioner for Data Protection and Freedom of Information(Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, BfDI)).

Page 8/8

Disclaimer

Mister Spex SE published this content on 29 April 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 29 April 2024 09:42:06 UTC.