Information on data protection for shareholders of Infineon Technologies AG

Since 25 May 2018, when the EU’s General Data Protection Regulation (Datenschutzgrundverordnung – “GDPR”) came into force, we are required to comply with new data protection regulations. One of the main concerns is the transparency of data processing. We take privacy for our shareholders very seriously. We would therefore like inform you about the processing of your personal data by Infineon Technologies AG and your rights under data protection law.

Infineon Technologies AG
c/o Investor Relations
Am Campeon 1–15
D-85579 Neubiberg
Germany

Telephone: +49 89 234-26655
Telefax: +49 89 234-955 2987
investor.relations@infineon.com

If you have any questions about the following information, please contact the Infineon Data Protection Officer.

Infineon Technologies AG
Data Protection Officer
Department BC DPC
Am Campeon 1-15
D-85579 Neubiberg
Germany

dataprotection@infineon.com

We process your personal data according to the requirements of the GDPR, the German Federal Data Protection Act (Bundesdatenschutzgesetz), the German Stock Corporation Act (Aktiengesetz) and all further relevant legal provisions.

Infineon shares are registered shares. Section 67, Paragraph 1 of the German Stock Corporation Act stipulates that registered shares must be entered in the Company’s stock register with the name, date of birth and address of the shareholder as well as the number of shares or the share numbers. The shareholder is under obligation to provide this information to the Company in general. The credit institutions involved in the purchasing or custody of your Infineon registered shares regularly pass information to us that is relevant for the management of the stock register and for communication with the shareholders (and may, for example, include nationality and gender in addition to the above-mentioned data). This process takes place via Clearstream Banking AG, which is responsible as the central depository for the technical processing of securities transactions and the custody of the shares on behalf of the credit institutions. If you sell your shares, we are also informed of this via Clearstream Banking AG.

We use your data for the purposes stipulated in the Stock Corporation Act. These are in particular (i) the management of the stock register, (ii) communication with you as shareholder and (iii) the organization of Annual General Meetings. For example, if, as you have the option of doing, you would like to attend our Annual General Meeting, we require your name and the number of your shares, in order to send you the necessary voting papers. These data will later appear in the participants’ register that we are obliged by law to produce. If certain conditions are met, we are also required to publish your name when you submit any additions to the agenda, countermotions or nominations. In all these cases, sections 124, 126 et seq. and 129 Stock Corporation Act in conjunction with article 6 paragraph 1, sentence 1 c) and f) GDPR provide the legal basis for processing your data.

In addition, we use your data for purposes related to the above-mentioned purposes (i) to (iii), for example for presenting changes in the shareholder structure or overviews of the largest shareholdings. The legal basis for the processing of your personal data in all these cases is the Stock Corporation Act, in conjunction with article 6, paragraph 1 c) and paragraph 4, GDPR.

We also process your personal data to fulfill further legal obligations. In order to meet the requirements of stock corporation law, we are obliged, for example, when authorizing employee proxies nominated by the Company for the Annual General Meeting, to record data that function as proof of authorization in a verifiable format. We also have retention obligations under stock corporation, commercial and tax law. The legal basis for processing your data in this case is provided by the relevant legal provisions in conjunction with article 6, paragraph 1 c) GDPR.

If you have provided your e-mail address to us for the electronic distribution of Annual General Meetings documents, we process this with your permission in accordance with article 6, paragraph 1 a) GDPR. You can withdraw your permission at any time without giving any reason.

In individual cases, we also process your data to safeguard our legitimate interests in accordance with article 6, paragraph 1 f) GDPR. One example of this is when, in the case of share capital increase, we are required to withhold information about subscription rights from individual shareholders because of their nationality or their place of residence in order to comply with the securities regulations of the countries concerned.

On rare occasions, we process also personal data of third parties. If, for example, you authorize another person to attend the Annual General Meeting and to exercise the associated rights on your behalf, we process the name and address of your proxy in order to ensure that the Annual General Meeting is properly conducted. The legal basis for this is provided by the relevant provisions of the Stock Corporation Act in conjunction with article 6, paragraph 1 c) GDPR.

External service providers:

To some extent, we use external service providers for the management of our stock register and the organization of the Annual General Meeting. We make your data available to the service providers to the extent this is required for the proper completion of their task.

Further recipients:

If you or a person authorized by you attend the Annual General Meeting, other attendees can see your or your proxy’s data in the participants’ register. The participants’ register is also available to Infineon shareholders on request for up to two years after the Annual General Meeting.

In addition, we may be obliged to pass on your data to further recipients, for example to authorities in order to meet statutory reporting requirements (for example when statutory voting thresholds are exceeded or undercut).

As a general rule, we only store your data for the length of time necessary for the above-mentioned purposes unless we are obliged by statutory record-keeping and retention requirements to retain that data for a longer period.

You can request information concerning the data stored about you directly from our data protection officer at the above address.

You can access the main information stored about yourself in the stock register via the internet service on the Infineon website (www.firstsecuredlife.com/agm). If anything is incorrect, please contact your custodian bank, which will ensure that any necessary changes are made in the Infineon stock register.

In addition, under certain circumstances you can require us to delete your data or restrict its processing (for example if your data should have been unlawfully processed).

If we process your data based on legitimate interests, you can object to this by contacting us at the above business address, if you can present reasons for so doing based on your particular situation. We will then terminate the processing of your data, unless it serves interests of our own which are vital for us to protect.

If you have a complaint about the handling of your data, you can contact the Infineon Data Protection Officer (for address see above) and/or a public data protection authority. The relevant data protection authority for Infineon Technologies AG is as follows:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
D-91522 Ansbach
Germany

Status of this information: November 2018