Privacy Notice of TeamViewer AG
Version as of April 2022
We, TeamViewer Aktiengesellschaft, take protection of your personal data very seriously. The following notice provides an overview of how we ensure this protection and what kind of data is processed, and why. Personal data means any information relating to an identified or identifiable natural person, for example your name, address, email addresses, number of shares, the information which intermediary bank you are using.
TeamViewer Aktiengesellschaft (“TeamViewer AG”), Bahnhofsplatz 2, 73033 Göppingen, [email protected], is controller of your personal data pursuant to Art. 4 para. 7 General Data Protection Regulation (“GDPR”).
B. Data Protection Officer (DPO)
TeamViewer AG appointed Ms. Katja Hauser as external data protection officer, who can be reached at [email protected], or at intersoft consulting services AG, DSB TeamViewer, Dürener Str. 189, 50931 Cologne.
C. Purpose of processing and respective legal basis
TeamViewer AG collects and processes different categories of personal data depending on the relevant purpose of the use, especially in connection with the management of investor and shareholder relations. The following sections outline the categories of data processed by us and respective purposes for such processing. If the legal basis for a processing is your consent, you may withdraw your consent at any time, such withdrawal however will not have any impact on the legitimacy of the processing itself prior to withdrawal of your consent.
I. Management of investor relations
We may process your personal data collected at the events or roadshows, such as your name and contact information, as well as in connection with our Investor Relations News Alert (in case you have subscribed to it) or if you decide to get in touch with us via email or phone. Legal basis for the processing is your consent, Art. 6, para. 1 lit (a) GDPR or our legitimate interest, Art. 6, para. 1 lit (f) GDPR. Our legitimate interest is to answer your questions, provide information and maintain our investor relations.
II. Processing of personal data of shareholders and their representative
We may process your personal data such as your name, contact information, your email address, your representative, your intermediary bank, number of shares in connection with you purchasing shares in TeamViewer AG. Such information is used to fulfil our legal obligations (e.g. inform the regulatory bodies if shareholders reach certain levels of share ownership) as well as organize annual shareholder meetings (“Shareholder Meeting”), including but not limited to preparing and sending out the invitations, issuing voting cards or respectively voting right tickets, compiling the list of participants and processing the power of attorneys. Legal basis for the processing is the legal obligation under stock corporation law to which we are a subject to, Art. 6, para. 1 lit (c) GDPR.
III. Processing of personal data in connection with Shareholder Meetings
We may conduct our Shareholder Meetings either in person or without presence using the means of remote communication (“virtual Shareholder Meeting”) with the option of participating by an electronic connection.
In order to enable shareholders and their representatives to participate in the Shareholder Meeting (e.g. by checking their eligibility to participate) and to exercise their rights at the Shareholder Meeting (including granting and revoking powers of attorney and instructions) as well as to ensure a proper conduct of the Shareholder Meeting, the observance of voting bans, the lawful adoption of resolutions and evaluation of cast votes at the Shareholder Meeting, we may process the name, contact information, registration number, number of shares, voting behavior and results, submitted questions, statements (in writing or via video message), motions, counter-motions, nominations, instructions and objections of our shareholders and their representatives, and login information for our designated shareholder portal (shareholder/voting card number and password). Legal basis for the processing is the legal obligation under stock corporation law to which we are a subject to, Art. 6, para. 1 lit (c) GDPR.
The entire Shareholder Meeting may be broadcast live and publicly accessible on the Internet by means of video and audio transmission. If the Shareholder Meeting is conducted in person and you enter the recording area or make a verbal contribution during recording activities, this live broadcast will include your appearance and verbal contribution. The legal basis for this processing is Art. 6, para. 1 lit (f) GDPR. Our legitimate interest is to enable interested shareholders and the public to follow the Shareholder Meeting via the Internet in accordance with the express permission in the German Stock Corporation Act and our by-laws.
Insofar as we take down in shorthand your verbal contributions during the Shareholder Meeting without being legally obliged to do so, this is done to ensure the proper conduct of the Shareholder Meeting and to be able to deal with your questions and motions. The stenographic minutes will not be published. The legal basis for this processing is Art. 6, para. 1 lit (f) GDPR and our legitimate interest is to ensure that the Shareholder Meeting is executed properly and that our shareholders’ participation rights can be realized in the best possible way.
If you make use of the opportunity to submit questions, statements (in writing or via video message), motions, counter-motions, nominations or other requests that are dealt with or made available during or before the Shareholder Meeting, this will generally be done by stating your name, which other participants of the Shareholder Meeting may take note of. If we are not legally obliged to state your name in this context, the legal basis for the processing is Art. 6, para. 1 lit (f) GDPR and our legitimate interest is to inform the other shareholders of the name of the applicant.
IV. Processing of personal data in connection with the shareholder portal
If we conduct the Shareholder Meeting virtually, the shareholders and their representatives will not be able to physically attend the meeting. They can, however, follow the entire meeting via video and audio transmission through the designated shareholder portal. In connection with the virtual Shareholder Meeting we will process your voting card number, log-in password, type of the power of attorney and personal data of your representative, as well as the instructions issued in connection with the Shareholder Meeting and any other information submitted by you in the shareholder portal. Legal basis for the processing is the legal obligation under stock corporation law to which we are a subject to, Art. 6, para. 1 lit (c) GDPR.
If we conduct a virtual Shareholder Meeting and provide the shareholder portal to enable you to conveniently manage your shareholder data, we will collect and process certain personal data on the web server log files, when you visit our shareholder portal in order to log in to attend the virtual Shareholder Meeting, manage your shareholder data or exercise your shareholder’s rights:
- Date and time of the request
- Notification whether the request was successful
- Requested URL
- Referrer URL (the previously visited page), if your browser sends this information
- Type of used web browser and operating system used
- IP address
- Port by which the access was made
- Actions performed within the portal
- Session ID and data
- Successful logins and logouts with the time stamp
Your browser automatically transfers this data to us when you visit our shareholder portal.
Legal basis for the processing is our legitimate interest, Art. 6, para. 1 lit (f) GDPR, since we have a legitimate interest in making the shareholder portal available to you and your representatives so that you can exercise your shareholder rights in a user-friendly manner and participate in the virtual Shareholder Meeting.
E. Data Sources
If you are a shareholder, we receive your personal data either directly from you or from the custodian credit institutions or intermediaries who are involved in the deposit of shares you purchased.
If you act as representative of a shareholder, we receive your personal data from the shareholder who granted you the power of attorney and directly from you as far as your behavior during the Shareholder Meeting or your use of the shareholder portal is concerned.
TeamViewer AG’s employees, who administer, maintain and manage our internal processes, will have access to your personal data. To that end, TeamViewer AG has strong technical and organizational security measures to protect personal data against unauthorized disclosure to third parties and to ensure that only relevant individuals, who act within their job description and have a need-to-know interest in accessing any of your personal data, will have access to the data for which they have sufficient clearance.
Aside from TeamViewer AG’s employees, your personal data may be processed by employees of third-party services providers, who assist us in our daily business, such as providers of IT operation and maintenance services, (cloud) storage service providers and providers of (cloud) collaboration tools, as well as PR agencies. We use certain service providers in order to provide services typical for the capital market, such as EQS Group AG and Nasdaq Corporate Solutions International Ltd. for the management of investor relations as well as Link Market Services GmbH for the management of shareholder relations and Shareholder Meetings. Link Market Services GmbH also operates the shareholder portal used for organizing virtual Shareholder Meetings, exclusively on our behalf and in accordance with our instructions.
TeamViewer AG selects all third-party service providers with due care, obligates them to confidentiality, and concludes data processing agreements (DPAs) with them (including the providers listed above) in accordance with the standards of the GDPR, as applicable. Should you have any questions about third parties we use, please contact us at [email protected].
In addition to above cases, your personal data may also be disclosed during or in connection with the Shareholder Meetings. If you, as a shareholder, make use of the opportunity to submit questions and your questions are dealt with during the Shareholder Meeting, this will generally be done by stating your name. The above applies likewise regarding the submission of statements (in writing or via video message), the publication of which will show your name and, in the case of a statement via video message, images of yourself. If you submit items for the agenda, motions, counter-motions or nominations that we have to make publicly available, e.g. on our company’s website, before the Shareholder Meeting pursuant to our obligations under stock corporation law, this will also generally be done by stating your name. Other participants of the Shareholder Meeting or even the public may take note of this. Furthermore, other shareholders, their representatives where applicable or other participants of the meeting can view the personal data contained in the participant list during the Shareholder Meeting and, if applicable, up to two years thereafter in accordance with Sec. 129 of the German Stock Corporation Act (AktG).
TeamViewer AG will generally not transfer your personal data outside the EU and/or EEA. However, there are some exceptions to this rule, which include data transfers for group internal IT services provided from outside the EU, including Australia, USA and Armenia. TeamViewer AG will otherwise transfer your personal data outside the EU and/or EEA only when required to do so by law or in case of orders from a competent authority. Currently we transfer personal data to our provider Nasdaq Corporate Solutions International Ltd. in the US. Legal basis for such transfer is a DPA with EU standard contractual clauses.
Whenever TeamViewer AG transfers your personal data out of the EU or the EEA to countries that do not have an adequate level of data protection recognized by the EU, we will apply safeguards to adequately protect your personal data. In particular, we will conclude standard contractual clauses with corresponding entities and /. Please refer to https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en to obtain further information on the Standard Contractual Clauses for the transfer of personal data to processors established outside the EU or the EEA.
We will not share your personal data with local authorities or courts except where we are required to do so by applicable law, a court order or a legally binding injunction. We may be obliged to pass on your personal data to other recipients, such as when publishing voting rights notifications in accordance with the provisions of the German Securities Trading Act, or to authorities in order to comply with statutory notification obligations (e.g. to financial or criminal prosecution authorities).
G. Retention periods for personal data
Your personal data will be deleted once you withdraw consent, or once the purpose for processing has ceased to exist. In some cases, TeamViewer AG is legally obligated to retain data for a certain period of time. Your personal data will be deleted or anonymized as soon as they are no longer required for the purposes listed under Section C. and if the deleting or anonymizing does not conflict with legal requirements for proof and storage.
H. Statutory/contractual requirement
You may choose not to provide your personal data or provide incomplete personal data. However, by not providing your personal data, we may not be able to provide you with the relevant service or support, e.g. enable you to participate in our Shareholder Meeting or use all of the functionalities of our website; where we ask for consent and you choose not to provide it, or you block, disable or delete cookies, we may not be able to provide you with the information or service requested.
I. Your rights
You may contact us, e.g. under [email protected], in order to exercise the following rights to the extent you are entitled to under applicable law:
- You may request access to your personal data as well as request a copy of your personal data (right of access, Art. 15 GDPR);
- You may request that we supplement, correct or delete your personal data (Right to rectification, Art. 16 GDPR and Right to erasure, Art. 17 GDPR); the right of rectification also comprises the right to have incomplete personal data completed, including by means of providing a supplementary statement;
- You may request that we restrict the processing of your personal data (Right to restriction of processing, Art. 18 GDPR);
- You may request to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and transmit it without hindrance or have it transmitted to another controller (Right to data portability, Art. 20 GDPR);
- You may object, at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on the legitimate interests pursued by us or by a third party. The processing of your personal data will then be cancelled, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defense of legal claims (Right to object, Art. 21 GDPR).
You have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal data. In order to lodge a complaint, please contact the supervisory authority competent for your place of residency or alternatively, you may contact “Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Lautenschlagerstraße 20, 70173 Stuttgart, Germany“.
Should you have any questions, please contact [email protected].
J. Changes to this Notice
TeamViewer may, from time to time, make amendments to this notice to reflect the changes in our processing activities.