Privacy Notice for shareholders

We take the privacy and security of personal data of our shareholders and their authorized representatives very seriously. This privacy notice explains how Swiss Re processes your personal data and what your rights are in relation to your personal data. The information is based on the Swiss Data Protection Act (FADP).

Swiss Re Ltd
Mythenquai 50/60
8002 Zurich
Email: share_register@swissre.com

If you have any questions, concerns or requests regarding this privacy notice or your personal data, including how it is processed, please contact us under the aforementioned address by adding Data Protection Officer to the address or via email to data_protection@swissre.com.

To fulfil our obligations under stock corporation law, when you use our shareholder portal or when we manage your share deposit account, we process various categories of personal data about you that we receive directly from you or that are disclosed to us by your credit institution This includes in particular:

• Identification and contact data such as Name, date of birth, copy of ID, home address, email, or phone number.
• Identification data and contact details such as name, surname, date of birth, address, and citizenship (or the registered office of legal entities), as well as the copy of identification documents, e-mail address or telephone number in case we manage your share deposit.
• Shareholder data such as the number of shares, credit institution, participation in the General Meeting, voting information or information on the exercise of further shareholder rights.
• Registration data and technical data when using the shareholder portal, such as user identification and password, information on the type and time of use, the IP address of your device and other technical data to ensure the functionality and security of the portal.

Unless the processing of your personal data is necessary in connection with the safeguarding and exercise of your shareholder rights or for the fulfilment of our legal obligations, you are generally not required to disclose your personal data.

We process your personal data for the following purposes:

• For purposes related to the performance of the duties provided for in the Stock Corporation Law, such as, the identification of shareholders or their representatives, maintaining the share register, communication with shareholders or with their representatives, the planning and execution of the General Meeting, the distribution of dividends and the delivery of reports.
• For statistical purposes such as the presentation of shareholder developments or evaluations of the number of transactions or overviews of the largest shareholders.
• For the opening and managing of your share deposit account if you are a shareholder with a tax domicile in Switzerland and make use of the option to have your share deposit account managed by us. This also includes complying with our due diligence obligations when reviewing applications to open a share deposit account in connection with the prevention of money laundering and the fight against terrorism.
• To comply with further legal obligations arising from regulatory requirements or retention obligation under stock corporation and tax law.

• When you use our shareholder portal, your data is processed for the purposes of user registration and access control, to provide and operate the services available on the portal, and to ensure security. For more information on data protection when using the shareholder portal, you can refer to the declarations available when you register.

We may process your personal data for other purposes compatible with the purposes set forth above.

We retain your personal data for as long as it is necessary for the purposes of the processing or as required by legal retention obligations. After this period, your personal data will be anonymized or deleted.

For personal data collected in connection with the share register management and/or the General Meeting, the storage period is up to 10 years. Personal and transaction data that we process if we manage your share deposit account are retained for 10 years after the deposit account has been balanced.

We take appropriate security measures to ensure the confidentiality, integrity, and availability of your personal data, to protect your personal data from unauthorized or unlawful processing, and to prevent the risks of loss, accidental alteration, unauthorized disclosure, or access.

We may disclose your personal data to third parties both domestic and abroad, in connection with the purposes in section 3, our legal obligations or otherwise to pursue our legitimate interests. These recipients are contractually required to comply with applicable data protection laws as well as any applicable confidentiality requirements.

We may disclose personal data to domestic and foreign recipients, even if the data is subject to secrecy obligations. In many cases, the disclosure of this type of data is necessary for the performance of contracts or otherwise for the purposes described in this Privacy Notices. Non-disclosure agreements do not generally exclude such disclosures, including disclosure to service providers. Taking into account the sensitivity of the data and other factors, we always ensure that data recipients handle the data in an appropriate manner.

Data recipients also include third parties such as suppliers, IT and other service providers who process personal data on our behalf. These are contractually obligated to process the data only for the purposes of providing their services to us.

Our shareholder portal NIMBUS ShApp is provided and operated on our behalf by Nimbus AG, Ziegelbrückstrasse 82, 8866 Ziegelbrücke. The shareholder portal systems, including the data, are hosted in data centres in Switzerland.

Your personal data can be processed aboard we oblige data recipient in particular to maintain confidentiality when processing personal data subject to legal confidentiality requirements. 

When personal data is processed using our workplace systems, it is stored within the EU member states. In exceptional cases, personal data may also be processed in other countries where Swiss Re has offices.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with data protection requirements on the basis of the European Commission's standard contractual clauses¹, to the extent that the recipient is not already subject to a legally recognized set of rules to ensure data protection.

In exceptional cases we may transfer personal data to a country without an adequate level of data protection if you have given your consent, if this is necessary for the performance of an underlying contract with you or in case of legal proceedings abroad or in case of overriding public interests.

On our website and in our online services, we may use cookies and similar technologies. For information on how we use cookies and similar technologies, please see our cookie notice².

For information on the use of cookies and similar technologies when using the shareholder portal, please refer to the information on the shareholder portal.

You have the following rights in relation to your personal data:

• Access: You have the right to request information from us as to whether and what personal data we hold.
• Rectification: If any of your details are incorrect, inaccurate, or incomplete you can ask us to correct the data.
• Object: You have the right to object to the processing of your personal data under certain circumstances. If our processing is justified by an overriding interest or by law, we may nevertheless continue to use your personal data.
• Withdraw of consent: You have the right to withdraw consent at any time, provided that our processing is based on your consent.
• Data portability: In some circumstances you can ask us to send an electronic copy of the Personal Data you have provided to us, either to you or to another organization.
• Erasure: You can ask us to delete your Personal Data if deleting your data is not in conflict with our legal and regulatory obligations.  If we are using consent to process your information and you withdraw your consent, you can ask us to erase your information. 

If you do not agree with the way we handle your rights or with our data protection practices, please let us or our Data Protection Officers know. You also have the right to lodge a complaint with the Swiss data protection authority³.

This privacy policy is not part of any contract. We may change it at any time.

Last updated: January 2024