Quicklinks
Hamburger Hafen und Logistik AG (HHLA) attaches great value to the protection of your data and your privacy. In this data privacy statement we inform you about which personal data of our shareholders or their authorised representatives we process in connection with the preparation, execution and follow-up of our Annual General Meeting, and which rights you have according to Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the Federal Data Protection Act (BDSG) with regard to the processing of your data. If you are another participant (guest) of the Annual General Meeting, you will also find information on the processing of your personal data in connection with your participation in the Annual General Meeting in this privacy policy.
We will hold the Annual General Meeting in 2024 as a virtual Annual General Meeting pursuant to § 118a of the German Stock Corporation Act (AktG) without the physical presence of shareholders or their proxies. Shareholders, their proxies and guests will therefore not be able to physically attend the Annual General Meeting. However, they can follow the entire Annual General Meeting by video and audio transmission via a password-protected internet service (shareholder portal), which is also used for the electronic connection. The shareholder portal is operated by our service provider HV AG, Jakob-Oswald-Straße 4, 92289 Ursensollen, exclusively on our behalf and according to our instructions. It can be accessed at the internet address www.hhla.de/shareholderportal.
The responsible body is
Hamburger Hafen und Logistik AG
Bei St. Annen 1, 20457 Hamburg, Germany
Phone: +49 40 3088-0, Fax: +49 40 3088-3355, E-mail: info@hhla.de
Please contact our data protection officer if you have any questions regarding this information.
Our data protection officer can be contacted either either at the above address or by e-mail at datenschutz@hhla.de
In connection with the execution of our virtual Annual General Meeting, we process the following personal data of our shareholders or their proxies:
If shareholders or their proxies contact us, we also process the personal data that is required to process the respective request, such as the e-mail address or telephone number.
If you take part in our virtual Annual General Meeting as a guest, we will process the following data from you: Name, address, position/function, if applicable, company and individual access data for the shareholder portal (guest card or access number and PIN).
When you visit our shareholder portal on the internet, we collect data about accesses to our shareholder portal. The following data and device information are logged in the web server log files: Retrieved or requested data; date and time of the retrieval; message whether the retrieval was successful; type of web browser and operating system used; IP address; shareholder number or, in the case of guests, the guest card access number and session ID; acknowledgement and acceptance of the terms of use. Your browser automatically transmits this data to us when you visit our shareholder portal.
We process your personal data in compliance with all relevant legal provisions, in particular the GDPR, the BDSG and the AktG.
We process your personal data in order to prepare, conduct and follow up the virtual general meeting and to fulfil our legal obligations towards shareholders and their proxies in this context, in particular in order to
The personal data of shareholders may also be processed to provide corporate information and to maintain contact with you (investor relations).
The legal basis for this processing is Art. 6 para. 1 lit. c) GDPR in conjunction with. § Section 67e (1) AktG and our obligations under stock corporation law pursuant to Sections 118 et seq. AktG.
The processing of personal data of shareholders and proxies is necessary for the proper conduct of the virtual general meeting. If you do not provide the required personal data, we may not be able to connect you to the virtual general meeting.
We also process the above-mentioned data of guests in order to ensure that only selected guests can follow the video and audio transmission of the virtual general meeting. In particular, we create a guest list and send guest tickets or access data for the shareholder portal, via which guests can exclusively follow the webcast of the virtual general meeting. The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to control access to our virtual AGM and to admit only selected guests. Without this processing of your data, it is not possible to watch the video and audio transmission of the virtual general meeting by guests.
In connection with the preparation, implementation and follow-up of the Annual General Meeting, we may also transmit your data to our legal advisors, tax advisors or auditors, as we have a legitimate interest in organising the Annual General Meeting in accordance with the relevant legal provisions and in obtaining external advice for this purpose. The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR .
Your personal data will also be processed to comply with any statutory reporting and publication obligations. In addition, we may also process your personal data to comply with other legal obligations such as regulatory requirements or stock corporation, commercial and tax law retention obligations. For example, in order to comply with provisions of stock corporation law, when authorising proxies appointed by the Company to attend the Annual General Meeting, we must keep a verifiable record of the data serving as proof of the authorisation for three years. In these cases, the legal basis for the processing is the respective legal regulations and Art. 6 para. 1 lit. c) GDPR.
We process your data in order to compile statistics, e.g. for the presentation of shareholder development, number of transactions, or for overviews of the largest shareholders. The legal basis for processing your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in compiling statistics so that we can see how the shareholder structure of our company is made up.
In individual cases, we also process your data for compliance with securities regulations of non-European countries. This applies in particular if, in the event of capital increases in accordance with the applicable legal provisions, we have to exclude individual shareholders from information about subscription offers due to their nationality or place of residence. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c) GDPR in conjunction with. § Section 67e (1) AktG.
We use technically necessary cookies for our shareholder portal. Cookies are small files that are stored on your desktop, notebook or mobile device by a website that you visit. From these, we can recognise, for example, whether there has already been a connection between your device and our shareholder portal, or which language or other settings you prefer. The cookies we use do not contain any personal data. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you decide against the use of cookies, it is possible that not all functions of our shareholder portal or individual functions will only be available to you to a limited extent.
The necessary session cookies we use are only used for the purpose of providing the shareholder portal and for the registration and identification of shareholders, their proxies and our guests. They are necessary for the functions of the shareholder portal and are deleted when you close your browser.
The legal basis for setting the absolutely necessary cookies, accessing the data stored therein and the associated processing of personal data is Section 25 (2) no. 2 of the Telecommunications Telemedia Data Protection Act, as this is necessary to provide the shareholder portal you have requested. The further processing of the personal data collected by means of the absolutely necessary cookies is necessary to safeguard our legitimate interest in enabling our shareholders, their proxies and selected guests to visit our shareholder portal. The legal basis for this processing in relation to shareholders is Art. 6 para. 1 lit. c) GDPR in conjunction with Section 67e para. 1 AktG and in relation to their proxies and guests Art. 6 para. 1 lit. f) GDPR.
If we intend to use your personal data for a purpose not indicated above, we will notify you of this in advance, in accordance with the applicable statutory provisions.
As a matter of principle, every shareholder is obliged to provide the company with the information required for keeping the share register (name, date of birth, postal and electronic address of the shareholder and number of shares or share number). As a rule, the intermediaries involved in the acquisition or custody of your HHLA registered shares (e.g. credit and financial services institutions) forward the information relevant for keeping the share register to us. This is done via Clearstream Banking AG, Eschborn, which, as the central depository, is responsible for the technical processing of securities transactions and the safekeeping of shares for the credit institutions. If you sell your shares, this is also reported to us via Clearstream Banking AG. Otherwise, we or the service providers commissioned by us usually receive the personal data of the shareholders from you yourself.
If you act as a proxy for a shareholder, we receive your personal data from the shareholder who granted you the proxy and directly from you, insofar as your conduct in the virtual Annual General Meeting or your use of the shareholder portal is affected.
If you are following the virtual general meeting as a guest, we receive your data either directly from you, in particular if you yourself have applied for admission as a guest with us (e.g. as a media representative), or, if applicable, in the course of our business activities from internal or external sources, some of which are also publicly accessible.
We use external service providers for the administration and technical management of the share register, e.g. for the organisation of the Annual General Meeting, for printing and mailing Annual General Meeting invittions and shareholder announcements, and for the execution of the Annual General Meeting (primarily for the provision of the shareholder portal through which the virtual Annual General Meeting is accessible). The service providers we commission receive only such personal data from us as is necessary for carrying out the commissioned service, and they process the data exclusively on our behalf and at our direction. All our employees, and all employees of external service providers who have access to personal data or who process it, are obliged to treat this data confidentially. In connection with the preparation, implementation and follow-up of the general meeting, we may also transfer your personal data to our legal advisors, tax advisors or auditors.
In connection with the conduct of the Annual General Meeting, your personal data may, under certain circumstances, be disclosed to other duly registered shareholders or their proxies and, where applicable, members of the public visiting the Company's website or watching the publicly accessible video and audio transmission of the Annual General Meeting (e.g. by granting access to the list of participants required by law, by publishing on the Company's website the motions or other requests that you have submitted and that are subject to publication, in the context of making statements accessible by name on the shareholder portal or in the context of other contributions that you make in the run-up to or during the virtual general meeting via the communication channels described in the invitation to the general meeting).
We may also be obliged to forward your personal data to further recipients such as authorities in fulfilment of statutory notification obligations (e.g. if the voting rights thresholds prescribed by law are exceeded).
We will anonymise or delete your personal data as soon as it is no longer required for the above-mentioned purposes and provided that we are not obliged to continue to store it on the basis of statutory documentation and retention obligations (e.g. under the Stock Corporation Act, the German Commercial Code or the German Fiscal Code). The data registered in connection with Annual General Meetings will normally be stored for a period of up to three years. Subject to other legal regulations, we will retain the data stored in the share register for up to twelve months after becoming aware of the termination of the shareholder status. A longer storage period takes place as an exception, insofar as this is necessary in connection with legal proceedings in which the company is involved.
In the event that we forward personal data to recipients with headquarters outside the European Economic Area (third country), this will only occur insofar as the European Commission has confirmed that the third country has an appropriate level of data protection or is subject to other appropriate data protection guarantees (e.g. European Commission’s standard contract clauses have been stipulated).
If shareholders are from third countries, we will also send information to these shareholders (e.g. invitations to general meetings). If these communications also contain personal data (e.g. applications for general meetings including the name of the applicant), this data will thus also be transmitted in third countries. In third countries, the provisions of the GDPR do not apply directly. Unless there is an adequacy decision by the EU Commission, a lower level of protection for your personal data may exist in these third countries. A transfer is nevertheless necessary in order to inform all shareholders equally, as we may not exempt shareholders from third countries from our duty to inform. With the transfer, we therefore fulfil our contractual obligations. The legal basis for the transfer is Art. 49 (1) (b) GDPR.
You may request detailed information on this and on the level of data protection for our service providers in third countries from our data protection officer.
With regard to their personal data shareholders and their proxies as well as guests have the right, when the statutory requirements are present,
Insofar as we process your data to safeguard legitimate interests of HHLA or a third party, you may submit an objection to this processing when there are grounds in your specific situation for not processing data. In this case we will end processing, provided we cannot provide evidence that compelling legitimate grounds exist which outweigh your interests, rights and freedoms, or if processing is necessary for the establishment, exercise or defence of legal claims.
You can assert your rights with our data protection officer at the address provided in Section "Responsible for data processing". Please note that possible statutory exemptions (e.g. continuing retention requirements) may conflict with the exertion of your rights.
Irrespective of this, as an affected party you have the right to lodge a complaint with a responsible data protection authority in accordance with Art. 77 GDPR. The data protection supervisory authority responsible for HHLA is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg, Germany
Tel.: +49 (0) 40 42854-4040
mailbox@datenschutz.hamburg.de