Data Protection at MLP

In case of participation in an (virtual) Annual General Meeting, the data will be processed as follows:

Information for shareholders of MLP SE on data processing

If you use a service for entering data (such as a contact form or seminar registration), you are requested to enter certain characters that are shown on the screen in order to detect and prevent misuse of the services by machines. Captchas are generated and verified on MLP’s application servers. No transmission of data to third parties occurs hereby.

If you use a contact form to get in touch, MLP processes your title, first name, last name, contact details (telephone number and e-mail address), the content of the message, as well as the client number provided on a voluntary basis. The processing of the data is undertaken and necessary in order to provide the service requested. The contact details are processed for enquiries and communication regarding the service requested. If you are assigned to a consultant, the data is forwarded to the consultant (as an independent commercial agent) and his/her staff for processing. The processing is based on Art. 6 (1 b) GDPR. If you are already in contact with MLP (client, previous consultation), the enquiry will be erased 12 years after termination of the client relationship and in all other cases after 3 years.

When subscribing to an MLP newsletter, the master and contact data entered by you is used exclusively for the purpose of providing the respective newsletter service. The data that is collected is the data that is entered into the respective registration screen during the registration process.. Only your e-mail address is required in order to receive the respective newsletter. All other entries are made on a voluntary basis. In the event that you voluntarily provide us with your telephone number when subscribing to our newsletter, you also give consent for MLP to contact you via telephone as a way of informing you about offers and services when you submit the form..

You can withdraw your consent in accordance with Art. 6 (1a) of the GDPR for storing your data and using it to send out newsletters, as well as your consent to be contacted by MLP by telephone at any time for the future. A corresponding link is included with each newsletter e-mail. You can also withdraw your consent at any time by sending a corresponding e-mail to datenschutz@mlp.de . Your data remains stored at MLP until you withdraw your consent.

If you subscribe to our free-of-charge IR Service, MLP uses a contact form to collect only the data required to send out the regular information. The contact form entries (title, last name, first name, e-mail address) are used exclusively to keep you up-to-date with the latest information about the MLP Group via e-mail. Processing takes place on the basis of Art. 6 (1a) of the GDPR with your consent. You can cancel your subscription at any time for the future. A corresponding unsubscribe link is included in all e-mails. Your data remains stored at MLP until you withdraw your consent.

When scheduling an appointment, your title, first name, last name, your contact details (telephone number and e-mail address), the content of the message, as well as your client number (when provided on a voluntary basis to support processing of your request) are processed in order to schedule an appointment and deal with your request. The data is passed on to the manager of the respective MLP office and to the MLP consultant responsible for your account. The office manager and consultant are self-employed commercial agents, so your data can potentially also be processed by their staff for the purposes stated. Data processing is necessary to schedule an appointment and is based on Art. 6 (1b) of the GDPR. If you are already in contact with MLP (client, previous consultation meeting), the enquiry will be deleted 12 years after termination of the client relationship and in all other cases after 3 years.

To request a consultant info pack, your title, first name, last name, postal address, telephone number and e-mail address are collected, as well as your year of birth (when provided on a voluntary basis). The data is processed to provide you with information that matches your interests, for follow-up questions relating to the content of the information and for sending you responses. Your year of birth is also processed to check whether you are already registered as an applicant at MLP. Insofar as you do not submit an application, the data is deleted after 12 months. Otherwise, it is deleted 12 years after the cooperation is terminated.

The processing is necessary to send out the info pack and is based on Art. 6 (1b) of the GDPR and/or your consent.

Career events and seminar participation

If you take part in a an MLP career event (job fair / experience MLP / recruiting event), MLP collects and processes your master data (title, first name, last name), your contact details (telephone number, e-mail address), as well as your current course and semester of study where applicable. Based on the selected event, the data is forwarded to the manager of the MLP office/university team organising the event, the regional manager, the employees of the Location Development department at MLP HQ, as well as the MLP consultants that actually hold the seminars or events. The office manager and the consultants are self-employed commercial agents, so your data can potentially also by processed by their staff for the purposes stated. Data processing is necessary to register for the seminar or the respective event and is based on Art. 6 (1b) of the GDPR. The event and day of participation are also saved for those participating. The data on seminar registration and participation is saved for 12 years or, if a client relationship is already in place, for the duration of this client relationship. Data on trade fair participants, recruiting events or the Experience MLP events is saved for 2 years.

Online application for consultants

If you apply online for a consultant position or an internship at MLP in the field of financial consulting, MLP collects and processes the data entered in the course of the online applications (personal information and contact details, work locations, etc.), as well as all other data and documents you make available to us within the scope of your application. During the application process, MLP also collects and saves information from interviews, tests or references, as well as information from career-focused social media profiles (for example Xing, LinkedIn, etc.). Data processing is required for communicating information regarding career opportunities, to reach decisions regarding potential cooperation and to conclude a commercial agent agreement. The processing is based on Art. 6 (1b) of the GDPR. To carry out the application process and in the event of acceptance, the data is passed on to MLP Banking AG, Alte Heerstraße 40, 69168 Wiesloch, Germany, as well as to future sales managers (for example division directors, branch office managers, university team leaders, regional managers), some of whom are free commercial agents. If a cooperation agreement is concluded, the data is saved by MLP within the scope of contract administration. On the application management system, your data is anonymised no later than 12 months after completing the application process.

Online application for employees

If you apply online for a position at MLP, MLP collects and processes the data entered during the online application process (personal information and contact details, qualifications, training, previous employers, etc.), as well as all other data and documents you make available to us in connection with your application. During the application process, MLP also collects and saves information from interviews, tests or references, as well as information from career-focused social media profiles (for example Xing, LinkedIn, etc.). Data processing is necessary to carry out the application process and is based on Art. 6 (1b) of the GDPR. The data is processed exclusively by personnel involved in the respective application process and not passed on to other areas, unless you give your express consent for it to be passed on. In the event of a successful application and subsequent employment, the data is included in the personnel systems at MLP on the same legal basis. MLP saves any data that you made available to MLP during the application process but which is not required for subsequently establishing the employment relationship in the overriding interest as per Art. 6 (1f) of the GDPR. However, you can revoke your consent for continued storage of this data (see "Your rights"). Insofar as you are not offered a position, the data is deleted 6 months following notification that your application was not successful, unless you give your express consent for it to be stored for a longer period.

Our whistleblower system is designed to establish a confidential communication channel for individuals reporting and enable the submission of reports on compliance and legal violations.

The use of the whistleblower system is generally possible without providing personal data. However, individuals providing information have the option to voluntarily provide personal data (such as identity data, contact and address information, and reporting details).

For the whistleblower portal, MLP uses software from EQS (EQS Group AG, Karlstr. 47, 80333 Munich), a processor within the meaning of Article 28 GDPR. The internal MLP review of the reported incidents is carried out exclusively by a strictly limited group of persons who are obliged to maintain confidentiality. For reasons of legal proceedings, it may be necessary to transfer the data to external entities (e.g. law firms, law enforcement authorities). The data will not be transferred to entities outside the EU or the EEA.

Documentation is deleted three years after the completion of the process. The documentation may be retained for a longer period to fulfill the requirements of the German Whistleblower Protection Act or other legal regulations, as long as it is necessary and proportionate.

The legal basis for the processing of personal data is Article 6(1)(c) GDPR in conjunction with § 10 HinSchG (German Whistleblower Protection Act).

The data processing serves for the collection and processing of your complaint as well as communication with you.

For this purpose, your data such as title, first name, surname, email address and the content of the complaint will be processed. Additional voluntary information may be processed if provided.

The data will be stored for 12 years from the date of termination of the customer relationship or, if applicable, in accordance with the respective legal obligation. In all other cases, the data will be stored for 3 years.

The legal basis for processing is Art. 6 (1c) of the GDPR in conjunction with the respective legal obligation (e.g. Section 8 LkSG, BaFin circular on minimum requirements for complaints management). The legal basis for the processing of general complaints is Art. 6 (1f) of the GDPR.

The offer of EQS Group AG, Karlstraße 47, D-80333 Munich, Germany is integrated to present the MLK share price at the URL: https://mlp-se.com/investors/mlp-share/ . For this purpose your IP address and the page making the request are sent to the provider. The offer is integrated using iFrameTechnology. To this end, your browser establishes a direct HTTPS connection to the server of the aforementioned provider when calling up the offering on our site. The content of the offering that has been called up is sent to your browser directly by the provider and presented on the corresponding MLP site. Alongside the log data required to display the requested content, the provider potentially also uses cookies, which supply the provider with further information regarding your visit to the respective website.

You can find information on how personal data is handled by the EQS Group AG at the URL: https://germany.eqs.com/de/legal .

You can set up your browser in such a way that you are informed whenever cookies are placed. This then allows you to decide on a case-by-case basis whether you wish to accept cookies or generally refuse them. However, if you refuse to accept any cookies, this can restrict the functionality of the respective web page.

Our websites also allow users to use the "Google Maps API" map service of Google Inc. Among other things, this can be used to find and display addresses. Information on accessing and using the website (including IP address) is transmitted to the service provider, Google Inc. (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA), ̈where it is saved. If you have activated the geolocation function on your device, Google can synchronise any data entered with your location data. Alongside the log data required to display the requested content, the provider potentially also uses cookies, which supply the provider with further information on your visit to the respective website.

Data transmission is necessary for the use of services on the basis of Art. 6 (1b) of the GDPR. Further processing of the data is then based on the provisions of Google's privacy policy ( https://www.google.com/policies/privacy?hl=en ).

You can set up your browser in such a way that you are informed whenever cookies are placed. This then allows you to decide on a case-by-case basis whether you wish to accept cookies or generally refuse them. However, if you refuse to accept any cookies, this can restrict the functionality of the respective web page.

You can find additional terms of use for Google Maps/Google Earth at the URL: https://maps.google.com/help/terms_maps.html

In order to take part in MLP's career support programme, you must first register with and provide the necessary data to our cooperation partner, Karriere Athleten GmbH (career-tools.net), Hagebuttenstr. 14, 41468 Neuss, Germany, as the entity responsible for data protection. You can find information on data protection, as well as your rights at Karriere Athleten GmbH at the URL: https://www.career-tools.net/ueber/datenschutz.php . With your consent in line with Art. 6 (1a) of the GDPR, our cooperation partner passes on this data to MLP Finanzberatung SE for the purpose of carrying out the support programme. MLP uses this data, as well as the results from the respective support programme components to offer guidance during the support programme, as well as for an MLP consultant to make offers suited to your personal situation. MLP saves your data for 12 years or, if a client relationship is already in place, for the duration of this client relationship. You can revoke your consent for transmission of your data to MLP at any time with future effect. However, a revocation of this kind does not compromise the legality of the data transmitted and processed by MLP prior to the revocation.

You can use the social media plugins displayed on our website to connect to various social Internet networks and post information (e.g. a link to this page or a rating) to the selected network. In order to ensure that you have complete data control, the buttons used only establish direct contact to the respective networks when you actively click on them. By activating the plugin, the following data can be transmitted to the respective provider: IP address, browser information, operating system, screen resolution, installed plugins, origin of visitors as well as the URL of the current website if you followed a link (referrer). The next time you visit our website, the social media plugins will be made available again in the preset inactive mode, so that it is ensured that no data is transmitted.

Service providers used:

Facebook/Instagram: Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland); data protection information: https://www.facebook.com/help/568137493302217

Twitter: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). data protection information: https://twitter.com/privacy?lang=de

XING: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany; data protection information: https://privacy.xing.com/de/datenschutzerklaerung

YouTube: YouTube, LLC, Cherry Ave., San Bruno, CA 94006 USA; represented by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA); data protection information:

https://policies.google.com/privacy?hl=de&gl=de

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; data protection information: https://www.linkedin.com/legal/privacy-policy#choices-oblig

Facebook Ireland Ltd. ((“Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and MLP are joint controllers according to data protection law for the operation of our Facebook/Instagram pages. Facebook bears the primary responsibility according to the existing agreement for compliance with information obligations and assurance of the technical and organisational measures.

The complete agreement can be found at https://www.facebook.com/legal/terms/page_controller_addendum .

Processing of personal data by MLP

MLP is the controller according to data protection law for data collected within the framework of promotional activities or comments left on our webpages. If you leave comments, Likes and other contributions on our page when you visit our fan pages, this data shall be published permanently on our Facebook/Instagram page. MLP uses this data in accordance with Art. 6 (1f) GDPR exclusively to contact you when necessary for the purposes of our legitimate interests via the medium of Facebook or Instagram and to react to your requests, suggestions and criticisms. If you grant us specific consent to use your personal data via our Facebook or Instagram fan page, you can withdraw this consent at any time at datenschutz@mlp.de .

You need not be a member of Facebook to be able to see content on our Facebook fan page or on Instagram. We point out however that personal data is collected and processed by Facebook itself with every visit to our Facebook or Instagram page. MLP has no influence over this data collection and processing. Facebook is the controller according to data protection law.

Processing of Personal Data by Facebook

As soon as you call up our Facebook or Instagram page, your browser establishes a connection with Facebook and transmits information. Facebook uses this data as well as data of your interaction with our Facebook/Instagram pages at least for the creation of personalised advertising, creation of user profiles as well as for market research. You can find details regarding which information is collected by Facebook in the data protection guidelines of Facebook and Instagram, which can be found in https://www.facebook.com/privacy/explanation and https://de-de.facebook.com/help/instagram/155833707900388 .

Facebook uses cookies for the purpose of storing and further processing of this information, which are stored on various end devices of the user. If you are a member of Facebook or Instagram at the time of calling up our Facebook/Instagram page, Facebook can link the visit to our Facebook/Instagram page with your personal user account at Facebook/Instagram and store and analyse your activities also across multiple devices.

You can object to the use of your personal data by Facebook (so-called opt-out) here: https://www.facebook.com/settings and here www.youronlinechoices.com. Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified under the EU-U.S. Privacy Shield, thereby stating its adherence to the European data protection regulations. You can find additional information with regard to the Privacy Shield status of Facebook here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

MLP, as the operator of the webpages, cannot exclude the possibility of your data being transferred and further processed in third countries, e.g. the USA, as well as the potential associated risk for the user.

Processing of personal data for statistical purposes (Insights)

MLP can call up various categories of statistical data available to us via the so-called “Insights” feature of our Facebook/Instagram pages. We use Insights in our own interest in accordance with Art. 6 (1f) GDPR in order to obtain statistical information related to the use of our pages. This information makes it possible for us to record the scope and effectiveness of campaigns, postings and other activities through compiled statistics and to continuously optimise our Facebook/Instagram pages for specific needs on this basis. You can find detailed information regarding Facebook Insights at https://www.facebook.com/business/a/page/page-insights

As the operator of the webpages, MLP has no influence over how this statistical data by Insights is generated or presented. MLP cannot disable this function or prevent the data from being generated or presented. Within the framework of the Facebook Insights use, Facebook provides only anonymised statistics to MLP relating to the use of our Facebook /Instagram pages. MLP can only discern how many users have performed certain interactions. The statistics of the Insight data provide MLP no details specific to you. However, according to the Facebook terms of use, we can identify followers and fans of our pages and see their publicly shared profiles and information. You can find additional information hereto at https://www.facebook.com/help/794890670645072 .

Your rights

You can claim your rights to information, rectification, objection, erasure, restriction of processing as well as data portability in connection with our Facebook/Instagram fan pages directly by contacting Facebook or also MLP. According to the addendum, https://www.facebook.com/legal/terms/page_controller_addendum with Facebook, MLP is obligated to transfer these inquiries to Facebook within 7 days.

MLP uses the Xing platform to promote our company and our quality as an employer and to make it easier for you to contact us. XING AG (Dammtorstr. 30, 20354 Hamburg, Germany) is responsible for operating the platform.

Processing of personal data by Xing:

When you visit our Xing page, Xing records, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used, among other things, to provide statistical information about the use of the website to us as the operator of the MLP Xing page. If you call up our Xing page and are logged into your Xing account at the same time, Xing can immediately assign your visit to our Xing page to your Xing account. We expressly point out that Xing stores this data (e.g. personal information, IP address, etc.) and uses it for its own purposes. MLP has no influence on data processing by Xing. Xing is the sole controller under data protection law.

You can find more detailed information on data protection at Xing at https://privacy.xing.com/de/datenschutzerklaerung . For information on how to manage or erase existing information on Xing, see https://privacy.xing.com.de .

Processing of personal data by MLP:

MLP is the controller according to data protection law if you contact us via our Xing page, e.g. via form or messenger. We use this data exclusively for the purpose of answering your request or for contacting you and the related technical administration. The legal basis for this is our legitimate interest in answering your request in accordance with Art. 6 (1f) GDPR. If your contact is aimed at the conclusion of a contract, Art. 6 (1b) GDPR applies as the legal basis. Your data will be erased at MLP after final processing, provided that the erasure does not conflict with any statutory storage requirements.

MLP processes personal data via its Twitter account. At the same time, data is processed by Twitter.

Processing of personal data by Twitter:

MLP uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA for the short message service offered via its website. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is the controller for the data processing of persons based in the European Union.

MLP points out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular for the use of interactive functions (e.g. sharing, rating). Information on what data is processed by Twitter and for what purposes can be found in Twitter’s data protection declaration: https://twitter.com/de/privacy

MLP has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties, and also has no way to control this. If you use Twitter, your personal data will be collected, transmitted, stored, disclosed and used by Twitter Inc. in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence.

On the one hand, Twitter processes your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts in your address book when you upload or synchronise it. On the other hand, Twitter also evaluates the content you share based on which topics you are interested in, saves and processes confidential messages that you send directly to other users and can determine your location based on GPS data, information on wireless networks or via IP address to send you advertising or other content.

Under certain circumstances, Twitter Inc. may use analysis tools such as Twitter or Google Analytics. MLP has no influence on the use of such tools by Twitter Inc. and has not been informed of such potential use. Should tools of this type be used by Twitter Inc. for the MLP account, MLP has neither commissioned this nor approved it or otherwise supported it in any way. The data obtained from the analysis by Twitter Inc. is also not made available to MLP. Only certain, non-personal information about the tweet activity, i.e. the number of profile or link clicks due to a certain tweet, can be viewed by MLP via its account. In addition, MLP has no way of preventing or stopping the use of such tools on its Twitter account.

Twitter Inc. also receives information if you, for example, view content even if you haven’t created an account. This so-called “log data” can be the IP address, the browser type, the operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile operator, the device you are using (including device ID and application ID), and the search terms and cookie information you used. Using Twitter buttons or widgets integrated into websites as well as cookies, Twitter is able to record your visits to these websites and assign them to your Twitter profile. Based on this data, content or advertising can be offered which is tailored to you.

You have possibilities to restrict the processing of your data in the general settings of your Twitter account and in the “Data Protection and Security” section. In addition, on mobile devices (smartphones, tablet computers), you can restrict Twitter’s access to contact and calendar data, photos, location data, etc. However, this depends on the operating system used.

Further information on these points is available on the following Twitter support pages:

https://support.twitter.com/articles/105576#

https://help.twitter.com/de/search?q=datenschutz

You can find out about the possibility of viewing your own data on Twitter here: https://support.twitter.com/articles/20172711#

You can find information about the conclusions drawn about you by Twitter here: https://twitter.com/your_twitter_data

Processing of personal data by MLP

MLP processes personal data in its own interest for the purpose of public relations and advertising for its own products and services in accordance with Art. 6 (1f) GDPR. MLP may use the data entered by the user on Twitter, in particular your user name and the content published under your account, for retweets, replies or own tweets that refer to your account. The data you publish and distribute freely on Twitter is included in our offerings and made accessible to our followers. MLP does not collect any further data.

Your visit to the websites of the MLP Group is protected from unauthorised access using the SSL (secure socket layer) transport protocol. This also applies to cases in which services prompting the user to enter personal data are called up while using MLP online content. This data is always encrypted prior to transmission. The SSL (secure socket layer) transport protocol is currently considered secure and complies with the recommendations of the German Federal Office for Information Security (BSI).

MLP has implemented technical and organisational measures to ensure compliance with both European and German data protection legislation. All persons that collect, process or use data at MLP are obligated to observe confidentiality. This obligation also continues to apply if the employment relationship with MLP of any such persons is terminated. In addition to this, banking secrecy and special secrecy obligations are applied in certain areas.

As a user, you are obligated to treat all personal access data that has been made available to you so that you can take up individual offers from MLP as confidential and not make any of this data available to third parties. MLP does not accept any liability for misuse of passwords, to the extent that we cannot be held responsible for such misuse.