Fraport : Information on Data Protection with Regard to the AGM of Fraport AG (GDPR Privacy Notice)

April 12, 2024 at 09:28 am EDT

This document is a convenience translation of the German original. In case of discrepancy between the English and German versions, the German version shall prevail.

Information for Shareholders and Their Proxies on the Processing of Personal Data by Fraport AG in regard to Data Processing for the Purpose of the Annual General Meeting

Fraport AG Frankfurt Airport Services Worldwide (Fraport) attaches great importance to the protection of your data and your privacy. In this data protection statement, we will provide you with information on the personal data of our shareholders and their proxies we process in connection with the preparation, execution and follow-up of the Annual General Meeting and the rights you hold pursuant to Regulation (EU) 2016/679 (GDPR - General Data Protection Regulation) and the German Federal Data Protection Act (BDSG - Bundesdatenschutzgesetz) regarding the processing of your data.

On May 7, 2024, the Company will set up an online portal ("AGM portal") at the website www.fraport.com/annualgeneralmeeting. Via this portal, properly registered shareholders and their proxies, if applicable, can follow the public audio/video transmission of the entire Annual General Meeting, exercise their voting rights via electronic absentee ballot and authorize proxies. To be able to use the AGM portal, you must log in with the access information you received with your admission card. The AGM portal is operated exclusively on our behalf and according to our instructions by our service provider Link Market Services GmbH, Landshuter Allee 10, 80637 Munich, Germany.

1. Controller responsible for the processing of personal data and data protection officer

The controller responsible for the processing of your personal data is:

Fraport AG Frankfurt Airport Services Worldwide 60547 Frankfurt am Main, Germany

Phone: +49 69 690-0

E-mail: info@fraport.de

Our data protection officer is also available to answer further questions on data protection in relation to Fraport and for the assertion of data subject rights, and can be reached via e-mail at: datenschutz@fraport.deor by mail at the address specified above.

2. Categories of personal data processed

We process the following data of our shareholders/their proxies in connection with the Annual General Meeting:

First and last names;

Page 1/6

Private or professional contact details;
Information on legal transactions;
Information on shareholdings, share class, form of share ownership, number of shares;
Information on the shareholder's manner of participation in the Annual General Meeting;
Communication details and content;
Access details for the AGM portal;
Other information for preparing and conducting the Annual General Meeting (e.g. proxy authorizations, requests, motions, nominations).

In the event that shareholders or their proxies contact us, we also process the personal data necessary for us to respond to the concerns in question, such as e-mail addresses and phone numbers.

When you visit our AGM portal online, we collect data on access to the AGM portal. The following data and device details are recorded in the web server's log files:

Data accessed/queried (including the URL queried);
Date and time of query;
Report on whether the query was successful;
Type of web browser used;
Referrer URL (the page visited previously) if your browser provides this;
IP address;
Port through which the access takes place;
Actions carried out inside the AGM portal;
Individual access data and session ID; and
Login and logout with corresponding timestamps.

Your browser shares this data with us automatically when you visit the AGM portal.

We also make use of "web storage" functions. This involves creating and storing small text files in your browser's local memory on your device. As part of the session storage procedure after your login, we collect information via the respective authentication token (i.e. your admission card) and your session data, including your consent to our terms of use. This ensures that you are recognized as a user if you visit a different page of the portal during an active meeting, return to our website or need to refresh the page. We also use the "local storage" function to save the timestamp for your login, which makes it possible to automatically log you out after a defined period of time for security reasons. This data is automatically erased when the browser is closed. You can find information in your browser menu on how to deny permission for web storage objects and which settings will allow you to be notified by your browser of the placement of a new web storage object. Please note that some functions of our website may no longer be available if web storage objects are deactivated.

3. Purpose and legal bases of processing

We process your personal data in observance of the provisions of the GDPR, the BDSG, the German Stock Corporation Act (AktG - Aktiengesetz) and other relevant regulations.

Page 2/6

a) Preparation, execution and follow-up of the Annual General Meeting

We process your personal data to prepare, execute and follow up on the Annual General Meeting and to meet our statutory duties to shareholders and their proxies in this context, and in particular to

handle registration for the Annual General Meeting, admitting shareholders and their proxies to the Annual General Meeting (e.g. verifying identity, verifying authorization to exercise shareholder rights, generating the list of participants and retaining it to be made available for viewing, delivery of admission cards) and
enable shareholders and their proxies to exercise their rights during or in connection with the Annual General Meeting (especially exercising their voting rights via electronic absentee ballot and issuing and revoking proxy authorizations and instructions as described in the respective invitation to the AGM).

We also process your personal data to provide corporate information ("ordering service" on our website) and maintain contact with our shareholders (Investor Relations).

The legal basis for these instances of processing is Art. 6(1)(c) GDPR in conjunction with Section 67e(1) AktG and our obligations as a stock corporation pursuant to Section 118 et seq. AktG.

Processing your data is necessary for the proper preparation and execution of the Annual General Meeting.

We will potentially share your data with our legal counsel, tax advisors or auditors in connection with the Annual General Meeting, as we have a legitimate interest in conducting the Annual General Meeting in conformity with the relevant legal requirements and in receiving external advice in this regard. The legal basis for these instances of processing is Art. 6(1)(f) GDPR.

Fulfillment of statutory reporting and publication duties (particularly voting rights notifications) and other statutory obligations, particularly retention obligations

Your personal data will also be processed in order to fulfill any applicable statutory reporting and publication duties (particularly voting rights notifications). In addition, your personal data may also be processed, if necessary, in order to fulfill further statutory obligations such as regulatory provisions as well as retention obligations under corporate, commercial and tax law. The legal basis for these instances of processing is Art. 6(1)(c) GDPR in conjunction with the respective statutory provisions.

c) Further purposes of processing

We process your personal data to prepare analyses and reports on the shareholder structure. This serves our legitimate interest of analyzing the capital structure of the company as the basis for business decisions. The legal basis for this processing is Art. 6(1)(f) GDPR.

We do not use automated decision-making and/or profiling tools in processing personal data.

Page 3/6

4. Cookies and similar

The use of cookies, device details in web server log files and web storage and local storage elements (collectively referred to as cookie functions) is indispensable for our AGM portal. Cookies are small files that a website stores on your desktop, notebook or mobile device.

This makes it possible for us to determine whether your device has previously connected to our AGM portal or which language and other settings you prefer, for example. Cookies may also contain personal data. You can configure your browser such that you are informed of the use of cookies and accept cookies only in specific cases or refuse/delete them categorically. If you decide not to allow the use of cookies, this may result in a situation where some functions of our AGM portal are unavailable to you or individual functions are available only to a limited extent.

The cookie functions we use are employed only for the purpose of delivering the AGM portal, for shareholder login and identification, to detect misuse, troubleshoot errors and ensure that the Annual General Meeting proceeds smoothly.

The legal basis for using cookie functions, accessing the data stored in them, and the associated processing of personal data is Section 25(2) no. 2 of the German Act on Data Protection in Telecommunications and Telemedia (TTDSG), since these are necessary in order to provide the AGM portal you have requested to use. The further processing of personal data collected with the cookie functions is necessary in order to safeguard our legitimate interest in enabling our shareholders and their proxies to use our AGM portal. The legal basis for this processing is Art. 6(1)(f) GDPR.

In cases where we would like to use cookie functions for the delivery of the AGM portal which are not indispensable to the operation of the AGM portal, such as functional or performance cookies, we will do so only insofar as you have granted your consent.

5. Categories of data recipients

Our service providers who are hired for the purposes of the preparation, execution and follow-up of the Annual General Meeting, including the provision of the AGM portal and its functions, receive only that personal data from us that is required to perform the services for which they are hired, and process this data exclusively on behalf of and in accordance with the instructions of Fraport. All of our employees and all employees of external service providers who have access to personal data and/or process it are obligated to handle this data in strict confidence. We will potentially also transmit your personal data to our legal counsel, tax advisors or auditors in connection with the preparation, execution and follow-up of the Annual General Meeting.

In connection with conducting the Annual General Meeting, your personal data may, under certain circumstances, be disclosed to other properly registered shareholders or their proxies and potentially to members of the public who visit the Company's website or follow the public audio/video transmission of the Annual General Meeting (e.g. by allowing them to view the legally required list of participants or by publishing your comments provided during the Annual General Meeting).

Page 4/6

Finally, we may be subject to the obligation to transmit your personal data to further recipients, such as in the case of the publication of voting rights notifications in accordance with the provisions of the German Securities Trading Act (Wertpapierhandelsgesetz), or to government agencies in order to fulfill statutory reporting obligations.

Your personal data are essentially processed in countries which are part of the European Union (EU) and the European Economic Area (EEA). We will also send information (e.g. invitations to annual general meetings) to shareholders from countries outside the EU/the EEA (third countries). If this includes personal data (e.g. motions for annual general meetings that give the name of the person submitting the motion), these data will thus also be transmitted to third countries. The provisions of the GDPR do not apply directly in third countries. If there is no adequacy decision by the European Commission, the level of protection for your personal data may be lower in these third countries. Nonetheless, transmission is required to provide the same information to all shareholders, as we are not permitted to exclude shareholders in third countries from our obligation to provide information. By transmitting the data, we are thus fulfilling our contractual obligations. The legal basis for this transmission is Art. 49(1)(b) GDPR.

6. Data sources

We/our service providers receive the personal data of shareholders either from the shareholders themselves, from publicly accessible data sources, or via our registration office from banks which shareholders have entrusted with the custody of our shares ("custodian banks") or from the meeting minutes and the associated documentation.

If you are attending as a proxy for a shareholder, we will receive your personal data from the shareholder who issued you the proxy authorization and directly from you, insofar as your actions during the Annual General Meeting or your use of the AGM portal are concerned.

7. Data retention period

As a general rule, we anonymize or erase personal data in the event that it is no longer necessary for the purposes specified above and no statutory provisions on documentation or retention specify otherwise, e.g. under the German Stock Corporation Act (AktG - Aktiengesetz), the German Commercial Code (HGB- Handelsgesetzbuch), the German Fiscal Code (AO - Abgabenordnung) or other legal provisions. The standard retention period is three years. In the event that personal data is collected and processed for the purpose of documentation of resolutions adopted by the Annual General Meeting, the corresponding data will not be deleted because the company must be able to produce documentary evidence of adopted resolutions, including those adopted in the past, and audit these for compliance at any time. In this respect, the data in question is permanently archived for the purpose of fulfilling legal obligations or in the legitimate interest of the company. In all cases, we store data permanently only when this is necessary for the purposes specified.

Longer retention of data is possible in the event that this is required by law or we have a legitimate interest in the retention of personal data, such as in cases of judicial or extrajudicial disputes in connection with the Annual General Meeting. However, the data is subsequently deleted.

Page 5/6

8. Rights of data subjects

When the relevant statutory prerequisites are met, you may be entitled to the following rights:

The right to receive information on the data processing as well as a copy of the data processed (right of information, Art. 15 GDPR),
The right to request the rectification of incorrect data or the completion of incomplete data (right to rectification, Art. 16 GDPR),
The right to request the immediate erasure of personal data (right to erasure, Art. 17 GDPR),
The right to request the restriction of data processing (right to restriction of processing, Art. 18 GDPR),
The right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used and machine-readable format and to transmit this data to another data controller without hindrance from the data controller (right to data portability, Art. 20 GDPR), and
The right to withdraw consent to data processing (right to withdraw consent, Art. 7 GDPR).

In the event that we process your data in order to safeguard the legitimate interests of Fraport AG Frankfurt Airport Services Worldwide or a third party, you have the right to raise an objection to the processing of personal data concerning you for reasons specific to your situation at any time (right to object, Art. 21 GDPR). If you do so, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or in cases where the processing serves to establish, exercise or defend legal claims.

In the event that you believe that our processing of personal data concerning you is taking place in contravention of the GDPR, you have the right to assert this claim by means of a complaint to the responsible supervisory authority. Along with the other supervisory authorities specified in Art. 77 GDPR, responsibility is held particularly by the supervisory authority at the place of the suspected violation. In the German state of Hesse, the responsible supervisory authority is:

The Hesse Commissioner for Data Protection and Freedom of Information Postfach 31 63

65021 Wiesbaden, Germany

Gustav-Stresemann-Ring 1

65189 Wiesbaden, Germany Phone: +49 611/1408-0

E-mail: poststelle@datenschutz.hessen.de

Fraport AG Frankfurt Airport Services Worldwide

The Executive Board

Page 6/6

Attachments

Original Link
Original Document
Permalink

Disclaimer

Fraport AG published this content on 11 April 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 12 April 2024 13:27:40 UTC.

Market Closed - Xetra Other stock markets 11:35:59 2024-04-29 am EDT			After market 03:24:14 pm
47.5 ^EUR	+0.04%		47.68	+0.38%

Apr. 26	Pre-corona level far away - 13 percent more passengers in the 1st quarter	DP
Apr. 25	Dpa-AFX Overview: COMPANIES from 25.04.2024 - 15:15	DP

Pre-corona level far away - 13 percent more passengers in the 1st quarter	Apr. 26	DP
Dpa-AFX Overview: COMPANIES from 25.04.2024 - 15:15	Apr. 25	DP
Fraport expands cargo areas within Frankfurt Airport	Apr. 25	DP
FRAPORT AG : Buy rating from Warburg Research	Apr. 24	ZD
FRAPORT AG : JP Morgan remains Neutral	Apr. 15	ZD
FRAPORT AG : UBS gives a Neutral rating	Apr. 12	ZD
Dpa-AFX Overview: COMPANIES from 12.04.2024 - 15:15	Apr. 12	DP
FRAPORT AG : Jefferies reiterates its Sell rating	Apr. 12	ZD
Arbitrator's award for aviation security staff accepted	Apr. 09	DP
German employers, union agree in principle to end airport security strikes	Apr. 08	RE
Arbitration for aviation security staff begins	Apr. 05	DP
Arbitration for aviation security staff begins	Apr. 05	DP
FRAPORT AG : UBS remains Neutral	Apr. 04	ZD
Arbitration and negotiations - Wage negotiations in air transport continue	Apr. 03	DP
Control centers monitor more aircraft movements in German airspace	Apr. 03	DP
More flights at Frankfurt Airport this summer	Mar. 28	DP
FRAPORT AG : Deutsche Bank reiterates its Sell rating	Mar. 27	ZD
Arbitration for aviation security personnel agreed	Mar. 26	DP
Fewer passengers at German airports after strikes	Mar. 26	DP
FRAPORT AG : Receives a Buy rating from Barclays	Mar. 25	ZD
Verdi wants wage arbitration for aviation security personnel	Mar. 22	DP
Wage talks for aviation security personnel in extension	Mar. 22	DP
FRAPORT AG : JP Morgan sticks Neutral	Mar. 22	ZD
Struggle for wage compromise for aviation security personnel continues	Mar. 21	DP
FRAPORT AG : DZ Bank keeps its Buy rating	Mar. 20	ZD

	1st Jan change	Capi.
FRAPORT AG	-13.26%	4.68B
AIRPORTS OF THAILAND	+7.53%	24.69B
KØBENHAVNS LUFTHAVNE A/S	+3.88%	5.37B
FLUGHAFEN WIEN AG	-1.77%	4.48B
GRUPO AEROPORTUARIO DEL CENTRO NORTE, S.A.B. DE C.V.	+5.47%	4.26B
GUANGZHOU BAIYUN INTERNATIONAL AIRPORT COMPANY LIMITED	+7.67%	3.46B
JAPAN AIRPORT TERMINAL CO., LTD.	-9.81%	3.31B
ATHENS INTERNATIONAL AIRPORT S.A.	0.00%	2.67B
ENAV S.P.A.	+13.27%	2.25B
SHENZHEN AIRPORT CO., LTD.	+9.33%	2.01B

Fraport AG

Equities

FRA

DE0005773303

Airport Services

Fraport : Information on Data Protection with Regard to the AGM of Fraport AG (GDPR Privacy Notice)

Latest news about Fraport AG

Chart Fraport AG

Company Profile

Income Statement Evolution

Analysis / Opinion

Ratings for Fraport AG

Analysts' Consensus

EPS Revisions

Quarterly earnings - Rate of surprise

Sector Airport Operators