SÜSS MicroTec : Information regarding data protection for shareholders and shareholder representatives

Shareholders' Meeting of SÜSS MicroTec SE on June 11, 2024

Information on data protection for shareholders and shareholder representatives

SUSS MicroTec SE, as the "controller" within the meaning of Art. 4 no. 7 of the General Data Protection Regulation (GDPR), SUSS MicroTec SE processes personal data of shareholders and any shareholder representatives (in particular name, address, date of birth, e-mail ad- dress, number of shares, class of shares, type of ownership of the shares, number of the admission ticket and the granting of any proxies) for the purpose of preparing and holding its Shareholders' Meeting, The Company collects the data of the shareholders and any shareholder representatives (in particular name, address, date of birth, e-mail address, number of shares, type of share, type of ownership of the shares, admission ticket number, share number and the granting of any voting proxies) on the basis of the data protection regulations applicable in Germany in order to enable the shareholders and shareholder representatives to exercise their rights in connection with and within the framework of the Shareholders' Meeting and to ensure that the negotiations and resolutions of the Shareholders' Meeting are conducted lawfully and in accordance with the Articles of Association. If SUSS MicroTec SE does not receive this data from the shareholders and/or any shareholder representatives, the custodian bank or another intermediary will transmit this personal data to SUSS MicroTec SE.

If shareholders or shareholder representatives contact us, we also process in particular the personal data required to respond to any concerns (such as the contact details provided by the shareholder or shareholder representative, e.g. email address or telephone number). If necessary, the company also processes information on motions, questions, election proposals and requests from shareholders or shareholder representatives in relation to the Annual General Meeting and voting behavior.

Responsibility, purpose and legal basis

The company is the controller for data processing within the meaning of Art. 4 No. 7 GDPR. The purpose of the processing of personal data is to enable shareholders and shareholder representatives to participate in the Annual General Meeting and to exercise their rights before and during the Annual General Meeting; the processing of the personal data of shareholders and any shareholder representatives is mandatory for their participation in the Annual General Meeting. The legal basis for the processing is Art. 6 para. 1 subpara. 1 letter c GDPR in conjunction with §§ Sections 67, 123, 129, 135 AktG.

Recipients

Within SUSS MicroTec SE, access to personal data of shareholders and shareholder representatives is only granted to those persons and offices to the extent necessary to fulfill the aforementioned purposes. For the purpose of organizing the Shareholders' Meeting, SUSS MicroTec SE commissions various service providers and consultants. These only receive such personal data as is necessary for the execution of the respective order. The service providers and consultants process this data exclusively in accordance with the instructions of SUSS MicroTec SE. In addition, personal data is made available to shareholders and any shareholder representatives within the scope of the statutory provisions.

- 2 -

shareholders and any shareholder representatives (e.g., inspection of the list of participants, see Section 129 (4) AktG).

Storage period

Personal data is stored for as long as this is required by law (e.g. two-year inspection period for the list of participants in accordance with Section 129 para. 4 sentence 2 AktG or three- year retention period for the proxy declarations to the proxy appointed by the company in accordance with Section 134 para. 3 sentence 5 AktG) or the company has a legitimate interest in storing the data, for example in the event of judicial or extrajudicial disputes arising from the Annual General Meeting. The personal data will then be deleted.

Rights of data subjects

If the legal requirements are met, shareholders and any shareholder representatives may be entitled to the following rights:

• the right to obtain information about the data processing and a copy of the processed

data (right of access, Art. 15 GDPR)

- the right to request the rectification of inaccurate data or the completion of incomplete data (right to rectification, Art. 16 GDPR)

• the right to request the erasure of personal data without undue delay (right to erasure,

Art. 17 GDPR)

• the right to request the restriction of data processing (right to restriction of processing, Art. 18 GDPR)
• the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and to trans- mit those data to another controller without hindrance from the controller (right to data portability, Art. 20 GDPR)
• the right to withdraw consent to data processing (right to withdraw consent, Art. 7 GDPR), and
• the right to object to data processing (right to object, Art. 21 GDPR).

Shareholders and any shareholder representatives can assert these rights using the following contact details of SÜSS MicroTec SE:

SÜSS MicroTec SE

Investor Relations Schleißheimer Straße 90 85748 Garching

E-mail address: ir@suss.com

- 3 -

In addition, shareholders and any shareholder representatives have the right to lodge a complaint with the data protection supervisory authorities in accordance with Art. 77 GDPR. The company data protection officer of SUSS Micro-Tec SE can be contacted as follows

Dr. Sebastian Kraska

IITR GmbH

Marienplatz 2

80331 Munich

Phone: +49 89 189 173 60

E-mail:email@iitr.de

Garching, April 2024

SÜSS MicroTec SE

The Management Board