Shareholder Privacy Notice

RGA is a group of companies that operate globally focusing primarily on life- and health-related reinsurance solutions, such as life reinsurance, living benefits reinsurance, group reinsurance, and health reinsurance.

The headquarters of Reinsurance Group of America, Incorporated is located in St. Louis, Missouri, United States of America.

RGA International Reinsurance Company dac located in Dublin, Ireland is our representative in the European Economic Area (‘EEA’).

Other RGA group entities operate and provide products and services all over the world. A full list of all RGA entities is available at https://rgare.com/global-presence/. 

Reinsurance Group of America, Incorporated is the controller responsible for the personal information we collect and process. Other RGA entities may also be controllers in respect of your personal information, depending on their involvement in shareholder-related matters.

This privacy notice is designed to provide compliance with relevant laws in countries where RGA entities operate.

RGA handles personal information in accordance with multiple local privacy laws at the place where the personal information is collected and processed. If applicable laws provide for a lower level of protection of personal information than that established by this privacy notice, then this privacy notice shall prevail.

Personal information means information, or a combination of pieces of information, that could reasonably allow an individual to be identified.

 We obtain your personal information from the following sources:

• Directly from you
• Through our agency, stockbroker or share plan administrator
• From our registrar, Computershare

We process the following types of personal information about you:

• Personal details: your name
• Contact information: your address, telephone numbers, and email address
• Shareholder records: number and details of shares held, share purchases and disposals, dividend entitlements and payments, your votes
• Voice and/or image recorded at shareholder meetings
• Correspondence information: your inquiries, complaints, and other communications with you

We do not collect or process any special categories of personal information (sometimes referred to as "sensitive personal information”) of our shareholders.  

We use your personal information (with the support of our registrar, Computershare): 

• to manage your shareholding interest in RGA and keep our shareholder register up to date;
• to ensure suspicious fraud-related activities are prevented and detected; 
• to allow you to exercise your rights as a shareholder;
• to make dividend payments;
• to contact you with shareholder-related information, including our shareholder newsletter and important information about dividend distributions, shareholder resolutions, reports, and meetings, including details of our Annual Meeting; 
• to manage and facilitate shareholder meetings;
• to respond to your queries; 
• to provide information to Computershare, our registrar, so they can manage your shareholding on our behalf;
• to fulfill our reporting obligations to regulators, tax officials, and law enforcement.

We do not use profiling or automated decision-making for the purposes outlined in this privacy notice.

We are committed to processing your personal information fairly and lawfully and only to the extent necessary to achieve the purposes listed above.

We must have a legal basis to process your personal information. In most cases, our ability to obtain and process your personal information is based on the following legal bases: Processing is necessary to fulfill our contract with you as a shareholder, in particular, where we manage your shareholder rights and pay dividends.

Depending on relevant circumstances, we may share your personal information with the following parties: 

• Computershare, our registrar, who manages our share register; 
• Other members of the RGA group of entities, as necessary to operate our business; 
• Solicitors and professional service firms who provide us with legal support in relation to our services, any litigation or prevention, and detection of fraud; 
• Service providers who help to operate our IT and back office systems; 
• Our regulators or government bodies regulate how we operate where we have to comply with a legal obligation to share your personal information.  

In addition to the above, we may share your personal information: 

• if the law requires or permits disclosure, or there is a duty to the public to share or disclose your personal information e.g. for the purpose of verifying shareholdings or contacting shareholders about matters relating to the company, their shareholding, or a related exercise of rights; 
• with any third party at your request or with your consent; 
• with any individual or company to whom we propose to transfer our obligations and rights in relation to the administration of our share register; and 
• with any other person that requires access to or receipt of your personal information in connection with or as a result of any agreement, we may have with or concerning you, or our arrangements with you. 

You have certain rights regarding your personal information, subject to local laws and circumstances relating to the processing of your personal information. Your rights include the right to:

• access your personal information and details relating to the processing of your personal information;
  rectify the information we hold about you;
• erase your personal information;
• restrict our use of your personal information;
• object to our use of your personal information;
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
• lodge a complaint with your local data protection authority.
• You can contact us directly to discuss or exercise your rights via our online contact form, or by using the contact details provided in the section ‘Contact Us’ below.

We are committed to working with you to obtain a fair resolution of any request, complaint, or concern about privacy. If, however, you believe that we have not been able to assist with your request, complaint, or concern, you have the right to make a complaint to your local supervisory authority (i.e., the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred. Contact details of supervisory authorities are available at the following link:
rgare.com/our-company/environmental-social-and-governance-(esg)/policies-and-governance-center/policy-and-rights/supervisory-authorities-contacts

We implement technical and organizational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the ongoing availability, integrity, and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will only keep your personal information for as long as we are reasonably required for the purposes explained in this privacy notice. 

More specifically, in line with our data retention schedule, we keep your personal information while you are a shareholder of RGA. If you cease to hold RGA shares, your information will be kept for a period of 7 years following the last update to your records on the shareholder register, or for as long as is necessary to resolve any outstanding matters relating to your shareholding or to meet legal, regulatory tax or accounting requirements. 

If you would like to know more about the retention of your personal information, please contact us at the details contained in the "Contact us" section below.

We securely destroy personal information when its retention period has expired. 

Because we operate as a global business, your personal information may be transferred to, stored, and processed by RGA entities in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for personal information under the European Union or your local law. Therefore, RGA has adopted Binding Corporate Rules (‘BCRs’) to enable us to make international transfers of your personal information within our group of companies in compliance with data protection laws of the European Union and other relevant countries. Summaries of our BCRs are available at  Binding Corporate Rules.

If we need to transfer your personal information to service providers or other parties located outside the EEA or other relevant countries, we will make sure that adequate safeguards are in place with those parties. We typically put in place contractual commitments in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.

For all other postal addresses, please see rgare.com

If you would like to exercise a data subject right, you may use our online contact form.

RGA’s Data Protection Officer for the EMEA region is Dean Scotson. Should you have any questions or concerns for our DPO regarding the way in which your personal information has been used, please contact him via email at dpo@rgare.com.

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. If we make a significant change to this privacy notice, we will post a notice about this on our website, and we may ask the insurance companies we work with to notify you on our behalf.