Spark : Data protection notices

Data protection information for shareholders of Spark Networks SE

We are writing to inform you about the collecting and processing of your personal data by Spark Networks SE, Munich (the "Company"), and the rights granted to you according to data protection law, especially the General Data Protection Regulation (Datenschutz-Grundverordnung).

Who is responsible for personal data processing?

Spark Networks SE Kohlfurter Straße 41/43 10999 Berlin legal@spark.net

Purposes and legal bases of the processing of your personal data and the sources of this data:

The protection of your personal data is important to us. We process your personal data exclusively in compliance with the applicable legal regulations, in particular, the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), the German Stock Corporation Act (Aktiengesetz - AktG) and all other relevant legal provisions.

Spark Networks SE shares are registered shares. In the case of registered shares, section 67 AktG requires that information be entered in the share register of the Company, stating the name, date of birth and the address of the shareholder, as well as the number of shares or the share number; and in the case of par-value shares, the amount. Each shareholder is generally obligated to provide the Company with this information.

Furthermore, we process personal data that you provide to us when you register for a shareholders' meeting, or vote via postal vote, or order entrance tickets and/or grant power of attorney.

We use your personal data for the purposes set out in the German Stock Corporation Act. These purposes are, in particular, the management of the share register, communicating with you as a shareholder, and various processes when conducting the shareholders' meetings (registration for the shareholders' meeting, documentation of the right to participate and compiling the attendance list). The legal basis for processing your personal data is the German Stock Corporation Act in conjunction with article 6 (1) (c) GDPR.

In addition, we may also process your personal data to fulfil other legal obligations; for example, regulatory requirements, as well as stock, commercial and tax legislation retention requirements. In order to comply with the regulations of the German Stock Corporation Act, for example, when authorising the proxies nominated by the Company for the shareholders' meetings, we must keep a verifiable record of such data, which serves as proof of proxy. We must also keep such data access-protected for three years (section 134 (3) sentence 5 AktG). The legal basis for the processing in this case is the respective statutory regulations in conjunction with article 6 (1) (c) GDPR.

Furthermore, we only use your data where you have given consent, which can be withdrawn at any time (for example, to use electronic means of communication), or if processing is necessary for the purposes of the legitimate interests pursued by the Company (in particular, to create statistics, for example, to portray shareholder development, the number of transactions, and an overview of the largest shareholders). The legal basis for processing your personal data is, in these cases, article 6 (1) (a) and (f) GDPR. If we intend to process your personal data for a purpose not mentioned above, we will inform you in advance within the scope of the legal provisions.

Categories of recipients of your personal data:

EU-385941

We make use of professional services of so-called contract processors. These are natural or legal persons, authorities, institutions or other bodies that process personal data on our behalf as responsible parties. Since the selection of our processors may change on a regular basis, we have provided the following overview of the categories of potential recipients. If you would like to receive a complete list of our processors at the time of processing your personal data, please reach out to our Data Protection Officer via the below contact infor- mation.

• External service providers: We use a number of external service providers for the administration and technical management of the share register as well as the handling of shareholders' meetings (for example, a share register service company, IT service providers, and AGM service providers). Our external service providers process your personal data exclusively on our behalf and according to our instructions and are contractually bound by applicable data protection law in accordance with article 28 (3) GDPR.
• Other recipients: In addition, we may transfer your personal information to other recipients, such as public authorities, to comply with our legal reporting obligations (for example, if you exceed statutory voting thresholds).

Retention periods:

We will delete your personal data as soon as it is no longer necessary for the above purposes. We may retain personal data for sufficient time to enable us to defend us against claims made against our Company (legal limitation period of three to thirty years). In addition, we store your personal data as far as we are legally obligated to do so. Corresponding proof obligations and retention obligations arise, among other things, from the German Commercial Code ("Handelsgesetzbuch,"),tax code ("Abgabenordnung")and Money Laundering Act ("Geldwäschegesetz").."These regulations require storage periods of up to ten years.

Transfer of personal data to non-European countries:

Should we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the location has been confirmed by the EU Commission to have an adequate level of data protection or other appropriate data protection safeguards (e.g. binding internal data protection regulations or agreement to standard (data protection) contractual clauses of the European Commission). Currently, we transfer personal data to a processor in the USA. You can request detailed information on the level of data protection at our service provider and the appropriate data protection safeguards implemented from the contact information detailed above.

Your rights as a data subject:

You have the right to request information about the data stored about you. Additionally, under certain circum- stances, you may request a correction or the deletion of your data, as well as the restriction of the processing of your data. You also have the right (under certain circumstances) to object to the processing of your data, or to require that certain of your personal data be transferred to you or a third party. You may revoke your consent to the processing of your data at any time. To exercise these rights, please contact us at the above-mentioned address.

Data protection officer of Spark Networks SE:

Frank Trautwein

Fresh Compliance GmbH

Fürbringerstraße 15

10961 Berlin

info@freshcompliance.de

EU-276713 v1

You have the right to contact a supervisory authority about the processing of your data by our Company. The responsible data protection supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit Friedrichstrasse 219

10969 Berlin

E-Mail:mailbox@datenschutz-berlin.de

EU-385941