We care about your personal data.

Allianz X GmbH (“Allianz X” or „we“ or „us“ or „our“) is the digital investment unit of the Allianz Group. Your privacy is important to us. This privacy notice explains how and what type of personal data may be collected, processed, and used during and following your involvement with us, why it is collected, with whom it is shared, and your rights in this regard. Please read and consider this notice carefully.

1. Who is the data controller?

A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. Allianz X is the data controller as defined by relevant data protection laws and regulations.

2. What personal data will be collected?

In the context of the (potential) business relationship with you or with the entity or business you are affiliated with, e.g., as an employee of the respective entity or if you contact us for any reason we may collect and process the following personal data of representatives of business contacts and anyone contacting us:

• Surname, first name, title;
• Role/capacity;
• Business email address,
• Business phone number;
• Business address;
• Business bank account details.

3. How will we use your personal data?

Allianz X will use your personal data for the following purposes:

• Communication with business contacts or others that contact us;
• Establishing and maintaining business relationships;
• Negotiating and finalizing contracts;
• Fulfilling contractual obligations;
• To organize events and sponsorships;
• Sending press releases (only if you are affiliated with a media agency);
• For fraud/corruption prevention and detection;
• To comply with any legal obligations (e.g., tax, accounting and economic sanctions).

4. What is the data source?

For the purposes indicated above, we will process personal data which we receive about you from you, the business or entity you are affiliated with either via emails, business cards, orally or from public sources (online research).

5. What is the legal basis of processing?

We will inform you where we require your consent to process your personal data. Otherwise, where no consent is required, we will process your personal data (i) for the performance of the contract we entered into with you or in order to take steps prior to entering into a contract with you or (ii) to meet our legitimate business interests (including establishing or maintaining business relationships, fulfilling our contractual obligations with the entity that you represent, fraud prevention and detection) or (iii) where it is needed to comply with a legal obligation (e.g., tax, accounting and economic sanctions laws). Where we rely on legitimate interests, we consider that the processing of personal data is necessary for the purposes and that these outweigh any opposing interests and/or fundamental rights and freedoms you may have.

Allianz X respects applicable laws and regulations in its use of personal data.

6. Who will have access to personal data collected by us?

We will ensure that your personal data is processed in a manner that is compatible with the purposes specified above. For the specified purposes, your personal data may be disclosed to the following parties who operate as third party data controllers:

• Other Allianz Group companies;
• Business partners;
• Third party service providers;
• Advisors.

For the stated purposes, we may also share your personal data with the following parties who operate as data processors under our instruction:

• Other Allianz Group companies;
• Service providers.

Finally, we may share your personal data in the following instances:

• With law enforcement agencies, government and regulatory bodies to meet applicable legal or regulatory obligations.

7. Where will collected personal data be processed?

Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.

Whenever we transfer your personal data for processing outside of the EEA by another Allianz Group company, we will do so on the basis of the binding corporate rules (BCRs) of Allianz which establish adequate protection for personal data and are legally binding on Allianz Group companies. The public version of the BCRs and the list of Allianz Group companies that comply with them can be accessed here.

Where the BCRs do not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (for example, Standard Contractual Clauses) by contacting us as detailed below.

8. What are your rights in respect of your personal data?

Please note that you are under no general obligation to provide your personal data to us, except where applicable law requires you to do so. However, processing your personal data will be necessary for the performance of the existing or potential business relationship between you or the entity you are affiliated with and us. Where permitted by applicable law or regulation, you have the right to:

• Access your personal data held about you and to learn the origin of the data, the purposes and means of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
• Withdraw your consent at any time where your personal data is processed with your consent;
• Update and correct your personal data so that it is accurate;
• Delete your personal data from our records if it is no longer needed for the purposes indicated above;
• Restrict the processing of your personal data in certain circumstances, e.g., where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
• Obtain your personal data in an electronic format;
• File a complaint with us and/or the relevant data protection authority; and
• Object to us processing your personal data, or tell us to stop processing.

9. What security measures have we implemented to protect your information collected through us?

Allianz X has implemented reasonable technical and organizational security measures to protect your personal data collected by Allianz X against unauthorized access, misuse, loss or destruction, including but not limited to multi-factor authentication for log-in to systems, defined access rights, information classification and an incident management process.

10. How do we treat electronic messages sent to and from Allianz X?

All electronic messages sent to and from Allianz X are protected by reasonable technical and organizational measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g., court order, suspicion of criminal conduct, violation of regulatory obligations) and in such cases made available to specific persons in defined functions (e.g., Legal, Compliance, Risk). Every step of the process, as well as the search criteria used, are logged in an audit trail. All emails are disposed of after the applicable retention period has expired.

11. How long is personal data retained for?

We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it was obtained. Longer retention periods may be applicable if required by applicable laws and regulations.

12. How can you contact us?

If you have any queries about how we use your personal data, you can contact us by post or email via the details specified below:

Allianz X GmbH
Data Privacy Officer
Leopoldstr. 28 A
80802 Munich
Germany
Email: azxprivacy@allianz.com

13. How often is this notice updated?

We regularly review this privacy notice. This privacy notice was last updated on April 21^st 2023.