Allianz X GmbH (“Allianz X” or „we“ or „us“ or „our“) is the digital investment unit of the Allianz Group. Your privacy is important to us. Allianz X is considering a potential transaction or has signed and/or completed a transaction, in each case either directly or via a company of Allianz Group, with respect to the issuance and/or acquisition/sale of shares in a (potential) portfolio company in or of which you and/or any entity you are affiliated with, have been, currently are, or may become in the future, a shareholder and/or business partner. (“Transaction”). The terms “you” and “your” shall refer to you as a natural person, including in your capacity as e.g., a representative, signatory, (key) employee or director of the above entities you are affiliated with. This privacy notice explains how and what type of personal data may be collected, processed, and used in connection with the Transaction, why it is collected, with whom it is shared, and your rights in this regard. Please read and consider this notice carefully.

1. Who is the data controller?

A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. Allianz X is the data controller as defined by relevant data protection laws and regulations.

2. What personal data will be collected?

In connection with the Transaction, we as the data controller may collect personal data, including:

• Surname, first name, title;
• Role/capacity;
• Private and business email address,
• Business phone number;
• Business address;
• Passport/ID.

3. How will we use your personal data?

• Communication with you and with other (potential) parties of the Transaction and their respective representatives;
• Management of shareholder relationships;
• To fulfil contractual obligations;
• Negotiation, execution and implementation of agreements relating to the Transaction;
• Asset management and portfolio monitoring;
• For fraud/corruption prevention and detection;
• To comply with any legal obligations (e.g., anti-money laundering law, economic sanctions laws, tax, accounting and administrative obligations).

4. What is the data source?

For the purposes indicated above, we will process personal data which we receive about you from you, the business or entity you are affiliated with, as well as external advisors and other parties involved in the Transaction, either via emails, in writing, exchange of business cards, orally or from public sources (online research) in connection with the Transaction.

5. What is the legal basis of processing?

We will inform you where we require your consent to process your personal data. Otherwise, where no consent is required, we will process your personal data (i) for the performance of the contract you are subject to you or in order to take steps prior to entering into a contract or (ii) to meet our legitimate business interests (including establishing or maintaining business relationships, asset management and portfolio monitoring, fulfilling contractual obligations with the entity you are affiliated with, fraud prevention and detection) or (iii) where it is needed to comply with a legal obligation (e.g., anti-money laundering law, economic sanctions laws, tax, accounting and administrative obligations). Where we rely on legitimate interests, we consider that the processing of personal data is necessary for the purposes and that these outweigh any opposing interests and/or fundamental rights and freedoms you may have.

Allianz X respects applicable laws and regulations in its use of personal data.

6. Who will have access to personal data collected by us?

We will ensure that your personal data is processed in a manner that is compatible with the purposes specified above. For the specified purposes, your personal data may be disclosed to the following parties who operate as third party data controllers:

• Other Allianz Group companies;
• (Other) business partners;
• Third party service providers;
• Advisors.

For the stated purposes, we may also share your personal data with the following parties who operate as data processors under our instruction:

• Other Allianz Group companies;
• Service providers.

Finally, we may share your personal data in the following instances:

• With law enforcement agencies, government and regulatory bodies to meet applicable legal or regulatory obligations.

7. Where will collected personal data be processed?

Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.

Whenever we transfer your personal data for processing outside of the EEA by another Allianz Group company, we will do so on the basis of the binding corporate rules (BCRs) of Allianz which establish adequate protection for personal data and are legally binding on Allianz Group companies. The public version of the BCRs and the list of Allianz Group companies that comply with them can be accessed here.

Where the BCRs do not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (for example, Standard Contractual Clauses) by contacting us as detailed below.

8. What are your rights in respect of your personal data?

Please note that you are under no general obligation to provide your personal data to us, except where applicable law requires you to do so. However, processing your personal data will be necessary for the performance of the existing or potential business relationship between you or the entity you are affiliated with and us. Where permitted by applicable law or regulation, you have the right to:

• Access your personal data held about you and to learn the origin of the data, the purposes and means of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
• Withdraw your consent at any time where your personal data is processed with your consent;
• Update and correct your personal data so that it is accurate;
• Delete your personal data from our records if it is no longer needed for the purposes indicated above;
• Restrict the processing of your personal data in certain circumstances, e.g., where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
• Obtain your personal data in an electronic format;
• File a complaint with us and/or the relevant data protection authority,; and
• Object to us processing your personal data, or tell us to stop processing.

9. What security measures have we implemented to protect your information collected through us?

Allianz X has implemented reasonable technical and organizational security measures to protect your personal data collected by Allianz X against unauthorized access, misuse, loss or destruction, including but not limited to multi-factor authentication for log-in to systems, defined access rights, information classification and an incident management process.

10. How do we treat electronic messages sent to and from Allianz X?

All electronic messages sent to and from Allianz X are protected by reasonable technical and organizational measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g., court order, suspicion of criminal conduct, violation of regulatory obligations) and in such cases made available to specific persons in defined functions (e.g., Legal, Compliance, Risk). Every step of the process, as well as the search criteria used, are logged in an audit trail. All emails are disposed of after the applicable retention period has expired.

11. How long is personal data retained for?

We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it was obtained. Longer retention periods may be applicable if required by applicable laws and regulations.

12. How can you contact us?

If you have any queries about how we use your personal data, you can contact us by post or email via the details specified below:

Allianz X GmbH
Data Privacy Officer
Leopoldstr. 28 A
80802 Munich
Germany
Email: azxprivacy@allianz.com

13. How often is this notice updated?

We regularly review this privacy notice. This privacy notice was last updated on April 21^st 2023.