We care about your personal data.

Allianz X GmbH (“Allianz X” or „we“ or „us“ or „our“) is the digital investments arm of the Allianz Group. Your privacy is important to us. Allianz X is considering a possible business transaction/investment or business relationship, either directly or via a company of Allianz Group, with another entity or business you are affiliated with, e.g., as a key employee or as a representative of that entity (“Transaction”). This privacy notice explains how and what type of personal data may be collected, processed, and used during and following the anticipated Transaction, why it is collected, with whom it is shared, and your rights in this regard. Please read and consider this notice carefully.

1. Who is the data controller?

A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. Allianz X is the data controller as defined by relevant data protection laws and regulations.

2. What personal data will be collected?

In connection with the Transaction, we as the data controller may receive personal data, including:

• Surname, first name, title;
• Role/capacity;
• Private and business email address,
• Business phone number;
• Business address;
• Business activities;
• Education, (prior) professional activities as well as further customary information from your professional curriculum vitae

In the course of our due diligence exercise which we may carry out in relation to the Transaction, and, upon successful completion of the Transaction, as well as in connection with our investment and portfolio management activities, we may, in addition to the personal data mentioned above, also collect and process the following personal data:

• Managing director service agreements;
• Employment agreements;
• Remuneration and benefits;
• Passport/ID;
• Employee retention and incentive schemes;
• Individual performance data.

3. How will we use your personal data?

Allianz X will use your personal data for the following purposes in the context of sourcing of investment opportunities:

• Investment origination & identification;
• To establish or maintain business relationships;
• For fraud prevention and detection;
• Evaluating and making an investment decision.

We will use your personal data for the following purposes in cases where we proceed with a due diligence review relating to the Transaction:

• Activities in connection with customary due diligence exercises relating to the Transaction;
• To comply with any legal obligations (e.g., tax, accounting and administrative obligations).

In addition, if we decide to proceed with the Transaction we may use your personal data for the following purposes:

• Facilitating the implementation and/or consummation of the Transaction;
• Identifying mutually beneficial business opportunities between Allianz Group, the business or entity you are affiliated with and potential third party multiplicators.

If we have successfully closed a Transaction with the business or entity you are affiliated with, Allianz X may use your personal data in the context of its and Allianz Group’s investment monitoring and integration, in particular for the following purposes:

• Post-merger integration into Allianz Group to the extent applicable to the Transaction;
• Governance and controlling;
• Performance measuring and benchmarking;
• Identifying mutually beneficial business opportunities between Allianz Group, the business or entity you are affiliated with and potential third party multiplicators;
• General business development activities involving the business or entity you are affiliated with.

4. What is the data source?

For the purposes indicated above, we will process personal data which we receive about you from you, the business or entity you are affiliated with, as well as external advisors and other third parties involved in the Transaction, either via virtual data rooms set up for purposes of the Transaction, emails, business cards, pitch decks, orally or from public sources (online research) in expectation of a Transaction.

5. What is the legal basis of processing?

We will inform you where we require your consent to process your personal data. Otherwise, where no consent is required, we will process your personal data to meet our legitimate business interests (including establishing or maintaining business relationships, conducting due diligence reviews and monitoring of investments) or where it is needed to comply with a legal obligation.

Allianz X respects applicable laws and regulations in its use of personal data.

6. Who will have access to personal data collected by us?

We will ensure that your personal data is processed in a manner that is compatible with the purposes specified above. For the specified purposes, your personal data may be disclosed to the following parties who operate as third party data controllers:

• Other Allianz Group companies, including but not limited to Allianz SE and Allianz Strategic Investments S.à r.l.;
• Business partners
• Legal and investment advisors.

For the stated purposes, we may also share your personal data with the following parties who operate as data processors under our instruction:

• Other Allianz Group companies;
• Service providers.

Finally, we may share your personal data in the following instances:

• With law enforcement agencies, government and regulatory bodies to meet applicable legal or regulatory obligations.

7. Where will collected personal data be processed?

Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.

Whenever we transfer your personal data for processing outside of the EEA by another Allianz Group company, we will do so on the basis of the binding corporate rules (BCRs) of Allianz known as the Allianz Privacy Standard (APS) which establish adequate protection for personal data and are legally binding on Allianz Group companies. The public version of the APS and the list of Allianz Group companies that comply with them can be accessed via the links provided at the bottom of this privacy notice.

Where the Allianz Privacy Standard does not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (for example, Standard Contractual Clauses where an adequacy decision by the European Commission does not exist) by contacting us as detailed below.

8. What are your rights in respect of your personal data?

Where permitted by applicable law or regulation, you have the right to:

• Access your personal data held about you and to learn the origin of the data, the purposes and means of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
• Withdraw your consent at any time where your personal data is processed with your consent;
• Update and correct your personal data so that it is accurate;
• Delete your personal data from our records if it is no longer needed for the purposes indicated above;
• Restrict the processing of your personal data in certain circumstances, e.g., where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
• Obtain your personal data in an electronic format;
• File a complaint with us and/or the competent EEA data protection lead supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement; and
• Object to us processing your personal data, or tell us to stop processing.

9. What security measures have we implemented to protect your information collected through us?

Allianz X has implemented reasonable technical and organizational security measures to protect your personal data collected by Allianz X against unauthorized access, misuse, loss or destruction, including but not limited to multi-factor authentication for log-in to systems, defined access rights, trainings, information classification and an incident management process.

10. How do we treat electronic messages sent to and from Allianz X?

All electronic messages sent to and from Allianz X are protected by reasonable technical and organizational measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g. court order, suspicion of criminal conduct, violation of regulatory obligations) to specific persons in defined functions (e.g. Legal, Compliance, Risk). Every step of the process, as well as the search criteria used, are logged in an audit trail. All emails are disposed of after the applicable retention period has expired.

11. How long is personal data retained for?

We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it was obtained.

12. How can you contact us?

If you have any queries about how we use your personal data, you can contact us by post or email via the details specified below:

Allianz X GmbH
Data Privacy Officer
Leopoldstr. 28 A
80802 Munich
Germany

Email: azxprivacy@allianz.com

13. How often is this notice updated?

We regularly review this privacy notice. This privacy notice was last updated on February 23, 2022.

Privacy Standard

The Allianz Privacy Standard constitutes Allianz’ Binding Corporate Rules (BCRs) and provides you with information on the rules governing the international transfer of personal data between Allianz Group companies operating in the European Economic Area (EEA) and Allianz Group companies outside that area.

The Allianz Privacy Standard also describes your rights in respect of such transfers, what to do if you want to exercise your rights or complain about such transfers, and how to contact us.

Allianz Privacy Standard

APS Companies

Allianz Group companies are required to implement the Allianz Privacy Standard. An up-to-date list of Allianz Group companies who have committed to comply with the Allianz Privacy Standard is available here:

APS Companies as of October 25, 2022