Privacy Notice

This privacy notice ("Notice") is issued by All Interests Aligned AG ("Company" or "we, us, our") and is addressed to those individuals (“you” or “your”) whose Personal Data, as Data Subjects, we Process as part of our business operations. Other capitalised terms used in this Notice have the meanings defined in Appendix 1.

We are committed to protecting the privacy and security of your Personal Data. This Notice describes how we collect and use Personal Data for each of the audiences listed in section 2 below and sets out how we Process such Personal Data in accordance with Data Privacy Laws.

Please note that we and our affiliate companies may issue other privacy notices which relate to our Processing of Personal Data in specific situations – please refer to the relevant notice as issued to you from time to time.

This Notice contains the following information:

‍

1. About us;

2. Audience Details;

3. How We Process Your Personal Data;

4. Special Categories of Personal Data;

5. Sharing your Personal Data;

6. International Data Transfers;

7. Protecting your Personal Data;

8. Your rights in connection with the Personal Data we collect;

9. How long we hold your Personal Data for;

10. How we update or change this Notice; and

11. How you can contact us.

Appendix 1 – Definitions

‍

1. ABOUT US

This Notice is given by the Company on behalf of itself and its affiliate companies. We act as the Data Controller for certain Personal Data collected in relation to your Application.

Our registered office is at All Interests Aligned AG c/o BDO AG, Marktgasse 4, CH-6460 Altdorf (UR).

We can be contacted by post at this address or by email at privacy@all-interests-aligned.com.

‍

2. AUDIENCE DETAILS

This Notice relates to a range of data Processing activities undertaken by the Company. To help you navigate this Notice we have extracted the key information applicable to you depending on the nature of your relationship with us. Please see the relevant section below to access the relevant summary – other details of our Processing are set out in the rest of the Notice.

Please note that if you are an Operating Partner for, or an investor in, an entity purchased as part of the MBI Program, a separate privacy notice will be issued by the relevant entity regarding the additional Processing undertaken by that entity.

‍

2.1. Applicants for employment by AIA or to AIA's MBI Program

(A) Please note: This section applies to an application to either (i) become an employee of the Company or (ii) join the MBI Program operated by Company and its affiliates ("Application"). If your Application is unsuccessful, we will retain your Personal Data for a period of six (6) months. Where permitted by Data Privacy Laws, we may Process information relating to criminal convictions as part of our background screening for successful applicants. We will only Process the minimum information required to perform such screening and will delete this information as soon as it is no longer required.

(B) Sources of Information: We primarily obtain information directly from you, for example where you submit information to us as part of your Application. We may also obtain information from third parties such as such as your employment or educational referees, or from background check providers. This information may, in principle, include any of the categories of Personal Data mentioned in the second column above.

(C) Sharing your Information. We may share your information as set out in section 5 below. If we elect to contact your referees and/or previous employers directly, we will share information with them to the extent necessary to confirm the details provided in your CV. If your Application is successful, you may be offered the opportunity to enter into an employment or consultancy contract with an affiliate of the Company, which will usually be an entity specific to your involvement with the MBI Program ("SPV"). Information you have provided to Company will be shared with the applicable SPV on a controller-to-controller basis in order to allow your Application to progress. A further privacy notice will be issued at that time confirming the identity of the relevant SPV and the Processing undertaken.

(D) Personal Data Processed: We will undertake the following Processing activities in relation to your Application:

I. Communicating with you prior to or as part of your Application

Categories of Personal Data Collected

· Full name, postal address, personal and professional email address and phone number (together "Contact Details")

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of our Legitimate Interest in recruiting suitable candidates for our roles or where the Processing is necessary to perform a contract or to take steps at your request, before entering a contract.

II. Assessing your Application, including your suitability for the role

Categories of Personal Data Collected

· Your Contact Details, work and professional details inc. CV, employment history (including company name, work position, function and location) and education history (dates and location of institution, qualification details).

· Information provided in response to questionnaires and other forms submitted as part of the assessment Process.

Lawful Basis of Processing (where required by Data Privacy Laws)

III. Conducting background checks in relation to successful Applications

Categories of Personal Data Collected

· Prior addresses, additional employment details such as proof of employment, any relevant references.

· Date of birth, passport, driving license, visa/work permit, or other forms of personal identification to confirm your right to work and reside in relevant jurisdictions.

· Additional information where required or permitted by applicable laws, including account details, copies of utility bills, payslips and bank account statements.

Lawful Basis of Processing (where required by Data Privacy Laws)

IV. Our internal business purposes and regulatory requirements

Categories of Personal Data Collected

· Your Contact details, your Application details and any other information that might be necessary for compliance with our regulatory and legal obligations and/or for our record keeping generally.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of our Legitimate Interest in operating our business and complying with applicable accounting and regulatory requirements, or as specifically required by applicable laws.

2.2. AIA Employees

(A) Please Note:

· This Notice does not form part of your contract or of employment or engagement and may be amended in accordance with section 10 below (subject to applicable law).

· This Notice supplements other Company policies and procedures which may provide additional information regarding our Processing of your Personal Data, including but not limited to any Company employee handbook or other internal policies issued by the Company from time to time. We may also provide Company staff with additional notices about our information practices that relate to specific situations.

· To the extent permitted by applicable laws, the Company may monitor its offices and any use of our technology and communications systems and network, for security purposes and for the purposes of monitoring compliance with our policies and standards. Such monitoring may consist of screening all incoming and outgoing email, phone calls, voicemails, website activity, internet traffic, systems accessed or other information Processed on technology assets.

· To the extent relevant for and permitted by applicable laws, we may collect and Process a limited amount of Personal Data which, in your jurisdiction, may fall into special categories of Personal Data, sometimes called “Sensitive Personal Data” (or similar). This term may vary by jurisdiction but it generally means information relating to: racial or ethnic origin; political opinions; religious or philosophical beliefs; physical or mental health (including details of accommodations or adjustments); trade union membership; sex life or sexual orientation; biometric and genetic data; and criminal records and information regarding criminal offences or proceedings; in Switzerland, it also includes data on administrative or criminal proceedings and sanctions, data on social security measures and data on the intimate sphere. Where we Process Sensitive Personal Data we do so only where the Processing is necessary for the purposes of:

o carrying out the obligations and exercising the rights of you or the Company in the field of employment law, social security and social protection law, to the extent permitted by applicable laws; for example where required to record racial or ethnic origin or sexual orientation to comply with equality and diversity requirements of applicable local legislation, or for the assessment of your working capacity, medical diagnosis, making reasonable accommodations or adjustments to the extent permitted by applicable laws; and

o the Processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency).

(B) Sources of Information: We primarily obtain information directly from you, for example where you submit or update Personal Data for your HR files. We may also obtain information: (i) from monitoring devices or by other means (for example, building and location access control and monitoring systems, telephone logs and recordings, instant message logs, email and network logs if and to the extent relevant for and permitted by applicable laws; and (ii) from recruiters and recruiting platforms; publicly available information and sources; our Service Providers, representatives, and agents; and other third parties (for example references from a previous employer, medical reports from external professionals, information from tax authorities, information from benefit providers or information from a third party that we use to carry out a background check (where permitted by applicable law)).

(C) Sharing your Information: We may share your information as set out in section 5 below. In addition, we may disclose Personal Data when it is necessary to perform activities related to Company's relationship to you as an employer, including as needed to deliver benefits provided by third parties.

(D) Personal Data Processed: We will undertake the following Processing activities in relation to your employment with AIA:

I. Initial hiring formalities and onboarding

· To complete necessary paperwork, enrol you in our payroll system, and set up your personnel file.

Categories of Personal Data Collected

· Personal Details – such as name, gender, marital status, job title, address, email address and other home contact details (e.g. personal telephone or mobile number), date of birth, age, social security number and/or national ID number, immigration and eligibility to work information, driver’s license number, and other government identifiers, unique personal identifier, online identifier, bank account information for payroll, compensation, and bonus purposes.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data primarily where necessary for the performance of your employment contract, or otherwise on the basis of our Legitimate Interest in operating our business and complying with applicable accounting and regulatory requirements, or as specifically required by applicable laws.

II. To manage our employment relationship with you

Including:

· General HR administration, management and record keeping; payroll, compensation, and bonuses, including conducting compensation, headcount, and salary reviews. Management of pensions and benefits (which may include Processing the Personal Data of beneficiaries where necessary to administer such benefits), and business expense reimbursement.

· To communicate with you and support your communication with other Company staff and our business partners.

· Allocating and managing work; promotions, appraisals or periodic performance reviews, training, and talent management; conduct, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions.

Categories of Personal Data Collected

· Personal Details (as listed above).

· Employment-Related Information - such as your contract of employment or engagement, work contact details (e.g. work location, telephone number and email address) employment history, qualifications, skills and experience, education data, references, CV and Application, record of interview vetting and verification information (e.g. results of financial sanction or criminal record checks where carried out and permitted by applicable law), right to work verification disciplinary record, performance reviews, disciplinary and grievance data, employee ID and badge swipe activity, employee or payroll number, in-office and remote attendance, remuneration and benefits data (including salary or fee, bonus and commission plans and payments for leave/absence) beneficiary information, emergency contact information, your line manager or reporting line, your hire/contract start and end dates, your working hours and patterns, whether you are full or part-time, records of your registration with any applicable regulatory authority, your regulated status and any regulatory certificates and references, references to be provided to prospective employers and any other related information.

Lawful Basis of Processing (where required by Data Privacy Laws)

III. Managing requests for paid time off, family and medical leave, and other leaves of absences

Categories of Personal Data Collected

· Absence and Leave Data - such as attendance records, absence records (including dates and categories of leave/time‑off requests and approvals), holiday dates, requests and approvals and information related to family leave, information related to special leave (e.g. bereavements, jury service or compassionate leave), fit notes and medical certificates, details of incapacity, details of work impact and adjustments, details of treatment and prognosis, return to work interviews, meeting records, medical reports and occupational health reports.

Lawful Basis of Processing (where required by Data Privacy Laws)

IV. Health and safety, work-related injury, illness, or disability reporting

· To respond to and process claims if you are injured or become ill at work or need a workplace accommodation related to the incident; assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; make management decisions regarding employment or engagement or continued employment or engagement or redeployment; and conduct related management processes

Categories of Personal Data Collected

· Health related information - such as injuries, medical conditions, or other information regarding physical or mental health.

Lawful Basis of Processing (where required by Data Privacy Laws)

V. Administering and monitoring compliance with our policies and to safeguard Company data and assets

Categories of Personal Data Collected

· Monitoring information – such as coming and outgoing email, phone calls, voicemails, website activity, internet traffic, systems accessed or other information processed on technology assets; device information, IP address, and other use of Company computer systems.

Lawful Basis of Processing (where required by Data Privacy Laws)

VI. Monitoring programs to ensure equality of opportunity and diversity, including with regard to personal characteristics protected under applicable anti-discrimination laws

Categories of Personal Data Collected

· Equality and Diversity Data - such as (where permitted by applicable local laws and provided voluntarily) data regarding gender, age, race, nationality, religious belief and sexuality, stored anonymously for equal opportunities monitoring purposes.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will only Process special category data where necessary to complying with applicable employment or equality laws.

2.3. Investors in AIA and MBI Program Companies

(A) Please Note:

· We may Process the Personal Data of past, present or prospective investors (including the employees, shareholders or agents of any such investor) in either AIA or MBI Program Companies, and also as part of the ongoing management of (and any disposal of) any such investment.

· This may include Processing undertaken via investment management platforms, which we make available from time to time subject to the published terms of use (the "Platform"). We Process Personal Data in relation to any use of the Platform as a Data Controller, and any third parties appointed by us to provide the Platform (such as Bite Stream) are acting as our Data Processor. Some of the links on the Platform may lead to third party websites with their own privacy notices, which may be different to this Privacy Notice, and you should read those notices carefully.

· In relation to use of the Platform:

o IP addresses: We may collect information about your computer (or mobile device), including, where available, your IP address, operating system and browser type for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

o Cookies: The Platform uses cookies and similar technologies to distinguish you from other users of this site, to improve your experience when accessing the Platform and to improve the Platform. Detailed information on the cookies used and the purposes for which they are used them are set out in the Cookie Notice available on the Platform.

(B) Sources of Information: Some of the Personal Data we hold about you will have been supplied by yourself. Other personal information may come from your financial advisor, legal advisors , broker, employer or other intermediary, other members of the Company’s group or other sources you’ve asked us to obtain information from. We might also get some of it from publicly available sources.

(C) Sharing your Information. We may share your information as set out in section 5 below. In addition, we may share relevant personal information of yours with other parties where it is lawful to do so, including where it is necessary to comply with our contractual obligations or with your instructions, and where we work with third parties who perform AML, KYC or other regulatory-related outsourced services on behalf of or directly for the Company and Company Products. Parties we might share your personal information with can include (without limitation): fund managers, brokers, sponsors and market makers, registrars and listing agents; any trustees, beneficiaries, administrators or executors; people who give guarantees or other security for any amounts you owe us; banks you instruct us to make payments to and receive payments from; third parties who manage the investments on our behalf, including investment managers, letting agents and stockbrokers; third parties who host the Platform or provide services related to it, including IT security providers; other financial institutions, lenders and holders of security over any property or assets, tax authorities, stock market authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents; any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you; fraud prevention agencies who’ll also use Personal Data to detect and prevent fraud and other financial crime and to verify your identity; anyone who provides instructions to us on your behalf (e.g. under a power of attorney, legal advisors, intermediaries, investment managers, etc), anybody else that you instructed us to share your information with; and insurers who may provide cover for your investments with us.

(D) Personal Data Processed: We will undertake the following Processing activities in relation to your Application for and (if successful) your investment with AIA:

I. To carry out your instructions as an investor in the Company or MBI Program Companies, and to communicate with you regarding your investments

Categories of Personal Data Collected

· Personal details – such as name, previous names, gender, date and place of birth, occupation and/ or source of wealth).

· Financial information – such as information about your finances and your relationship with us, including your investments and interactions with the Company, transactions records, bank feeds, market trades, sort code and account numbers of relevant accounts or payments made by us into your account.

· Interactions – such as how you have interacted with us and the Platform, including complaints or with us or other members of the Company’s group and details of the underlying transaction (where applicable).

· Correspondence – records of correspondence and other communications between you and your representatives and the Company, including email, telephone calls, letters and the like.

· Other information about you which you may have provided us with during the course of our relationship with you (e.g. by filling out forms or during face-to-face contact, telephone, email and the like) or which you asked and authorised us to collect for or about you, such as information about your accounts from your bankers.

Lawful Basis of Processing (where required by Data Privacy Laws)

II. To pay out dividends or make other payments to you

Categories of Personal Data Collected

· Personal details (as described above).

· Identification materials we may need for our compliance obligations (e.g. a copy of your passport or national identity card, national insurance number, utility bills, financial details, etc).

· Financial information – as described above.

· Other information provided by you or obtained at your direction (as described above).

· Correspondence (as described above).

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data primarily where necessary for the performance of your contract with us for our services, or otherwise on the basis of our Legitimate Interest in operating our business and complying with applicable accounting and regulatory requirements, or as specifically required by applicable laws.

III. To undertake data analytics and market research to better understand our users’ motivations and strategies and as a result improve or adjust strategy and performance of the Company

Categories of Personal Data Collected

· Financial information (as described above).

· Information about you which is a matter of public record or readily obtainable and which we deem relevant in relation to your dealings with the Company (media, court judgements, credit checks, etc).

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of our Legitimate Interest in operating our business.

IV. To conduct risk management and ensure your suitability for a specific investment, to verify your identity and/ or whether you are a politically exposed person in accordance with our legal obligations to undertake screening

Categories of Personal Data Collected

· Personal details (as described above).

· Identification materials (as described above).

· Information about you which is a matter of public record (as described above).

· Information from third party providers who assist us to combat fraud, money laundering and other crimes.

· We may also collect certain types of sensitive or special category data about you, such as details about any criminal records or information about your health, political affiliations, ethnicity or religious beliefs.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of: complying with specific legal or regulatory requirements, our Legitimate Interest in operating our business and complying with applicable laws.

V. Respond to your queries and reports (for example, if you’ve asked a question or submitted a report via the Website)

Categories of Personal Data Collected

· Personal details (as described above).

· Complaints or disputes you may have had with us or other members of the Company’s group and details of the underlying transaction (where applicable).

Lawful Basis of Processing (where required by Data Privacy Laws)

VI. Effectively operating the Platform, including to detect and prevent misuse or abuse, or allowing you to participate in any interactive features of the Platform

Categories of Personal Data Collected

· Information that we obtain or learn, such as information about the browser or device you use to access this site, how you use the Platform including the pages you visit, traffic and location data.

· Information that you provide to us, such as: when you fill out a contact form, web form or questionnaire; if you register to receive alerts or updates.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of our Legitimate Interest in operating our business.

2.4. Website Visitors

(A) Sources of Information: We primarily obtain information directly from you, for example when you complete an online form.

(B) Sharing your Information: We may share your information as set out in section 5 below.

(C) Personal Data Processed: Please see our Cookie Notice in relation to the information we collect from your device via cookies and similar technologies. We will also undertake the following Processing activities in relation to visitors to our website:

I. Reviewing and responding to communications sent via the "Contact Us" forms

Categories of Personal Data Collected

· Contact details and other information where provided by you.

Lawful Basis of Processing (where required by Data Privacy Laws)

· We will Process your Personal Data on the basis of our Legitimate Interest in operating our business, and (where required by Datra Privacy Laws) based on your consent to receiving communications from us in response to your query.

3. HOW WE PROCESS YOUR PERSONAL DATA

Depending on the relevant audience, we will Process your data as set out in the relevant part of section 2 above. If none of the audiences above apply to you, we will Process your Personal Data as necessary for the specific purpose for which it was obtained by us, and in accordance with any additional disclosure information provided to you at the point of collection.

For all audiences, we may also Process your Personal Data for the following purposes:

- To anonymise and/or aggregate your Personal Data so that it can no longer be associated with you, on the basis of our legitimate business interests in conducting statistical analysis. We may use such anonymised and/or aggregated information for our own internal analysis without further notice to you.

- Where necessary to ensure compliance with specific legal obligations or binding instructions from appropriate authorities, or where it is in our Legitimate Interest to comply with more general legal or regulatory requirements.

- To protect and defend our legal rights and interests and those of third parties, including to manage and respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, including without limitation, Company's confidential information, trade secrets and other intellectual property, the rights, property, and reputation of Company and its workforce, or the rights, interests, health or safety of others.

- For auditing, accounting, reporting and corporate governance purposes, such as relating to financial, tax and accounting audits, and audits and assessments of our business operations, ensuring business continuity; compliance with our contracts with business partners; risk management and security purposes; and for other internal business purposes.

- For purposes of planning, due diligence, entering and performing commercial transactions, such as mergers, acquisitions, asset or share sales, transfers, bankruptcy, reorganization (including restructuring or redundancies or other change programs), or other similar business transactions.

- We may occasionally seek your consent to certain Processing which is not otherwise justified under one of the above bases (if and to the extent permitted by applicable laws). If consent is required for the Processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such Processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent.

4. SPECIAL CATEGORIES OF PERSONAL DATA

Other than as set out in relation to relevant audiences at section 2 above, we do not routinely Process special categories of data (Sensitive Personal Data) as part of our Processing of your Personal Data. To the extent that you voluntarily provide such information, any Processing by us will be incidental and we will delete such information as soon as possible.

‍

5. SHARING YOUR PERSONAL DATA

We will share your Personal Data with the third parties indicated in the relevant Audience as set out in section 2. In addition:

5.1. We may disclose Personal Data to affiliates or subsidiaries of (and investors in) the Company, and/or actual or potential acquisition targets, where necessary to perform activities related to our relationship with you or otherwise to conduct our business, including the MBI Program, and any future investment in or sale of the Company.

5.2. We may appoint Service Providers to Process your information on our behalf, such as IT system providers, SaaS vendors (including application tracking platforms), email and productivity solutions, and information security providers. Our Service Providers are required to take appropriate security measures to protect your Personal Data in line with our policies and are not permitted to use Personal Data for their own purposes.

5.3. We may disclose Personal Data if required to do so by law, to protect the legal rights, property, or safety of our other employees or other individuals, or where we otherwise have a Legitimate Interest in doing so.

‍

6. INTERNATIONAL DATA TRANSFERS

6.1. Where our Data Processors are based outside the UK, Switzerland and/or the European Economic Area (“EEA”), their Processing of your Personal Data may involve a transfer of data outside the UK, Switzerland, and/or the EEA, potentially to any country in the world.

6.2. Whenever we transfer your Personal Data out of the UK, Switzerland and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards have been implemented. If you would like further information on the specific safeguards used by us when transferring your Personal Data, please contact us using the details below. In exceptional cases, we may allow the transfer of your Personal Data to countries without adequate protection based on an exception, for example if you consent to the transfer or in the context of legal proceedings abroad.

‍

7. PROTECTING YOUR PERSONAL DATA

7.1. We have put in place technical and organisational measures to protect the security of your information. Third parties will only Process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

7.2. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions and they are subject to a duty of confidentiality.

‍

8. YOUR RIGHTS IN CONNECTION WITH THE PERSONAL DATA WE COLLECT

8.1. Under certain circumstances, you have rights under Data Privacy Laws in relation to your Personal Data. You have the right to:

a) Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.

b) Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

c) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to Processing (see below), where we may have Processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

d) Object to Processing of your Personal Data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are Processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to Process your information which override your rights and freedoms.

e) Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data about you in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

f) Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

g) Right to withdraw consent at any time where we are relying on consent to Process your Personal Data. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

8.2.To make any request relating to your exercise of the above rights, please contact privacy@all-interests-aligned.com

8.3.You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.

8.4.We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

8.5.We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

‍

9. HOW LONG WE HOLD YOUR PERSONAL DATA FOR

9.1. We will only retain your Personal Data (in addition to any specific periods indicated in the relevant Audience in Section 2 above), for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements including applicable statutory limitation periods.

9.2. We may also anonymise and/or aggregate your Personal Data so that it can no longer be associated with you, in which case we may use such information for our own internal analysis without further notice to you.

‍

10. HOW WE UPDATE OR CHANGE THIS NOTICE

10.1. We reserve the right to update this Notice at any time and we will make the revised Notice publicly available. We may also notify you in other ways from time to time about the Processing of your Personal Data.

10.2. This Notice was last updated on 21 November 2024.

‍

11. HOW YOU CAN CONTACT US

11.1. If you have any questions about this Notice, or if you want to review, verify, correct or request erasure of your Personal Data, object to the Processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please use the contact details provided at section 1 of this Notice.

11.2. You have the right to make a complaint at any time to relevant data protection authorities, including:

- For the United Kingdom - the Information Commissioner’s Office (ICO) – https://www.ico.org.uk

- For Switzerland - Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch/

- For Germany – the contact details for the relevant state data protection authorities are available here: https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html

- For France - Commission nationale de l'informatique et des libertés (CNIL) https://www.cnil.fr/en/contact-us

- Spain - Agencia Española de Protección de Datos (AEPD) - https://www.aepd.es/en

- Italy – Garante - https://www.garanteprivacy.it/web/garante-privacy-en

- Poland – UODO - https://uodo.gov.pl/en/p/contact

- Netherlands – AP - https://www.autoriteitpersoonsgegevens.nl/en

‍

APPENDIX 1: DEFINITIONS

"Data Privacy Laws" means data protection and privacy laws applicable to the Company's Processing of Personal Data, including the EU General Data Protection Regulation ("GDPR"), including the implementation of the GDPR into UK law ("UK GDPR") and the Swiss Federal Act on Data Protection, including its implementing ordinances (“FADP”)”;

"MBI Program" means the management buy in program operated and administered by All Interests Aligned AG;

"Personal Data" means any information capable of identifying a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their his or her physical, physiological, mental, economic, cultural or social identity. Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link;

"Processing" means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, including, but not limited to collection, recording, organisation, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction (and "Process", "Processes" and "Processed" shall be interpreted accordingly);

"Data Controller" means the person or company who, either alone or jointly with others, determines the purpose for which, and the manner in which, Personal Data is Processed;

"Data Processor" means the person or company who Processes Personal Data on behalf of the Data Controller;

"Data Subject" means an identified or identifiable natural person whose Personal Data is being Processed;

"EEA" means the European Economic Area;

"Legitimate Interests" this is a ground which can be used by organisations as a lawful basis of Processing, for example where Personal Data is used in ways that could reasonably be expected, or there is a compelling reason for the Processing;

"Member States" means those countries which are part of the European Union;

"Service Providers" these are a range of third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support IT applications or systems, which means that your Personal Data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of Personal Data.

‍