This privacy notice ("Notice") is issued by All Interests Aligned AG ("Company" or "we, us, our") and is addressed to those individuals (“you” or “your”) whose Personal Data, as Data Subjects, we Process as part of our business operations. Other capitalised terms used in this Notice have the meanings defined in Appendix 1.
We are committed to protecting the privacy and security of your Personal Data. This Notice describes how we collect and use Personal Data for each of the audiences listed in section 2 below and sets out how we Process such Personal Data in accordance with Data Privacy Laws.
Please note that we and our affiliate companies may issue other privacy notices which relate to our Processing of Personal Data in specific situations – please refer to the relevant notice as issued to you from time to time.
This Notice contains the following information:
1. About us;
2. Audience Details;
3. How We Process Your Personal Data;
4. Special Categories of Personal Data;
5. Sharing your Personal Data;
6. International Data Transfers;
7. Protecting your Personal Data;
8. Your rights in connection with the Personal Data we collect;
9. How long we hold your Personal Data for;
10. How we update or change this Notice; and
11. How you can contact us.
Appendix 1 – Definitions
1. ABOUT US
This Notice is given by the Company on behalf of itself and its affiliate companies. We act as the Data Controller for certain Personal Data collected in relation to your Application.
Our registered office is at All Interests Aligned AG c/o BDO AG, Marktgasse 4, CH-6460 Altdorf (UR).
You can reach us by post at this address or via email at privacy@all-interests-aligned.com.
2. AUDIENCE DETAILS
This Notice relates to a range of data Processing activities undertaken by the Company. To help you navigate this Notice we have extracted the key information applicable to you depending on the nature of your relationship with us. Please see the relevant section below to access the relevant summary – other details of our Processing are set out in the rest of the Notice.
Please note that if you are an Operating Partner for, or an investor in, an entity purchased as part of the MBI Program, a separate privacy notice will be issued by the relevant entity regarding the additional Processing undertaken by that entity.
2.1. Applicants for employment by AIA or to AIA's MBI Program
(A) Please note:
- This section applies to an application to either (i) become an employee of the Company or (ii) join the MBI Program operated by Company and its affiliates ("Application")
- We will assess your Application to determine whether it meets our requirements. Applications which do not meet our minimum criteria for the position in question will not progress to subsequent rounds of the selection process. We may apply an automated process to the intake of Applications, however AIA does not make recruitment decisions based solely on the output of automated decision making unless this is expressly notified to you.
- If your Application is unsuccessful, we will retain your Personal Data for a period of six (6) months. Where permitted by Data Privacy Laws, we may Process information relating to criminal convictions as part of our background screening for successful applicants. We will only Process the minimum information required to perform such screening and will delete this information as soon as it is no longer required.
(B) Sources of Information: We primarily obtain information directly from you, for example where you submit information to us in writing as part of your Application, and during the course of phone or video interviews with you conducted in connection with your Application (and we may record such interviews for this purpose). We may also obtain information from third parties such as your employment or educational referees, or from background check providers. This information may, in principle, include any of the categories of Personal Data mentioned in Section D below.
(C) Sharing your Information. We may share your information as set out in section 5 below. If we elect to contact your referees and/or previous employers directly, we will share information with them to the extent necessary to confirm the details provided in your CV. If your Application is successful, you may be offered the opportunity to enter into an employment or consultancy contract with an affiliate of the Company, which will usually be an entity specific to your involvement with the MBI Program ("SPV"). Information you have provided to Company will be shared with the applicable SPV on a controller-to-controller basis in order to allow your Application to progress. A further privacy notice will be issued at that time confirming the identity of the relevant SPV and the Processing undertaken.
(D) Personal Data Processed: We will undertake the following Processing activities in relation to your Application:
I. Communicating with you prior to or as part of your Application
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
II. Assessing your Application, including your suitability for the role
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
III. Conducting background checks in relation to successful Applications
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
IV. Our internal business purposes and regulatory requirements
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
2.2. AIA Employees
(A) Please Note:
(B) Sources of Information: We primarily obtain information directly from you, for example where you submit or update Personal Data for your HR files. We may also obtain information: (i) from monitoring devices or by other means (for example, building and location access control and monitoring systems, telephone logs and recordings, instant message logs, email and network logs if and to the extent relevant for and permitted by applicable laws; and (ii) from recruiters and recruiting platforms; publicly available information and sources; our Service Providers, representatives, and agents; and other third parties (for example references from a previous employer, medical reports from external professionals, information from tax authorities, information from benefit providers or information from a third party that we use to carry out a background check (where permitted by applicable law)).
(C) Sharing your Information: We may share your information as set out in section 5 below. In addition, we may disclose Personal Data when it is necessary to perform activities related to Company's relationship to you as an employer, including as needed to deliver benefits provided by third parties.
(D) Personal Data Processed: We will undertake the following Processing activities in relation to your employment with AIA:
I. Initial hiring formalities and onboarding
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
II. To manage our employment relationship with you
Including:
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
III. Managing requests for paid time off, family and medical leave and other leaves of absences
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
IV. Health and safety, work-related injury, illness, or disability reporting
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
V. Administering and monitoring compliance with our policies and to safeguard Company data and assets
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
VI. Monitoring programs to ensure equality of opportunity and diversity, including with regard to personal characteristics protected under applicable anti-discrimination laws
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
2.3. Investors in AIA and MBI Program Companies
(A) Please Note:
(B) Sources of Information: Some of the Personal Data we hold about you will have been supplied by yourself. Other personal information may come from your financial advisor, legal advisors , broker, employer or other intermediary, other members of the Company’s group or other sources you’ve asked us to obtain information from. We might also get some of it from publicly available sources.
(C) Sharing your Information. We may share your information as set out in section 5 below. In addition, we may share relevant personal information of yours with other parties where it is lawful to do so, including where it is necessary to comply with our contractual obligations or with your instructions, and where we work with third parties who perform AML, KYC or other regulatory-related outsourced services on behalf of or directly for the Company and Company Products. Parties we might share your personal information with can include (without limitation): fund managers, brokers, sponsors and market makers, registrars and listing agents; any trustees, beneficiaries, administrators or executors; people who give guarantees or other security for any amounts you owe us; banks you instruct us to make payments to and receive payments from; third parties who manage the investments on our behalf, including investment managers, letting agents and stockbrokers; third parties who host the Platform or provide services related to it, including IT security providers; other financial institutions, lenders and holders of security over any property or assets, tax authorities, stock market authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents; any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you; fraud prevention agencies who’ll also use Personal Data to detect and prevent fraud and other financial crime and to verify your identity; anyone who provides instructions to us on your behalf (e.g. under a power of attorney, legal advisors, intermediaries, investment managers, etc), anybody else that you instructed us to share your information with; and insurers who may provide cover for your investments with us.
(D) Personal Data Processed: We will undertake the following Processing activities in relation to your Application for and (if successful) your investment with AIA:
I. To carry out your instructions as an investor in the Company or MBI Program Companies, and to communicate with you regarding your investments
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
II. To pay out dividends or make other payments to you
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
III. To undertake data analytics and market research to better understand our users’ motivations and strategies and as a result improve or adjust strategy and performance of the Company
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
IV. To conduct risk management and ensure your suitability for a specific investment, to verify your identity and/ or whether you are a politically exposed person in accordance with our legal obligations to undertake screening
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
V. Respond to your queries and reports (for example, if you’ve asked a question or submitted a report via the Website)
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
VI. Effectively operating the Platform, including to detect and prevent misuse or abuse, or allowing you to participate in any interactive features of the Platform
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
2.4. Website Visitors
(A) Sources of Information: We primarily obtain information directly from you, for example when you complete an online form.
(B) Sharing your Information: We may share your information as set out in section 5 below.
(C) Personal Data Processed: Please see our Cookie Notice in relation to the information we collect from your device via cookies and similar technologies. We will also undertake the following Processing activities in relation to visitors to our website:
I. Reviewing and responding to communications sent via the "Contact Us" forms
Categories of Personal Data Collected
Lawful Basis of Processing (where required by Data Privacy Laws)
3. HOW WE PROCESS YOUR PERSONAL DATA
Depending on the relevant audience, we will Process your data as set out in the relevant part of section 2 above. If none of the audiences above apply to you, we will Process your Personal Data as necessary for the specific purpose for which it was obtained by us, and in accordance with any additional disclosure information provided to you at the point of collection.
For all audiences, we may also Process your Personal Data for the following purposes:
- To anonymise and/or aggregate your Personal Data so that it can no longer be associated with you, on the basis of our legitimate business interests in conducting statistical analysis. We may use such anonymised and/or aggregated information for our own internal analysis (including via the use of AI-enabled functionality) without further notice to you.
- Where necessary to ensure compliance with specific legal obligations or binding instructions from appropriate authorities, or where it is in our Legitimate Interest to comply with more general legal or regulatory requirements.
- To protect and defend our legal rights and interests and those of third parties, including to manage and respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, including without limitation, Company's confidential information, trade secrets and other intellectual property, the rights, property, and reputation of Company and its workforce, or the rights, interests, health or safety of others.
- For auditing, accounting, reporting and corporate governance purposes, such as relating to financial, tax and accounting audits, and audits and assessments of our business operations, ensuring business continuity; compliance with our contracts with business partners; risk management and security purposes; and for other internal business purposes.
- For purposes of planning, due diligence, entering and performing commercial transactions, such as mergers, acquisitions, asset or share sales, transfers, bankruptcy, reorganization (including restructuring or redundancies or other change programs), or other similar business transactions.
- We may occasionally seek your consent to certain Processing which is not otherwise justified under one of the above bases (if and to the extent permitted by applicable laws). If consent is required for the Processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such Processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent.
4. SPECIAL CATEGORIES OF PERSONAL DATA
Other than as set out in relation to relevant audiences at section 2 above, we do not routinely Process Sensitive Personal Data as part of our Processing of your Personal Data. To the extent that you voluntarily provide such information, any Processing by us will be incidental and we will delete such information as soon as possible.
5. SHARING YOUR PERSONAL DATA
We will share your Personal Data with the third parties indicated in the relevant Audience as set out in section 2. In addition:
5.1. We may disclose Personal Data to affiliates or subsidiaries of (and investors in) the Company, and/or actual or potential acquisition targets, where necessary to perform activities related to our relationship with you or otherwise to conduct our business, including the MBI Program, and any future investment in or sale of the Company.
5.2. We may appoint Service Providers to Process your information on our behalf, such as IT system and e mail providers, SaaS vendors (including application tracking platforms), email and productivity solutions (including AI-enabled functionality), and information security providers. Our Service Providers are required to take appropriate security measures to protect your Personal Data in line with our policies and are not permitted to use Personal Data for their own purposes.
5.3. We may disclose Personal Data if required to do so by law, to protect the legal rights, property, or safety of our other employees or other individuals, or where we otherwise have a Legitimate Interest in doing so.
6. INTERNATIONAL DATA TRANSFERS
6.1. Where our Data Processors are based outside the UK, Switzerland and/or the European Economic Area (“EEA”), their Processing of your Personal Data may involve a transfer of data outside the UK, Switzerland, and/or the EEA, potentially to any country in the world.
6.2. Whenever we transfer your Personal Data out of the UK, Switzerland and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards have been implemented. If you would like further information on the specific safeguards used by us when transferring your Personal Data, please contact us using the details below. In exceptional cases, we may allow the transfer of your Personal Data to countries without adequate protection based on an exception, for example if you consent to the transfer or in the context of legal proceedings abroad.
7. PROTECTING YOUR PERSONAL DATA
7.1. We have put in place technical and organisational measures to protect the security of your information. Third parties will only Process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
7.2. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions and they are subject to a duty of confidentiality.
8. YOUR RIGHTS IN CONNECTION WITH THE PERSONAL DATA WE COLLECT
8.1. Under certain circumstances, you have rights under Data Privacy Laws in relation to your Personal Data. You have the right to:
a) Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
b) Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
c) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to Processing (see below), where we may have Processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d) Object to Processing of your Personal Data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are Processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to Process your information which override your rights and freedoms.
e) Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data about you in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f) Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) Right to withdraw consent at any time where we are relying on consent to Process your Personal Data. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
8.2. To make any request relating to your exercise of the above rights, please contact privacy@all-interests-aligned.com
8.3. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
8.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.5. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. HOW LONG WE HOLD YOUR PERSONAL DATA FOR
9.1. We will only retain your Personal Data (in addition to any specific periods indicated in the relevant Audience in Section 2 above), for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements including applicable statutory limitation periods.
9.2. We may also anonymise and/or aggregate your Personal Data so that it can no longer be associated with you, in which case we may use such information for our own internal analysis without further notice to you.
10. HOW WE UPDATE OR CHANGE THIS NOTICE
10.1. We reserve the right to update this Notice at any time and we will make the revised Notice publicly available. We may also notify you in other ways from time to time about the Processing of your Personal Data.
10.2. This Notice was last updated on 16 April 2026.
11. HOW YOU CAN CONTACT US
11.1. If you have any questions about this Notice, or if you want to review, verify, correct or request erasure of your Personal Data, object to the Processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please use the contact details provided at section 1 of this Notice.
11.2. You have the right to make a complaint at any time to relevant data protection authorities, including:
- For the United Kingdom - the Information Commissioner’s Office (ICO) – https://www.ico.org.uk
- For Switzerland - Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch/
- For Germany – the contact details for the relevant state data protection authorities are available here: https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html
- For France - Commission nationale de l'informatique et des libertés (CNIL) https://www.cnil.fr/en/contact-us
- Spain - Agencia Española de Protección de Datos (AEPD) - https://www.aepd.es/en
- Italy – Garante - https://www.garanteprivacy.it/web/garante-privacy-en
- Poland – UODO - https://uodo.gov.pl/en/p/contact
- Netherlands – AP - https://www.autoriteitpersoonsgegevens.nl/en
APPENDIX 1: DEFINITIONS
"Data Privacy Laws" means data protection and privacy laws applicable to the Company's Processing of Personal Data, including the EU General Data Protection Regulation ("GDPR"), including the implementation of the GDPR into UK law ("UK GDPR") and the Swiss Federal Act on Data Protection, including its implementing ordinances (“FADP”)”;
"MBI Program" means the management buy in program operated and administered by All Interests Aligned AG;
"Personal Data" means any information capable of identifying a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their his or her physical, physiological, mental, economic, cultural or social identity. Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link;
"Processing" means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, including, but not limited to collection, recording, organisation, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction (and "Process", "Processes" and "Processed" shall be interpreted accordingly);
"Data Controller" means the person or company who, either alone or jointly with others, determines the purpose for which, and the manner in which, Personal Data is Processed;
"Data Processor" means the person or company who Processes Personal Data on behalf of the Data Controller;
"Data Subject" means an identified or identifiable natural person whose Personal Data is being Processed;
"EEA" means the European Economic Area;
"Legitimate Interests" this is a ground which can be used by organisations as a lawful basis of Processing, for example where Personal Data is used in ways that could reasonably be expected, or there is a compelling reason for the Processing;
"Member States" means those countries which are part of the European Union;
"Service Providers" these are a range of third parties to whom we outsource certain functions of our business. For example, we have service providers who provide / support IT applications or systems, which means that your Personal Data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of Personal Data.
"Sensitive Personal Data" has the meaning given at section 2.2(A) of this notice.
