We, AURELIUS Beteiligungsberatungs AG, provide the AURELIUS career website under the web address [career.aurelius-group.com]. In context with our career website and our application process, we process personal data.

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR).

In Section A of this Data Protection Information we provide you with information about the controller responsible for the processing of your personal data and the controller’s data protection officer.

In Section B you find information about the processing of your personal data in the context of our career website.

In Section C you find information about the processing of your personal data as our applicant.

In Section D you find more detailed information on the use of cookies or similar technologies.

In Section E you further find information on your rights regarding the processing of your personal data.

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. You will find more detailed information about this in Section F.

TABLE OF CONTENTS

A. Information on the controller

I.        Identity and contact details of the controller

II.       Contact details of the controller’s data protection officer

B. Information on the processing of personal data on our career website

I.        Informational use of our career website

II.       Use of web analysis technologies (Matomo)

III.       Use of our online contact forms

IV.       Use of our online application forms in order to apply for our own job offerings

V.       Our email newsletter

C. Information on the processing of personal data of our applicants

I.        Details on the personal data which are processed

II.       Details on the processing of the personal data

III.       Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

D. Information on the use of cookies or similar technologies

I.        General information on cookies

II.       Management of the cookies used on our website

III.       Cookies used on our website

E. Information on the rights of data subjects

I.        Right of access

II.       Right to rectification

III.       Right to erasure (”right to be forgotten”)

IV.       Right to restriction of processing

V.       Right to data portability

VI.       Right to object

VII.      Right to withdraw consent

VIII.     Right to lodge a complaint with a supervisory authority

F. Information about the technical terms of the General Data Protection Regulation used in this Data Protection Information

G. Effective date of and changes to this Data Protection Information

A. Information on the controller

I. Identity and contact details of the controller

AURELIUS Beteiligungsberatungs AG

Unterer Anger 3, 80331 Munich, Germany

info@aureliusinvest.de

+49 89 5447990

II. Contact details of the controller’s data protection officer

AURELIUS Beteiligungsberatungs AG

– Datenschutzbeauftragter –

Unterer Anger 3, 80331 Munich, Germany

datenschutz@aureliusinvest.de

B. Information on the processing of personal data on our career website

I. Informational use of our career website

When the use of our website is purely informational, certain information is sent to the web server of our website from your device for technical reasons, for example your IP address. We process this information in order to provide our website content requested by you and to ensure the security of the IT infrastructure used to provide our website. Information necessary for the correct provision of the requested website content is stored in cookies (Section C) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed.

In order to provide the language selection function of our website, information about your language selection is stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during your visit to our website in order to provide you with the content of our website in the language you have selected.

In order to provide the search functions of our website, we process data that you enter into search forms on our website in order to provide you with search results for the search terms that you have entered.

In order to provide the data protection setting functions for our website (e.g. for granting or withdrawing consent for the use of certain cookie-based technologies), information about your data protection settings is stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during your visit to our website in order to take account of your data protection settings when using our website.

You receive more detailed information on this below:

1. Details on the personal data which are processed

Categories of personal data processed	Personal data included in the categories	Sources of the data	Obligation of the data subject to provide the data	Storage duration
HTTP Data	Protocol data which accrue when visiting our website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: These include IP address, type and version of your internet browser, operating system used, site accessed, last site accessed before visiting the site (referrer URL), date and time of visit.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the content of our website requested by you.	The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Content Provision Data	Data used to correctly display the website content accessed by the user: This includes information on which contents have already been displayed and do no longer need to be displayed upon the access of further pages on our website. This data is stored in cookies on your device (Section D) and can be read during your visit to our website.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, certain content will be displayed too often and may interrupt your browsing experience.	We process the data only temporarily for the period of the visit of our website. (You can find information on the validity period of the cookies stored on your device in Section D.III.)
Search Function Data	Data that accrue by using the search functions of our website: These include all information that you enter as search terms in the respective search form on our website.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, you cannot use the search functions of our website.	The data are stored in server log files for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Language Selection Data	Data that accrue when the language selection function of our website is used: These include the language you have selected. This data is stored in cookies on your device (Section D) and can be read during your visit to our website.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the language selection function of our website. This means that we cannot provide the requested contents of our website in the language of your choice.	We process the data only temporarily for the period of the visit of our website. (You can find more information on the validity period of the cookies stored on your device in Section D.III.)
Data Protection Setting Data	Data on data protection settings you have made for our website: This includes information on whether you have given your consent and, if so, what consent you have given at what time. This data is stored in cookies on your device (Section D) and can be read during your visit to our website.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot take your consents for our website into account. This means that we may not be able to provide you with certain functions of our website that require consent.	We process the data only temporarily for the period of the visit of our website. (You can find more information on the validity period of the cookies stored on your device in Section D.III.)

2. Details on the processing of the personal data

Purpose of processing the personal data	Categories of personal data processed	Automated decision-making	Legal basis and, where applicable, legitimate interests	Recipient
Provision of content of our website requested by the user: For this purpose, data are temporarily processed on our web server. For this purpose, information necessary to ensure the correct display of the website content is also stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during your visit to our website in order to ensure correct display of the website content you accessed.	HTTP Data Content Provision Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the content of our website requested by the user.	Hosting Provider
Ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks): For this purpose, data are temporarily stored in log files on our web server and automatically evaluated.	HTTP Data Search Function Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used for the provision of our website, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks).	Hosting Provider
Provision of the language selection function of our website: When you visit our website, we determine whether you have already selected a particular language version of our website in order to provide you with the content of our website requested by you in the language which you have selected, if applicable. For this purpose, information about your language selection is stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during your visit to our website to determine which language you have selected.	HTTP Data Language Selection Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the contents of our website accessed by the user in the language selected by the user.	Hosting Provider
Providing the search functions of our website: For this purpose, data are temporarily processed on our web server.	HTTP Data Search Function Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the search functions of our website requested by the user.	Hosting Provider
Provision of data protection setting functions for our website: Certain features of our website (e.g. the use of certain cookie-based technologies) require your consent. We provide data protection setting functions for our website to enable you to give and, if necessary, withdraw your consent. For this purpose, information about your consent is stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during your visit to our website in order to determine whether you have given your consent and, if so, what consents you have given.	HTTP Data Data Protection Setting Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of data protection setting functions for our website.	Hosting Provider Data Protection Setting Function Provider

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

Recipient	Recipient’s role	Transfers to third countries and/or international organisations	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA	Processor	USA	There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
Data Protection Setting Function Provider: CookieYes Limited 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom	Processor	United Kingdom	There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the United Kingdom. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2021/1772/oj

II. Use of web analysis technologies (Matomo)

Upon your consent, we use so-called ”web analysis technologies“ on our website.

Web analysis enables the collection and evaluation of information about the activities of users of our website. The information obtained serves us to improve our website and to better achieve the goals of our website (e.g. increase in page views).

When you visit our website, the web analysis tool used (Matomo) collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, your device is assigned a unique ID which is linked to the device-related profile. This ID is stored in cookies (Section D ) on your device. During your visit to our website, your device can be recognised there on the basis of the ID assigned to it.

You will find more detailed information on this in the following:

1. Details on personal information which are processed

Categories of personal data processed	Personal data included in the categories	Sources of data	Obligation of the data subject to provide the data	Storage duration
Web Analysis HTTP Data	Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web analysis tool used on our website: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis.	IP anonymisation is activated on our website for the use of the web analysis tool. This means that the IP address transmitted via the browser for technical reasons is anonymised before being stored by shortening the IP address (by deleting the last octet of the IP address). Moreover we only process the protocol data temporarily for the duration of the visit to our website.
Web Analysis Device Data	Data that is assigned to your device by the web analysis tool used on our website: This includes a unique ID to (re)identify your device. It also includes certain parameters relevant for web analysis. This data is stored in cookies on your device (Section D) and can be read when visiting our website.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot carry out a web analysis.	We store the unique ID for the duration of your consent. We only process parameters relevant for web analysis temporarily for the period of your visit to our website. We delete this data when you withdraw your consent. (For information on the period of validity of the cookies stored on your device, please refer to Section D.III.)
Web Analysis Profile Data	Data generated by the web analysis tool used on our website and stored in a device-related profile: This includes data about the use of our website, in particular page visits, frequency of visits and time spent on the pages visited. This is also included the unique ID assigned to your device.	Generated by us	–	We store the unique ID for the duration of your consent. We store information about the use of our website for a period of 24 from collection. We delete this data when you withdraw your consent.

2. Details on the processing of personal data

Purpose of the processing of personal data	Categories of personal data processed	Automated decision-making	Legal basis and, where applicable, legitimate interests	Recipient
Web Analysis: Web analysis enables the collection and evaluation of information about the activities of users of our website. When you visit our website, the web analysis tool used by us collects information about your use of our website and stores it in a device-related profile. In order to be able to assign this information to your device, a unique ID is assigned to your device, which is linked to the device-related profile. This ID is stored in cookies (Section C) on your device. During your visit of our website, your device can be recognised there on the basis of the ID assigned to it. The aim of the analysis is to examine where the users of our website come from, which areas of our website are visited and how often and for how long which page and categories are viewed. The information obtained is used to improve our website and to better achieve the goals of our website (e.g. increase in page views).	Web Analysis HTTP Data Web Analysis Device Data Web Analysis Profile Data	No automated decision-making takes place.	Art. 6 (1) (a) GDPR (consent)	Hosting Provider

3. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

Recipient	Recipient’s role	Transfers to third countries and/or international organisations	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA	Processor	USA	There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list

III. Use of our online contact forms

You can contact us using contact forms on our website. We process the information provided by you in the contact forms to process your request. Where applicable, we also store and use the information for evidence purposes for any assertion, exercise or defence of legal claims or in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations.

When the contact forms on our website are used certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information in order to provide the contact forms on our website and to ensure the security of the IT infrastructure used to provide the contact forms.

You will find more detailed information on this below:

1. Details on personal data which are processed

Categories of personal data processed	Personal data included in the categories	Sources of the data	Obligation of the data subject to provide the data	Storage duration
Contact Form HTTP Data	Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the contact forms on our website are accessed: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the requested website content.	The data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Contact Form Data	Data you provide us with in contact forms on our website: These include the information you provide to us in the relevant contact form. In particular this could include your name, telephone number, email address and the content of your request.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot process your request.	The data are stored until your request has been dealt with. We store these data for evidence purposes for the assertion, exercise or defence of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until such have been concluded. We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist (Sec. 147 German Fiscal Code (Abgabenordnung – (AO), Sec. 257 German Commerical Code – (HGB)) (HGB).

2. Details on the processing of the personal data

Purpose of the processing of personal data	Categories of personal data processed	Automated decision-making	Legal basis and, where applicable, legitimate interests	Recipient
Provision of the contact forms on our website: For this purpose data are processed temporarily on our web server.	Contact Form HTTP Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the contact forms on our website requested by the user.	Hosting Provider
Ensuring the security of the IT infrastructure used for the provision of the contact forms, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks): For this purpose, data are temporarily stored and evaluated in log files on our web server.	Contact Form HTTP Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used to provide the contact forms, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).	Hosting Provider
Processing of your request	Contact Form Data	No automated decision-making takes place.	If your request concerns a contract to which you are party or the performance of pre-contractual measures: Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract). Otherwise: Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): In this case, our legitimate interest is the processing of your request.	–
Storage and processing for evidence purposes for any assertion, exercise or defence of legal claims	Contact Form Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is assertion, exercise or defence of legal claims.	–
Assertion, exercise or defence of legal claims, including cooperation with external lawyers	Contact Form Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is assertion, exercise or defence of legal claims.	Courts Lawyers
Storage of data in order to meet statutory document retention obligations, in particular commercial and tax law document retention obligations: Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist (Sec. 147 German Fiscal Code (Abgabenordnung – AO), Sec. 257 German Commerical Code (Handelsgesetzbuch– HGB)).	Contact Form Data	No automated decision-making takes place.	Art. 6 (1) (c) GDPR (compliance with a legal obligation).	–

3. Details on the recipients of persona data and the transfer of personal data to third countries and/or international organisations

Recipient	Recipient’s role	Transfers to third countries and/or international organisations	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Hosting Provider: WPEngine, Inc. 504 Lavaca St #1000, Austin, TX 78701, USA	Processor	USA	There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR for transfers of personal data to the USA. The adequacy decision is available here: https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj As WPEngine, Inc. is self-certified under the Data Privacy Framework, this adequacy decision applies to the transfer to this recipient. Detail on the self-certification can be obtained here: https://www.dataprivacyframework.gov/list
Lawyers	Controller	There is no transfer to third countries and/or international organisations	–
Courts	Controller	There is no transfer to third countries and/or international organisations	–

IV. Use of our online application forms in order to apply for our own job offerings

On our career website, we offer you the opportunity to find out more about us and AURELIS as an employer and about our vacancies as well as vacancies at other AURELIUS entities. You also have the opportunity to submit your application for our own job offerings via our application forms.

We process the information you provide in the application forms to receive your application so that we can process it further in the next step. Information on the processing of your personal data in our application process can be found in Section C.

When the application forms on our website are used, certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information in order to provide the application forms and to ensure the security of the IT infrastructure used to provide the application forms.

For job offerings of other AURELIUS entities, our website also links to the relevant application forms. In so far we process personal data on behalf of the relevant other AURELIUS entity as their processor. You will find a link to the data protection information of the relevant AURELIUS entity in the respective application form.

You will find more detailed information on this below:

1. Details on personal data which are processed

Categories of personal data processed	Personal data included in the categories	Sources of the data	Obligation of the data subject to provide the data	Storage duration
Application Form HTTP Data	Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the application forms on our website are accessed: These include IP address, type and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the requested website content.	The data are stored in server log files in a form allowing the identification of the data subject for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.
Application Form Device Data	Data that is assigned to your device when using the application forms: This includes a unique ID for the application form session (so-called ”session ID“) and the expiry date of the respective session. This also includes information on the language you have chosen for displaying the application form. This data is stored in cookies on your device (Section D) and can be read during the use of the application forms.	User of our website	The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot provide the application forms on our website.	We process the data only temporarily for the period the application form on our website is used. (You can find more information on the validity period of the cookies stored on your device in Section D.III.)
Application Form Data	Data you provide us with in application forms on our website: This may include the following data in particular: Gender, first name, surname, date of birth, address, telephone number, e-mail address, earliest starting date, salary expectations, current notice period, contact preferences (by telephone or e-mail), information on how you became aware of us, CV, cover letter for the application and, if applicable, the content of other documents that you provide to us via the application form. This may also include a password provided by you that allows you to login and complete your application at a later point in time.	User of our website	The provision of the data is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data. However, the provision is generally a requirement necessary to enter into a contract. If the data is not provided, we may not be able to perform the application processes and to hire you.	Information on the storage of your personal data as our applicant can be found in Section C.

2. Details on the processing of the personal data

Purpose of the processing of personal data	Categories of personal data processed	Automated decision-making	Legal basis and, where applicable, legitimate interests	Recipient
Provision of the application forms for our own job offerings on our website: For this purpose data are processed temporarily on our web server. For this purpose, in addition, information on the respective application form session and the language you have chosen is stored in cookies (Section D) on your device. The cookies and the information stored in them can be read during the use of the application form in order to maintain the respective application form session and in order to display the application forms in the correct language version.	Application Form HTTP Data Application Form Device Data Application Form Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the provision of the application forms on our website requested by the user.	Application Tool Service Provider
Ensuring the security of the IT infrastructure used for the provision of the application forms, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks): For this purpose, data are temporarily stored and evaluated in log files on our web server.	Application Form HTTP Data Application Form Device Data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is ensuring the security of the IT infrastructure used to provide the application forms, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).	Application Tool Service Provider
Receipt of your application for a position with us for further processing in our application process: Further information on the processing of your personal data as our applicant can be found in Section D. (For job offerings of other AURELIUS entities, our website also provides links to the relevant application forms. In so far we process personal data on behalf of the relevant other AURELIUS entity as their processor. You will find a link to the data protection information of the relevant AURELIUS entity in the respective application form.)	Application Form Data	No automated decision-making takes place.	Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract).	Application Tool Service Provider

3. Details on the recipients of persona data and the transfer of personal data to third countries and/or international organisations

Recipient	Recipient’s role	Transfers to third countries and/or international organisations	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Application Tool Service Provider: Haufe-Lexware Services GmbH & Co. KG Fraunhoferstraße 5, 82152 Planegg, Germany	Processor	There is no transfer to third countries and/or international organisations	–
Application Tool Service Provider: Deutschland Noris Network AG Thomas-Mann-Straße 16, 90471 Nürnberg, Germany	Processor	There is no transfer to third countries and/or international organisations	–

V. Email newsletter of AURELIUS Investments Limited

On our career website we do not offer a dedicated career newsletter. The newsletter subscription link in the footer of our career website leads you to the newsletter subscription form of the main AURELIUS website where you can subscribe to the regular AURELIUS newsletter. This newsletter is provided by Aurelius Investments Limited. For information on the processing of personal data in this context, please view the data protection information of Aurelius Investments Limited on the main AURELIUS website at: www.aurelius-group.com/privacy-policy

C. Information on the processing of personal data of our applicants

In connection with our business activities, we process personal data of persons applying for jobs with us via our online application forms (Section B.IV) or via other means (e.g. via email or post).

We process data of our job applicants for the following purposes:

• Conducting the application process, in particular reviewing applications, contacting the applicant and conducting interviews to evaluate and select suitable applicants
• Reimbursement of application costs
• In the event that the applicant is not hired: Considering the applicant for future job offers, in particular storing data collected in the course of the application process, evaluating suitability for future job offers and contacting the applicant to initiate an application process
• Storage for a transitional period for evidence purposes for the possible establishment, exercise or defence of legal claims
• Establishment, exercise or defence of legal claims, including cooperation with external lawyers
• Cooperation with supervisory authorities, courts and other public bodies in order to comply with statutory obligations
• Retention of data for the fulfilment of legal, in particular commercial and tax law, retention obligations

For job offerings of other AURELIUS entities, we process personal data on behalf of the relevant other AURELIUS entity as their processor. You will find a link to the data protection information of the relevant AURELIUS entity in the respective application form.

You receive more detailed information on this below:

I. Details on the personal data which are processed

Categories of personal data processed	Personal data included in the categories	Sources of the data	Obligation of the data subject to provide the data	Storage duration
Master data	Name Date of birth Nationality Place of birth Country of birth Marital status	Applicants or recruitment agencies instructed to act on behalf of applicants	Provision is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data. The provision is generally necessary to enter into a contract. If the data is not provided, it will not be possible to conduct the application process and, if applicable, to hire an applicant.	If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees. If the relevant applicant consents to this, in the event that the applicant is not hired, the data will be stored for a period of 24 months (or until a possible prior withdrawal of consent) after completion of the application process for considering the applicant for future job offers. Otherwise the data will be stored only for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process. We also store these data to the extent statutory, in particular commercial and tax law, retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).
Contact data	Private address E-mail address Telephone number	Applicants or recruitment agencies instructed to act on behalf of applicants	Provision is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data. The provision is generally necessary to enter into a contract. If the data is not provided, it will not be possible to conduct the application process and, if applicable, to hire an applicant.	If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees. If the relevant applicant consents to this, in the event that the applicant is not hired, the data will be stored for a period of 24 months (or until a possible prior withdrawal of consent) after completion of the application process for considering the applicant for future job offers. Otherwise the data will be stored only for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process. We also store these data to the extent statutory, in particular commercial and tax law, retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).
Application data	Content of application documents: in particular photo, CV and certificates Contents of written correspondence (including electronic correspondence) relating to the application	Applicants or recruitment agencies instructed to act on behalf of applicants	Provision is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data. The provision is generally necessary to enter into a contract. If the data is not provided, it will not be possible to conduct the application process and, if applicable, to hire an applicant.	If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees. If the relevant applicant consents to this, in the event that the applicant is not hired, the data will be stored for a period of 24 months (or until a possible prior revocation of consent) after completion of the application procedure for considering the applicant for future job offers. Otherwise the data will be stored only for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.
	Consent to the storage of personal data collected during the application process for the purpose of considering the applicant for future job offers in the event that the applicant is not hired	Applicants	Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we may consider your application only for the position for which you have applied and, in the event that you are not hired, not for any future positions.
	Contents of evaluation notes, perceptions from interviews, feedback and evaluations Documentation of any consents given by the applicant to the storage of personal data collected during the application process for the consideration of the applicant for future job offers in the event that the applicant is not hired, in particular the time of consent and any withdrawal	Generated by us	–
Billing Data	Data provided by applicants for the reimbursement of application costs: This includes bank details and information on the nature and amount of the application costs	Applicants	Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data. If the data is not provided, we cannot reimburse any application costs.	We store these data to the extent statutory, in particular commercial and tax law, retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).
	Data we create in connection with any reimbursement of application costs: This includes the documentation of the payment and the documentation of any agreement on the waiver of the reimbursement of application costs	Generated by us	–

II. Details on the processing of the personal data

Purpose of processing the personal data	Categories of personal data processed	Automated decision-making	Legal basis and, where applicable, legitimate interests	Recipient
Conducting the application process for our own vacancies, in particular reviewing applications, contacting the applicant and conducting interviews to evaluate and select suitable applicants (For job offerings of other AURELIUS entities, we process personal data on behalf of the relevant other AURELIUS entity as their processor. You will find a link to the data protection information of the relevant AURELIUS entity in the respective application form.)	Master data Contact data Application data	No automated decision-making takes place.	Art. 88 (1) GDPR, sec. 26 (1) BDSG (Decision on the establishment of an employment relationship) Art. 6 (1) (b) GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract)	Application Tool Service Provider
Reimbursement of application costs	Master data Contact data Billing data	No automated decision-making takes place.	Art. 6 (1) (c) GDPR (Compliance with a legal obligation)	Banks
In the event that the applicant is not hired: Considering the applicant for future job offers, in particular storing data collected in the course of the application process, evaluating suitability for future job offers and contacting the applicant to initiate an application process	Master data Contact data Application data	No automated decision-making takes place.	Art. 6 (1) (a) GDPR (Consent)	Application Tool Service Provider
Storage for evidence purposes for the possible establishment, exercise or defence of legal claims	Master data Contact data Application data	No automated decision-making takes place.	Art. 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the establishment, exercise and defence of legal claims	Application Tool Service Provider
Establishment, exercise or defence of legal claims, including cooperation with external lawyers	Master data Contact data Application data	No automated decision-making takes place.	Art 6 (1) (f) GDPR (pursuing legitimate interests under balancing of interests): Our legitimate interest is the establishment, exercise or defence of legal claims	Courts Lawyers
Cooperation with supervisory authorities, courts and other public bodies for the fulfilment of legal obligations	Master data Contact data Application data	No automated decision-making takes place.	Art. 6 (1) (c) GDPR (Compliance with a legal obligation)	Supervisory authorities, courts and other public bodies
Retention of data for the fulfilment of legal, in particular commercial and tax law, retention obligations: Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).	Master data Contact data Billing data	No automated decision-making takes place.	Art. 6 (1) (c) GDPR (Compliance with a legal obligation)	–

III. Details on the recipients of personal data and the transfer of personal data to third countries and/or international organisations

Recipient	Recipient’s role	Transfers to third countries and/or international organisations	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Application Tool Service Provider: Haufe-Lexware Services GmbH & Co. KG Fraunhoferstraße 5, 82152 Planegg, Germany	Processor	There is no transfer to third countries and/or international organisations	–
Application Tool Service Provider: Deutschland Noris Network AG Thomas-Mann-Straße 16, 90471 Nürnberg, Germany	Processor	There is no transfer to third countries and/or international organisations	–
Banks	Controller	There is no transfer to third countries and/or international organisations	–
Lawyers	Controller	There is no transfer to third countries and/or international organisations	–
Supervisory authorities, courts and other public bodies	Controller	There is no transfer to third countries and/or international organisations	–

       

D. Information on the use of cookies or similar technologies

We use cookies in connection on our website. In doing so, we use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

You will find more detailed information on this in the following.

I. General information on cookies

Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the relevant website is visited again with the same device, the cookie and the information it contains can be retrieved.

1. First-party and third-party cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookies	Cookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller
Third-party cookies	Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

2. Transient and persistent cookies

A distinction can be made between transient and persistent cookies depending on how long they remain active:

Transient cookies (Session cookies)	Cookies that are automatically deleted when you close your browser
Persistent cookies	Cookies that remain stored on your device for a certain period of time after the browser is closed

3. Consent-free cookies and cookies requiring consent

Users’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookies	Cookies that have as their sole purpose to transmit a message using an electronic communication network
	Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (”strictly necessary cookies”)
Cookies requiring consent	Cookies for all purposes of use other than the aforementioned

II. Management of the cookies used on our website

1. Granting and withdrawing consents to the use of cookies in the data protection settings of our website

If consent is necessary for the use of certain cookies, we only use these cookies if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on our website in Section C.III. of this Data Protection Information.

When you first visit our website, we display a pop-up for data protection settings. In the data protection settings, you can give consent for the use of cookies that require consent and the processing of your personal data enabled thereby. However, you can also continue to use our website without consent. In this case, we will only use cookies for which consent is not required.

You can access the data protection settings of our website at any time via the link contained in this Data Protection Information and in the footer of our website. In the data protection settings, you can withdraw or re-grant the consents you have given at any time.

We store whether and, if applicable, which consents you have given in the form of a (strictly necessary) cookie (so-called ”data protection settings cookie“) on your device. The data protection setting cookie has a limited validity period of 12 months. After the expiration of the validity period, or if you delete the data protection settings cookie manually beforehand, we will display the banner for data protection settings for our website again the next time you visit our website.

You cannot deactivate cookies that are strictly necessary in the data protection settings of our website. However, you can generally deactivate these cookies in your browser at any time.

2. Managing cookies using browser settings

You can also manage the use of cookies in your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at http://www.allaboutcookies.org/manage-cookies/.

However, we would like to point out that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.

III. Cookies used on our website

The following cookies may be used on our website:

Name	First-party / third-party	Purpose of use and content	Effective term	Consent necessary?
Language selection Cookies
wp-wpml_current_language	First party	This cookie is strictly necessary to provide the language selection function of our website (Section B.I). This cookie saves information on your language selection (e.g. ”de” for the German language version) in order to provide you with the content of our website accessed by you in the language which you have selected for the entire browser session.	Transient	No
Data Protection Settings Cookies
cookieyes-consent	First-party	This cookie is strictly necessary to provide the data protection settings function for our website (Section B.I). This cookie stores information about whether and, if so, which consents you have given and when, in order to possibly activate the respective processing activities and cookies requiring consent in accordance with your consent and in order to be able to determine whether we require renewed consent from you in the event of changes to processing activities and cookies requiring consent.	Persistent: 12 months	No
Content Provision Cookies
aureliusCareers_home_visited	First party	This cookie is strictly necessary to ensure the correct display of the website content accessed by the user (Section B.I). The cookie is set and contains the value “true” once the so called “pre loader” of the website has been displayed to the user (i.e. a loading screen that is displayed upon the first visit while the website content is downloaded). This cookie is used to ensure that the pre loader is only displayed once and does not interrupt the user’s use of our website.	Persistent: 7 days	No
Application Form Cookies
CGISESSID	First party	This cookie is strictly necessary to provide the application forms on our website (Section B.IV). This cookie stores a unique ID for the application form session (so-called ”session ID“) as well as the expiry date of the respective session in order to maintain the respective application form session until the expiry date.	Transient	No
language	First party	This cookie is strictly necessary to provide the application forms on our website (Section B.IV) in the chosen language. This cookie saves information on your language selection (e.g. ”ger” for the German language version) in order to provide you with the content of our website accessed by you in the language which you have selected for the entire browser session.	Transient	No
Web Analysis cookies (for the web analysis tool Matomo) These cookies are used by the web analysis tool Matomo to record and analyse the usage behaviour on our website, in order to improve our website (Section B.II).
MATOMO_SESSID	First party	This cookie contains a unique visitor ID and is used to recognise visitors within their relevant browser session.	Transient	Yes

E. Information on the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (”right to be forgotten”) (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)

You may contact us for the purpose of exercising these rights using the contact information in Section A.

Where applicable, you find information on any specific modalities and mechanisms which facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, in the information on the processing of personal data in Section B and Section C of this Data Protection Information.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

Below you find more detailed information on your rights with regard to the processing of your personal data:

I. Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Art. 15 GDPR.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Art. 15 (1) (a), (b) and (c) GDPR).

You can find the full extent of your right to access and information in Art. 15 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Art. 16 GDPR.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Art. 16 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (”right to be forgotten”)

As a data subject, you have a right to erasure (”right to be forgotten”) under the conditions provided in Art. 17 GDPR.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 (1) GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 (1) (a) GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 (2) GDPR).

The right to erasure (”right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Art. 17 (3) (b) and (e) GDPR).

You can find the full extent of your right to erasure (”right to be forgotten”) in Art. 17 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing under the conditions provided in Art. 18 GDPR.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 (1) (a) GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 (3) GDPR).

You can find the full extent of your right to restriction of processing in Art. 18 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Art. 20 GDPR.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means (Art. 20 (1) GDPR).

You can find information as to whether an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR in the information regarding the legal basis of processing in Section B and Section C of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 (2) GDPR).

You can find the full extent of your right to data portability in Art. 20 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Art. 6 (1) (e) or (f) GDPR in the information regarding the legal basis of processing in Section B and Section C of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B and Section C of this Data Protection Information.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Art. 21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right to withdraw consent

Where an instance of processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, as a data subject you have the right to withdraw your consent at any time pursuant to Art. 7 (3) GDPR,. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Art. 6 (1) (a) or Art. 9 (2) (a) GDPR in the information regarding the legal basis of processing in Section B and Section C of this Data Protection Information.

VIII. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 77 GDPR.

The contact details of the supervisory authorities in the EU/EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

F. Information about the technical terms of the General Data Protection Regulation used in this Data Protection Information

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation.

The full scope of the definitions of the General Data Protection Regulation can be found in Art. 4 GDPR, which can be downloaded from the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Information below:

”Personal data” means any information relating to an identified or identifiable natural person (”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

”Data Subject” means the respective identified or identifiable natural person, to which the personal Data refers to;

”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

”Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

”Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

”Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

”Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

”Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

”International organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

”Third country” means a country which is not a member state of the European Union (”EU”) or the European Economic Area (”EEA”);

”Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

G. Effective date of and changes to this Data Protection Information

The effective date of this Data Protection Information is February 13, 2024.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements.

An up-to-date version of this Data Protection Information can be retrieved at any time at [career.aurelius-group.com/privacy-policy].