Privacy Policy

Aevum Zenth Conglomerate AG ("Aevum Zenth," "we," "our," or "us") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy describes how we collect, use, process, and safeguard your personal information across our global network of 400+ subsidiaries, 280 digital platforms, and 62 country operations.

By accessing or using any of our websites, mobile applications, services, or platforms — including but not limited to Aevum Energy & Power, Zenth Digital Systems, Aevum Aerospace & Defense, Zenth Health Sciences, Aevum Capital Group, Zenth Agritech, Aevum Global Logistics, Zenth Media Group, and any other division within the Aevum Zenth ecosystem — you agree to the collection and use of information in accordance with this policy.

We collect personal information that you voluntarily provide when interacting with our services, including:

• Identity Data: Full name, legal identifiers, government-issued identification numbers (for financial, healthcare, and aerospace services)
• Contact Data: Physical address, email address, telephone number, billing address
• Financial Data: Bank account details, payment card information, credit history, investment portfolios (collected by Aevum Capital Group and affiliated financial subsidiaries)
• Health & Medical Data: Medical records, genetic information, insurance details, treatment history (collected by Zenth Health Sciences and affiliated healthcare subsidiaries under strict HIPAA, GDPR, and applicable medical data regulations)
• Professional Data: Employment history, corporate registration details, business licenses (for B2B enterprise services)
• Communication Data: Customer support transcripts, emails, call recordings, survey responses, feedback forms
• Account Credentials: Username, password, authentication tokens, biometric data for secure access

When you visit our websites or use our applications, we automatically collect:

• Device & Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, network connection type
• Usage Data: Pages viewed, time spent, click patterns, navigation paths, application interaction logs, feature usage analytics
• Location Data: GPS coordinates, geolocation data, proximity information (with your explicit consent, where required by law)
• Log Data: Server logs, error reports, crash data, performance metrics, access timestamps
• Referral Data: URLs that directed you to our services, search engine queries

We may receive personal data about you from the following sources:

• Business partners and affiliated subsidiary companies within the Aevum Zenth conglomerate
• Publicly available databases, government registries, and business directories
• Data brokerage and analytics providers (where legally permissible)
• Social media platforms when you interact with our social media channels
• Payment processors and financial institutions for transaction verification
• Background screening agencies (for employment-related purposes)
• Research and data partner institutions

Certain of our subsidiaries process sensitive personal data as part of their specialized services. The following table summarizes when and why sensitive categories are collected:

We process your personal information for the following purposes:

• Providing, operating, and maintaining our services across all business divisions
• Fulfilling contractual obligations and processing transactions
• Managing your account, preferences, and communications
• Delivering customized content, product recommendations, and service offerings
• Facilitating healthcare appointments, investment transactions, or aerospace program enrollment

• Internal business operations including identification of usage trends, data analysis, and quality assurance
• Cross-divisional service integration and consolidated account management across the Aevum Zenth ecosystem
• Financial reporting, auditing, and tax compliance
• Risk management, fraud detection, and loss prevention
• Employee management and internal workforce administration

• Conducting research and development to improve our technologies, services, and products
• Training machine learning models and AI systems used across our divisions (where anonymized and aggregated)
• Market research and trend analysis
• Scientific research conducted by Zenth Advanced Research and affiliated R&D entities

• Compliance with applicable laws, regulations, legal processes, and enforceable governmental requests
• Enforcement of our Terms of Service, privacy policy, and other legal agreements
• Protection of the rights, property, or safety of Aevum Zenth, our users, or the public
• Regulatory reporting requirements across multiple jurisdictions

• Sending promotional communications, product updates, and service announcements (with your consent where required)
• Personalizing advertising and content based on your interests and behavior
• Conducting customer satisfaction surveys and requesting feedback

Aevum Zenth does not sell your personal data. We may share your information in the following circumstances:

As a multinational conglomerate, we share personal data among our subsidiaries and affiliated entities for the purposes outlined in this policy. This sharing is governed by the Aevum Zenth Internal Data Protection Framework, which ensures that all 400+ subsidiaries adhere to unified privacy standards. Subsidiaries receiving your data are contractually obligated to protect it in accordance with this policy.

We engage trusted third-party vendors and service providers who process data on our behalf under strict data processing agreements. These providers include:

• Cloud infrastructure and hosting providers
• Payment processing and financial clearing companies
• Data analytics and business intelligence platforms
• Email delivery and communication management services
• IT security and threat monitoring companies
• Customer support and call center operations
• Legal, accounting, and audit firms

We may disclose your personal information when required or permitted by law, including:

• To comply with legal obligations, regulatory requirements, or court orders
• In response to lawful requests from public and governmental authorities
• To protect the rights, property, or safety of Aevum Zenth, our users, or others
• In connection with a merger, acquisition, or sale of assets (see Section 11)
• To prevent, detect, or investigate security incidents, fraud, or illegal activity

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of Aevum Zenth's assets, your personal data may be transferred as part of that transaction. We will notify affected users via prominent notice on our website and through direct communication before the transfer takes effect.

Aevum Zenth implements comprehensive technical and organizational security measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security infrastructure includes:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit across all divisions and platforms
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege enforcement across all systems
• Network Security: Zero-trust network architecture, intrusion detection/prevention systems (IDS/IPS), DDoS mitigation, and continuous vulnerability scanning
• Physical Security: Biometric-access data centers, 24/7 surveillance, and multi-layered physical security protocols at all global facilities
• Incident Response: A 24/7 Security Operations Center (SOC) with automated threat detection and a defined breach notification timeline of no more than 72 hours
• Compliance Certifications: ISO 27001, ISO 27701, SOC 2 Type II, GDPR, CCPA/CPRA, HIPAA (for healthcare subsidiary operations)

While we employ industry-leading security measures, no system can guarantee absolute security. We encourage users to protect their own accounts by using strong passwords and enabling two-factor authentication where available.

Our websites and services use cookies, web beacons, local storage, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver personalized content. The following table summarizes the technologies we use:

You can manage your cookie preferences at any time through our Cookie Preference Center, accessible from the footer of any Aevum Zenth webpage. You may also configure your browser settings to reject or delete cookies. Please note that disabling certain cookies may affect the functionality of our services.

Aevum Zenth honors Global Privacy Control (GPC) signals. When you enable a GPC-supported browser setting or opt-out mechanism, we will apply the corresponding privacy settings across our platforms.

Our platforms may contain links to or integrations with third-party websites and services that are not operated by Aevum Zenth. This includes:

• Payment processors and financial intermediaries
• Cloud service providers and infrastructure partners
• Social media platforms and content distribution networks
• Analytics and ad technology partners
• Embedded content from external partners (videos, maps, articles)
• Partner applications and API integrations

These third-party services have their own privacy policies and data handling practices, which are independent of ours. We strongly recommend reviewing the privacy policies of any third-party service before providing personal information. Aevum Zenth is not responsible for the privacy practices of these external services.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no compelling reason to retain it
• Right to Restrict Processing: Request that we limit the way we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw previously given consent at any time (does not affect prior lawful processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

• Right to Know: Request disclosure of categories and specifics of personal information collected
• Right to Delete: Request deletion of personal information collected from you
• Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information (we do not sell data)
• Right to Limit Use of Sensitive Data: Restrict the use of sensitive personal information
• Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment

To exercise any of the above rights, please submit a request through our Data Subject Request portal or contact our Data Protection Officer (see Section 13). We will respond to your request within 30 days (or 45 days for complex requests) and will verify your identity before processing your request. There is no fee for making a valid request, except where requests are manifestly unfounded or excessive.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations:

• Account Data: Retained for the duration of your account plus 90 days after deactivation for dispute resolution
• Transaction Records: Retained for 7 years for financial and tax compliance purposes
• Healthcare Records: Retained per applicable medical records retention laws (typically 7-10 years post-treatment)
• Communications: Customer support logs retained for 3 years
• Marketing Data: Retained until you unsubscribe or for a maximum of 24 months of inactivity
• Log & Analytics Data: Anonymized after 18 months; personal data removed after 13 months
• Employment Data: Retained for the duration of employment plus 7 years post-employment
• Legal Hold Data: Retained as long as necessary for ongoing or anticipated litigation

At the end of each retention period, personal data is either securely destroyed or permanently anonymized so that it can no longer be associated with an identifiable individual.

Aevum Zenth is committed to protecting the privacy of children. Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction, whichever is higher).

We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child without verified parental consent, we will take prompt steps to delete that information. If you believe a child has provided us with personal data, please contact us immediately at privacy@aevumzenth.com.

Parents and guardians who believe we may have collected data from their child may request its deletion by contacting our Data Protection Officer. We will verify parent/guardian status and delete the data within 30 days of confirmation.

As a global organization operating in 62 countries, your personal data may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your jurisdiction.

Where we transfer personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:

• European Commission's Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum (IDTA)
• Swiss-U.S. and Swiss-EU Data Protection Frameworks
• Adequacy decisions where applicable
• Binding Corporate Rules (BCRs) within the Aevum Zenth Group

You may request a copy of the safeguard mechanisms we employ by contacting our Data Protection Officer.

Aevum Zenth may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or industry standards. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last Updated" date
• Provide prominent notice through our websites and services at least 30 days before the changes take effect
• Notify registered users via email where the changes materially affect their rights

We encourage you to review this policy periodically. Your continued use of our services after the effective date of any changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the channels below:

For users in the European Union, you also have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.