Aven Management GmbH (hereinafter “Aven”, “we” or “us”), represented by its Managing Director Frederik Brandis, operates the domain www.avencp.com (the “Website”).

Aven protects the privacy of this Website’s visitors and complies with all applicable data protection provisions, including the European General Data Protection Regulation (“GDPR”) and the German Digital Services Act (Digitale-Dienste-Gesetz – “DDG”).

For any questions or requests regarding data protection, please contact us at imprint@avencp.com.

Information on Data Protection

This Privacy Policy informs you, in accordance with Article 13 GDPR, about the processing of personal data when visiting our Website as well as the rights to which you are entitled.

Controller

The controller responsible pursuant to Article 4(7) GDPR for the processing of personal data collected during visits to this Website is:

Aven Management GmbH

Strelitzer Str. 58

10115 Berlin

Germany

Email: imprint@avencp.com

Registered: Amtsgericht Charlottenburg, HRB 280376 B

Managing Director: Frederik Brandis

Data Protection Officer

Our Data Protection Officer is available to respond to questions or comments regarding data protection:

Frederik Brandis

c/o Aven Management GmbH

Strelitzer Str. 58, 10115 Berlin, Germany

Email: imprint@avencp.com

Data Security

To protect your data from unauthorised access as comprehensively as possible, we implement appropriate technical and organisational measures. We use encryption on our Website. Your information is transmitted between your device and our server using TLS encryption. You can usually recognise this by the closed lock symbol in your browser’s status bar and the prefix “https://” in the address line.

Data Processing Activities

Usage Data

When you visit our Website, we temporarily store so-called usage data on the basis of Article 6(1)(f) GDPR and Section 25(2)(2) TDDDG. These usage data are processed for statistical purposes in order to improve the quality of our Website. We also use this information to enable Website access, to monitor and administer our systems, and to optimise Website design. These purposes constitute our legitimate interest within the meaning of Article 6(1)(f) GDPR.

The data record consists of:

• the IP address of the requesting device (in truncated form to prevent attribution to an individual),

• date and time of access,

• name of the accessed file or page,

• volume of data transferred and status information (e.g. successful retrieval),

• browser type and browser version,

• operating system used,

• referrer URL (previously visited page),

• requesting provider.

These data cannot be assigned to a specific person; they are not merged with other data sources.

Use of Cookies

We use cookies on our Website. Cookies are small text files stored in the browser or by the browser on the user’s device. They enable information to be stored for a certain period and allow the user’s device to be recognised. This improves navigation and makes the Website more user-friendly. Cookies also assist in identifying particularly popular sections of our Website. Session cookies are deleted once you close your browser; permanent cookies remain stored beyond the individual session.

Some cookies are necessary for the operation of our Website. These cookies are not used for analytics, tracking, or advertising. Some contain only configuration settings and are not personal. Others are required for user guidance, security and functionality. We process these cookies on the basis of Article 6(1)(f) GDPR and Section 25(2)(2) TDDDG, based on our legitimate interest in providing basic website functionality.

You can configure your browser to notify you when cookies are set. You may also delete existing cookies and prevent the storage of new ones. Please note that blocking cookies may result in the Website not being displayed correctly or certain functions no longer being available. We also use non-essential cookies. Details on these cookies are provided below.

Website Analytics

To design our Website in line with user needs, we use a web analytics tool. Processing is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG, provided you have granted consent via our cookie banner. You may withdraw your consent at any time with effect for the future. You can adjust your settings through the cookie banner accessible via the cookie icon in the footer of our Website.

How does tracking work?

The analytics provider generates pseudonymised usage profiles to analyse visitor interactions and to optimise and tailor our offering. Permanent cookies are stored on your device for this purpose. We may also retrieve unique identifiers for your browser or device (e.g. via tracking pixels or browser fingerprinting). This enables us to recognise returning visitors.

We use the following third-party providers in the context of website analytics and interactive features: Google Ireland Limited

Gordon House, Barrow Street, Dublin 4, Ireland

We use Google Analytics 4 to analyse Website usage. Google Analytics 4 uses cookies and similar technologies to compile statistical information. The generated data (including truncated IP addresses) are transmitted to and processed on Google servers.

Google Analytics 4 anonymises IP addresses within the EU as a default setting. Data are only combined with other Google information if you are logged into a Google account and have enabled corresponding settings.

Further information: https://policies.google.com/privacy

Google Tag Manager

Also provided by Google Ireland Limited.

Google Tag Manager manages and triggers analytics and marketing tags. It does not itself create user profiles, store cookies, or perform analytics. Data collection only occurs through the tools integrated via Tag Manager (e.g. Google Analytics 4).

Data transfers to third countries

The use of Google services may result in transfers to Google LLC servers in the United States. Google relies on EU Standard Contractual Clauses under Article 46(2)(c) GDPR as appropriate safeguards. Additional information is available in Google’s Privacy Policy.

Contacting Us

You may contact us by post, telephone, or email. We also provide a contact form on our Website, which is integrated via our hosting provider Framer (see below). The form may be used for general enquiries as well as for sharing pitch decks and investment proposals.

When you use the form or otherwise contact us, the following personal data may be processed depending on the purpose: company name, first and last name, email address, and the content of your message. For pitch deck submissions, additional information about your company, product, team, funding needs and any uploaded documents may be processed.

Data are processed to handle your enquiry, address you directly, allocate your request to a specific process or company, and enable potential communication in the context of our investment activities.

The legal basis is Article 6(1)(f) GDPR. We have a legitimate interest in communicating with Website visitors and responding to queries. If your enquiry relates to a contractual matter, processing is based on Article 6(1)(b) GDPR. General enquiries are deleted after six months unless further correspondence is necessary. Data relating to pitch-deck or investment submissions are stored until a final decision is made and no longer than two years. Data are then deleted or anonymised unless statutory retention obligations require longer storage (e.g. under Section 257 of the German Commercial Code (HGB) or Section 147 of the German Fiscal Code (AO)).

Integration of Third-Party Technical Content and Features

We use various third-party services to display content and ensure Website functionality. When our pages are accessed, the corresponding content is loaded from the provider’s servers. The provider receives information that you accessed our Website, including technically necessary usage data (e.g. IP address, time of access, browser information). We have no influence on subsequent processing activities carried out by those providers.

Processing is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG, if granted via the cookie or consent banner.

Please note that third-party content may result in data processing outside the EU/EEA. Transfers to the United States are covered by the EU-U.S. Data Privacy Framework for certified entities.

The following providers are used:

Framer B.V.

Singel 542, 1017 AZ Amsterdam, Netherlands

Framer provides the hosting and rendering infrastructure for our Website and operates the integrated contact form. When you access the Website or submit the form, technical connection data (e.g. IP address, browser type, time of access) and the information you enter into the form are processed by Framer on our behalf to ensure Website availability and to deliver your enquiry to us.

Privacy Policy: https://www.framer.com/legal/privacy-policy/

Google Ireland Limited

We integrate technical components such as Google Tag Manager and Google Analytics 4. Google may use cookies and similar technologies. Data may be processed in the US under the EU-U.S. Data Privacy Framework.

Privacy Policy: https://policies.google.com/privacy

We use exclusively locally hosted or Framer-hosted web fonts. No external font loading (e.g. Google Fonts) occurs.

Is the Provision of Data Mandatory?

The provision of your data is voluntary and not legally or contractually required. Certain services require specific information, such as an email address in contact forms. Required fields are marked. Failure to provide mandatory information means the respective service cannot be delivered. Optional information may improve service quality but is not required.

Data Retention

Unless specific retention periods have been indicated, we delete personal data once they are no longer necessary for the stated purposes and no statutory retention obligations conflict with deletion.

Recipients of Data

We share your data with service providers acting on our behalf under Article 28 GDPR, supporting the operation of our Website, related processes and internal business operations. These processors are bound by our instructions and contractual data protection obligations.

This includes providers in the following categories:

• hosting and cloud service providers,

• IT security and performance providers (e.g. CDNs),

• web analytics and tag management providers,

• providers responsible for online forms,

• technical administration and maintenance providers,

• providers of office software and internal communication tools,

• providers supporting our dealflow management and investment analysis.

Processors are carefully selected and only receive access to personal data to the extent and for the duration necessary.

Some providers’ servers are located in the United States or other non-EU/EEA countries. Where applicable, transfers to US providers certified under the EU-U.S. Data Privacy Framework ensure an adequate level of protection.

In all other cases, we implement EU Standard Contractual Clauses or other appropriate safeguards. If a transfer to an insecure third country occurs based on your consent, this is done pursuant to Article 49(1)(a) GDPR.

Your Rights as a Data Subject

You have the right to obtain access to your personal data (Article 15 GDPR) and to request rectification (Article 16 GDPR) or erasure (Article 17 GDPR) where the relevant conditions are met. You may request restriction of processing under Article 18 GDPR and have the right to data portability under Article 20 GDPR. If processing is based on your consent, you may withdraw that consent at any time with future effect (Article 7 GDPR). Withdrawal does not affect the lawfulness of processing carried out before withdrawal. You also have the right to lodge a complaint with a supervisory authority (Article 77 GDPR) — in Germany, the competent authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, as Aven is established in Berlin.

To exercise any of these rights, please contact us at imprint@avencp.com.

Right to Object

Where processing is based on consent, you may withdraw such consent at any time with effect for the future. Withdrawal does not affect the lawfulness of prior processing. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or unless processing is required for the establishment, exercise or defence of legal claims.

You also have the right to object at any time to the processing of your data for direct marketing purposes. This also applies to profiling related to direct marketing.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities or applicable law. The current version will always be available on this page.

Last updated: May 2026