Client Privacy Notice

Last Revision Date – 1 January 2021

Introduction
This notice (the “Notice”) is provided by each of the entities listed in the Appendix (together “Pantheon”, “us” or “we”) as data controller. This Notice is addressed to any natural person who is any of the following: a client of Pantheon Group1 or a direct or indirect investor in any fund managed or advised by Pantheon Group (a “Pantheon Fund”), or a member, partner, shareholder, beneficial owner, officer, director, employee or other representative of any client of Pantheon Group or of any direct or indirect investor in any Pantheon Fund, including any prospective client or investor (referred to as “you” in this Notice) whose personal information Pantheon collects and controls in the conduct of its business. If you are a non-natural person that provides us with personal information on individuals connected to you for any reason in relation to your investment with us, this Notice will be relevant for those individuals and you should provide a copy of this Notice to such individuals or otherwise advise them of its content.

This Notice gives information regarding your personal information (defined as “personal data” under the Privacy Laws (defined below)) and describes the basis on which we process your personal information, for what purposes, your privacy rights under applicable privacy laws including, where applicable, under the Data Protection Law, 2017 of the Cayman Islands (“DPL“), General Data Protection Regulation (“GDPR”) and other UK, European, the Bailiwick of Guernsey (“Guernsey”) data privacy and protection laws, the California Consumer Privacy Act (“CCPA”) and applicable US and non-US privacy laws (the “Privacy Laws”) and how we protect your personal information. Maintaining your privacy is important to us and we hold ourselves to the highest standards in its safekeeping and use. We have developed policies designed to protect the confidentiality, while allowing the needs of investors and clients to be served. We do not sell any personal data and have not sold any personal data in the past.

The information we collect
In the conduct of our business, we may obtain personal information about you in connection with your existing or proposed appointment or engagement of Pantheon or existing or proposed investment in a Pantheon Fund (any such person being a “Pantheon Client”), including without limitation your name, role/position/title and area of responsibility, address and other contact details, and certain identifying information such as date of birth address and social security number, tax or other identification number. If you deal with Pantheon in your individual capacity (e.g., as an individual client), or as a settler/trustee/beneficiary of a trust, or as an owner or a principal of a company or other investment vehicle established to invest on your behalf or on behalf of your family, we may additionally collect information about your income, assets and other financial information, including asset situation, investment experience and objectives, risk tolerance as well as your age, occupation and marital status. This information may come directly from public sources such as governmental authorities, public directories and screening or background checking tools, or from you such as application, subscription or other forms or material completed or supplied by actual or prospective Pantheon Clients, other written, electronic or verbal correspondence which relate to transactions by or on behalf of a Pantheon Client as well as financial information relating to any such person’s investment in a Pantheon Fund or any portfolio investments, such as capital account balance, contributions, income allocations and distributions. We may also collect personal information provided by you in calls which are recorded by us, as required by applicable laws.

We may also collect special categories of personal data (as defined in the GDPR and including health, disability and religious or ethnicity information) where provided by you, with your consent, such as disability information or religious data for purposes required by you such as scheduling of meetings or access to Pantheon or Pantheon Group premises.

How we use information that we collect
We collect your personal information to fulfil our contractual or legal obligations and/or to pursue the legitimate interests of Pantheon and / or for other purposes for which Pantheon has a lawful basis under the Privacy Laws, including: (i) for compliance with legal and regulatory requirements such as regulations aimed at prevention of money laundering or terrorist financing or “Know your Customer” requirements, as well as to verify the status and / or eligibility of Pantheon Clients for funds or services offered by Pantheon, and for determination of the suitability of such funds or services for Pantheon Clients and for compliance with tax reporting requirements; (ii) for purposes of reporting to, or communicating with, Pantheon Clients concerning their existing or prospective investment in Pantheon Funds or existing or prospective appointment or engagement of Pantheon consistent with our obligations to such Pantheon Clients; (iii) to carry out transactions on behalf of Pantheon Funds and Pantheon Clients properly and smoothly, including in connection with our investment activities, including investment due diligence or investment monitoring activities or in response to “Know your Customer” requirements of counter-parties; (iv) to research and develop financial products and services; (v) to facilitate our internal business operations, including assessing and managing risk; (vi) in connection with litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving Pantheon, Pantheon Funds or Pantheon Clients; and (vii) for other legitimate business interests. If you have provided special categories of personal data to us to enable us to respond to certain requests by you such as access requests or scheduling of meetings or similar requirements, we do so with your consent.

In addition, we may, either with your consent or where we have identified a legitimate interest in doing so (and to the extent permitted by law), process your personal information in order to communicate with you, on behalf of the organisation for whom you work or directly for yourself, for certain marketing purposes related to our business. In this event, we may provide additional information that we believe may be of interest, including about funds or services, news updates, research or market commentary, conferences, or events offered by or in conjunction with Pantheon. You have the right to unsubscribe from these communications by emailing infosec.privacy@pantheon.com or by following the instructions in any such communication, e.g. by clicking on the link to unsubscribe or by writing to the Data Protection Officer at the address provided below.

The Disclosure of your Information
Within the Group. We may share your personal information with Pantheon Group entities, including those listed in the Appendix and also with Pantheon Funds for any of the purposes set forth above. Our group entities, in turn, are not permitted to share your information with other non-affiliates entities, except as described herein or otherwise permitted by the Privacy Laws or other applicable laws. A data transfer agreement, incorporating the Standard Contractual Clauses (“SCCs”) approved by the European Commission, governs the intra-group transfer of personal data where (i) the data exporter is based in the European Economic Area (“EEA”), the United Kingdom, Guernsey and transfers personal data to a data importer based in a territory outside of (as a whole) the EEA, the United Kingdom, Guernsey and Switzerland which has not obtained a finding of adequate level of protection by the European Commission (or other applicable data protection authority of the country in which the data exporter is located); (ii) where the data exporter is based in the EEA, Switzerland, or the Cayman Islands and transfers personal data outside that country to a data importer in the United Kingdom (unless and until the European Commission issues a finding of an adequate level of protection in the United Kingdom); and (iii) where the data exporter is based in the Cayman Islands and transfers personal data to a data importer based in a territory outside of the Cayman Islands which the Ombudsman of the Cayman Islands does not consider as ensuring an adequate level of data protection (on the basis that European legal references of the relevant SCCs shall be construed and interpreted under the relevant laws and regulations in the Cayman Islands, as applicable, where referred to in the SCCs). Links to the latest versions of the SCCs approved by the European Commission are provided below:
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915
http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087

Outside the Group. We may share your personal information with non-affiliated third parties for any of the purposes set forth above. By way of example, we share your personal information with:

  • Service providers (e.g., attorneys, auditors, accountants, tax advisers, administrators, custodians, depositaries, distribution managers and brokerage firms, AML service providers, tax information exchange service providers, event organizers or other agent, adviser or service provider of any Pantheon Fund or Pantheon Client). As is common in the industry, non-affiliated third party companies may from time to time be used to provide certain services, such as administration services, tax compliance services, reporting, account statements and other information, organizing events, conducting research on client satisfaction and gathering shareholder proxies. These companies may have access to your personal information but are permitted to use the information solely to provide the specific service or as otherwise permitted by law.
  • Other counter-parties, including any portfolio fund, any vendor, any lender or any of their respective managers, general partners or investment advisers or administrators, or any of their respective agents or representatives or any affiliate of any of the foregoing. For example, we may share personal information with a prospective portfolio fund of any Pantheon Fund or Pantheon Client in order to respond to the anti-money laundering enquiries of such portfolio fund.

 

We may also share your personal information with law enforcement agencies and applicable regulators.

Where your personal information is transferred by Pantheon outside of the group (i) by an entity that is based in the EEA, the United Kingdom, Guernsey to a third party that processes or transfers such personal data in or to a territory outside of (as a whole) the EEA, the United Kingdom, Guernsey and Switzerland which has not obtained a finding of adequate level of protection by the European Commission (or other applicable data protection authority of the country in which the data exporter is located); and (ii) from an entity that is based in the EEA, Switzerland, or the Cayman Islands to a third party in the United Kingdom (unless and until the European Commission issues a finding of an adequate level of protection in the United Kingdom), we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of SCCs, as required. In addition, the transfer of personal data outside of the Cayman Islands to third parties in a country which the Ombudsman of the Cayman Islands does not consider as ensuring an adequate level of data protection will be subject to appropriate safeguards, as required by the DPL, such as data transfer agreements.

Security
We take seriously the obligation to safeguard your non-public personal information. We maintain physical, electronic, and procedural safeguards to protect against unauthorized access to your information. We endeavor to restrict access to non-public personal information about you to those members, officers, employees and other workers of Pantheon and service providers who need access to that information. All of our employees and service providers are required to maintain the confidentiality of all nonpublic personal information. Pantheon Group has appointed a Data Protection Officer (whose contact details are provided below) with overall responsibility safekeeping of personal data and implementation of this policy within our Group.

Changes to this Notice
We may change this Notice from time to time. The latest version will be posted on our website.

Updating your details
If any of the information that you have provided to us changes, for example if you change your email address, please let us know by sending an email to infosec.privacy@pantheon.com, by calling toll-free (within the U.S. only) (844) 927-1475, or by writing to the Data Protection Officer at the address provided below.

Your rights
You have certain rights relating to the personal information we hold in accordance with and subject to applicable Privacy Laws to: (i) check whether we hold personal information about you and to access such data (in accordance with our policy); (ii) request the correction/rectification of personal information about you that is inaccurate or incomplete; (iii) have a copy of the personal information we hold about you provided to you or another controller where technically feasible; (iv) request the erasure of your personal information; (v) request the restriction of processing concerning you; (vi) data portability; (vii) object to processing for direct marketing purposes; and (viii) be notified of rectification, erasure and restrictions. To do so, please send your request by email to infosec.privacy@pantheon.com, by calling toll-free (within the U.S. only) (844) 927-1475, or by writing to the Data Protection Officer at the address provided below. If you submit a request in relation to the access or erasure of your personal information, you will be required to verify your identity by answering certain questions. You will not be discriminated against for exercising these rights. You are required to ensure the personal information we hold about you is up-to-date and accurate and you must notify us of any changes to the personal data you provided to us in, for example in information supplied in relation to an investment in the applicable Pantheon Fund. If you provided consent for us to use your personal information, including for marketing purposes, you have the right to withdraw consent at any time and we will process this withdrawal promptly (unless otherwise required by applicable law). To withdraw consent, please email infosec.privacy@pantheon.com, call toll-free (within the U.S. only) (844) 927-1475, or write to the Data Protection Officer at the address provided below.

Data Retention
We retain your personal information for a period of at least five years from the date on which the relevant business relationship, for which purpose such personal data was provided, has ended (or if later the date on which the last transaction was completed or the last entry to the record was made). Thereafter, Pantheon will delete (or otherwise erase, de-identify or pseudonymise or equivalent) any such personal data except as required or permitted by applicable law or regulation.

What if I have a question?
Please email infosec.privacy@pantheon.com, call toll-free (within the U.S. only) (844) 927-1475, or write to the Pantheon Data Protection Officer c/o Pantheon Ventures (UK) LLP, 10 Finsbury Square, 4th Floor, London EC2A 1AF if you have any questions about our privacy notice. You may also make a complaint, in accordance with applicable Privacy Laws to a supervisory authority. Our UK supervisory authority is the Information Commissioner’s Office our Irish supervisory authority is the Data Protection Commission, the Guernsey supervisory authority is the Office of the Data Protection Commissioner, and the Cayman Islands supervisory authority is the Office of the Ombudsman of the Cayman Islands.

1 Pantheon Group means Pantheon Ventures Inc. and AMG Plymouth UK Holdings (1) Limited and their repsective subsidiaries and subsidiary undertakings and specifically includes the affiliates listed in the Appendix as amended from time to time.