Last Revision Date – December 2022
Introduction
This notice (the “Notice”) is provided by each of the entities listed in the Appendix under this link (together “Pantheon”, “us” or “we”) as data controller. This Notice is addressed to any natural person who is any of the following: a client of Pantheon Group or a direct or indirect investor in any fund managed or advised by Pantheon Group1 (a “Pantheon Fund”), or a member, partner, shareholder, beneficial owner, officer, director, employee or other representative of any client of Pantheon Group or of any direct or indirect investor in any Pantheon Fund, including any prospective client or investor (referred to as “you” in this Notice) whose personal information Pantheon collects and controls in the conduct of its business. If you are a non-natural person that provides us with personal information on individuals connected to you for any reason in relation to your investment with us, this Notice will be relevant for those individuals and you should provide a copy of this Notice to such individuals or otherwise advise them of its content.
This Notice provides information regarding your personal information (defined as “personal data” under the Privacy Laws (defined below)) and describes the basis on which we process your personal information, for what purposes, your privacy rights under applicable privacy laws including without limitation, where applicable, General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (“UK GDPR”), the UK Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Data Protection Law (Revised) of the Cayman Islands (“DPL“), the Data Protection (Bailiwick of Guernsey) Law 2017, the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”) and applicable US and non-US privacy and data protection laws (the “Privacy Laws”) and how we protect your personal information. Maintaining your privacy is important to us and we hold ourselves to the highest standards in its safekeeping and use. We have developed policies designed to protect the confidentiality, while allowing the needs of investors and clients to be served. We do not sell any personal data and have not sold any personal data in the past.
The information we collect
In the conduct of our business, we may obtain personal information about you in connection with your existing or proposed appointment or engagement of Pantheon or existing or proposed investment in a Pantheon Fund (any such person being a “Pantheon Client”), including without limitation your name, role/position/title and area of responsibility, address and other contact details, and certain identifying information such as date of birth address and social security number, tax or other identification number. If you deal with Pantheon in your individual capacity (e.g., as an individual client), or as a settler/trustee/beneficiary of a trust, or as an owner or a principal of a company or other investment vehicle established to invest on your behalf or on behalf of your family, we may additionally collect information about your income, assets and other financial information, including asset situation, investment experience and objectives, risk tolerance as well as your age, occupation and marital status. This information may come directly from public sources such as governmental authorities, public directories and screening or background checking tools, or from you such as application, subscription or other forms or material completed or supplied by actual or prospective Pantheon Clients, other written, electronic or verbal correspondence which relate to transactions by or on behalf of a Pantheon Client as well as financial information relating to any such person’s investment in a Pantheon Fund or any portfolio investments, such as capital account balance, contributions, income allocations and distributions. We may also collect personal information provided by you in calls which are recorded by us, as required by applicable laws.
We may also collect special categories of personal data (as defined in the EU GDPR and UK GDPR and including health, disability and religious or ethnicity information) where provided by you, with your consent, such as disability information or religious data for purposes required by you such as scheduling of meetings or access to Pantheon or Pantheon Group premises.
How we use information that we collect
We collect your personal information to fulfil our contractual or legal obligations and/or to pursue the legitimate interests of Pantheon. Pantheon Group or a Pantheon Fund to operate its businesses. From time to time, we may need to process your personal information on other lawful bases, including: (i) with your consent; (ii) if it is necessary to protect your vital interests; or (iii) it is necessary for a task carried out in the public interest. If you have provided special categories of personal data to us to enable us to respond to certain requests by you such as access requests or scheduling of meetings or similar requirements, we do so with your consent.
We process your personal information for the following purposes: (i) for compliance with legal and regulatory requirements such as regulations aimed at prevention of money laundering or terrorist financing or “Know your Customer” requirements, as well as to verify the status and / or eligibility of Pantheon Clients for funds or services offered by Pantheon, and for determination of the suitability of such funds or services for Pantheon Clients and for compliance with tax reporting requirements; (ii) for purposes of reporting to, or communicating with, Pantheon Clients, and their representatives, advisors and agents, concerning their existing or prospective investment in Pantheon Funds or existing or prospective appointment or engagement of Pantheon or Pantheon Group entities consistent with our obligations to such Pantheon Clients; (iii) to carry out transactions on behalf of Pantheon Funds and Pantheon Clients properly and smoothly, including in connection with our investment activities, including investment due diligence or investment monitoring activities or in response to “Know your Customer” requirements of counter-parties; (iv) to perform the obligations of Pantheon, Pantheon Group entities or Pantheon Funds under applicable agreements (e.g., partnership agreements and/or subscription agreements); (v) the ongoing administrative, management, accounting, reporting and other processes and communication required to operate the business of Pantheon Funds; (vi) to research and develop financial products and services; (vii) to keep Pantheon Clients informed about the business of Pantheon and Pantheon Group entities generally, including offering opportunities to make investments; (vii) to facilitate our internal business operations, including without limitation assessing and managing risk; (viii) in connection with litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving Pantheon, Pantheon Funds or Pantheon Clients; (ix) to protect our businesses and the security of our systems, which processing may be in connection with the monitoring of communications (to the extent permitted by the Privacy Laws and other applicable laws); and (x) for other legitimate business interests.
A failure to provide the personal information requested to fulfil the purposes described in this Notice may result in Pantheon, Pantheon Group entities or Pantheon Funds being unable to provide the services offered by them.
In addition, we may, either with your consent or where we have identified a legitimate interest in doing so (and to the extent permitted by law), process your personal information in order to communicate with you, on behalf of the organization for whom you work or directly for yourself, for certain marketing purposes related to our business. In this event, we may provide additional information that we believe may be of interest, including about funds or services, news updates, research or market commentary, conferences, or events offered by or in conjunction with Pantheon. You have the right to unsubscribe from these communications by emailing infosec.privacy@pantheon.com or by following the instructions in any such communication, e.g., by clicking on the link to unsubscribe or by writing to the Data Protection Officer at the address provided below.
The Disclosure of your Information
Within the Group. We may share your personal information with Pantheon Group entities, including those listed in the Appendix and also with Pantheon Funds for any of the purposes set forth above. Pantheon Group entities and Pantheon Funds, in turn, are not permitted to share your information with other non-affiliated entities, except as described herein or otherwise permitted by the Privacy Laws or other applicable laws.
Outside the Group. We may share your personal information with non-affiliated third parties for any of the purposes set forth above. By way of example, we share your personal information with:
- Service providers (e.g., attorneys, auditors, accountants, tax advisers, administrators, custodians, depositaries, distribution managers and brokerage firms, AML service providers, tax information exchange service providers, event organizers or other agent, adviser or service provider of any Pantheon Fund or Pantheon Client). As is common in the industry, non-affiliated third party companies may from time to time be used to provide certain services, such as administration services, tax compliance services, reporting, account statements and other information, organizing events, conducting research on client satisfaction and gathering shareholder proxies. These companies may have access to your personal information but are permitted to use the information solely to provide the specific service or as otherwise permitted by law.
- Other counter-parties, including any portfolio fund, any vendor, any lender or any of their respective managers, general partners or investment advisers or administrators, or any of their respective agents or representatives or any affiliate of any of the foregoing. For example, we may share personal information with a prospective portfolio fund of any Pantheon Fund or Pantheon Client in order to respond to the anti-money laundering enquiries of such portfolio fund.
We may also share your personal information with law enforcement agencies and applicable regulators and tax authorities.
Transfers to Non-Equivalent Countries. Pantheon, Pantheon Group entities and the Pantheon Funds may transfer your personal data to a Non-Equivalent Country (as defined below) in order to fulfill the purposes described in this Notice and in accordance with the Privacy Laws, including where such transfer is a matter of contractual necessity, and to implement any requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact infosec.privacy@pantheon.com. “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the European Economic Area; (ii) the United Kingdom; or (iii) a country or territory which has at the relevant time been decided by the European Commission, the Government of the United Kingdom or such other applicable data protection authority or regulator of the country in which the data exporter is located (as applicable) in accordance with the Privacy Laws to ensure an adequate level of protection for personal data.
Security
We take seriously the obligation to safeguard your personal information. We maintain physical, electronic, and procedural safeguards to protect against unauthorized access to your personal information in our possession or under our control. We endeavor to restrict access to such personal information about you to those members, officers, employees and other workers of Pantheon and service providers who need access to that information. All of our employees and service providers are required to maintain the confidentiality of all nonpublic personal information. Pantheon Group has appointed a Data Protection Officer (whose contact details are provided below) with overall responsibility for safekeeping of personal data and implementation of this policy within our Group.
Changes to this Notice
We may change this Notice from time to time. The latest version will be posted on our website.
Updating your details
If any of the information that you have provided to us changes, for example if you change your email address, or it is found to be inaccurate, please let us know by sending an email to infosec.privacy@pantheon.com, by calling toll-free (within the U.S. only) (844) 927-1475, or by writing to the Data Protection Officer at the address provided below.
Your rights
You have certain rights relating to the personal information we hold about you in accordance with and subject to applicable Privacy Laws to: (i) check whether we hold personal information about you and to access such data (in accordance with our policy); (ii) request the correction/rectification of personal information about you that is inaccurate or incomplete; (iii) have a copy of the personal information we hold about you provided to you or another controller where technically feasible; (iv) request the erasure of your personal information; (v) request the restriction of processing concerning you; (vi) data portability; (vii) object to processing for direct marketing purposes or based on our legitimate interests; (viii) withdraw any consent given in relation to the processing of the personal information we hold about you, at any time2; (ix) not be subject to automated decision-making; and (x) be notified of rectification, erasure and restrictions. To do so, please send your request by email to infosec.privacy@pantheon.com, by calling toll-free (within the U.S. only) (844) 927-1475, or by writing to the Data Protection Officer at the address provided below. If you submit a request in relation to the access or erasure of your personal information, you will be required to verify your identity by answering certain questions. You will not be discriminated against for exercising these rights. You are required to ensure the personal information we hold about you is up-to-date and accurate and you must notify us of any changes to the personal data you provided to us in, for example in information supplied in relation to an investment in the applicable Pantheon Fund. If you provided consent for us to use your personal information, including for marketing purposes, you have the right to withdraw consent at any time and we will process this withdrawal promptly (unless otherwise required by applicable law). To withdraw consent, please email infosec.privacy@pantheon.com, call toll-free (within the U.S. only) (844) 927-1475, or write to the Data Protection Officer at the address provided below.
Data Retention
We retain your personal information for a period of at least five years from the date on which the relevant business relationship, for which purpose such personal data was provided, has ended (or if later the date on which the last transaction was completed or the last entry to the record was made). Thereafter, Pantheon will delete (or otherwise erase, de-identify or pseudonymise or equivalent) any such personal data except as required or permitted by applicable law or regulation.
What if I have a question?
Please email infosec.privacy@pantheon.com, call toll-free (within the U.S. only) (844) 927-1475, or write to the Pantheon Data Protection Officer c/o Pantheon Ventures (UK) LLP, 10 Finsbury Square, 4th Floor, London EC2A 1AF if you have any questions about our privacy notice. You may also make a complaint, in accordance with applicable Privacy Laws to a supervisory authority. Our UK supervisory authority is the Information Commissioner’s Office our Irish supervisory authority is the Data Protection Commission, the Guernsey supervisory authority is the Office of the Data Protection Commissioner, and the Cayman Islands supervisory authority is the Office of the Ombudsman of the Cayman Islands.
1 Pantheon Group means Pantheon Ventures Inc. and AMG Plymouth UK Holdings (1) Limited and their respective subsidiaries and subsidiary undertakings and specifically includes the affiliates listed in the Appendix as amended from time to time.
2 For residents of California only, as required under the CCPA and CPRA, you may directly request limitations on how we may use and retain personal and sensitive information by email to infosec.privacy@pantheon.com, noting “Do Not Sell or Share my Personal Information” or “Limit the Use of My Sensitive Personal Information.” Sensitive personal information is defined under the CCPA and CPRA as personal information that may reveal: an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless the business is the intended recipient of the communication; genetic data.; or biometric information.
