Client Privacy Notice

Last Revision Date – September 2019

Introduction
This notice (the “Notice”) is provided by each of the entities listed in the Appendix (together “Pantheon”, “us” or “we”) as data controller. This Notice is addressed to any natural person who is any of the following: a client of Pantheon Group1 or a direct or indirect investor in any fund managed or advised by Pantheon Group (a “Pantheon Fund”), or a member, partner, shareholder, beneficial owner, officer, director, employee or other representative of any client of Pantheon Group or of any direct or indirect investor in any Pantheon Fund, including any prospective client or investor (referred to as “you” in this Notice) whose personal information Pantheon collects and controls in the conduct of its business.

This Notice gives information regarding your personal information (defined as “personal data” under the Privacy Laws (defined below)) and describes the basis on which we process your personal information, for what purposes, your privacy rights under applicable privacy laws including, where applicable, under General Data Protection Regulation (“GDPR”) and other UK, European, the Bailiwick of Guernsey (“Guernsey”) and the Cayman Islands data privacy and protection laws and applicable US and non-US privacy laws (the “Privacy Laws”) and how we protect your personal information. Maintaining your privacy is important to us and we hold ourselves to the highest standards in its safekeeping and use. We have developed policies designed to protect the confidentiality, while allowing the needs of investors and clients to be served.

The information we collect
In the conduct of our business, we may obtain personal information about you in connection with your existing or proposed appointment or engagement of Pantheon or existing or proposed investment in a Pantheon Fund (any such person being a “Pantheon Client”), including without limitation your name, role/position/title and area of responsibility, address and other contact details, and certain identifying information such as date of birth address and social security number, tax or other identification number. If you deal with Pantheon in your individual capacity (e.g., as an individual client), or as a settler/trustee/beneficiary of a trust, or as an owner or a principal of a company or other investment vehicle established to invest on your behalf or on behalf of your family, we may additionally collect information about your income, assets and other financial information, including asset situation, investment experience and objectives, risk tolerance as well as your age, occupation and marital status. This information may come directly from public sources such as governmental authorities, public directories and screening or background checking tools, or from you such as application, subscription or other forms or material completed or supplied by actual or prospective Pantheon Clients, other written, electronic or verbal correspondence which relate to transactions by or on behalf of a Pantheon Client as well as financial information relating to any such person’s investment in a Pantheon Fund or any portfolio investments, such as capital account balance, contributions, income allocations and distributions. We may also collect personal information provided by you in calls which are recorded by us, as required by applicable laws.

We may also collect special categories of personal data (as defined in the GDPR and including health, disability and religious or ethnicity information) where provided by you, with your consent, such as disability information or religious data for purposes required by you such as scheduling of meetings or access to Pantheon or Pantheon Group premises.

How we use information that we collect
We collect your personal information to fulfil our contractual or legal obligations and/or to pursue the legitimate interests of Pantheon and / or for other purposes for which Pantheon has a lawful basis under the Privacy Laws, including: (i) for compliance with legal and regulatory requirements such as regulations aimed at prevention of money laundering or terrorist financing or “Know your Customer” requirements, as well as to verify the status and / or eligibility of Pantheon Clients for funds or services offered by Pantheon, and for determination of the suitability of such funds or services for Pantheon Clients and for compliance with tax reporting requirements; (ii) for purposes of reporting to, or communicating with, Pantheon Clients concerning their existing or prospective investment in Pantheon Funds or existing or prospective appointment or engagement of Pantheon consistent with our obligations to such Pantheon Clients; (iii) to carry out transactions on behalf of Pantheon Funds and Pantheon Clients properly and smoothly, including in connection with our investment activities, including investment due diligence or investment monitoring activities or in response to “Know your Customer” requirements of counter-parties; (iv) to research and develop financial products and services; (v) to facilitate our internal business operations, including assessing and managing risk; (vi) in connection with litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving Pantheon, Pantheon Funds or Pantheon Clients; and (vii) for other legitimate business interests. If you have provided special categories of personal data to us to enable us to respond to certain requests by you such as access requests or scheduling of meetings or similar requirements, we do so with your consent.

In addition, we may, either with your consent or where we have identified a legitimate interest in doing so (and to the extent permitted by law), process your personal information in order to communicate with you, on behalf of the organisation for whom you work or directly for yourself, for certain marketing purposes related to our business. In this event, we may provide additional information that we believe may be of interest, including about funds or services, news updates, research or market commentary, conferences, or events offered by or in conjunction with Pantheon. You have the right to unsubscribe from these communications by emailing infosec@pantheon.com or by following the instructions in any such communication, e.g. by clicking on the link to unsubscribe or by writing to the Data Protection Officer at the address provided below.

The Disclosure of your Information
Within the Group. We may share your personal information with Pantheon Group entities, including those listed in the Appendix and also with Pantheon Funds for any of the purposes set forth above. Our group entities, in turn, are not permitted to share your information with other non-affiliates entities, except as described herein or otherwise permitted by the Privacy Laws or other applicable laws. The transfer of personal data from the UK, European Economic Area (“EEA”) and/or Guernsey to the Pantheon entities outside the UK, EEA, and any other country which has been recognised by the European Commission as providing an adequate level of data protection, including Guernsey is governed by data transfer agreements which are in the form of the standard contractual clauses approved by the European Commission (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915) (http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087). The transfer of personal data outside of the Cayman Islands to the Pantheon entities in a country which the Ombudsman of the Cayman Islands does not consider as ensuring an adequate level of data protection will be subject to appropriate safeguards, as required by applicable law, such as data transfer agreements.

Outside the Group. We may share your personal information with non-affiliated third parties for any of the purposes set forth above. By way of example, we share your personal information with:

  • Service providers (e.g., attorneys, auditors, accountants, tax advisers, administrators, custodians, depositaries, distribution managers and brokerage firms, event organizers or other agent, adviser or service provider of any Pantheon Fund or Pantheon Client). As is common in the industry, non-affiliated third party companies may from time to time be used to provide certain services, such as administration services, tax compliance services, reporting, account statements and other information, organizing events, conducting research on client satisfaction and gathering shareholder proxies. These companies may have access to your personal information but are permitted to use the information solely to provide the specific service or as otherwise permitted by law.
  • Other counter-parties, including any portfolio fund, any vendor, any lender or any of their respective managers, general partners or investment advisers or administrators, or any of their respective agents or representatives or any affiliate of any of the foregoing. For example, we may share personal information with a prospective portfolio fund of any Pantheon Fund or Pantheon Client in order to respond to the anti-money laundering enquiries of such portfolio fund.

 
We may also share your personal information with law enforcement agencies and applicable regulators.

Where your personal information is transferred to and processed by third parties in and outside the UK, EEA and Guernsey, we will ensure appropriate safeguards are in place to adequately protect it, as required by applicable law, including the execution of standard contractual clauses (referred to above) if the recipients are not located in a country with adequate data protection laws (as determined by the European Commission or other relevant data protection authority) or certified under the EU-US Privacy Shield framework or unless another authorised safeguard is not applicable. The transfer of personal data outside of the Cayman Islands to the Pantheon entities in a country which the Ombudsman of the Cayman Islands does not consider as ensuring an adequate level of data protection will be subject to appropriate safeguards, as required by applicable law, such as data transfer agreements.

Security
We take seriously the obligation to safeguard your non-public personal information. We maintain physical, electronic, and procedural safeguards to protect against unauthorized access to your information. We endeavor to restrict access to non-public personal information about you to those members, officers, employees and other workers of Pantheon and service providers who need access to that information. All of our employees and service providers are required to maintain the confidentiality of all nonpublic personal information. Pantheon Group has appointed a Data Protection Officer (whose contact details are provided below) with overall responsibility safekeeping of personal data and implementation of this policy within our Group.

Changes to this Notice
We may change this Notice from time to time. The latest version will be posted on our website.

Updating your details
If any of the information that you have provided to us changes, for example if you change your email address, please let us know by sending an email to infosec@pantheon.com or by writing to the Data Protection Officer at the address provided below.

Your rights
You have certain rights relating to the personal information we hold in accordance with and subject to the Privacy Laws to: (i) check whether we hold personal information about you and to access such data (in accordance with our policy); (ii) request the correction/rectification of personal information about you that is inaccurate or incomplete; (iii) have a copy of the personal information we hold about you provided to you or another controller where technically feasible; (iv) request the erasure of your personal information; (v) request the restriction of processing concerning you; (vi) data portability; (vii) object to processing for direct marketing purposes; and (viii) be notified of rectification, erasure and restrictions. To do so, please send your request by email to infosec@pantheon.com or by writing to the Data Protection Officer at the address provided below. You are required to ensure the personal information we hold about you is up-to-date and accurate and you must notify us of any changes to the personal data you provided to us in, for example in information supplied in relation to an investment in the applicable Pantheon Fund. If you provided consent for us to use your personal information, including for marketing purposes, you have the right to withdraw consent at any time and we will process this withdrawal promptly (unless otherwise required by applicable law). To withdraw consent, please email infosec@pantheon.com or write to the Data Protection Officer at the address provided below.

Data Retention
We retain your personal information for a period of at least five years from the date on which the relevant business relationship, for which purpose such personal data was provided, has ended (or if later the date on which the last transaction was completed or the last entry to the record was made). Thereafter, Pantheon will delete (or otherwise erase, de-identify or pseudonymise or equivalent) any such personal data except as required or permitted by applicable law or regulation.

What if I have a question?
Please email infosec@pantheon.com or write to the Pantheon Data Protection Officer c/o Pantheon Ventures (UK) LLP, 10 Finsbury Square, 4th Floor, London EC2A 1AF if you have any questions about our privacy notice. You may also make a complaint, in accordance with applicable Privacy Laws to a supervisory authority. Our UK supervisory authority is the Information Commissioner’s Office, the Guernsey supervisory authority details are available at https://odpa.gg/contact-us/, and the Cayman Islands supervisory authority details are available at https://ombudsman.ky/.

1Pantheon Group means Pantheon Ventures Inc. and AMG Plymouth UK Holdings (1) Limited and their respective subsidiaries and subsidiary undertakings and specifically includes the affiliates listed in the Appendix as amended from time to time.