Worker Privacy Notice

 
Pantheon Ventures (UK) LLP/Pantheon Ventures (US) LP/Pantheon Ventures (Ireland) DACH

Last Revision Date – January 2023

The aim of this Worker Privacy Notice (“Notice”) is to inform the current, former and prospective Partners, employees, and any other workers, contractors, consultants or other self-employed individuals performing work or providing services on behalf of Pantheon Ventures (UK) LLP, registered in England and Wales under company number OC352463 with registered office at 4th Floor, 10 Finsbury Square, London, England, EC2A 1AF or Pantheon Ventures (US) LP, with offices at 555 California Street, Suite 3450, San Francisco, CA 94104 USA (collectively, the “Company” or “we” or “us”), or Pantheon Ventures (Ireland) DAC, with offices at Sobo Works, Windmill Lane, Sir John Rogerson’s Quay, Dublin, D02 K156, as applicable, (each, the “Company” or “we” or “us”). This Notice is provided by the relevant Company as data controller and gives information on the collection, use, disclosure, transfer, and other processing of their individually identifiable information (“Personal Data”), and your privacy rights under applicable data protection and privacy laws, including, where applicable, under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (“UK GDPR”), the UK Data Protection Act 2018, the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”) and applicable US and non-US privacy laws (the “Data Privacy Laws”).
 

  1. Personal Data

    2. Throughout the course of your employment or engagement with the Company, we collect and process certain Personal Data about you. We collect and process your Personal Data (a) for purposes that are required by applicable law, regulations, or other contracts, (b) to allow the Company to fulfil its business needs and legal obligations, and (c) to maintain the employment or business relationship. The Personal Data we collect and process includes the following categories (where applicable to the employment or engagement):

    • Contact information: such as full name, including title, name at birth and preferred name, work address, work phone number, work fax number, work email address, work mobile phone number, office e-mail address, office phone number, employment location, job title and job title code, employee IDs.
    • Master data and qualified HR data: such as job function, contractual details, education information (including grades and fee repayment obligations), CV/résumé, nationality, passport information, residency status, date of birth, birth city and country, gender, marital status, relationship information, primary language, language skills, visa type and information (work permit/business/etc.), home address and home telephone number, personal mobile phone number (including mobile phone or device billing and usage records), emergency contact information (including details of immediate family), next of kin information, maternity protection information including notification date of pregnancy, expected date of delivery, actual date of delivery and type of birth, paternity leave, adoption information, employment location, employment action (hire/rehire/termination), reason for employment action (hire/rehire/termination/leave), employee classification, employment status, type of contract, hire date, term and related contract information, power of attorney information, information on loaned company property, probation period information, notice period, job classification, information and status on global assignments, full time/part time status, department, region, market, project and project allocation, cost centre, manager, travel details, employee expenses, company training history, performance rating history, competencies, development areas, work schedule and time worked, attendance and substitution information, leave of absence information (holidays, sick leave, maternity/paternity/adoption and parental leave, bereavement, miscellaneous leave (e.g., volunteering days)) including payment and entitlement information, all personal data required to provide data subjects (1) access to company computer systems and networks and (2) tools and devices to electronically communicate within the Pantheon Group1, including but not limited to IP address, geolocation/geo-tracking data, and user login name.
    • Payroll data: such as national ID number/social security number, pension contribution information, banking data necessary to make payments to data subject, compensation information, dependent details (address, date and place of birth), end of service payment and accruals, base salary, annual salary, wage type, salary deductions, currency, garnishment, employee’s wage tax (withheld by the employer), bonus compensation, other variable compensation, other leave compensation, not taken holidays compensation, all company paid expenses, benefits and benefits in kind, health benefits, travel allowances, commuting allowances and information, adjustments and salary reductions, third party payments.
    • Other financial information: such as information relating to investments in funds managed or advised by members of the Pantheon Group or equity investments in the Pantheon Group itself or other carried interest, deferred compensation or incentive plans of the Pantheon Group, including full name, plan information, award value information, settlement information, tax obligation, exercise type, country, amount and price, bank information details, payment beneficiary.
    • Performance, Training and Discipline information: such as work experience, education, accomplishments, mobility, career goals and type, development plans, training and competence records, performance (including targets, achievements and appraisals), potential assessment information, succession plan information, talent review meeting information, notes of disciplinary and grievance meetings; disciplinary/poor performance warnings; etc.
    • Job applicant information: such as candidate details, status, ranking, email address, address, current employer, job history, work and corporate title, education, qualifications, references, criminal record checks, desired function and work location, licenses, certificates, work experience, resume information, public searches, including of social media.
    • Health information: such as illness and accidents information, health, disability information, insurance and saving plan information, including deductions, eligibility and coverage, enrolment plan, data on sick leave and disability information. This type of Personal Data (known as sensitive or special categories of data) will only be processed where required for the relevant purposes.
    • Health & Safety Risks; such as where desk assessments, pre-natal and ante-natal maternity risk assessments, risk assessments related to the workplace to accommodate disabled persons/employees or employees returning from long term sick leave, all of which are required to be made for medical reasons. This type of Personal Data (known as sensitive or special categories of data) will only be processed where required for the relevant purposes.
    • Compliance information: information required for regulatory or compliance purposes, such as information relating to political donations, outside business activities and information relating to personal account dealing.
    • Security: details for pass cards; CCTV images; voice recordings etc.
    • Health and safety records: information relating to health and safety in the workplace, accidents and near misses.
    • Equal opportunities monitoring information: such as your ethnicity, religion, gender and sexual orientation.

      •  

  2. Biometric information: such as fingerprint password information stored on a Company-issued phone or other device. Sources of Personal Data

    3. We may obtain Personal Data from the sources listed below:

    • directly from you, such as through your data input into our Human Resources or Compliance systems, the application process or via other forms or information you provide to us in connection with your employment or engagement with us (job application, employment contract, benefits application forms, personal details form, internal resume/management profile, emergency contacts, etc.);
    • through your activities in the course of your employment, such as through your performance evaluations;
    • through monitoring of your activities, including IT monitoring of emails and use of our IT systems, equipment and our devices as well as internal CCTV, where applicable, and recordings of certain external telephone calls with third parties; and
    • from third parties, including references and other background screening checks, former employers, and employment recruitment agencies, subject to the requirements of applicable law.

     

  3. Information about dependents/contacts

    4. If you provide us with Personal Data about members of your family and/or dependents or beneficiaries (e.g., for emergency contact or benefits administration purposes), it is your responsibility to inform them of their rights with respect to such information. You also are responsible for obtaining the explicit consent of these individuals (unless you can provide such consent on their behalf) to the processing (including transfer) of that Personal Data for the purposes set out in this Notice.
     

  4. Purposes for processing Personal Data

    5. The Company collects, processes, and otherwise uses your Personal Data for purposes
    (a) that are required by applicable law, regulations, collective agreements or other contracts, (b) to allow the Company to fulfil its business needs and legal obligations and
    (c) to maintain the employment relationship or other business relation with you. These purposes include but are not limited to:

    • management of the employment and contractual relationship;
    • workflow management, such as assigning, managing, and administering projects or training;
    • travel and expense tracking and budgeting;
    • compensation administration, including payroll, bonus, approval and processing; benefits monitoring, calculation, administration and planning; competitive pay analysis, and job grading;
    • talent management; performance reviews, promotion, and career development activities; identifying future managers and leaders (succession planning); retirement planning, monitoring of training and development;
    • personnel administration;
    • enrolment with and administration of health and medical benefits, pension funds or retirement plans;
    • administration of leave of absence, time off, sick leave or other types of employee leave as per applicable law and/or company policies;
    • managing sickness, injury and/or disability requirements;
    • managing health and safety risks;
    • organisational development; preparation, management, and use of an internal business directory;
    • external publicity and marketing purposes including press releases, externally available contact details and promotional purposes;
    • employee discipline; internal company and/or external investigations into misconduct and/or performance concerns; audit requirements
    • exercise of our rights under local laws and compliance with applicable legal and regulatory requests and obligations (including investigations in relation to the same) and audit requirements;
    • establish or defend legal claims and allegations;
    • performing “know your customer” checks or responding to “know your customer” checks of third parties or similar due diligence requests;
    • marketing funds or services of the Pantheon Group, for example providing biographical information and financial information on equity ownership in the Pantheon Group or investments in the funds managed or advised by the Pantheon Group (“Pantheon Funds”) to prospective clients or investors.

     
    We will not use your Personal Data for the purposes of marketing to you unless you expressly consent to us doing so.
     

  5. Disclosure of Personal Data

    6. We will share your work contact details within the Pantheon Group for our legitimate business interests. Except in this regard, within the Pantheon Group, your Personal Data will be disclosed only to those individuals who need access to your Personal Data to perform their duties for the purposes listed in Section 4 above or where required or permitted by applicable law.
     
    The Company may also disclose your Personal Data to other members of the Pantheon Group for pursuing the purposes listed in Section 4 above or where required by applicable law. Within the Pantheon Group, your Personal Data will be disclosed only to a limited number of restricted individuals within the information technology, human resources, legal, finance, regulatory and compliance, payroll, tax, accounting department as well as certain managers (i.e. only persons with assigned responsibility or managerial responsibility for the employee or groups of employees) to the extent any of these functions need access to your Personal Data in connection with their job responsibilities. Access will be provided on a need-to-know basis. Disclosure may take place also through specifically devoted human resources information systems and databases, employee directories or business applications. Access to the internal employee directory will be provided to all employees of the Pantheon Group limited to the information necessary to relevant work needs.
    We may disclose personal data to third parties in connection with marketing and promotion of the Pantheon Group’s funds and services, e.g. bios in Information Memoranda, Due Diligence Questionnaires for Pantheon Funds, as well as basic financial information about equity ownership in Pantheon Group, investments in Pantheon Funds and carried interest.
     
    The Company may also disclose your Personal Data to third parties, including those providing payroll services, information technology support or technical and organisational services in connection with human resources-related activities or legal, compliance audit or other advisors to the Company or another member of the Pantheon Group for the purposes referred to in this Notice. The Company will exercise appropriate due diligence in the selection of its third party service providers, and require that such providers maintain adequate technical and organisational security measures to safeguard your Personal Data, and to process your Personal Data only as instructed by the Company or a member of the Pantheon Group and for no other purposes.
    The Company may also disclose your Personal Data to governmental authorities (including HMRC, the Benefits Agency and other agencies and authorities) as required or permitted by law; public and private social security and insurance agencies; credit reference agencies, debt collection agencies, consultants in connection with extraordinary business operations (e.g., mergers, acquisitions, and the like); to business partners, agents and customers (including to third parties performing “Know Your Customer”, due diligence checks or anti-money laundering checks on members of the Pantheon Group or its clients or investors); external consultants and professionals; associations, including trade unions and employee works councils; and courts. Your Personal Data will be disclosed to such third parties only as necessary in connection with the performance of contracts, the Company’s business activities and the purposes listed in Section 4 above, as permitted by employee consent or as otherwise authorized, required, or permitted by law.
     
    We may also disclose information to an actual or prospective mortgage lender, an actual or prospective landlord, or to a former or prospective new employer, or a recruitment agency (with your express consent).
     
    We may also disclose data to family, associates and representatives of Associates, for example in the case of a medical emergency, where you have previously provided consent for us to do so.
     

  6. International transfer of Personal Data

    7. Due to the multinational character of the Pantheon Group, some members of the Pantheon Group and other recipients listed in Section 5 above may be located in countries that do not provide a level of data protection equivalent to that set forth by the law in your home country. The Company will
    take appropriate steps to make sure that such recipients act in accordance with applicable law. To the extent that the Personal Data is transferred by a Company that is based in the European Economic Area or the United Kingdom to a recipient which is located in a territory outside the European Economic Area and the United Kingdom and which has not obtained a finding of adequate level of protection by the European Commission or by the UK under UK GDPR, as applicable, such Company will ensure that appropriate safeguards are in place to provide an adequate level of protection of your Personal Data, including appropriate technical and organisational security measures and through the implementation of appropriate contractual measures to secure such transfer, in compliance with applicable law, including the execution of standard contractual clauses in the form approved by the European Commission, or equivalent data transfer agreements, as required.
     

  7. Legal basis for processing Personal Data

    8. The Company’s employment obligations and contractual and legal obligations as well as its legitimate business interests under the Data Privacy Laws form the legal basis of the processing described in this Notice. If you are an employee of the Company, we will need to process your Personal Data for these purposes. Our legitimate interests or those of a third party include our requirements to use your Personal Data in litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving the Company and/or any affiliate of the Company and may also include the need to transfer your Personal Data to third countries without adequate data protection laws. In this event, we will take reasonable steps to protect your Personal Data as required by the Data Privacy Laws.
     

  8. Data security

    9. We maintain physical, technical, and organisational security measures to protect the Personal Data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed in your local jurisdiction, the United States, or elsewhere. Our Information Security policy governs how we protect your Personal Data. Please reach out to the Chief Information Security Officer to view the policy.
     

  9. Retention, Access and Accuracy of Personal Data

    10. We intend to keep your Personal Data accurate and up-to-date. We also strive to retain your Personal Data no longer than is necessary to carry out the purposes listed in this Notice or than is required by law. The Company retains your Personal Data for a maximum of seven years following the end of your employment or other business relationship.
     
    If changes need to be made to Personal Data, please notify the Human Resources Department (as identified below) in writing right away. Under applicable law, you have rights to: (i) check whether we hold Personal Data about you and to access such data (subject to applicable laws); (ii) request correction of Personal Data about you that is inaccurate; (iii) ascertain information related to the Company’s policies and practices in relation to Personal Data; (iv) request the erasure of your Personal Data; and (v) request the restriction of processing concerning you2. In certain circumstances, you also may have the right to request restrictions or object for legitimate reasons to the processing of your Personal Data in accordance with the Data Privacy Laws. Further, you have the right to transfer your Personal Data to third parties pursuant to Article 20 of the GDPR.

  10. Changes to the Notice

    11. Should we materially change our Personal Data practices or this Notice, we will issue a revised Notice and/or take other steps to notify you of the changes in accordance with applicable laws.
     

  11. Rights to raise concerns

    12. You have the right to raise concerns to the Company, Data Protection Officer or to a supervisory authority about the Company’s processing of your Personal Data. If you wish to raise concerns with the Company, please contact a member of the Human Resource Team. Our UK supervisory authority is the Information Commissioner’s Office and our Irish supervisory authority is the Data Protection Commission.
     
    In Ireland, under the Protected Disclosure (Amendment) Act 2022, job applicants have the right to report concerns about any wrongdoings they have encountered during their application. Follow this link if you would like to raise any concerns: ACA Compliance Alpha

  12. Questions

    13. If you have any questions about this Notice or wish to (i) access or review your Personal Data or learn more about who has access to your Personal Data, or (ii) make another type of request related to your Personal Data, please contact a member of the Human Resource Team. This Notice was issued on 22 August 2019, and subsequently updated on 31 December 2019, the 27 August 2020, 21 January 2021, 21 December 2022 and 30 January 2023.

 
 
1Pantheon Group means Pantheon Holdings Limited, Pantheon Ventures Inc., Pantheon Capital (Asia) Limited, Pantheon Ventures (UK) LLP, Pantheon Ventures (HK) LLP, Pantheon Ventures (US) LP, Pantheon Ventures (Ireland) DAC, Pantheon Ventures (Singapore) Pte. Ltd. and each of their respective subsidiaries and subsidiary undertakings from time to time
 
2For residents of California only, as required under the CCPA and CPRA, you may directly request, using the links below, limitations on how we may use and retain personal and sensitive information. Sensitive personal information is defined under the CCPA and CPRA as personal information that may reveal: an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless the business is the intended recipient of the communication; genetic data.; or biometric information.
 
Do Not Sell or Share my Personal Information
Limit the Use of My Sensitive Personal Information