Pantheon Ventures (UK) LLP/Pantheon Ventures (US) LP/Pantheon Ventures Ireland) DACH
Last Revision Date – December 2022
The aim of this Worker Privacy Notice (“Notice”) is to inform the current, former and prospective Partners, employees, and any other workers, contractors, consultants or other self-employed individuals performing work or providing services on behalf of Pantheon Ventures (UK) LLP, registered in England and Wales under company number OC352463 with registered office at 4th Floor, 10 Finsbury Square, London, England, EC2A 1AF or Pantheon Ventures (US) LP, with offices at 23rd floor, 600 Montgomery Street, 23rd Floor, San Francisco, California 94111 USA (collectively, the “Company” or “we” or “us”), or Pantheon Ventures (Ireland) DACH, with offices at 2 Windmill Lane, Sir John Rogerson’s Quay, Dublin Docklands, Dublin, DO2 F206, on the collection, use, disclosure, transfer, and other processing of their individually identifiable information (“Personal Data”). Under applicable European laws, including but not limited to, laws implementing the General Data Protection Regulation 2016/679 (GDPR) and the forthcoming UK Data Protection Act (the “Data Privacy Laws”), the Company is the data controller.
- Personal Data
Throughout the course of your employment or engagement with the Company, we collect and process certain Personal Data about you. We collect and process your Personal Data (a) for purposes that are required by applicable law, regulations, or other contracts, (b) to allow the Company to fulfil its business needs and legal obligations, and (c) to maintain the employment or business relationship. The Personal Data we collect and process includes the following categories (where applicable to the employment or engagement):
- Contact information: such as full name, including title, name at birth and preferred name, work address, work phone number, work fax number, work email address, work mobile phone number, office e-mail address, office phone number, employment location, job title and job title code, employee IDs.
- Master data and qualified HR data: such as job function, contractual details, education information (including grades and fee repayment obligations), CV/résumé, nationality, passport information, residency status, date of birth, birth city and country, gender, marital status, relationship information, primary language, language skills, visa type and information (work permit/business/etc.), home address and home telephone number, personal mobile phone number (including mobile phone or device billing and usage records), emergency contact information (including details of immediate family), next of kin information, maternity protection information including notification date of pregnancy, expected date of delivery, actual date of delivery and type of birth, paternity leave, adoption information, employment location, employment action (hire/rehire/termination), reason for employment action (hire/rehire/termination/leave), employee classification, employment status, type of contract, hire date, term and related contract information, power of attorney information, information on loaned company property, probation period information, notice period, job classification, information and status on global assignments, full time/part time status, department, region, market, project and project allocation, cost centre, manager, travel details, employee expenses, company training history, performance rating history, competencies, development areas, work schedule and time worked, attendance and substitution information, leave of absence information (holidays, sick leave, maternity/paternity/adoption and parental leave, bereavement, miscellaneous leave (e.g., volunteering days)) including payment and entitlement information, all personal data required to provide data subjects (1) access to company computer systems and networks and (2) tools and devices to electronically communicate within the Group (as defined in section 5 below), including but not limited to IP address, geolocation/geo-tracking data, and user login name.
- Payroll data: such as national ID number/social security number, pension contribution information, banking data necessary to make payments to data subject, compensation information, dependent details (address, date and place of birth), end of service payment and accruals, base salary, annual salary, wage type, salary deductions, currency, garnishment, employee’s wage tax (withheld by the employer), bonus compensation, other variable compensation, other leave compensation, not taken holidays compensation, all company paid expenses, benefits and benefits in kind, health benefits, travel allowances, commuting allowances and information, adjustments and salary reductions, third party payments.
- Other financial information: such as information relating to investments in funds managed or advised by members of the Group or equity investments in the Group itself or other carried interest, deferred compensation or incentive plans of the Group, including full name, plan information, award value information, settlement information, tax obligation, exercise type, country, amount and price, bank information details, payment beneficiary.
- Performance, Training and Discipline information: such as work experience, education, accomplishments, mobility, career goals and type, development plans, training and competence records, performance (including targets, achievements and appraisals), potential assessment information, succession plan information, talent review meeting information, notes of disciplinary and grievance meetings; disciplinary/poor performance warnings; etc.
- Job applicant information: such as candidate details, status, ranking, email address, address, current employer, job history, work and corporate title, education, qualifications, references, criminal record checks, desired function and work location, licenses, certificates, work experience, resume information, public searches, including of social media.
- Health information: such as illness and accidents information, health, disability information, insurance and saving plan information, including deductions, eligibility and coverage, enrolment plan, data on sick leave and disability information. This type of Personal Data (known as sensitive or special categories of data) will only be processed where required for the relevant purposes.
- Health & Safety Risks: such as where desk assessments, pre-natal and ante-natal maternity risk assessments, risk assessments related to the workplace to accommodate disabled persons/employees or employees returning from long term sick leave, all of which are required to be made for medical reasons. This type of Personal Data (known as sensitive or special categories of data) will only be processed where required for the relevant purposes.
- Compliance information: information required for regulatory or compliance purposes, such as information relating to political donations, outside business activities and information relating to personal account dealing.
- Security: details for passcards; CCTV images; voice recordings etc.
- Health and safety records: information relating to health and safety in the workplace, accidents and near misses.
- Equal opportunities monitoring information: such as your ethnicity, religion, gender and sexual orientation.
We may obtain Personal Data from the sources listed below:
- directly from you, such as through your data input into our Human Resources or Compliance systems, the application process or via other forms or information you provide to us in connection with your employment or engagement with us (job application, employment contract, benefits application forms, personal details form, internal resume/management profile, emergency contacts, etc.);
- through your activities in the course of your employment, such as through your performance evaluations;
- through monitoring of your activities, including IT monitoring of emails and use of our IT systems, equipment and our devices as well as internal CCTV, where applicable, and recordings of certain external telephone calls with third parties; and
- from third parties, including references and other background screening checks, former employers, and employment recruitment agencies, subject to the requirements of applicable law.
If you provide us with Personal Data about members of your family and/or dependents or beneficiaries (e.g., for emergency contact or benefits administration purposes), it is your responsibility to inform them of their rights with respect to such information. You also are responsible for obtaining the explicit consent of these individuals (unless you can provide such consent on their behalf) to the processing (including transfer) of that Personal Data for the purposes set out in this Notice.
The Company collects, processes, and otherwise uses your Personal Data for purposes (a) that are required by applicable law, regulations, collective agreements or other contracts, (b) to allow the Company to fulfil its business needs and legal obligations and (c) to maintain the employment relationship or other business relation with you. These purposes include but are not limited to:
- management of the employment and contractual relationship;
- workflow management, such as assigning, managing, and administering projects or training;
- travel and expense tracking and budgeting;
- compensation administration, including payroll, bonus, approval and processing; benefits monitoring, calculation, administration and planning; competitive pay analysis, and job grading;
- talent management; performance reviews, promotion, and career development activities; identifying future managers and leaders (succession planning); retirement planning, monitoring of training and development;
- personnel administration;
- enrolment with and administration of health and medical benefits, pension funds or retirement plans;
- administration of leave of absence, time off, sick leave or other types of employee leave as per applicable law and/or company policies;
- managing sickness, injury and/or disability requirements;
- managing health and safety risks;
- organisational development; preparation, management, and use of an internal business directory;
- external publicity and marketing purposes including press releases, externally available contact details and promotional purposes;
- employee discipline; internal company and/or external investigations into misconduct and/or performance concerns; audit requirements
- exercise of our rights under local laws and compliance with applicable legal and regulatory requests and obligations (including investigations in relation to the same) and audit requirements;
- establish or defend legal claims and allegations;
- performing “know your customer” checks or responding to “know your customer” checks of third parties or similar due diligence requests;
- marketing funds or services of the Pantheon Group, for example providing biographical information and financial information on equity ownership in the Pantheon Group or investments in the Pantheon funds to prospective clients or investors.
We will not use your Personal Data for the purposes of marketing to you unless you expressly consent to us doing so.
We will share your work contact details within the Group for our legitimate business interests. Except in this regard, within the Group, your Personal Data will be disclosed within the Company only to those individuals who need access to your Personal Data to perform their duties for the purposes listed in Section 4 above or where required or permitted by applicable law.
The Company may also disclose your Personal Data to affiliates of Pantheon, including Pantheon Ventures (US) LP and Pantheon Ventures (HK) LLP (together all such affiliates the “Group”) for pursuing the purposes listed in Section 4 above or where required by applicable law. Within the Group, your Personal Data will be disclosed only to a limited number of restricted individuals within the information technology, human resources, legal, finance, regulatory and compliance, accounting department as well as certain managers (i.e. only persons with assigned responsibility or managerial responsibility for the employee or groups of employees) to the extent any of these functions need access to your Personal Data in connection with their job responsibilities. Access will be provided on a need-to-know basis. Disclosure may take place also through specifically devoted human resources information systems and databases, employee directories or business applications. Access to the internal employee directory will be provided to all employees of the Group limited to the information necessary to relevant work needs.
We may disclose personal data to third parties in connection with marketing and promotion of the Pantheon Group’s funds and services, e.g. bios in Information Memoranda, Due Diligence Questionnaires for Pantheon Funds, as well as basic financial information about equity ownership in Pantheon, investments in Pantheon Funds and carried interest.
The Company may also disclose your Personal Data to third parties, including those providing payroll services, information technology support or technical and organisational services in connection with human resources-related activities or legal, compliance audit or other advisors to the Company for the purposes referred to in this Notice. The Company will exercise appropriate due diligence in the selection of its third party service providers, and require that such providers maintain adequate technical and organisational security measures to safeguard your Personal Data, and to process your Personal Data only as instructed by the Company or a member of the Group and for no other purposes.
The Company may also disclose your Personal Data to governmental authorities (including HMRC, the Benefits Agency and other agencies and authorities) as required or permitted by law; public and private social security and insurance agencies; credit reference agencies, debt collection agencies, consultants in connection with extraordinary business operations (e.g., mergers, acquisitions, and the like); to business partners, agents and customers (including to third parties performing “Know Your Customer”, due diligence checks or anti-money laundering checks on members of the Group or its clients); external consultants and professionals; associations, including trade unions and employee works councils; and courts. Your Personal Data will be disclosed to such third parties only as necessary in connection with the performance of contracts, the Company’s business activities and the purposes listed in Section 4 above, as permitted by employee consent or as otherwise authorized, required, or permitted by law.
We may also disclose information to an actual or prospective mortgage lender, an actual or prospective landlord, or to a former or prospective new employer, or a recruitment agency (with your express consent).
We may also disclose data to family, associates and representatives of Associates, for example in the case of a medical emergency, where you have previously provided consent for us to do so.
Due to the multinational character of the Group, some of the affiliates and other recipients listed in Section 5 above may be located in countries (including the United States) that do not provide a level of data protection equivalent to that set forth by the law in your home country. The Company will take appropriate steps to make sure that such recipients act in accordance with applicable law. To the extent that the Company transfers the Personal Data to recipients which are located outside the European Union or the European Economic Area, the Company will provide an adequate level of protection of your Personal Data, including appropriate technical and organisational security measures and through the implementation of appropriate contractual measures to secure such transfer, in compliance with applicable law. The Company uses standard contractual clauses in the form approved by the European Commission:
The Company’s employment obligations and contractual and legal obligations as well as its legitimate business interests under the Data Privacy Laws form the legal basis of the processing described in this Notice. If you are an employee of the Company, we will need to process your Personal Data for these purposes. Our legitimate interests or those of a third party include our requirements to use your Personal Data in litigation, investigations, regulatory or governmental enquiries or for other legal or regulatory purposes involving the Company and/or any affiliate of the Company and may also include the need to transfer your Personal Data to third countries without adequate data protection laws. In this event, we will take reasonable steps to protect your Personal Data as required by the Data Privacy Laws.
We maintain physical, technical, and organisational security measures to protect the Personal Data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed in your local jurisdiction, the United States, or elsewhere. Our Information Security policy governs how we protect your Personal Data. Please reach out to the Chief Information Security Officer to view the policy.
We intend to keep your Personal Data accurate and up-to-date. We also strive to retain your Personal Data no longer than is necessary to carry out the purposes listed in this Notice or than is required by law. The Company retains your Personal Data for a maximum of seven years following the end of your employment or other business relationship.
If changes need to be made to Personal Data, please notify the Human Resources Department (as identified below) in writing right away. Under applicable law, you have rights to: (i) check whether we hold Personal Data about you and to access such data (subject to applicable laws); (ii) request correction of Personal Data about you that is inaccurate; (iii) ascertain information related to the Company’s policies and practices in relation to Personal Data; (iv) request the erasure of your Personal Data; and (v) request the restriction of processing concerning you. In certain circumstances, you also may have the right to request restrictions or object for legitimate reasons to the processing of your Personal Data in accordance with the Data Privacy Laws. Further, you have the right to transfer your Personal Data to third parties pursuant to Article 20 of the GDPR.
Should we materially change our Personal Data practices or this Notice, we will issue a revised Notice and/or take other steps to notify you of the changes in accordance with applicable laws.
You have the right to raise concerns to the Company, DPO or to a supervisory authority about the Company’s processing of your Personal Data. If you wish to raise concerns with the Company, please contact a member of the Human Resource Team. The applicable supervisory authority of the Company is the Information Commissioner’s Office in the UK.
In Ireland, under the Protected Disclosure (Amendment) Act 2022, job applicants have the right to report concerns about any wrongdoings they have encountered during their application. Follow this link if you would like to raise any concerns: ACA Compliance Alpha
If you have any questions about this Notice or wish to (i) access or review your Personal Data or learn more about who has access to your Personal Data, or (ii) make another type of request related to your Personal Data, please contact a member of the Human Resource Team. This Notice was issued on 22 August 2019, and subsequently updated on 31 December 2019, the 27 August 2020 and 21 January 2021.