This Policy applies to individuals whose personal information we handle, including, without limitation:
- Individual investors
- Individual representatives of third party sellers, placement agents, consultants, lawyers, advisers, vendors and other service providers or other contacts made for business purposes
- Directors, officers, employees or other representatives of portfolio companies in which Funds have made or are considering making an investment
- Employees and job applicants
This Policy is not applicable to partnerships, corporations, trusts or other non-individuals.
Personal Data We Collect
The types of personal data we may collect includes:
- Identification information such as name, ID card and passport numbers, nationality, place and date of birth, signature
- Contact information such as name, postal address, email address, telephone number
- Financial data such as bank account details, source of funds, assets and net worth, tax identification, credit history;
- Information about your transactions with us or our affiliates;
- With respect to employees and prospective employees, we may collect information related to your education and employment, gender, work authorization status, criminal background and information provided by references. We may also conduct a background check;
- Other personal information you provide to us such as through subscription agreements, and other forms and documents you provide or that are provided by others on your behalf
- Information related to your access of our website (e.g., first or third-party cookies, type of device used, IP address and geolocation)
We may collect this information in various ways including:
- Directly from the you (e.g., when you submit forms to us)
- Indirectly from other sources (e.g., public records, from a counterparty in possession of the data, or from conducting background checks)
Further information about these sources of personal data is available upon request, by using the contact details set out below.
For purposes of the EU and UK GDPR and DPL, Proprium Capital Partners, L.P. and Proprium Capital Management (UK), LLP are the controllers of the personal data.
Your decision to provide personal data to Proprium is typically voluntary, except where personal data is, for example:
- collected to meet a legal requirement;
- necessary in connection with your employment contract;
- necessary or important for the conduct of our business.
If you do not provide certain personal data, Proprium may not be able to achieve some of the purposes outlined in this Policy.
How we use personal data
We use personal data for a variety of reasons including:
- communicating with you, facilitating distributions and other financial management and administration activities, evaluating potential transactions and administering transactions; and
- employment related purposes.
Our lawful basis for processing personal data are:
- you have given consent to the processing of your personal data;
- to comply with applicable legal and regulatory obligations to which we are subject;
- for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
- to pursue our legitimate interests in running and operating our business and ensuring effective communications with investors and business partners.
To the extent that we process personal data which reveals criminal convictions or offences, we will ensure that the law authorizes us to process such personal data in accordance with Article 10 EU/UK GDPR.
For further information on the legal bases and exemptions we rely on, or information about how we have balanced our legitimate interests against your rights and freedoms, please contact us using the contact details set out below.
Disclosure of personal data
Proprium shares data with its affiliates, staff, and staff of affiliates for the purposes described in this Policy.
We share personal data with third parties in certain circumstances including the following:
- with service providers that perform services on our behalf including fund administrators, auditors, IT service providers , legal advisors, accountants and HR service providers. We generally require such third parties to keep personal data confidential, and any such disclosure will be limited to that considered necessary in order to provide services to us;
- as part of a corporate business transaction such as merger, acquisition, joint venture or financing;
- with law enforcement authorities, regulators and other public authorities;
- as required by law.
How we protect personal data
We will take reasonable measures to protect your data from loss or unauthorized disclosure or use. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data.
International transfers of personal data
If you are located outside of the United States, note that personal data we collect may be processed and stored in the EEA, the UK, the United States, or other jurisdictions in which the data protection and privacy laws may not be the same as those in the country where you reside. We will ensure that any overseas transfers of personal data are made in accordance with applicable data protection and privacy laws (such as the EU and UK GDPR and the DPL). You can request further information about how we legitimize transfers of personal data outside the EEA and obtain copies of relevant data transfer mechanisms and the UK by contacting us using the contact details set out below.
Retention of personal data
The period for which Proprium will retain personal data will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. Further information about our retention periods is available on request, by contacting us using the contact details set out below.
You have a number of rights with respect to the personal data we process about you, which may be restricted by law. One key right is the right to ‘object’ to processing of your personal data in certain circumstances (e.g., if we are processing on the basis of legitimate interests). You also have the right:
- To have personal data erased. You can ask us to erase all or some of your personal data. We will comply with this request unless there is a legal right for us to deny this request.
- To rectify or complete personal data. You can also ask us to rectify your data if it’s inaccurate, or complete it if it’s incomplete.
- To restrict use of personal data. You can ask us to limit our use of your personal data in some situations (e.g., if your personal data is inaccurate or unlawfully held).
- To access and/or take your personal data away (data portability). You can ask us for a copy of your personal data. In some cases you have a right to receive your personal data or have it transmitted to others in an interoperable, machine readable format.
- To withdraw consent which you have given. If you have given (explicit) consent to us to process your personal data, you may withdraw it at any time.
Any such request should be submitted in writing using the contact details set out below.
You also have the right to complain about the use of your personal data to the relevant supervisory authority. In the EU, you may in particular make a complaint to the supervisory authority in the Member State of your habitual residence, place of work, or of an alleged infringement of the GDPR. In the UK the relevant supervisory authority is the Information Commissioner's Office (www.ico.org.uk). Where the DPL applies, the relevant supervisory authority is the Cayman Islands Ombudsman (www.ombudsman.ky).
You can contact either Proprium Capital Partners L.P., or Proprium Capital Management (UK), LLP by emailing ([email protected]).
Our EU GDPR representative may be contacted at ([email protected]).
Our UK GDPR representative may be contacted at ([email protected]).