Data Protection Privacy Notice


1. General

This Privacy Notice sets out how Private Equity Administrators Group (“PEA Group”) processes Personal Data, on individuals, including clients, intermediaries or other third parties that PEA Group deals with, or any individual who is connected to those parties (for example, Personnel, underlying investors, beneficial owners or principals). Where Personal Data is held on such individuals, this document also sets out the rights of those individuals in respect of that Personal Data.

Defined terms used in this Privacy Notice are explained in Section 14.

Important information

Please note that this Privacy Notice is primarily aimed at businesses and references in this notice to Personal Data, includes personal information that you provide to us, or which we otherwise gather whilst operating our business. As such, it is your responsibility to ensure that any relevant persons are made aware of this Privacy Notice and the individual rights and information that it sets out, prior to providing their information to us, or our obtaining their information from another source. Furthermore, if you or anybody else acting on your behalf, has provided or provides information on an individual connected to your business to us, then you or they must ensure that they have the appropriate authority to do so.

Any questions relating to this Privacy Notice, or requests in respect of Personal Data should be directed to DPO@peadm.com in the first instance.

2. About Private Equity Administrators

PEA Group are fund administrators, depositaries and corporate service providers operating in Guernsey, Denmark and Sweden.

The relevant PEA Group entity will be defined by the applicable letter of engagement or administration agreement.

Our offices include a jurisdiction outside of the European Economic Area (EEA), however, Guernsey has been deemed “adequate” for European Union (“EU”) data protection purposes. Where the processing activities of the Guernsey firm is not captured by the EU General Data Protection Regulation (679/2016/EU) (the “GDPR”) it is required to comply with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“Guernsey DPL”) (together the “Data Protection Legislation”). The Guernsey DPL is modelled on the GDPR and essentially the key concepts are the same, thereby ensuring that the current adequacy requirements continue to be met and so continue to allow the free flow of Personal Data between Guernsey and the EU.

Details of the relevant PEA Group entities and the responsible Regulatory Authorities are provided in Section 11.

3. The Personal Data we hold

PEA Group processes data, in order to provide administration and depositary services and we gather Personal Data from a variety of sources:

  • We obtain Personal Data when it is provided to us either by you, your representatives or a third party connected to you (for example, another service provider).
  • We collect Personal Data in the ordinary course of our relationship with you.
  • We obtain your Personal Data that has been made public, including via the internet and subscription databases and other open-source materials.
  • We also create Personal Data about you, such as records of your interactions with us, details of your accounts and transactions, telephone calls etc, subject to applicable law.

The type of Personal Data we may collect and process includes:

  • Contact details, including name, address, email addresses and telephone numbers;
  • Information required by PEA Group to meet legal and regulatory requirements in respect of anti-money laundering legislation, including personal details such as gender, date of birth, passport number(s), other government issued number(s), nationality, images of passports and driving licences, signatures, occupation, source of funds and source of wealth;
  • Information required by PEA Group to meet legal and regulatory requirements relating to the automatic exchange of tax information (e.g. US FATCA and OECD CRS), including details of tax residency, tax classification and tax identification numbers;
  • Financial details, including billing address; bank account numbers; instruction records; transaction details and counterparty details;
  • Details of meetings and telephone calls with our office and employees; and
  • Any other information you may provide to us or might be provided to us by our clients, third parties etc.

4. Sensitive Personal Data

PEA Group does not routinely seek to collect or otherwise process Sensitive Personal Data. Should we need to do so:

  • The Processing is necessary for compliance with a legal obligation;
  • The Processing is necessary for the detection or prevention Crime;
  • You have made such Sensitive Personal Data public; or
  • We have obtained your consent prior to Processing your Sensitive Personal Data.

5. Purposes of Processing

The Personal Data collected from you or provided by you, or on your behalf may be processed by PEA Group (or its affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

Purpose

Lawful Basis for Processing

Financial Crime Prevention: identifying and verifying the identity of individuals, screening against subscription databases (e.g. for sanctions, adverse media and PEP lists); detecting, preventing and investigating financial crime in accordance with applicable anti-money laundering procedures.
  • The Processing is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing activities for the purpose preventing, detecting and investigating money laundering, sanctions violations, fraud and other financial crimes.
FATCA/CRS: Determining the tax status of individuals in compliance with the US Foreign Account Tax Compliance Act, the OECD Common Reporting Standard and/or any other applicable automatic exchange of tax information regime.
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing activities for the purposes of determining tax status and reporting under FATCA/ CRS etc.
Client onboarding: taking on of new clients, serviced entities and their underlying principals, investors and shareholders and update of our administration systems and records and controls.
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer;
  • The Processing is necessary for compliance with a legal obligation; or
  • Or we have a legitimate interest in carrying out the Processing activities for the purposes of onboarding new clients, serviced entities and their underlying principals, investors and shareholders and to ensure compliance with our internal control framework.
Provision of products and services to you: administering relationships and related activities, communicating with you in relation to these products/ services and compliance with our internal control framework.
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing activities for the purpose of providing products and services to you and for ensuring compliance with our internal control framework.
Establishment of new entities (for example, companies, limited partnerships, foundations and trusts) and communicating with yourself or third parties including the Guernsey Registry and/or legal counsel in relation to this activity.
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • The Processing is necessary for compliance with a legal obligation; or
  • We have a legitimate interest in carrying out the Processing activities for the purpose of establishing a new company. Limited partnership, foundation or trust.
Legal compliance: compliance with our and your legal and regulatory obligations under applicable laws.
  • Processing is necessary for compliance with a legal obligation.
Legal proceedings: establishing, exercising and defending legal rights.
  • Processing is necessary for compliance with a legal obligation or;
  • We have a legitimate interest in carrying out the Processing activities for the purposes of establishing, exercising and defending legal rights.
Risk Management: audit, compliance, controls and other risk management activities.
  • Processing is necessary for compliance with a legal obligation or;
  • We have a legitimate interest in carrying out the Processing activities for the purpose of managing risks to which our or serviced entities are exposed.
Relationship management: to manage our client, intermediary and other business relationships (e.g. bankers).
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer;
  • Processing is necessary for compliance with a legal obligation or;
  • We have a legitimate interest in carrying out the Processing activities for the purposes of managing our client, intermediary and other business relationships.
Access to our Client Portal for the communication and storage of relevant material (such use being subject to the terms and conditions of that portal)
  • The Processing is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer;
  • We have a legitimate interest in carrying out the Processing activities for the purposes of managing the Client Portal.
IT: operation of our IT security, management of our IT infrastructure and communication systems and IT security audits.
  • The Processing is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • Processing is necessary for compliance with a legal obligation or;
  • We have a legitimate interest in carrying out the Processing activities for the purposes of operating and managing our IT systems and ensuring the security of those systems.
Security: to ensure the security of PEA Group electronic systems, staff and premises
  • The Processing Is necessary for fulfilment of a contract that you have entered with PEA Group or an Entity that we administer; or
  • Processing is necessary for compliance with a legal obligation or;
  • We have a legitimate interest in carrying out the Processing activities for the purposes of ensuring the physical and electronic security of our business, premises and assets.

Consent

Please note that your consent is not required to process your Personal Data for the purposes referenced above.

Legitimate Interests

Please note that where Personal Data is processed for the purpose of legitimate interests, you have a right to object to such processing. In such cases, PEA Group will no longer process the Personal Data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Direct Marketing

Please note that it is PEA Group policy not to engage in Direct Marketing. Should this policy change then we must seek your explicit written consent to use your Personal Data for this purpose.

6. Disclosure of Personal Data

We may disclose your Personal Data to other entities within the PEA Group, for legitimate business purposes, in accordance with applicable law. Where we transfer your Personal Data across the PEA Group, we do so, based on:

  • Adequacy decisions;
  • Binding Corporate Rules;
  • Suitable Standard Contractual Clauses; or
  • Other valid transfer mechanisms

In addition, we may disclose your Personal Data to:

  • Clients and their professional advisors;
  • Other service providers (legal, financial or otherwise, including any bank or financial institution providing services in relation to any client or serviced Entity, where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
  • Any registrar of a public register where the data is to be included in a public registry;
  • To comply with legal or regulatory requirements;
  • Any sub-contractors, agents or service providers to PEA Group (e.g. Auditors, Lawyers, IT Providers etc.)
  • Law enforcement agencies where considered necessary for the PEA Group to fulfil legal obligations applicable to it;
  • Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material
  • Potential parties with whom PEA Group intends to merge or sell any part of the PEA Group.

Where PEA Group is entering into an engagement with a third party pursuant to which Personal Data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.

7. International Transfers

The disclosure of Personal Data to the third parties set out above may involve the transfer of data outside of the EEA in accordance with the requirements of Data Protection Legislation. Such countries may not afford individuals the same level of protection as the EU or Guernsey. Therefore, we will only transfer Personal Data outside of the EEA where we are satisfied that:

  • The non-European Union country has Data Protection laws similar to the laws in the European Union;
    The recipient has agreed through contract to protect the information to the same Data Protection standards as the European Union;
  • We have obtained consent from relevant data subjects to the transfer; or
  • If transferred to the USA, the transfer will be to organisations that are part of the Privacy Shield.

8. Data Security

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data.

You are responsible for ensuring that any Personal Data that you send to us, is sent securely.

9. Rights of Data Subjects

Data subjects in the European Union (or any jurisdiction with equivalent legislation to the EU General Data Protection Regulation) have certain rights in respect of their Personal Data. The exercise of these rights is subject to the provisions of the Data Protection Legislation.

  1. You have a right of access to and the right to amend and rectify your Personal Data
  2. You have the right to have any incomplete Personal Data completed
  3. You have the right to lodge a complaint with a Supervisory Authority, in Guernsey or the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of the Personal Data relating to you carried out by PEA Group infringes the Data Protection Legislation (details of the relevant Supervisory Authority are provided in Section 11).
  4. You have the right to request that Personal Data is erased (in certain specific circumstances).
  5. You have the right to be notified of a Personal Data Breach which is likely to result in high risk to your rights and freedoms;
  6. You have the right to data portability (in certain specific circumstances).
  7. You also have the right to object to processing where Personal Data is being processed for marketing purposes and where PEA Group is processing Personal Data for legitimate interests.

Anybody wishing to exercise any rights under the applicable Data Protection Legislation should send the request in the first instance to DPO@peadm.com.

Please be aware that in the event a data subject chooses not to provide any Personal Data or where any of the rights set out above are exercised to limit the processing of Personal Data, PEA Group may be unable to provide relevant services, or there may be a restriction on the services which can be provided.

10. Retention

PEA Group will only keep your data as long as necessary to fulfil the purposes (as set out above) for which we collected it, or as necessary for fulfilling any minimum statutory retention period.

Once the retention periods have ended, we will either:

  • Permanently delete or destroy the relevant Personal Data
  • Archive your Personal Data so that it is beyond use; or
  • Anonymise the relevant Personal Data.

Any request for further information in relation to the continued processing of specific data and requests for destruction of data, should be made to DPO@peadm.com.

11. PEA Group Entities

In respect of any administration agreement with PEA Group, the primary Data Controller will be deemed the Client Entity issuing the letter of engagement or administration agreement. The PEA Group entity will be deemed the Data Processor.

For the purposes of this Privacy Statement the PEA Group entities are:

Guernsey

Private Equity Administrators Limited is registered with the Data Protection Commissioner in Guernsey. Any complaint may be brought to the attention of the Commissioner via either online enquiry at https://dataci.gg/online-enquiry/#/complain/form or by post to: The Office of the Data Protection Commissioner, Guernsey Information Centre, North Esplanade, St Peter Port, Guernsey, GY1 2LQ.

Denmark

Private Equity Administrators ApS is registered with Datatilsynet in Denmark (www.datatilsynet.dk). Any complaint may be brought to their attention. The e-service for reporting the incidents is available through their website.

PEA Depositary Services ApS is registered with Datatilsynet in Denmark (www.datatilsynet.dk). Any complaint may be brought to their attention. The e-service for reporting the incidents is available through their website.

Sweden

Private Equity Administrators Sweden AB is registered with Datainspektionen.se (www.datainspektionen.se) in Sweden. Any complaint may be brought to their attention. Note: at the time of writing this policy the e-service for reporting any incidents is not ready and it is recommended that reference be made to the website provided for details of the reporting process. The address of the Datainspektionen is PO Box 81141, 104 20 Stockholm.

PEA Depositary Services AB is registered with Datainspektionen.se (www.datainspektionen.se) in Sweden. Any complaint may be brought to their attention. Note: at the time of writing this policy the e-service for reporting any incidents is not ready and it is recommended that reference be made to the website provided for details of the reporting process. The address of the Datainspektionen is PO Box 81141, 104 20 Stockholm.

12. Changes to this Privacy Notice

PEA Group reserves the right to modify or amend this Privacy Notice at any time and an updated version of it will be placed on our website www.peadm.com.

13. Contact details

If you have any comments, questions or concerns about any of the information in this Privacy Statement, or any other issues relating to the Processing of Personal Data by PEA Group, please contact the PEA Group at DPO@peadm.com.

14. Defined Terms

Data Controller The entity that provides instructions to the Processor on how data should be processed.
Data Processor Any person or entity that Processes Personal Data as instructed by the Data Controller.
Data Subject Any natural person for whom Personal Data is held.
Personal Data Information about an individual, from which an individual is identifiable.
Process or Processed or Processing Anything that is done with Personal Data, such as collection, recording, structuring, storage, disclosure etc.
Personnel Any current, former or prospective directors, officers, controllers, consultants, employees etc.
Sensitive Personal Data Data about race, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexuality, or any other information that may be deemed to be sensitive.
Supervisory Authority The Data Protection Authority established pursuant to the Data Protection Legislation.
Copyright © 2018 Private Equity Administrators