This privacy notice (the "Privacy Notice") provides information, for the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") (and, where applicable, the UK Data Protection Act, 2018 ("DPA") or other applicable national data protection laws), about how Permira processes and protects your personal data that we may receive for the purposes of developing a proof of concept suite of forecasting related data analytics tools and services (the "Project").
The terms "controller", "processor", "data subject", "personal data", "process", "processes", and "processing" used in this Privacy Notice have the meanings given to them in the GDPR.
Permira is an independent 'controller' in respect of its processing of your personal data for the purposes of the Project. We are responsible for ensuring that we hold and use your personal data in compliance with the GDPR and other applicable national data protection rules.
The personal data that we collect about you
We receive a certain amount of personal data about you from our portfolio companies (in this instance, namely, the Corin Group), which may include identifiers such as names, places of work, sales records, and details of customers.
We do not collect or process any special categories of personal data about you (such as information about your health, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
For more information in relation to how a specific portfolio company may process your personal data (separately from Permira and as an independent controller), please refer to the relevant data privacy notice issued by any such respective portfolio company with which you have a relationship.
Who are the recipients of your personal data?
As part of the Project, Permira may transfer your personal data to specific third party processors. Such third party processors will only process your personal data on Permira's documented instructions, under contract, and in compliance with the obligations imposed on them under the GDPR and DPA, and will not transfer your personal data outside the UK.
The purpose for processing your personal data
We may process your personal data for the purpose of understanding insights into various aspects of the operations of portfolio companies. This will entail planning, building and testing various data analytics tools and services during the Project and conducting experiments and analysis to provide such insights.
These tools or services will be designed to provide our portfolio companies with advice (which may be descriptive, predictive or prescriptive) based on an aggregate analysis relying on basic heuristics, statistical modelling and machine learning analyses of the data assessed through the tools.
What is the legal basis of the processing?
When we process your personal data, we do so by relying on Article 6(1)(f) GDPR, namely the pursuit of our legitimate interest in achieving the purpose set out above. We rely on this interest only where we have concluded that, on balance, our processing does not prejudice your privacy, interests, fundamental rights or freedoms in a way that would override our legitimate interest in pursuing those purposes.
Who will your personal data be shared with?
With the exception of a third party processor acting under our documented instructions (as set out above), we shall not share or transfer your personal data with any third parties. Furthermore, we do not foresee that your personal data will be transferred to outside of the United Kingdom or European Economic Area.
In addition to the above and in exceptional circumstances, we may share your personal data with the following parties, where reasonably necessary and in accordance with applicable data protection law for the purposes described above:
- Permira's legal or other professional advisers (including consultants used by Permira) for the purpose of getting legal or other professional advice; or
- to the extent required by EU law, UK law or the law of an applicable EU Member State, in exceptional circumstances:
- to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; and
- other organisations and agencies, where we are required to disclose your personal data.
Some of these persons may process your personal data in accordance with our instructions and others will themselves be responsible for their use of your personal data.
We will never sell your personal data and in all cases, Permira will ensure that your personal data is only disclosed for the purposes set out above and in compliance with applicable data protection laws.
Retention and deletion of your personal data
We intend to keep your personal data accurate and up to date and, as a general principle, we do not retain your personal data for longer than we need it. We will delete or anonymise any information that we hold about you when it is no longer required for the purposes set out above. Specific information about our record retention policies is available on request. Please contact us (see below).
Automated decision-making techniques (including profiling)
Although automated decision-making techniques, such as machine learning, may be used as part of the Project, as this is a proof of concept, we do not intend to use them to make decisions and produce legal effects for you, or which may otherwise significantly affect you, based solely on automated processing of your personal data.
Permira will not use such automated decision-making processing systems in the manner stated above unless it has considered the proposed processing system in a particular case and concluded in writing that it meets the requirements of the GDPR and other applicable data protection laws.
Your rights in relation to your personal data
The GDPR and other applicable laws provide you (as the data subject) a number of absolute or qualified legal rights in relation to the processing of your personal data. These rights include:
- a right to know what personal data we process and a right of access to such personal data;
- the right to request any incomplete or inaccurate personal data to be corrected;
- the right to object to our processing of your personal data;
- the right to require us to delete your personal data in some limited circumstances;
- the right to object to our processing of some or all of your personal data on grounds relating to your particular situation which are based on legitimate interests, at any time (and require such personal data to be deleted). If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or where it is necessary for the establishment, exercise or defence of legal claims; and
- a "data portability" right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format.
If you wish to exercise any of the rights referred to above, please contact us using the details set out under "Contacting Us" below.
We review and verify data protection rights requests. We apply non-discriminatory principles when we action requests relating to your data, in accordance with applicable data protection laws and principles.
We exercise particular care when receiving a request to exercise these rights on your behalf by a third party. We will ensure that the third party is correctly authorised by you to receive the requested information on your behalf.
If you wish to exercise any of these rights, please contact us (see below). You can also lodge a complaint about our processing of your personal information with the office of the UK Information Commissioner (www.ico.gov.uk) and your local data protection authority.
When exercising any of these rights, we may request specific information from you to prove your identity to our satisfaction so that we can safeguard your personal data from unauthorized access by someone impersonating you.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, or to exercise of any of the rights listed above, please address questions, comments and requests to our Data Compliance Lead at firstname.lastname@example.org.
Publication of this notice on our website
As we receive your personal information from third parties, we do not have access to your individual names or contact details. We do not have a direct relationship with you. Obtaining such information would involve a disproportionate effort on our part, particularly given that our access to such information is unlikely to be in the interests of your privacy. As such, we have made this Privacy Notice publicly available on our website as opposed to sharing it directly with you, in compliance with the exemption available to us under Article 14(5)(b) GDPR.
Changes to this policy
Any changes we make to this Privacy Notice in the future will be posted to our website at www.permira.com.
This Privacy Notice was last updated on 04 December 2020.