Permira Privacy Notice


Introduction

Permira Holdings Limited, its subsidiaries and affiliates (hereinafter collectively referred to as "Permira", "we", "our", "us") recognise the importance of protecting your personal data. This notice explains how we collect, store and use your personal data in compliance with applicable data protection law, including, where relevant, (as amended from time to time) the General Data Protection Regulation (EU) 2016/679 ("EU GDPR") and any national laws enacted pursuant to the EU GDPR, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 No. 419 ("UK GDPR"), the UK Data Protection Act 2018, and the Data Protection (Bailiwick of Guernsey) Law 2017 (the "DPGL"). Unless we inform you otherwise, Permira Holdings Limited will be the data controller.

When used in this notice, unless otherwise stated, the terms "controller", "processor", "data subject", "personal data", "process", "processes", and "processing" have the meanings given to them in the UK GDPR.


Who do we collect personal data from?

We may collect personal data from the following persons:

(a) Visitors to www.permira.com and www.permiracredit.com (together, the "sites");

(b) Visitors to our premises;

(c) Officers, directors, employees, advisors, intermediaries and other representatives of our suppliers, advisers and other service providers;

(d) Regulators and government bodies, as well as officers, directors, employees, advisors, intermediaries and other representatives of the same;

(e) In some cases, we process personal data relating to former employees and staff members. If you are a former staff member and want to know what data we still process about you, you should refer to your leaver's pack. If you no longer have your leaver's pack, please contact us using the details set out in the contact section below.

We may collect data from: (i) our employees and other staff members (and those of our affiliates and portfolio companies); (ii) current, prospective and former investors in our funds; (iii) the beneficial owners, trustees, nominees, agents, representatives and/or employees of current, prospective and former investors in our funds; (iv) the owners, advisers, representatives and/or employees and other staff members of our investment partners; and (v) the owners, advisers, representatives and/or employees and other staff members of the businesses we invest in (or may invest in). We have separate privacy notices which explain how we collect, store and use the personal data of such persons. If you cannot locate one of these notices, please contact us using the details set out in the contact section below.


What personal data do we collect?

The personal data we collect may include:

(a) Identifiers: for example, name, postal address, email address, telephone number, employee ID;

(b) Internet or other network activity: for example, browsing or search history, information regarding interaction with the sites, or related applications or advertisements, as well as online identifiers such as cookies;

(c) Professional or work related information: for example, your professional role, occupational history, business relationship with Permira and background and interests, and any other personal data which may be incidentally processed if you contact us; and

(d) Identification information: i.e. information we need in order to identify you and complete necessary security checks where you visit one of our buildings.

We may have collected any of these categories of personal information from you in the preceding 12 months.


Where do we collect personal data from?

(a) Personal data that you give us. This is information about you that you provide by (among other things) filling in forms, signing up to our newsletters or events, giving us a business card or CV, or corresponding with us by telephone, post, email or otherwise;

(b) Personal data that the sites collect about you. If you visit the sites they will automatically collect some information about you and your visit, including internet or other network activity such as the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and version and the pages on the site that you visit. The sites may also download "cookies" to your device or place cookies onto your browser. For a description of the cookies we use on the sites, please refer to our separate cookie statement;

(c) Personal data that our other systems collect about you. If you exchange emails or other communications with us, our information technology systems may record details of those conversations, sometimes including their content. Some of our premises have CCTV systems which may record audio and visual information about you if you visit our premises, for security and safety purposes; and

(d) Personal data collected from other sources. We may collect some information from other sources. For example, if we have a business relationship with the organisation that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.


How do we use your personal data?

We may use your personal data for the following purposes:

(a) To operate, manage, develop and promote our business, our funds, as well as the business of our investee companies, and, in particular, our relationship with you or the organisation you represent, including general business administration, accountancy and audit services, and risk monitoring;

(b) To operate, administer and improve our sites and premises, including to protect the security of our sites and premises;

(c) To protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes;

(d) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

(e) To comply with our legal and regulatory obligations and bring and defend civil, regulatory and criminal claims; and

(f) With your consent, to contact you with details of Permira's business, funds and investee companies which we believe you will find relevant and interesting.

We may have processed your personal information for any of the purposes described above in the past 12 months.


What legal basis do we use to process personal data?

Depending on the nature and purposes of processing being carried out, our basis for processing may include:

(a) Pursuing our legitimate interest or those of a third party. Under the EU GDPR, the UK GDPR and the DPGL, the lawful basis of such processing is Article 6(1)(f) of the EU GDPR (or equivalent provisions in the UK GDPR and/or DPGL, as the case may be) (i.e. the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests, fundamental rights and freedoms which require protection of personal data);

(b) Complying with legal obligations. Under the EU GDPR, the UK GDPR and the DPGL, the lawful basis of such processing is Article 6(1)(c) of the EU GDPR (or equivalent provisions in the UK GDPR and/or DPGL, as the case may be) (i.e. the processing is necessary to discharge a relevant legal or regulatory obligation to which we are subject); and

(c) Performance of a contract. Under the EU GDPR, the UK GDPR and the DPGL, the lawful basis of such processing is Article 6(1)(b) of the EU GDPR (or equivalent provisions in the UK GDPR and/or DPGL, as the case may be) (i.e. the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract).

We may have processed your personal information for any of the business purposes described above in the past 12 months.

Generally, we do not rely on consent as a legal basis for processing your personal data, although we will obtain your consent before sending third party direct marketing communications to you, or where your consent is otherwise required under applicable law. You have the right to withdraw your consent at any time by contacting us (see below).

We do not sell your personal information.

We do not envisage your personal data will undergo any automated decision making.


Who do we disclose personal data to?

We may disclose personal information about you, where reasonably necessary for the various purposes set out above, to:

(a) The other members of the Permira group of companies, including our funds, fund partners, and fund administrators;

(b) Third party agents and contractors, including other service providers of a fund, IT and communications service providers, law firms, accountants, auditors, administrators, reference providers, and background check providers. These third parties will be subject to confidentiality requirements and they will only process your personal data as described in this notice (or as otherwise notified to you);

(c) Governmental, judicial, or prosecution bodies, tax authorities, regulators and courts;

(d) Third parties for the purposes of establishing, exercising or defending our legal rights;

(e) Third parties in connection with investments in, or the sale of, our business or assets or an acquisition of our business (or a part of our business) by a third party; and

(f) Your colleagues within the organisation that you represent.

We may have disclosed your personal information to any of the third parties listed above in the past 12 months.

Some recipients will process your personal data on our behalf as processor. Others will determine the purposes and means of processing of your personal data as controller and may be permitted to disclose your personal data to other parties in accordance with applicable law.


Personal data of third parties

To the extent that you provide us with personal data of third parties, you agree and acknowledge that you have informed them of, and they have agreed to, our use, collection and disclosure of their personal data including the purposes of such use, collection and disclosure of personal data as set out in this notice.


Do we transfer personal data overseas?

The disclosures described above may involve transferring your personal data overseas. If you are dealing with us within the European Economic Area (the “EEA”) you should be aware that this may include transfers to countries outside the EEA, including the UK and Guernsey. (Equally, if you are dealing with us within the UK or Guernsey, you should be aware that we may transfer your data outside of the UK or Guernsey.) Some of these countries do not have similarly strict data privacy laws.

We will ensure that any such transfers are carried out in compliance with applicable law, including, where necessary, being governed by data transfer agreements (such as the European Commission approved model clauses) designed to ensure that your personal data is protected on terms approved for this purpose by the European Commission (or UK or Guernsey government, as applicable) or as otherwise required under applicable law. If you want to request a copy of any such agreements, please contact us using the details set out in the contact section below.


How long do you retain personal data?

Subject to applicable law, we retain your information for (as the case may be):

(a) As long as it is required for our legitimate purpose;

(b) As long as it is required to perform our contractual obligations;

(c) As long as we have your consent; or

(d) Such period as is required or required by law or regulatory obligations which apply to us.

We will delete or anonymise your personal data when it is no longer required.


What rights do I have in respect of my personal data?

Applicable law may provide you with a number of legal rights in relation your personal data that we process. These rights may include:

(a) A right to know what personal data we process and a right of access to such personal data;

(b) The right to request any incomplete or inaccurate personal data be corrected;

(c) The right to object to our processing of your personal data where we send you direct marketing;

(d) The right to require us to delete your personal data and/or otherwise restrict our processing of your personal data in some circumstances;

(e) The right to object to our processing of some or all of your personal data on grounds relating to your particular situation which are based on legitimate interests, at any time (and require such personal data to be deleted). If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or where it is necessary for the establishment, exercise or defence of legal rights; and

(f) A "data portability" right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format.

If you wish to exercise any of the rights referred to above, please contact us using the details set out in the contact section below.

We review and verify data protection rights requests. We apply non-discriminatory principles when we action requests relating to your data, in accordance with applicable data protection laws and principles.

We exercise particular care when receiving a request to exercise these rights on your behalf by a third party. We will ensure that the third party is correctly authorised by you to receive the requested information on your behalf.

You also have the right, at any time, to lodge a complaint about our processing of your personal data with the relevant body regulating data protection in your country (for the European Union, details are available here). In the UK, you can lodge a complaint about our processing of your personal information with the office of the UK Information Commissioner (www.ico.gov.uk). In Guernsey, you can lodge a complaint to the Office of the Data Protection Authority (ODPA) (www.odpa.gg). In California, you can lodge a complaint with the Office of the Attorney General (www.oag.ca.gov). In Singapore, you can lodge a complaint with the Personal Data Protection Commission (www.pdpc.gov.sg/Contact-Us).

If you do not want Permira to send you e-mail or postal mail, you can opt out at any time by contacting Permira by e-mail at dataprivacy@permira.com.

You should be aware that when you are on the websites, you could be directed to other websites that are beyond our control. There are links to other sites from the sites that may take you outside our service. We cannot guarantee that the privacy policies of these websites meet our standards. You should read the privacy notice of any new website you go to online.

California residents may also request certain information about our disclosure of personal data during the past 12 months, including information about the categories of information we process, the purpose of processing that data, the categories of recipients to which we disclose this information and the source of the information.


How do I contact you?

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, or to exercise of any of the rights listed above, please address questions, comments and requests to our Data Compliance Lead at dataprivacy@permira.com.


Changes to this notice

Any changes we make to this privacy notice in the future will be posted to the sites and also available if you contact us. Please check back frequently to see any changes.

This policy was last reviewed/updated: 7th July 2021.