Scope and purpose
PAI Partners SAS, PAI Partners S.à r.l., their subsidiaries and affiliates (collectively, solely for the purpose of this Privacy Notice: “PAI” or “PAI Partners” or “we” or “us” or “our”) are committed to protecting and respecting the privacy of any personal information we collect from you.
Personal Data is a critical asset and PAI is accountable for processing such information with the requisite care, integrity and discretion so as to provide appropriate protection to Personal Data and comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
PAI has established a personal data protection policy considering the nature, scope, context and purposes of Personal Data processings as well as the risks of varying likelihood and severity (proportionality principle) for rights and freedoms of natural persons posed by the processing. This public notice (the “Privacy Notice”) intends to provide you with the summary information about how PAI collects, protects and retains your personal data, as well as the reasons for their use and sharing. This Privacy Notice also aims at informing you of your rights regarding the collection and processing of your personal data and the procedures for exercising your rights.
Personal data privacy
- What is considered as personal data? “Personal Data” are defined in GDPR regulation as any information relating to an identified or identifiable natural person (“Data Subject”), an identifiable natural person being a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- What personal data do we collect? We collect mainly, and where relevant only, the identification data (name, surname, title, address, IP address…), contact details, data relating to the professional, economic and/or tax situation of our investors, co-investors and their representatives, PAI website or premises visitors, PAI employees, job applicants and other professional contacts in the course of our business (together the “Partners”).
- How and why do we use your personal data? In accordance with the data minimization principle, Personal Data may only be processed for certain legitimate purposes.
We use the Personal Data we collect only if and to the extent that at least one of the following applies:
- processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; or
- processing is necessary for compliance with a legal or regulatory obligation to which PAI is subject (such as the prevention of money laundering and terrorism financing or a reporting requirement under tax regulations in the jurisdictions in which we operate, the Foreign Account Tax Compliance Act (FATCA), the automatic exchange of information in the field of taxation (DAC) or the Common Reporting Standard (CRS); or
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- processing is necessary for the purposes of the legitimate interests pursued by PAI (in particular managing relations with our Partners or, for reasons connected with the investments or divestments made by the funds we manage, ensuring the security of our premises) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require the protection of Personal Data; or
- the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes.
- How do we protect the Personal Data we collect? PAI has implemented appropriate technical and organisational measures to protect the confidentiality of your Personal Data and to prevent them from being altered, damaged, destroyed or disclosed to unauthorised third parties. However, although we take all reasonable measures to protect your Personal Data, no transmission or storage technology is totally infallible. In accordance with the GDPR, in the event of a Personal Data breach likely to result in a high risk to individuals’ rights and freedoms, we undertake to notify the competent control authority and, when required by the GDPR, the relevant Data Subjects (individually or collectively as appropriate).
- With whom do we share the Personal Data we collect? Your Personal Data will not be sold to third parties.
However, we may have to disclose your Personal Data to the members of PAI group, so that the group may adopt an integrated approach to its Partners. Group members may use your personal information only for the purposes specified above.
We also may disclose your information to third parties if so required or authorised by the law or regulations (i.e. auditors, government and law enforcement agencies or regulators), to certain service providers, such as our custodians, who need to know such information to perform their services, to bona fide professional advisers and other third parties to the extent (i) such disclosure is reasonably required to assist PAI with its diligences in order to evaluate and comply with its legal, regulatory, tax requirements and (ii) the relevant third parties are informed of the strictly confidential nature of the disclosed information.
Some of these recipients may be located outside the European Union and have access to all or part of the personal information we collect. Where this is the case, we guarantee that your data will be protected to the very highest standards, including through the procedures defined in the applicable regulations.
- How long do we keep your Personal Data?
We ensure that Personal Data are retained for no longer than necessary given the purpose(s) of their processing, as authorized under the applicable law or regulation.
The retention period therefore varies depending on that purpose, as well as on any applicable legal provisions stipulating a specific retention period for certain types of data, any statute of limitation periods, and the recommendations of the CNIL (Commission nationale de l’informatique et des libertés) for certain types of data processing.
Accessing, updating and correcting your Personal Data
In accordance with current legislation, you have the rights of inquiry, access, rectification, erasure, restriction of processing, objection, portability of your personal data we hold about you as well as the right to define the fate of your data after your death.
You can exercise these rights either by emailing email@example.com or by writing to PAI Partners, Data Protection, 232 rue de Rivoli, 75001 Paris, France. Your written request should include a copy of an identity document. Prior to processing your request, we will require you to confirm your authorisations to do so, which includes an identity verification process.
We endeavour to satisfy your demand within thirty (30) business days of receiving a request.
In the event of a breach of the applicable Personal Data protection regulations by PAI you may complain to the French data protection supervisory authority:
Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
75334 PARIS CEDEX 07
Changes to the Privacy Notice
We may update this Privacy Notice from time to time without prior notice.
We encourage you to regularly check PAI’s Site to ensure that you are aware of the last updated version.
This Privacy Notice was last updated in January 2019 and replaces and supersedes any prior version of our Privacy Notice.
If you have any questions about our Privacy Notice or if you have any questions or concerns about how PAI manages personal information and maintains the data privacy, please contact us at: firstname.lastname@example.org.