Scope and purpose
PAI Partners SAS, PAI Partners S.à r.l., their subsidiaries and affiliates (collectively, solely for the purpose of this Privacy Notice: “PAI” or “PAI Partners” or “we” or “us” or “our”), acting as data controller, are committed to protecting and respecting the privacy of any individual and ensure the protection of any personal information we collect from you and further process.
Personal Data is a critical asset and PAI is accountable for processing such information with the requisite care, integrity and discretion so as to provide appropriate protection to Personal Data and comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and any applicable local data protection laws and regulations.
PAI has established an external personal data protection policy considering the nature, scope, context and purposes of Personal Data processing as well as the risks of varying likelihood and severity (proportionality principle) for rights and freedoms of natural persons posed by the processing. This public notice (the “Privacy Notice”), both available on PAI website and PAI ESG Lab, intends to provide you with the summary information about how PAI collects, processes, protects and retains your personal data, as well as the reasons for their use and sharing. This Privacy Notice also aims at informing you of your rights regarding the collection and processing of your personal data and the procedures for exercising your rights.
All data protection terms used in this Privacy Notice have the meaning as set out in the GDPR.
Personal data protection
What is considered as personal data? “Personal Data” is defined under GDPR regulation as any information relating to an identified or identifiable natural person (“Data Subject”), an identifiable natural person being a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What personal data do we collect and about who? We collect mainly, and where relevant only, the identification data (name, surname, title, address, IP address…), contact details, data relating to the professional, economic and/or tax situation of our investors, co-investors and their representatives, PAI website or premises visitors, PAI employees, job applicants and other professional contacts in the course of our business (together the “Partners”).
When do we process your personal data? We may process information when you visit our websites, including PAI website and PAI ESG Lab, through the following means:
- When you navigate on our websites (i.e. technical information, such IP addresses or logs collected via cookies);
- When you participate, as a speaker, to a webinar organized by PAI and whose recording is posted online on our websites;
- When you answer a survey on PAI ESG Lab;
- When you agree that your name, surname, position and image appear in articles, reports, interviews, videos, podcasts, etc. posted on our websites
- When you click on the window “Do you have a question or a thought” on PAI ESG Lab and ask for a question and add your email address to receive an answer
- When you otherwise submit personal information to us (e.g. through the “Contact us” section on PAI Corporate website using generic or recruitment PAI email addresses, etc.).
How and why do we use your personal data? In accordance with the data minimization principle, only adequate, relevant and limited Personal Data may be collected and further processed for specific, explicit and legitimate purposes of processing.
We use your Personal Data in relation to the following purposes:
- Management of Personal Data in relation to business relationships with investors, prospects, and websites‘ users and more particularly to:
- Enable you to browse our websites;
- Obtain your opinion on ESG related topics, in particular via surveys;
- Establish statistical analysis including for web traffic management purposes (e.g. to have an understanding of the websites audience, to enhance website usability and the relevance of our services);
- Communication management: You may also receive information or communications from PAI in particular regarding events which may be of your interest, subject to your prior consent when required and in compliance with your right to object, in accordance with legal requirements applicable to direct marketing. These notifications can be sent by electronic or post mail;
- Management of network: PAI will collect your Personal Data in order to answer to your request and then manage our relationships;
In addition, we use the Personal Data we collect only if and to the extent that at least one of the following lawful basis applies:
- processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; or
- processing is necessary for compliance with a legal or regulatory obligation to which PAI is subject (such as the prevention of money laundering and terrorism financing or a reporting requirement under tax regulations in the jurisdictions in which we operate, the Foreign Account Tax Compliance Act (FATCA), the automatic exchange of information in the field of taxation (DAC) or the Common Reporting Standard (CRS); or
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in PAI; or
- processing is necessary for the purposes of the legitimate interests pursued by PAI (in particular managing relations with our Partners or, for reasons connected with the investments or divestments made by the funds we manage, ensuring the security of our premises) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require the protection of Personal Data; or
- the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes.
Furthermore, to operate our websites, remember your preferences, improve your experience as well as analyze the performance of our websites, we collect certain personal data, using cookies, about our website users– for further details in that regard please refer to our .
Should you refuse to share with us some of required personal data, it might prevent you to the benefit of part of the services provided by PAI and/or functionalities of our websites.
How do we protect the Personal Data we collect? PAI has implemented appropriate technical and organisational security measures based on the risk for your rights and freedom to protect the confidentiality and integrity of your Personal Data and to prevent them from being, accidentally or unlawfully, altered, damaged, destroyed or disclosed to/accessed by unauthorised third parties. The same level of protection is contractually imposed by PAI on its services providers which process your Personal Data acting as Processors (on behalf of PAI). In addition, any PAI employee who, in the course of their work, might have access to your Personal Data agree to hold it in the strictest confidentiality. However, although we take all reasonable measures to protect your Personal Data, no transmission or storage technology is totally infallible. In accordance with the GDPR, in the event of a Personal Data breach likely to result in a high risk to individuals’ rights and freedoms, we undertake to notify the competent data protection authority and, when required by the GDPR, the relevant Data Subjects (individually or collectively as appropriate).
With whom do we share the Personal Data we collect? PAI may share your Personal Data with the following categories of internal recipients:
- PAI’s employees working in the Communication team, ESG team, Finance team and Compliance team;
- PAI’s internal contractors working in the IT team;
- PAI’s employees in charge of recruitment and Human Resources management who will have access to Personal Data regarding candidates.
Your Personal Data will not be sold to third parties.
However, we may have to disclose your Personal Data to the members of PAI group, including PAI subsidiaries and affiliates, so that the group may adopt an integrated approach to its Partners. Group members may use your personal information only for the purposes specified above.
We also may disclose your information to third parties if so required or authorised by the law or regulations (i.e. auditors, government and law enforcement agencies or regulators), to certain service providers, such as our custodians, who need to know such information to perform their services, to bona fide professional advisers and other third parties to the extent (i) such disclosure is reasonably required to assist PAI with its diligences in order to evaluate and comply with its legal, regulatory, tax requirements and (ii) the relevant third parties are informed of the strictly confidential nature of the disclosed personal information and have committed to ensure an equivalent level of protection in a written dedicated agreement or clause.
Some of these recipients may be located outside the European Union and have access to all or part of the personal information we collect. Where this is the case, we guarantee that your personal data will be protected to the very highest standards, with the implementation of appropriate safeguards, including through standard contractual clauses of the European Commission where required. .
How long do we keep your Personal Data? We ensure that Personal Data is retained according to defined retention periods per purpose of processing for no longer than necessary given the purpose(s) of their processing, as authorized under the applicable law or regulation.
The retention period therefore varies depending on that purpose, as well as on any applicable legal provisions stipulating a specific retention period for certain types of data, any statute of limitation periods, and the recommendations of the CNIL (Commission nationale de l’informatique et des libertés) for certain types of data processing.
Your personal data protection rights
How to access, update and correct your Personal Data? In accordance with applicable data protection laws and regulations, you have the rights of access, rectification, erasure, restriction of processing, objection, portability of your personal data we hold about you as well as the right to define the fate of your data after your death. When the Processing is based on your consent, you have the right to withdraw your consent at any time.
You can exercise these rights by emailing email@example.com. In order for us to be able to answer your request, you must communicate us the following necessary identification data: name, e-mail and any other identity document or follow identity verification process to confirm your identity.
In the event of a breach of the applicable Personal Data protection laws and regulations by PAI you may lodge a complaint with the French data protection supervisory authority:
Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
75334 PARIS CEDEX 07
Changes to the Privacy Notice
We may update this Privacy Notice from time to time without prior notice.
We encourage you to regularly check PAI’s Site to ensure that you are aware of the last updated version.
This Privacy Notice was last updated in February 2021 and replaces and supersedes any prior version of our Privacy Notice.
If you have any questions about our Privacy Notice or if you have any questions or concerns about how PAI processes personal data and maintains the protection of your personal data, please contact us at: firstname.lastname@example.org.