1. WHAT IS THIS?
1.1. At Pamplona Capital Management (“Pamplona”) we take privacy seriously and we are committed to protecting it.
1.2. This Website Private Policy (the “Policy”) explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
1.3. This Policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
1.4. This Policy was last updated in May 2018.
2. WHO WE ARE
2.1. Pamplona comprises the following entities:
|Legal Entity Name||Registration Number||Registered Address||Country of Registration|
|Pamplona Capital Management LLP
|OC 309813||25, Park Lane, London, W1K 1RA||United Kingdom|
|Pamplona Capital Advisors Ltd
|5257246||25, Park Lane, London, W1K 1RA||United Kingdom|
|Pamplona PE Investments Malta Limited||C47993||5th Floor, Marina Business Centre, Abate Rigord Street, Ta’ Xbiex, XBX 1127||Malta|
|Pamplona Credit Opportunities Investments Limited
|C48160||5th Floor, Marina Business Centre, Abate Rigord Street, Ta’ Xbiex, XBX 1127||Malta|
|Pamplona Capital Management (PE) S.L.||B87796132||c/ Marqués de la Ensenada, nº 2, 4ª Planta, 28004 – Madrid
|Pamplona Capital Management (Monaco) SAM||17S07499||14, Avenue de Grande Bretagne, Le George V
98000, Monaco MC
|Pamplona Capital Management LLC||5084410||c/o Cogency Global Inc., 850 New Burton Road, Suite 201, Dover, Kent, Delaware||United States|
Any of these companies may act as the data controller in relation to the processing of your personal data. The controller in each case is the entity that decides why and how your personal information is processed. This policy applies to each and every entity mentioned above that may act as a data controller in a particular case. Accordingly, where this Policy, references “Pamplona”, “we”, “our” or “us” below, unless it mentions otherwise, is referring to the particular company that is the controller of your personal information.
2.2. We will let you know which entity will be the controller for your data when you obtain any of our services.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
A login is only provided to users who wish to see aspects of the website which are restricted.
These users are approved by Pamplona to perform credit/risk analysis or to access certain publications. A list of these users is maintained by Pamplona. This list is reviewed annually and authorisation of users may be withdrawn by Pamplona at any time. General users are not permitted to log into the areas of the website that are restricted.
If you contact us by email from the published email address on the website we do not collect any additional information other than your email address.
If you request a log on to the website then the personal information you give to us is: name, email address and company name and reason for request for access.
Please see Section 4 for details of the purposes for which we use the personal information we obtain from these sources, and the legal basis on which we rely to process that information. The remaining provisions of this Policy also apply to any personal information we obtain from these sources.
If you contact us by email from the published email address on the website we do not collect any additional information other than the email address.
4. HOW WE USE YOUR PERSONAL INFORMATION
Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
• Contact you via email; or
• Contact you via post.
You may withdraw your Consent for us to use your information in any of these ways at any time. Please see Section 8.4 for further details.
Where there is a LEGITIMATE BUSINESS INTEREST
We may use and process your personal information where it is necessary for us to pursue our Legitimate Business Interests as a business for the following purposes:
• prevention of fraud and other criminal activities;
• promote business efficiency and consolidate reporting requirements by sharing your personal data with other entities within our group (See Section 5.1 for more information);
• to verify the accuracy of data that we hold about you and create a better understanding of you as a Customer;
• network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
• to comply with a request from you in connection with the exercise of your rights (for example where you have asked us to erase your personal information);
• management of queries, complaints, or claims.
Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations: (i) to assist any public authority, regulatory, judicial or criminal investigation body; (ii) to identify you when you contact us; and (iii) to verify the accuracy of data we hold about you.
Where we need to process data in order to PERFORM THE CONTRACT with you
In order to provide the services which you, or an entity with which you are employed or are a shareholder, ultimate beneficial owner or officer in, request, we shall need to process your personal data in order to be able to give effect to the contract entered into with you, or such said entity or to take steps to enter into such a contract with you or the said entity. We may use your personal data to (i) communicate with you in relation to the products or services which we provide to you, or such entity as may be required; (ii) update you of any developments in relation to such products or services; and (iii) issue statements and other relevant material in relation to such products or services.
5. OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
5.1. Our affiliated companies within Pamplona group
Pamplona is part of an international group of companies with a presence in various jurisdictions both within and outside Europe.
We may need to transfer your personal data to our affiliated companies within Pamplona group. It is within our Legitimate Business Interests to promote business efficiency as well as consolidate reporting and administrative processes within Pamplona group. We have an agreement in place between all Pamplona entities to regulate the transfer of your personal data between different Pamplona entities and ensure that your personal data is processed in accordance with applicable law. In cases where we need to transfer your personal data to a Pamplona group entity outside of the European Economic Area (“EEA”), we enter into standard contractual clauses to authorise such transfers. Please contact us using the details in Section 11 of this Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
5.2. Our suppliers and service providers
We may disclose your information to our Third Party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such Third Parties include administrative services who provide services to us.
When we use Third Party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
5.3. Fraud prevention agencies and regulatory, judicial or criminal investigation bodies
If false or inaccurate information is provided to us as part of your use of our services or otherwise, and fraud is identified or suspected, details may be passed to fraud prevention agencies, which could include personal information.
We may also need to share your personal data with regulatory or public authorities as well as judicial or criminal investigation authorities which may have jurisdiction over our operations.
Other ways we may share your personal information
We may transfer your personal information to a Third Party as part of a sale of some or all of our business and assets to any Third Party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and Customers.
However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
6. WHERE WE STORE YOUR PERSONAL INFORMATION
6.1. All information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar Data Protection laws to the European Union or the European Economic Area .
6.2. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
6.3. If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
7. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR:
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under applicable laws, such as accounting and taxation reporting laws.
We do not retain personal information in an identifiable format for longer than is necessary. In general once a user no longer has access to the website, all their information obtained for this purpose will be deleted within 12 months unless any of the exceptions below apply.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any other purposes listed under Section 4.
The only exceptions to this are where:
• the law requires us to hold your personal information for a longer period, or delete it sooner;
• you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see Section 8.6 for further information);
• in limited cases, where permitted by law, we may keep your personal information indefinitely provided we put certain protections in place;
• If you contact us by email from the published email address on the website we do not collect any additional information other than the email address.
In certain cases, in particularly in order to ensure compliance with applicable taxation and Inland Revenue reporting obligations, we may need to retain your data for a longer period, however any retention of your personal data shall be held in compliance with our legal obligations. For more information about our data retention Policy please contact us using the information indicated in Section 11 below.
8. YOUR RIGHTS
8.1. Your (Data Subject) rights
You have a number of rights in relation to your personal information under Data Protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where not required, after we have received your request.
8.2. Accessing your personal information
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this Policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information, such as in cases where the information you request is the subject of an investigation.
8.3. Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this Policy.
8.4. Withdrawing your Consent
Where we rely on your Consent as the legal basis for processing your personal information, as set out under Section 5.4 . You may withdraw your Consent at any time by contacting us using on the details provided in Section 11. If you withdraw your Consent, our use of your personal information before you withdraw your Consent is still lawful.
8.5. Objecting to our use of your personal information
Where we rely on our Legitimate Business Interests as the legal basis for processing your personal information for any purpose(s), as out under Section 4, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under Data Protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
8.6. Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your Consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
8.7. Transferring your personal information in a structured data file
Where we rely on your Consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under Section 4.0 ”, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
8.8. Complaining to the applicable Data Protection authority
You have the right to complain to the applicable Data Protection authority in your country. A full list of Data Protection authorities and their contact details can be found in the following link:
9. SECURITY / LINKS
9.1. Security measures we put in place to protect your personal information
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or nauthorized access.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
9.2. Links to other websites
Our website may contain links to other websites run by other organisations. This Policy does not apply to those other websites and Apps’ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using links that we provide.
In addition, if you linked to our website from a Third Party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that Third Party website and recommend that you check the policy of that Third Party website.
10. CHANGES TO THIS POLICY
10.1 We may review this Policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this Policy whenever you visit our website. If you do not agree with any aspect of the updated Policy you must immediately notify us and cease using our services.
11. CONTACT US
Please direct any queries about this Policy or about the way we process your personal information to our Group Compliance Officer (‘GCO’), Kevin O’Flaherty using our contact details below:
Pamplona Capital Management LLP
25 Park Lane
London W1K 1RA
Tel: +44 207 079 8000
Annex A – Glossary of Terms
|Customer||Any past, current or prospective customer of a Pamplona within PAMPLONA.
|Consent||Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.|
|Cookie||A cookie is a small text file that is downloaded and saved to an individual’s hard drive when they visit a website. This text file contains information that can be read by the web server the next time that the same site is visited.|
|Data Controller||A natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.|
|Data Subject||Anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.|
|Data Protection||The process of safeguarding Personal Data from unauthorised or unlawful use, disclosure, access, alteration, processing, transfer or destruction.|
|Data Processors||A natural or legal person which Processes Personal Data on behalf of a Data Controller.|
|An individual who works part-time or full-time for a Pamplona within PAMPLONA under a contract of employment, whether oral or written, express or implied, and has recognised rights and duties, including temporary employees and independent contractors.|
|Legitimate Business Interests||The purposes for which Personal Data may be used by PAMPLONA
Pamplona Personnel, administrative, financial, regulatory, payroll and business development purposes including the following:
– Compliance with our legal, regulatory and corporate governance obligations and good practice
– Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
– Ensuring business policies are adhered to (such as policies covering email and internet use)
– Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
– Investigating complaints
– Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
– Monitoring staff conduct, disciplinary matters
– Marketing our business within the context of an established business relationship
– Improving services
|Pamplona||Pamplona Capital Management LLP, a limited liability partnership incorporated in England & Wales with registration number OC309813 and all of its affiliates, including but not limited to:
Pamplona Capital Advisors Ltd. (UK, Registration No 5257246)
Pamplona PE Investments Malta Limited (Malta, Registration No C47993)
Pamplona Credit Opportunities Investments Limited (Malta, Registration No C48160)
Pamplona Capital Management (PE) S.L. (Spain, Registration No B87796132)
Pamplona Capital Management (Monaco) SAM (Monaco, Registration No 17S0499)
Pamplona Capital Management LLC (US, Registration No 5084410)
|Pamplona Personnel||Includes all employees, Third Party contractors and representatives of PAMPLONA.|
|Personal Data||Personal Data is any information about any living, identifiable individual. The Pamplona is legally responsible for this and its storage, protection and use are governed by the General Data Protection Regulation and associated laws.|
|Process, Processed, Processing||Any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means. Operations performed may include collection, storage, access/use, disclosure, erasure.|
Pamplona Data Protection Policy
Pamplona Data Retention Policy
Pamplona Staff Handbook
|Third Party||An external organisation with which PAMPLONA conducts business and is also authorised to, under the direct authority of PAMPLONA, to process the Personal Data of Customers, Employees or other Data Subjects on its behalf.|
|Third Country||Any country not recognised as having an adequate level of legal protection for the rights and freedoms of Data Subjects in relation to the Processing of Personal Data.|