EXTERNAL PRIVACY POLICY

Last updated: January 2022

Contents

  1. Scope of Policy
  2. What personal data do we process and why
  3. For what other purposes do we process your personal data?
  4. Consequences of not providing personal data
  5. With whom do we share your personal data
  6. International transfers of your personal data
  7. Timely Processing
  8. Your data protection rights
  9. Links to other websites
  10. Changes to the Policy
  11. Contact us

Balderton Capital (UK) LLP (Balderton Capital, we, us, our) respects your privacy. This Data Protection Policy (the Policy) describes how we process your personal data and the rights you have in relation to your personal data.

We act as controller for the processing activities described in this Policy. Please read this Policy carefully in order to understand how we process your personal data. Our contact details are set out in Section 11 of this Policy.

  1. Scope of Policy

This Policy applies to personal data we collect about individuals:

  • who visit our websites or otherwise interact with us via social media – including, where individuals who choose to receive our newsletters;
  • who visit our offices;
  • who are employed or otherwise engaged by our service providers or professional advisors;
  • with whom we have contact for business-related purposes (including, without limitation (i) limited partners in our funds and (ii) portfolio companies); and
  • who we deal with in connection with (potential) transactions.

This Policy does not apply to personal data:

  • we collect about job applicants or our employees; and/or
  • collected by any third party, including through any application or content (including advertising) that may link to or be available from our websites.

If you are an organization (for example, a business associate, service provider, professional advisor or investee), we would ask that you provide this Policy to individuals (e.g., customers, or directors, officers, employees, partners and other staff) who have or have had dealings with us on your behalf.

This Policy should be read together with any additional notice that we may provide to you when we collect or otherwise process your personal data.

  1. What personal data do we process and why
  • Individuals who visit our websites or otherwise interact with us via social media channels

What personal data do we process

Why do we process your personal data

-       Name and email address

-       Log-in information (e.g. for access to online portals)

-       Other personal data you voluntarily disclose to us in your communication with us

It is in our legitimate interest to process such data in order to respond to your queries, complaints or other communications.

If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details set out in Section 11 of this Policy.

Sources of personal data: We will collect the above personal data directly from you. We may also process your personal data for other purposes as detailed in Section 3 below.

Cookies: As is now common with most websites, our websites use cookies and may use other online tracking tools (e.g., web beacons) to automatically collect information about your IP address, your use of the websites, or other websites you may visit after ours. Cookies are small data files generated by a website and saved by your web browser. They are used to help users navigate websites efficiently as well as to provide information to the owner of the websites. To find out more about what cookies we use and how we use them, please consult our Cookies Policy https://www.balderton.com/legal-overview/cookies/.

  • Individuals who visit our offices

What personal data do we process

Why do we process your personal data

-       Name, contact details and company information i.e., by completing the Registration Tablet

-       Video images from CCTV

-       Health data to assist in the control of infectious diseases (such as Covid-19)

-       Other personal data you voluntarily disclose to us in your communication with us

It is in our legitimate interest to process such data in order to keep our offices secure.

The processing may be necessary to comply with our legal obligations including, those in relation to health & safety.

Sources of personal data: We will collect the above personal data directly from you or from the company with which you are affiliated (e.g., your employer). We may also process your personal data for other purposes as detailed in Section 3 below.

  • Individuals who are employed or engaged by our service providers or professional advisors

What personal data do we process

Why do we process your personal data

-       Name, contact details, job title and company information

-       Identity and nationality information (e.g., contained in passports)

-       Other personal data you voluntarily disclose to us in your communication with us

It is in our legitimate interest to process such data in order to: (i) arrange calls / meetings with you or others at your company; (ii) conduct our business; and (iii) manage our relationships with service providers and professional advisors (e.g., record-keeping).

The processing may be necessary to perform, or to enter into, contracts with such providers and advisors.

Sources of personal data: We will collect the above personal data directly from you or from the company with which you are affiliated (e.g., your employer). We may also process your personal data for other purposes as detailed in Section 3 below.

  • Individuals with whom we have contact for business-related purposes (including, without limitation (i) limited partners in our funds and (ii) portfolio companies);

What personal data do we process

Why do we process your personal data

-       Name, contact details, job title and company information

-       Log-in information (e.g. for access to online portals)

-       Identity and nationality information (e.g., contained in passports)

-       Visual images and photographs

-       Other personal data you voluntarily disclose to us in your communication with us

It is in our legitimate interest to process such data in order to: (i) arrange calls / meetings with you or others at your company; (ii) conduct our business; (iii) maintain a directory of contacts; and (iv) sending you marketing communications.

If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details set out in Section 11 of this Policy.

Sources of personal data: We will collect the above personal data directly from you or from the company with which you are affiliated (e.g., your employer). We may also process your personal data for other purposes as detailed in Section 3 below.

  • Individuals we deal with in connection with (potential) transactions

What personal data do we process

Why do we process your personal data

-       Name, contact details and company information

-       Visual images and photographs

-       Log-in information (e.g., for virtual data rooms)

-       Identity and nationality information (e.g., contained in passports)

-       Results of due diligence performed

-       Professional opinions

-       Information relating to your financial status and dealings

-       Results of any anti-money laundering or KYC (other than data concerning your criminal convictions or offences)

-       Other personal data you voluntarily disclose to us in your communication with us

It is in our legitimate interest to process such data in order to: (i) arrange calls / meetings with you or others at your company; (ii) conduct our business; (iii) evaluate, complete and administer transactions – including, seeking advice from professional advisors; (iv) undertake statistical analysis, trade and transaction reporting and market research; and (v) maintain records of investments.

The processing may be necessary to comply with our legal obligations, including anti-money laundering and KYC.

-       Data concerning your criminal convictions or offences if this is revealed to us when we perform anti-money laundering or KYC.

The processing may be necessary to comply with our legal obligations, including anti-money laundering and KYC.

Sources of personal data: We will collect the above personal data directly from you or from the company with which you are affiliated (e.g., your employer). With respect to data concerning your criminal convictions or offences, we may obtain this data from third party sources (for example, disclosure and barring check databases). We may also process your personal data for other purposes as detailed in Section 3 below.

  1. For what other purposes do we process your personal data?

Purpose(s) for processing

Legal bases for processing

-       identify and prevent fraud and other unlawful activity

-       keep our information and systems secure, and other IT support and development

-       train our personnel

-       seek and obtain advice from professional advisors

-       prepare for, respond to, and obtain advice in connection with, enquiries, investigations, disputes or claims / proceedings

-       organising events and meetings

-       financial and statistical research

-       maintaining records and accounts

-       prepare for, and participate in, transactions

-       internal reporting

-       responding to data subject requests

It is in our legitimate interest to process your personal data for these purposes.

The processing may be necessary to comply with our legal and regulatory obligations.

You have a right to object to the processing of your personal data where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.

  1. Consequences of not providing personal data

Where we require your personal data to comply our legal or contractual requirements, failure to provide this information means we may not be able to provide services to you and/or interact with you.

  1. With whom do we share your personal data

We disclose and/or make available your personal data to:

  • corporate affiliates and subsidiary companies;
  • third-party service providers such as, providers of IT and security services and IT platform service providers;
  • advertising, marketing and promotional agencies: to help us deliver and analyse the effectiveness of our advertising campaigns and promotions;
  • business associates (for example, investors, lenders or financial intermediaries) who are involved in, or considering being involved in, transactions where we are involved;
  • professional advisors (e.g., accountants, lawyers or other consultants);
  • independent public accountants and auditors;
  • third parties that are considering acquiring or that acquire all or part of our assets or stock, or that succeed us in carrying on all or part of our business or services provided to or by us; and
  • regulators and other governmental agencies.
  1. International transfers of your personal data

We may, for the above listed purposes, transfer your personal data to other affiliates, or to other recipients as referred to above, that are located in countries outside the EEA and UK (including in the U.S.) Some of these countries may be considered by the European Commission or the UK Government as not providing an adequate level of data protection.

Your personal data will only be transferred from the EEA or the UK to a recipient in a country that is not considered to provide an adequate level of data protection when the transfer is in compliance with applicable data protection and privacy laws (e.g., by entering into standard contractual clauses (“SCCs”) with the recipient, relying on the recipient’s Binding Corporate Rules, or by relying on a derogation such as, where the transfer is necessary for performance or a contract or the establishment or defence of legal claims).

You can request further information in relation to international transfers and/or a copy of the SCCs by contacting us as described in Section 11 below.

  1. Timely Processing

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (as described in Sections 2 and 3 above).  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider the applicable legal requirements and the extent to which it is necessary to process the personal data. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your personal data may need to be kept for longer periods of time.

  1. Your data protection rights

It is important for us to maintain accurate and up to date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting as described in Section 11 below.

You have the following rights with regard to personal data which we process about you, which may be subject to limitations and/or restrictions:

  • You have the right to request access to the personal data we process about you.
  • You have the right to request us to rectify any personal data that might be incorrect, as well as the right to request us to restrict the processing of your personal data.
  • You may request to receive a copy of your personal data that you provided to us, in a structured, commonly used and machine-readable format.
  • You have the right to request that we erase your personal data.
  • You have the right to withdraw consent to the processing of your personal data at any time.

We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details in Section 11 below.

You also have the right to lodge a complaint with the competent data protection authority – which in the UK is the Information Commissioner’s Office.

  1. Other Websites

Our websites may provide links to other third party websites which may operate independently from us and may have their own privacy notices or policies, which we advise you to review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content.

  1. Changes to the Policy

We will review and update this Policy as required to keep current with rules and regulations, new technologies and security standards. We will post those changes on our websites or update the “last updated” date of the Policy. If we make a material change to this Policy, you will be provided with appropriate notice in accordance with applicable legal requirements.

  1. Contact us

For any privacy issues, questions or complaints concerning the application of this Policy or to exercise your rights as described in Section 8 above, you may contact us at [email protected].

Stay in touch with Balderton

Sign up for our newsletter to stay up to date on news from Balderton, and our portfolio.