OUR COMMITMENT TO PROTECTING YOUR PRIVACY. Pfingsten Partners, L.L.C. and its affiliated entities (“we,” “us,” “our”) considers privacy to be fundamental to our relationship with our investors and clients (collectively, “clients”). In the course of our business, including by running our website and LP portal, and managing various private collective investment funds (collectively, the “Funds”) we collect personal information about you, including any nonpublic personal information and other data that, either alone or when combined with other information we hold, identifies or could reasonably be linked to you (“nonpublic personal information”). We collect this information to know who you are and to meet our obligations under the laws and regulations that govern us.
Throughout our history we have been, and we remain, committed to maintaining the confidentiality, integrity and security of our clients’ personal information. It is our policy to respect the privacy of our current and former clients and to protect the personal information entrusted to us. This Privacy Notice (the “Notice”) describes the standards we follow for handling your personal information collected through the website and LP portal, with the dual goals of meeting your financial needs while respecting your privacy. Our privacy policies reflected in this Notice may change from time to time, but you can always review our current policy by asking us for a copy or by reviewing it on our website or the LP portal.
Please be aware that individual client information is protected by federal financial privacy law under the Gramm Leach Bliley Act and not subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”) or other similar state laws.
- Information We Collect
We collect nonpublic personal information about you from two sources:
- Information on subscription agreements or other forms. This category may include your name, address, tax identification number, age, marital status, number of dependents, assets, debts, income, employment history, beneficiary information and personal bank account information.
- Information from your interactions with us through telephone, mail, email, our website or the investor portal. In these situations, collected information may include an individual’s name, email address, physical address, job title, position, telephone number, and IP address.
Some of the personal information we collect may be deemed sensitive under data protection laws, including identifiers such as social security number. We will use such information only for lawful purposes in compliance with data protection law and will not use sensitive personal information provided to infer characteristics about you other than as required to comply with law or legal process such as for AML/KYC purposes.
We, and our service providers, may automatically log information, such as the type of computer or mobile device accessing our website and LP portal, interactions over time with our website and LP portal, our communications (including emails and alerts), and other online services, such as:
- Device data, such as the computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state, or geographic area.
- Online activity data, such as pages or screens viewed, how long was spent on a page or screen, browsing history, navigation paths between pages or screens, information about activity on a page or screen, access times, and duration of access, and whether emails were opened or links within them clicked. We use Google Analytics, a web analytics service provided by Google LLC (“Google”) to help collect and analyze such data. To learn more about the use of cookies by Google for analytics and to exercise choice regarding those cookies, please visit the Google Analytics Opt-out Browser Add-on.
We and our third-party providers use the following tools for automatic data collection:
- Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping navigate between pages efficiently, remembering preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Pixels/Web beacons, also known as pixel tags or clear GIFs, which are tiny images that may be embedded within web pages and emails, requiring a call (which provides device, visit and other internet activity information) to another server, which may be a third-party server, in order for the pixel to be rendered in those web pages and emails. We and our third-party providers use pixels to learn more about your interactions with email content or web content. Pixels can also enable us and third parties to place cookies on your browser. Pixels are used to demonstrate that a webpage or email was accessed or opened, that certain content was viewed or clicked, to help us understand user activity and patterns.
- Use of Your Information
- We use your nonpublic personal information primarily to complete financial transactions that you request. We do not sell your nonpublic personal information to third parties or share nonpublic personal information for purposes of cross-context behavioral advertising. Below are the details of circumstances in which we may use nonpublic personal information:
- Where it is necessary to enter into or for the performance of our rights and obligations under a contract with you or to take steps at your request prior to entering into a contract (e.g., to process your subscription agreement and/or the constitutional and operational documents of an investment, to reflect your ownership interest in an investment, to provide information you have requested, to create and administer your account, to administer your investments, to maintain registers and to communicate with you about your investments).
- Where it is necessary for compliance with legal and regulatory obligations to which we are subject (such as compliance with know-your-customer, anti-money laundering, FATCA/CRS, tax reporting and other regulatory requirements) – this may involve collecting specific information about you where required by law and disclosing such information to applicable regulators, government bodies and tax and other authorities.
- Where it is necessary for us, our delegates’ and/or other third parties’ legitimate interests (and such interests are not overridden by your interests, fundamental rights or freedoms) or, if we are required by law to obtain your consent, with your consent, including to operate and facilitate our business and services to you, to undertake business management, planning, statistical analysis, market research and marketing (including email marketing) activities, to administer and maintain our core records, to protect our rights and interests, to ensure the security of our assets, systems and networks, to prevent, detect and investigate fraud, unlawful or criminal activities in relation to our services and to enforce our terms and conditions and other agreements.
- Where it is necessary for the establishment, exercise or defense of legal claims or where otherwise necessary to protect our rights and/or property.
- Information We Disclose
Affiliates & Service Providers
We collect, and may disclose to our affiliates and to service providers that we use in connection with the formation, administration and operation of our funds (e.g., our attorneys, accountants and auditors, entities that assist us with the distribution of stock to our investors, third party administrators and recordkeepers for the funds, and banks and other lenders that provide credit to the funds in which you have invested in accordance with borrowing arrangements permitted by such funds’ limited partnership agreements), on a “need to know” basis, certain nonpublic personal information about you from the following sources:
- Information we receive from you as set forth in your subscription agreement, investor questionnaire or similar forms, such as your name, address, and social security or tax identification number; and
- Information about your transactions with us, our affiliates and service providers, such as your participation in our funds, your account balance, contributions and distributions and other information about your relationship with us.
Other Unaffiliated Third Parties
We may disclose any of the nonpublic personal information we collect with unaffiliated third parties if necessary to operate and manage the Funds or to complete a transaction for the Funds.
For example, we may disclose nonpublic personal information about you to the unaffiliated third parties and in the circumstances described below, as permitted by applicable laws and regulations.
- Companies with whom we have contracted to provide related services to the Funds (i.e. our banks, in order to provide the information necessary to effect distributions of investment proceeds).
- Our lawyers, accountants, auditors, advisors, and quality-control consultants, in order to assist us with the formation, administration and operation of the Funds.
- To regulatory, self-regulatory, administrative or law enforcement agencies or other oversight bodies in certain circumstances where we are required to share personal information and other information with respect to your interest in an investment with the relevant regulatory authorities. They, in turn, may exchange this information with other authorities, including tax authorities.
- If we suspect fraud.
- To protect the security of our records, communications facilities, and website.
- As authorized, for example, by subscription agreements or organizational documents of an investment and as authorized by you or your designated representatives or other authorized persons.
- In connection with a corporate transaction — for example, to third parties as part of a corporate business transaction, such as a merger, acquisition, joint venture or financing or sale of company assets.
- Information you have authorized us to disclose.
If you prefer that we not disclose nonpublic personal information about you to unaffiliated third parties (other than our service providers as described under “Affiliates & Service Providers” above), you may opt out of those disclosures (that is, you may direct us not to make those disclosures), other than disclosures for our everyday business purposes, such as to process transactions or maintain accounts, and disclosures otherwise permitted or required by law. If you wish to opt out of such disclosures to such unaffiliated third parties, you may opt out by contacting us at the information provided below or by completing the attached opt-out form and returning it to us at the contact information included on the form. You do not need to complete or return the attached opt-out form if you do not desire to opt out of such disclosures.
Please note that this Notice, as well as the ability to opt out of certain disclosures, applies only to individuals. Other investors may not have the right to opt out of certain disclosures.
- Retaining and Protecting Your Information
We limit access to the nonpublic personal information we have about you to our employees who need to know to operate and manage the Funds. In addition, we maintain appropriate physical, electronic and procedural safeguards to protect your nonpublic personal information. Nonpublic personal information may be kept for as long as it is required for the purpose for which it was collected, or, where longer, as long as is required to comply with applicable legal or regulatory obligations. Nonpublic personal information will be retained throughout the life cycle of any investment in the funds. However, some personal data will be retained after a data subject ceases to be an investor.
- Former Clients
We treat information concerning our former clients the same way we treat information about our current clients.
- Data Subject Rights
We are committed to providing individuals with reasonable and appropriate access to their personal data. If you believe that we are processing personal information about you and wish to have access to that information, we can provide you with that data or at least an explanation of why we cannot do so in the particular context.
The CCPA entitles California residents who are not natural person investors to certain rights which, subject to certain limitations and restrictions, may include the right to: (i) request to know the categories or specific pieces of personal information collected about them; (ii) request correction or deletion of their personal information; (iii) opt out of the sale of personal information or sharing of personal information for cross-context behavioral advertising (we do not sell or share personal information for purposes of cross-context behavioral advertising, and so you are already opted out of such practices); and (v) limit the use or disclosure of sensitive personal information under certain circumstances. These rights are not absolute, and we reserve all of our rights available to us at law in this regard. We will not discriminate against you for exercising any of these rights. If you wish to exercise one of these rights, please send us your request at the contact information below. If you make a request (either from yourself or from an agent on your behalf) related to personal information about you, we will need to authenticate your identity, and you may be required to supply a valid means of identification as a security precaution. We will process your request within the time provided by applicable law. If you need to reach us about a privacy or data protection issue, please contact us at pfingsten@pfingsten.com or (312) 222-8707.
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not distribute your personal information to outside parties for their direct marketing to you without your consent.
- Keeping You Informed
We will provide a copy of this Notice to investors annually via the LP Reporting section of the Pfingsten Partners website. We will also send you all changes to this Notice as they occur.
- Affiliates
This Notice shall also apply to our affiliates, if any.
EUROPEAN RESIDENTS
The following section of this Privacy Notice applies to the extent that European Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below) or to the extent that a data subject is a resident of the United Kingdom (the “UK”), the European Union (the “EU”) or the European Economic Area (the “EEA”). If this European Privacy Notice applies to the collection and processing of personal data by this website/portal, the data subjects to whom such personal data relates have certain rights with respect to such personal data, as outlined below.
For this European Privacy Notice, “European Data Protection Legislation” means all applicable legislation and regulations relating to the protection of personal data in force from time to time in the EU, the EEA or the UK, including the following: the Privacy and Electronic Communications (EC Directive) Regulations 2003, the UK Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) any other legislation that implements any other current or future legal act of the EU or the UK concerning the protection and processing of personal data (including and any national implementing or successor legislation) and any amendment or re-enactment of the foregoing. The terms “controller,” “processor,” “data subject,” “personal data” and “processing” in this European Privacy Notice shall be interpreted in accordance with the applicable European Data Protection Legislation. All references to “investor(s)” in this European Privacy Notice shall be to such actual or potential investor(s) and, as applicable, any of such investor(s)’ partners, officers, directors, employees, shareholders, ultimate beneficial owners and affiliates. Unless otherwise defined herein, capitalized terms used in this European Privacy Notice will have the meanings ascribed to such terms in the Agreement of Limited Partnership (the “Partnership Agreement”) of the investment vehicle(s) (the “Partnership”) managed by Pfingsten Partners, L.L.C. and/or its affiliates as applicable to the data subjects. In addition, unless the context otherwise requires, the words “include,” “includes,” “including” and other words of similar import are meant to be illustrative rather than restrictive.
Categories of personal data collected and lawful bases for processing. In connection with offering, forming and operating private investment funds for investors, the Partnership, the General Partner, their respective Affiliates and, in each case, their respective administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt and otherwise process and use personal data, either relating to investors or to any other data subjects, including from the following sources:
- information received in telephone conversations, in voicemails, through written correspondence, via e-mail or on subscription agreements, investor questionnaires, applications or other forms (including any anti-money laundering, identification and verification documentation);
- information about transactions with any Authorized Entity or other Person; and
- information captured on any Authorized Entity’s website, including contact and registration information and any information captured via “cookies”, for example IP address, browser time, operating system and platform
Any Authorized Entity may process the following categories of personal data:
- names, dates of birth and birth place;
- contact details and professional addresses (including physical addresses, email addresses and telephone numbers);
- account data and other information contained in any document provided by investors to the Authorized Entities (whether directly or indirectly);
- risk tolerance, transaction history, investment experience and investment activity;
- information regarding an investor’s status under various laws and regulations, including social security number, tax status, income and assets;
- accounts and transactions with other institutions;
- information regarding an investor’s interest in the Partnership, including ownership percentage, capital commitment, income and losses and any other Confidential Information relating to an investor;
- information regarding an investor’s citizenship and location of residence;
- source of funds used to make the investment in the Partnership; and
- anti-money laundering, identification (including passport and drivers’ license), and verification documentation.
Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with other information that it collects from or about such investor. This will include information collected in an online or offline context. In addition personal data of investors could be processed and controlled irrespective of whether such investor is admitted to the Partnership as a limited partner.
One or more of the Authorized Entities are “controllers” of personal data collected in connection with the Partnership. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
The lawful basis relied upon to process personal data for the purposes set out in this European Privacy Notice is most commonly: (i) that such processing is needed in order to perform a contract, for example, under or in connection with the Partnership Agreement and associated Partnership documentation; or (ii) that such processing is necessary to pursue the legitimate interests of the Authorized Entities (or those of a third party), to operate their respective businesses, as set out in further detail below. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including the following: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of an investor or other data subjects; or if it is necessary for a task carried out in the public interest.
A failure to provide the personal data requested to fulfil the purposes described in this European Privacy Notice may result in the applicable Authorized Entities being unable to provide the services as contemplated by the Partnership Agreement and/or an investor’s subscription agreement (the “Subscription Agreement”).
Purpose of processing. The applicable Authorized Entities process the personal data for the following purposes (paragraphs (c), (d) and (f), represent the legitimate interests of the Authorized Entities):
- the performance of obligations under the Partnership Agreement and/or the Subscription Agreement (and all applicable anti-money laundering, know-your-customer and other related laws and regulations), including in connection with assessing suitability of investors in the Partnership;
- the administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of investors to the Partnership;
- ongoing communication with investors (including the negotiation, preparation and execution of documentation) during the process of admitting investors to the Partnership;
- the ongoing administrative, accounting, reporting and other processes and communications required to operate the business of the Partnership in accordance with the Partnership Agreement and other applicable documentation between the parties;
- any legal or regulatory requirement; and
- keeping investors informed about the business of the General Partner and its affiliates generally, including offering opportunities to make investments other than to the Partnership.
The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Sharing and international transfers of personal data. In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by European Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisers, lenders, data processors and persons employed and/or retained by them in order to fulfil the purposes described in this European Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with tax authorities, auditors and tax advisers (where necessary or advisable to comply with law).
Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfil the purposes described in this European Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and Partnership Agreement, and to implement requested pre-contractual measures and other safeguards including standard contractual clauses. For information on the applicable safeguards applied to such transfers, please contact the General Partner. For the purposes of this European Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA or the UK; or (ii) a country or territory which has at the relevant time been decided by the European Commission or the UK Government (as applicable) in accordance with European Data Protection Legislation to ensure an adequate level of protection for personal data.
Retention and security of personal data. The General Partner and its Affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.
Personal data may be kept for as long as it is required for the purpose for which it was collected (e.g., legitimate business purposes or to perform contractual obligations) or, where longer, as long as is required to comply with applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in the Partnership. However, some personal data will be retained after a data subject ceases to be an investor in the Partnership.
Data subject rights. It is acknowledged that, subject to applicable European Data Protection Legislation, the data subjects to which personal data relates have the following rights under European Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and to exercise their right not to be subject to automated decision-making. Please note that the right to erasure is not absolute, and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfil the purposes described in this European Privacy Notice may result in the inability to provide the services as contemplated by the Partnership Agreement and/or the Subscription Agreement. Data subjects to whom the personal data relates will not have to pay a fee to access his or her personal data or exercise any of his or her rights under the European Data Protection Legislation. However, the relevant Authorized Entity may charge a reasonable fee if the request made by a data subject to whom the personal data relates is clearly unfounded, repetitive or excessive. Alternatively, the relevant Authorized Entity may refuse to comply with such requests in these circumstances.
In the case where the data subject to whom personal data relate disagrees with the way in which his or her personal data is being processed in relation to the Partnership Agreement and/or the Subscription Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
The data subject may raise any request relating to the processing of his or her personal data with the General Partner at the contact information provided above.
Should you have any questions regarding this Notice, please do not hesitate to contact us.