Pollen Street Privacy Notice

Important information about this notice

This notice is issued on behalf of Pollen Street Capital Limited, PSC Credit Holdings LLP and Pollen Street Capital (US) LLC, (together, “the Company”). It contains details of how we use your personal data if you visit our website, or if you engage with our services.

UK and European Union citizens’ personal data are protected under the General Data Protection Regulation (“GDPR”) and this notice is drafted to provide individuals with all privacy information required under that law.

If you live in California (US) then the California Consumer Privacy Act (“CCPA”) gives you certain protections over your personal data. This notice also includes the privacy information required under the CCPA to be given to California citizens.

To help you navigate this notice online, you can click on any of the headings below to go straight to the information you need, without reading through the whole notice.

Contents
 

• Introduction
• Who we are and how to contact us
• What type of information we collect
• How we get the information and why we have it
• Telephone Call Recording
• If you fail to provide personal data
• What we do with the information we have
• Sharing or disclosing your personal data
• Security measures and how we store your information
• Your data protection rights
• How to complain
• Changes to our Privacy Policy

Introduction

This notice is addressed to any living person on whom the Company collects or obtains personal data in the course of undertaking its business and providing its services. The Company is the data controller of your personal data and will make decisions about the processing of your personal data in accordance with the terms of this notice.

Investors in funds managed by the Company will be required to provide their personal data to the fund Administrators, who will be the data controller of any personal data you provide to them. For information about how they will process your personal data, we recommend you visit the website of the fund Administrator(s) to view their Privacy Notice. We may also obtain personal details of investors in the funds during our interactions with you. Where we obtain personal information from you, we will be the data controller.

Personal data is defined as information relating to a living individual, from which that individual can be identified either directly or indirectly. The Company takes its data protection and privacy obligations seriously and this notice explains how your personal data will be processed and protected, as well as informing you about certain legal rights you have.

Who we are and how to contact us

Name: Pollen Street Capital Group
Address: 11-12 Hanover Square, Mayfair, London, W1S 1JJ
Phone Number: +(44) 203 728 6750
E-mail: info@pollencap.com

Pollen Street Capital Limited is a company registered in England and Wales with company number 08741640 and PSC Credit Holdings LLP is a limited liability partnership registered in England and Wales with company number OC388668. Both Pollen Street Capital Limited and PSC Credit Holdings LLP are authorised and regulated by the Financial Conduct Authority (FRN 611337 and 650207). Pollen Street Capital (US) LLC is registered in the State of Delaware with file number 5010022 and is registered with the Securities and Exchange Commission with registration number 801-77475.

What type of information we collect

When visiting this website, we will collect the following information:

• Details of your visits to this website and the materials that you access

For representatives of organisations in which the Company invests, either through an equity investment or credit facility, we will collect the following information about the owners, controllers and key personnel within the organisation:

• Identifying information (i.e. information used to identify a specific individual, such as: given name(s), preferred name(s), nickname(s); date of birth / age; place of birth; nationality; race; religion; passport details; driving license, IP addresses; cookies).
• Contact information (i.e. postal address; telephone number; email address).
• Family information (i.e. family structure; siblings, offspring; marriages; divorces; relationships).
• Financial information (i.e. source of wealth; personal assets; bank account numbers and income details).
• Professional information (i.e. job titles; employment history).
• Transaction information (i.e. details about payments to and from you and other details of products and services you have purchased from us).
• Audio information (i.e. telephone call recordings)

In certain circumstances, we may also collect special categories of personal data about you. In particular, as part of our due diligence processes, this might include information about:

• Your political opinions, affiliations or contributions
• Your criminal records or alleged criminal activity

If you are an investor in a fund that we manage and we interact directly with you, we may collect:

• Identifying information
• Contact information
• Professional information
• Audio information

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• Your decision to view this website and view any materials on it
• To comply with our legal obligations to undertake Customer Due Diligence prior to, or during a business relationship or occasional transaction
• To assist our due diligence processes when investment in an organisation is being considered

We also receive personal information indirectly, from the following sources in the following scenarios:

• Your employer, if you are employed by an organisation that the Company has invested in. This may be for the purposes of our due diligence, or for any remuneration or incentive schemes which may be set up from time to time
• Publicly available sources, such as Companies House in the UK when obtaining evidence of ownership, control or other affiliation with any company
• Third party data providers, such as Acuris Risk Intelligence or WorldCheck, when undertaking screening for sanctions, law enforcement, adverse media or Politically Exposed Persons to comply with our legal obligations
• Other companies within our Group or our equity investment portfolio companies. Where we receive personal data from our Group or portfolio companies, that data will be shared with us in accordance with the terms of your relationship with that company and will be processed by us in accordance with this notice

If you visit our office in person, your image may be captured on our CCTV system. We operate a CCTV system to protect our buildings and assets from damage, for the personal safety of our staff and visitors and to support law enforcement organisations in the prevention, detection and prosecution of crime.

We never collection personal data from, or about, children or any person under the age of 18.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are one or more of the following:

(b) We have a contractual obligation.

(c) We have a legal obligation.

(f) We have a legitimate interest.

Telephone Call Recording

In order to comply with our regulatory requirements, some of our employee’s telephone lines are recorded. We record telephone calls for the purposes of ensuring regulatory compliance, deterring, preventing and detecting potential risks of market abuse or other misconduct, delivering fair outcomes for investors and to conduct ongoing monitoring of our activities.

If you fail to provide personal data

If we are required by law to collect personal data, or you are required to provide personal data under the terms of a contract we have with you, your employer or an organisation under your ownership or control and you fail to provide the personal data when requested, we may not be able, or be permitted to proceed to enter into a contract or complete a transaction and we may need to terminate our business relationship.

What we do with the information we have

We will use your personal data to:

• Help us meet our duties under a contract we have with you, your employer or an organisation that you own or control
• Manage our operations and improve our service to you
• Manage security, risk and crime prevention
• Meet our regulatory requirements
• Undertake statistical analysis for business improvement

The table below sets out the activities we process your personal data for and the lawful bases we rely on:

Business Activity	Personal data	Lawful basis
Anti-Money Laundering Checks (Customer Due Diligence/KYC)	Identifying data Contact data Financial data Transaction data Special category data	We have a legal obligation
Training and monitoring, improving our processes and services	Identifying data Contact data Financial data Transaction data Special category data	We have a legal obligation We have a legitimate interest in performing our services and conducting our business
Administering a management incentive or share reward plan	Identifying data Contact data Financial data Transaction data	We have a contractual obligation
Managing our relationship with you which can include: requesting and viewing management reporting agreeing and undertaking transactions notifying you about changes to our terms or this notice notifying you about opportunities to work with the Company, which you might be interested in	Identifying data Contact data Financial data Transaction data	We have a legal obligation We have a contractual obligation We have a legitimate interest to oversee the performance of an investment and invite trusted members of our network to engage in collaborative initiatives
Providing you with updates and newsletters from time to time regarding the activities and successes of our portfolio companies	Identifying data Contact data	Consent – users must actively provide their consent when subscribing to our newsletter. We have a legitimate interest to provide investors with this information in performing our services and conducting our business
Protecting our offices, assets, staff and assisting any law enforcement investigations	Identifying data	We have a legal obligation We have a legitimate interest

Sharing or disclosing your personal data

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.

• Internal Third Parties
• External Third Parties, such as Oxane Partners, who we use to support our data analysis and reporting
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If any part of the Company is acquired, then the new owners may use your personal data in the same way as set out in this Notice
• Third parties who are required by law to undertake due diligence and beneficial ownership verification on firms within our portfolio, such as banking partners or other financial services providers

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

In some circumstances, we may need to share your personal data with colleagues across our Group companies, Pollen Street Capital Limited, PSC Credit Holdings LLP and Pollen Street Capital (US) LLC. Should this be the case, your personal data will be retained within our Group of companies and will be subject to appropriate organisational and technological measures to ensure its protection, as detailed in the following section.

We do not sell your personal data and we have not sold any personal data within the last 12 months. If we decide to sell your personal data, we will notify you before doing so, and if you are a Californian resident, will tell you about your right to opt-out from the sale of your personal data and how you can exercise that right.

Security measures and how we store your information

Your information is securely stored in encrypted form on our servers in the UK and we take steps to protect your personal information from unauthorised access or unlawful processing, accidental loss, destruction and damage.

The Company uses software provided by cloud service providers, so any personal data we receive by email or that is otherwise stored on the cloud will be stored within the EU, namely Austria, Finland, Ireland, the Netherlands and the UK.

We keep the personal data that we share with Oxane Partners to a minimum and only share data that is necessary for the purposes of our data management and reporting. Any data shared with Oxane Partners is stored in the UK and we have put in place restrictions to limit access to such data by both user authentication and location, with only ‘whitelisted’ IP addresses permitted to access the data.

Where we need to share your personal data with our US company, Pollen Street Capital (US) LLC, we will ensure that the transfer is subject to the protections awarded under the EU standard contractual clauses. In sharing personal data with our colleagues in the US, we will not transfer or change the geographical location of your personal data but will enable limited access as required to provide our services. All colleagues in the US are subject to the Company’s Group Information Security Policy to ensure a consistent level of security across the Company.

The Company will always seek to utilise secure data transfer mechanisms for any required transfer of personal data to an external party.

We keep the personal data we obtain about you for the duration of our business relationship with you and for as long as we reasonably require it up to a maximum of 7 years after our relationship has ended, as permitted by law and in accordance with our internal data retention policy. In no circumstances will we retain personal data for longer than is necessary for the purpose for which it was collected, unless required to meet our legal or regulatory obligations.

We will then securely dispose your information either by permanent deletion or total, irreversible anonymisation.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. You can request this using any of the contact information below and we will provide a full response within 30 calendar days. If you are a Californian resident, we are required to provide our response within 45 days.

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase/delete your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

CCPA protection from discrimination – If you exercise any of your privacy rights, the Company will not discriminate against you. Whilst this is a requirement for Californian residents under the CCPA, the Company applies this right for all individuals, whose personal data it processes.

If you wish to exercise your data protection rights and make a request, please contact us at compliance@pollencap.com or by post to:

UK
The Compliance Department
Pollen Street Capital Limited
11-12 Hanover Square
London
W1S 1JJ

Tel: +(44) 203 728 6750

US
The Compliance Department
Pollen Street Capital (US) LLC
747 Third Avenue, 19th Floor
New York
NY 10017

Only you or a person legally authorised to act on your behalf may make a verifiable request related to your personal data.

We may need to verify your identity when we receive a request, to ensure that we only act on legitimate requests made by you, or someone you have authorised to act on your behalf.

How to complain

In the UK, you can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

In the US, you can also complain to the Division of Corporations if you are unhappy with how we have used your data.

Their address is:

Division of Corporations, State of Delaware
PO Box 898
Dover, DE 19903

Tel: General Information – (302) 739-3073 option 2
Email: corp@delaware.gov

Changes to our Privacy Policy

We may change our Privacy Policy from time to time – it was last updated in March 2021. We will always update this Privacy Notice on our website, so please try to read it when you visit the website.

Date of update: February 2020 

Summary of changes: Policy rewritten to incorporate UK, EU and US data processing requirements.

Date of update: July 2020

Summary of changes: Addition of data processing purpose to issue updates and newsletters from time to time.

Date of update: October 2020

Summary of changes: Addition of consent as the lawful basis for processing contact and identifying data for the purpose of issuing newsletters.

Date of update: March 2021

Summary of changes: Additional clarity following updates to CCPA, that personal will not be retained for longer than necessary for the purpose for which it was collected.