PAG and other companies in the PAG group collect and use certain Personal Data. PAG is responsible for ensuring that it uses that Personal Data in compliance with data protection laws.
- “PAG”, “we” or “us” means PAG and other companies in the PAG group.
- “Personal Data” means any information / data related to a living individual who can be identified (directly or indirectly) from that data or from that data and other information which is in possession of, or is likely to come into the possession of PAG (or its representatives or service providers).
In the course of our correspondence and other dealings with you, we will receive information relating to you and/or, where you act as an agent or a representative of a legal person or other entity (rather than a natural person), information relating to other officers, directors, partners, members or employees of that legal person or other entity (such information, “personal information”). If the personal information you provide to us does not relate to you, you agree to provide the disclosures set out below to the individuals whose personal information you have provided.
Personal information is subject to certain legal safeguards specified in the European Union's General Data Protection Regulation (2016/679) (“GDPR”) and any secondary and domestic legislation implementing the GDPR, and in the Data Protection Law, 2017 (“DPL”) of the Cayman Islands (together, the “Data Protection Legislation”). The Personal Data which you have provided to us will at times also be governed by the terms of the Personal Data (Privacy) Ordinance, as amended and supplemented from time to time (the “PDPO”). PAG is a ‘controller’ of your personal information for the purposes of the PDPO or GDPR. The PDPO and Data Protection Legislation prescribe the ways in which we may collect, retain and handle personal information.
What personal information will we process?
The types of personal information relating to you may include, for example:
- name, business and/or private email address, postal address and/or telephone number, date of birth and gender;
- domicile and other geographic location data;
- bank account details, source of wealth information, accounts and bank statements;
- information relating to regulatory status or eligibility to make investments; and
- copies of passports and other documentation required for identity or address verification purposes.
How do we use your personal information?
We may process your personal information in order to market our investment products, to process queries, undertake normal investment business activities in order to offer our services and manage assets on behalf of clients, and to exercise our rights at law or under contract. We will also use your personal information, where required, in order to comply with our legal and regulatory obligations. This may include, without limitation, establishing investor eligibility, preventing fraud, carrying out money laundering checks or conflict checks, and reporting to national and international regulatory and tax authorities.
We may also process your personal information to manage and administer our business, to analyse and improve relationships with our clients and service providers, and for business development activities.
We may share your personal information with third parties (including legal advisors and law enforcement agencies) in order to respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or as otherwise required by law.
PAG may also use your information in order to provide you with information of investments or products you may be interested in. If you object to being contacted in respect of prospective products, please contact firstname.lastname@example.org.
Lawful bases for processing your personal information
The lawful bases for processing your personal information are as follows:
Performance of contract: to ensure our ability to perform our obligations under investment contracts and other documents that form the basis for our contractual relationship with you (or, in certain circumstances, another person), and certain required pre-contractual steps. If we cannot process personal information as required, it may not be possible for us to perform our obligations under the relevant contract, and we may be required to terminate the contract.
Legal obligations: we are required to comply with applicable legal and regulatory requirements, including, for example, any regulatory or tax reporting requirements; to carry out money laundering/terrorist financing checks, conflict checks, for purposes of fraud prevention, to comply with any applicable auditing or financial reporting requirements; and to comply with information disclosure requests from regulatory, tax or other governmental or public authorities.
In addition to the above lawful bases for processing your personal information, your personal information may also be processed on the basis of our legitimate interests:
- to exercise and comply with our rights and obligations at law or under regulation, where such obligations are set out under the laws of countries outside the European Economic Area (“EEA”), or under a contract to which we are a party;
- to manage and administer our business and to analyse and improve our business relationships;
- to communicate with you in respect of any products offered by us;
- to undertake risk assessment and operational control exercises; for statistical and trend analysis; for systems administration, operation, testing and support and to manage and ensure the security of our information systems;
- to help detect, prevent, investigate, and prosecute fraud and/or other criminal activity;
- to disclose information to a governmental, tax or regulatory body, financial market, broker or other intermediaries, counterparties, court, auditors or other third parties and to undertake compliance activities, when this is in our interests, or in the interests of any of our clients, including where the laws of the European Union (“EU”) or a member state of the EEA do not require us to do the same;
- to establish, exercise or defend legal claims; and in order to protect and enforce the rights, property, or safety of PAG, our clients, or to assist our clients or investors or others to do the same;
- to investigate and respond to any complaints about PAG and its business or any incidents relating to PAG and to help maintain quality and to deal with complaints and disputes; and
- to make certain assessments about you in order to assess your investment objectives, risk tolerance, and understanding of investment risk to assess the suitability of an investment in any investment product offered by us.
When processing your personal information, we will comply with the relevant requirements under the PDPO, DPL or GDPR as applicable to us.
With whom do we share your personal information?
We may share certain of your personal information with the following categories of third parties for the following reasons:
- broker-dealers that provide trade execution services, custodians that provide custody services and other business services providers in connection with investment decisions, with respect to an investment account you hold with us and/or to enable PAG to provide services and operate its business;
- advisers (e.g. auditors, legal counsel and tax advisers) to PAG relating to or in connection with the operation of PAG’s business, compliance with its legal, regulatory or contractual obligations and/or your investments with us;
- affiliates of PAG for the purpose of undertaking investment advisory and investment management business; and
- law enforcement agencies; regulatory or tax authorities and other governmental or public agencies or authorities in order to comply with our legal or regulatory obligations or at their request in furtherance of their objectives.
They may in turn use the services of their affiliates or service providers to process your personal information where necessary or appropriate. Where we share your personal information with a third party, we generally take steps to ensure the recipients of that personal information will process it appropriately.
International Transfers of your personal information
Your personal information is held by PAG in its offices in Hong Kong, Japan and Singapore, and may be shared with advisers, service providers, and disclosed to regulatory, tax or other governmental or public authorities outside these locations or the EEA, as described above.
Where we share your personal information with persons outside our office locations or the EEA we will, to the extent practicable, take appropriate steps to ensure your personal information is subject to safeguards in compliance with the requirements of Data Protection Legislation. We will seek to achieve this, for example, by entering into appropriate data transfer agreements with third party recipients of your personal information which may set out the standard contractual clauses approved by the PDPO or European Commission (as applicable) governing the transfer of Personal Data outside the EEA, where possible. Please contact us if you would like a copy of the aforementioned standard contractual clauses.
Personal Data collected for recruiting or employment purposes, regardless of where collected, may be transferred to our Hong Kong headquarters and may be transferred outside of the EEA (or your home country, if not the EEA) to our affiliates or third parties that process application information for the purposes described above. When this occurs, PAG requires such companies to treat your information confidentially.
How long is your personal information retained?
We will not retain your personal information for longer than is necessary in relation to the purposes for which your personal information is processed and in accordance with regulatory requirements. Generally, we will retain your personal information concerning your investments for 7 years after the end of any relevant contractual relationship. Personal information may be retained for longer if it is required by law, or by a tax or regulatory authority, a law enforcement agency or other governmental or public body, or considered necessary in order to allow us to act in accordance with a specific set of circumstances, for example, in light of an actual or a potential legal action or a regulatory investigation.
Where do we collect your personal information?
PAG may collect Personal Data through a range of means. These may include direct interactions (where a person provides Personal Data to us through correspondence or other direct methods of communication, including communications relating to investments), third-party or publicly available sources (where a Fund receives personal data through a publicly available source such as a website or publicly available registry).
Safeguarding your information
We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where particularly sensitive Personal Data (e.g., resumes/CVs submitted for recruiting purposes) is gathered, processes or stored is limited to authorized employees.
PAG employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need it to perform their roles. Unauthorized use or disclosure of confidential client information by a PAG employee is prohibited and may result in disciplinary measures.
EEA Data Subjects: Your rights in relation to the personal information we process about you
In all of the above cases in which we collect, use or store your Personal Data and you are in the EEA, or if controlled by a Cayman Islands entity, you have various rights under Data Protection Legislation in relation to the personal information relating to you. These include:
- the right to request access to your personal information;
- the right to have your personal information rectified;
- the right to have your personal information erased in certain circumstances;
- the right to request that your personal information is only used for restricted purposes;
- (if the lawful basis for processing your personal information is the legitimate interest of a Fund / PAG) the right to object to your personal information being processed, for example, for marketing purposes;
- (in some circumstances) the right to require certain of your personal information to be transferred to you or a third party; and
- the right to lodge a complaint with the relevant data regulator in your jurisdiction.
You can seek to exercise any of these rights by contacting us at email@example.com.
Questions or complaints
If you have any questions or complaints regarding the processing of your personal information, please contact us directly at firstname.lastname@example.org.
Complaints regarding our processing of your personal information may also be made directly to the relevant data protection regulator in your local jurisdiction in the EU or to the Office of the Ombudsman in the Cayman Islands.
 Where those obligations derive from the laws of the European Union or the member states of the European Economic Area or the Cayman Islands.