Privacy Policy
Published: February 2024
Personal information collection and privacy policy statements
PAG and other members in the PAG Group collect, use, disclose and/or process certain Personal Data. PAG is responsible for ensuring that it uses that Personal Data in compliance with data protection laws.
At PAG we respect the privacy of our clients and counterparties and we are committed to keeping all of your Personal Data secure. This Privacy Policy governs the handling of Personal Data by PAG in the course of conducting its commercial activities as further detailed below.
We use the following definitions in this Privacy Policy:
- “PAG”, “we” or “us” means PAG and other members in the PAG Group.
- “PAG Group” means PAG and its consolidated subsidiaries.
- “Personal Data” means any information / data which identifies an individual or from which an individual is identifiable.
This Privacy Policy applies to Personal Data we collect about individuals:
- who visit our websites;
- who visit our offices;
- who are employed or otherwise engaged by our service providers, professional advisors or counterparties;
- who are engaged by us in a contract for service (e.g., independent consultants);
- with whom we have contact for business-related purposes (including, without limitation (i) limited partners in our funds and (ii) portfolio companies); and
- who we deal with in connection with (potential) transactions.
This Privacy Policy does not apply to Personal Data we collect about job applicants or employees and/or Personal Data collected by any third party, including through any application or content (including advertising) that may link to or be available from our websites.
If the Personal Data you provide to us does not relate to you, you agree to provide the disclosures set out below to the individuals whose Personal Data you have provided.
Personal Data may be subject to certain legal safeguards specified in the European Union’s General Data Protection Regulation (2016/679) (“EU GDPR”) and any secondary and domestic legislation implementing the GDPR, the UK Data Protection Act 2018, the EU GDPR as retained as law in England and Wales by the European Union (Withdrawal) Act 2018 (“UK GDPR” and together with the EU GDPR, the “GDPR”), the Data Protection Act (as revised) (“DPA”) of the Cayman Islands as well as any other applicable data protection laws that may apply to PAG (including the Singapore Personal Data Protection Act 2012, the People's Republic of China Personal Information Protection Law (the “PIPL”) , the Act on the Protection of Personal Information (Act No. 57 of 2003 as amended) of Japan (the “APPI”), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (“DPDPA”) of India (as may be amended or enacted from time to time), the Australian Privacy Act 1998 (Cth), and the Hong Kong Personal Data (Privacy) Ordinance) (together, the “Data Protection Legislations”). The entity with which you principally interact with is the ‘controller’ or ‘data fiduciary’ of your Personal Data for the purposes of the Data Protection Legislations (see https://www.pag.com/en/contact/), to the extent that such a concept exists in your jurisdiction. The Data Protection Legislations prescribe the ways in which we may collect, use, disclose, retain and handle Personal Data.
What Personal Data will we collect, use, disclose or otherwise process?
We collect Personal Data directly from you, automatically when you interact with our websites, and/or indirectly from other sources and third parties.
Personal Data Collected Directly From You:
The types of Personal Data we collect directly from you may include, for example:
- Contact Information: name, business and/or private email address, postal address and/or telephone number,
- Company Information: details of your role at your organization,
- Demographic Information: date of birth, gender and citizenship;
- Location Information: domicile and other geographic location data;
- Financial Information: such as bank account details, taxpayer identification numbers, tax residency, source of wealth information, bank statements, information relating to regulatory status or eligibility to make investments and certain investment related information, and results of any anti-money laundering (“AML”) or know-your-customer (“KYC”) checks (including to the extent this reveals data pertaining to criminal convictions or offences);
- ID Information: copies of passports, government issued identification and other documentation required for identity or address verification purposes or AML/KYC checks;
- CCTV Data: footage collected by CCTV cameras or other security monitoring devices in and around our premises;
- Communications Information: including information provided in communications sent to us; and
- Account Information: including login credentials for our investor portal.
Certain types of Personal Data listed above such as Location Information, Financial Information and ID Information constitute sensitive personal data under the PIPL. To the extent the PIPL is applicable, we will inform you of the necessity of the processing and the impact it has on your rights and interests when we seek separate consent from you or before or at the same time of such collection (if we are relying on a legal basis other than separate consent). Please contact us at compliance@pag.com if you need further details.
Personal Data We Automatically Collect About You:
We and our third party providers may automatically collect certain information from (or in connection with) your device when you visit our websites. This information includes:
- Device Data: including internet protocol (IP) address, operating system and platform, device type and version, browser type and version, browser id, the URL entered and the referring/destination page, date/time of visit, language preferences, the time spent on our websites, and any errors that may occur during the visit to our websites; and
- Analytics Data: including the path taken to/from our websites, usage and activity on our websites.
We and our third party providers may use cookies and other related technologies such as, web beacons to automatically collect this information. This helps us analyze how you use and interact with our websites and distinguish you from other users. It also helps us and our third party providers to determine products and services that may be of interest to you. For more information about these practices and your choices regarding cookies, please see our Cookie Notice.
Personal Data We Collect About You From Other Sources:
We collect Personal Data from third parties, which we may combine with Personal Data we collect automatically or directly from you. We may collect Personal Data from the following categories of third parties:
- Your Employer / Company: your name, details of your role at your organization, business and/or private email address, postal address and/or telephone number, date of birth and gender, race and citizenship.
- Service Providers: our service providers that perform services on our behalf, such as analytics’ providers and payment processors or fund administrators, collect Personal Data and often share some or all of this information with us.
- Third Parties: We may collect Personal Data from third-party data providers, public companies records including through public companies registry searches and background screening service providers.
- Other Sources: We may also collect Personal Data from publicly available sources, advertising networks, market research companies, due diligence data rooms in connection with a transaction or potential transaction, or otherwise in connection with the carrying out or consummation of transactions (e.g., mergers and acquisitions).
Please be advised that any Personal Data provided to us by a third party may also be subject to that third party’s privacy policy.
How do we use your Personal Data?
We may collect, use, disclose and otherwise process your Personal Data for the following purposes (and as applicable, where you or we are located in the European Economic Area (“EEA”) or the UK, in reliance on the following legal basis):
Purposes for Processing |
Categories of Personal Data |
Legal Basis for Processing (where you OR we are located in the EEA/UK) |
To make certain assessments about you in order to assess your investment objectives, risk tolerance, and understanding of investment risk to assess the suitability of an investment in any investment product offered by us |
Company Information, Demographic Information, Location Information, Financial Information |
We have a legitimate interest to assess your investment objectives (Article 6(1)(f) GDPR) |
To process queries / complaints, arrange calls / meetings, and to communicate with you in respect of any products offered by us |
Contact Information, Company Information, Location Information, Financial Information, ID Information, Communications Information, Account Information |
We have a legitimate interest to initiate and respond to your communications, arrange calls and meetings with you, and keep records in case of complaints / legal claims (Article 6(1)(f) GDPR) |
To undertake normal investment business activities in order to offer our services and manage assets on behalf of clients including, to maintain a directory of business contacts |
Contact Information, Company Information, Location Information, Financial Information, Communications Information, Account Information |
We have a legitimate interest to manage our business and service our clients (Article 6(1)(f) GDPR) |
In connection with a transaction or potential transaction including, for example, to process payments, provide notices and/or as part of a due diligence process carried out in connection with a transaction including, seeking advice from professional advisors |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, Communications Information, Account Information |
We have a legitimate interest to manage our business (Article 6(1)(f) GDPR) |
To maintain the safety and security of our offices including through the use of CCTV or other security monitoring devices |
CCTV Data |
We have a legal obligation to do so including those in relation to health and safety (Article 6(1)(c)I GDPR) We have a legitimate interest to keep our offices secure and safe (Article 6(1)(f) GDPR) |
To exercise our rights at law or under contract including, to establish, exercise or defend legal claims; and in order to protect and enforce the rights, property, or safety of PAG, our clients, or to assist our clients or investors or others to do the same |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legal obligation to do so (see column 1 of the table) (Article 6(1)(c) GDPR) We have a legitimate interest to exercise and comply with our rights and obligations at law or under regulation, where such obligations are set out under the laws of countries outside the EEA, or under a contract to which we are a party (Article 6(1)(f) GDPR) |
To comply with our legal and regulatory obligations including, for example, any industry codes, any regulatory or tax reporting requirements, to carry out KYC and AML/terrorist financing checks, conflict checks, for purposes of fraud prevention, to comply with any applicable auditing or financial reporting requirements, and to comply with information disclosure requests from regulatory, tax or other governmental or public authorities and data subject requests under applicable privacy laws |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
|
To manage and administer our business including performing internal functions such as compliance, accounting and auditing |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legitimate interest to manage our business (Article 6(1)(f) GDPR) |
To maintain, analyse and improve relationships with our clients and service providers |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, Communications Information, Account Information |
We have a legitimate interest to manage our business (Article 6(1)(f) GDPR) |
For business development activities including in connection with any investor conferences or events, audio or video recording of such events and publishing these on our social media pages, providing you with investor updates and reports, investor communications/newsletters and market commentary and analysis |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legitimate interest to promote our business (Article 6(1)(f) GDPR) Where we are required under Data Protection Legislation we will obtain your consent (Article 6(1)(a) GDPR) You can withdraw your consent at any time by contacting compliance@pag.com. |
To undertake risk assessment and operational control exercises, for systems administration, operation, testing and support and to manage and ensure the security of our information systems |
Contact Information, Company Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legitimate interest in ensuring our systems are secure (Article 6(1)(f) GDPR) |
For statistical and trend analysis, and market research
|
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legitimate interest in understanding our products, services and business (Article 6(1)(f) GDPR) |
To respond to investigations, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, actual or suspected fraud, cyber-attacks or theft of proprietary information or as otherwise required by law |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
We have a legal obligation to do so (Article 6(1)(c) GDPR) We have a legitimate interest to manage our business and to ensure that all investigations and proceedings etc. are managed efficiently and effectively (Article 6(1)(f) GDPR) |
To investigate and respond to any complaints about PAG and its business or any incidents relating to PAG and to help maintain quality and to deal with complaints and disputes |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, CCTV Data, Communications Information, Account Information |
|
To provide you with information on investments or products you may be interested in |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, Communications Information, Account Information |
Where required, with your consent (Article 6(1)(a) GDPR) or otherwise in reliance on our legitimate interests i.e., to find, customize, and offer products and services we hope you find useful and relevant and in turn, provide you with quality client service (Article 6(1)(f) GDPR). If you object to being contacted in respect of prospective products or would like to withdraw your consent, please contact compliance@pag.com. |
To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us |
Contact Information, Company Information, Demographic Information, Location Information, Financial Information, ID Information, Communications Information, Account Information |
We have a legitimate interest to manage our business (Article 6(1)(f) GDPR) |
For purposes of the PIPL where it is applicable, the legal basis that we rely upon is your consent, and in case your consent is not required under the applicable law, where necessary for performance of a contract entered into with you; where necessary to perform a statutory responsibility or statutory obligation; where necessary for responding to a public health emergency or for protecting life, health, property or safety of a natural person in the case of an emergency; for processing Personal Data within a reasonable scope to carry out news reporting or supervision by public opinions for public interest purposes; and processing publicly available Personal Data within a reasonable scope.
For purposes of the DPDPA where it is applicable, your Personal Data will be collected and processed in reliance on your consent.
If you are located in the EEA/UK or China and/or interacting with a PAG Group member in the EEA/UK or China: You have a right to object to the processing of your Personal Data where that processing is carried out for our legitimate interests or in other applicable circumstances. Please note however that we may not be able to fulfil this request in all instances.
When collecting, using, disclosing and otherwise processing your Personal Data, we will comply with the relevant requirements under the Data Protection Legislations as applicable to us.
Consequences of not providing Personal Data
Where we need to collect the abovementioned categories of Personal Data by virtue of a legal obligation or in light of a contract entered or to be entered into with you or your organisation, and you do not provide this Personal Data when requested, we may not be able to comply with our legal obligations, provide you or your organisation with the services or perform the contract we have or are trying to enter into with you or your organisation. In such case, we may have to terminate our relationship with you.
How long is your Personal Data retained?
We will not retain your Personal Data for longer than is necessary in relation to the purposes for which your Personal Data is collected, used, disclosed and otherwise processed and in accordance with regulatory requirements. To determine the appropriate retention period, the amount, nature and sensitivity of the Personal Data are considered, together with the necessity and purposes of the processing (including, whether such purposes can be achieved through other means) and the potential risk of harm from unauthorized use or disclosure of the Personal Data. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your Personal Data may need to be kept for longer periods of time.
With whom do we share your Personal Data?
We may share certain of your Personal Data with the following categories of third parties for the following reasons:
- broker-dealers that provide trade execution services, custodians that provide custody services and other business services providers in connection with investment decisions, in connection with the administration of your account, with respect to an investment account you hold with us and/or to enable PAG to provide services and operate its business;
- advisers (e.g. auditors, legal counsel and tax advisers) to PAG relating to or in connection with the operation of PAG’s business, compliance with its legal, regulatory or contractual obligations and/or your investments with us;
- any third party whose services we rely on or collaborate with in the operation of our business (e.g., Providers of Infrastructure- or Platform- or Software-as-a-Service solutions, software development services, cyber security services, information system maintenance services, record management services or marketing services within, or outside your country, jurisdiction or region);
- any third party in the event of a merger, acquisition, sale of assets or shares, or other business restructuring who acquire our business assets (including your Personal Data) (e.g., buyers and vendors in connection with the disposal or acquisition of a business or assets.);
- financial and transaction counterparties for the purposes of performing our contractual obligations and/or in connection with investments and transactions entered into by PAG with you or your organisation;
- entities within the PAG Group with whom it is reasonably necessary or desirable for PAG to disclose the Personal Data, e.g., for the purposes of business operations, management and administration; and
- law enforcement agencies, regulatory or tax authorities and other governmental or public agencies or authorities in order to comply with our legal or regulatory obligations or at their request in furtherance of their objectives.
They may in turn use the services of their affiliates or service providers to collect, use, disclose and otherwise process your Personal Data where necessary or appropriate. Where we share your Personal Data with a third party, we generally take steps to ensure the recipients of that Personal Data will collect, use, disclose and otherwise process it appropriately.
To the extent the PIPL is applicable, please contact us via compliance@pag.com and we will separately disclose relevant information as required under the PIPL about third-parties to whom we share your Personal Data, and we will also perform other obligations as required under the PIPL to protect the security of your Personal Data.
To the extent the APPI is applicable, we will obtain your consent before disclosing your Personal Data to other third parties, where required under the APPI. For more details, please contact us at:
Compliance Department
PAG Investment Management Limited
33/F Toranomon Hills Station Tower
2-6-1 Toranomon, Minato-ku Tokyo 105-5533, Japan
Tel: 03-4572-8000
Email: compliance@pag.com
(Enquires are accepted from 9.30am to 5.30pm Japan time excluding weekends, public holidays, year end and New Year holidays).
International Transfers of your Personal Data
PAG is a multi-national company operating across several jurisdictions. To facilitate our global operations, we may transfer or grant access to your Personal Data around the world, including amongst our various subsidiaries and affiliates overseas. A list of our key offices may be accessed at https://www.pag.com/en/contact/.
Your Personal Data may also be shared with recipients as described above who may be located outside the country in which you are located.
Where we share your Personal Data with recipients outside your country, jurisdiction or region, we will take appropriate steps to ensure your Personal Data is subject to safeguards in compliance with the requirements of the applicable Data Protection Legislations. We will seek to achieve this, for example, by entering into appropriate data transfer agreements with third party recipients of your Personal Data.
European Transfers: Any transfer of Personal Data from or originating in the EU/UK made by a PAG Group member or a third party to a PAG Group member, will be made in reliance on appropriate data transfer agreements such as, Standard Contractual Clauses or similar, Binding Corporate Rules, or otherwise in reliance on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims). The identity and contact details of the recipient PAG Group members (“Importers”) are available via the link at the top of this Privacy Policy. The categories of Personal Data processed by the Importers are set out in this Policy. The Importers may also transfer Personal Data to the third party recipients who may be located outside the EU/UK for the purposes set out in this Policy. The Importers will only make such onward transfers to recipients ensuring appropriate safeguards pursuant to Data Protection Legislation, or where otherwise permitted by the Standard Contractual Clauses and which may include entry into Standard Contractual Clauses.
China Transfers: To the extent the PIPL is applicable, please contact us via compliance@pag.com and we will separately disclose relevant information as required under the PIPL about the international data transfers, and we will also perform other obligations as required under the PIPL to protect the security of your Personal Data.
Japan Transfers: The Personal Data that we collect from you may be transferred to, and stored at, a destination outside Japan, for the purposes described above. If we are relying on your consent to transfer your Personal Data out of Japan, to the extent required by law, we will provide you with information regarding the data protection laws in the transfer destination and other security measures adopted by the third-party recipient at the time at which we obtain your consent and collect your Personal Data. However, we may not always be able to do so if the third-party recipient and/or transfer destination is not yet decided at the time of collection. To the extent that we are able to provide such information after the collection of your Personal Data, please contact us at:
Compliance Department
PAG Investment Management Limited
33/F Toranomon Hills Station Tower
2-6-1 Toranomon, Minato-ku Tokyo 105-5533, Japan
Tel: 03-4572-8000
Email: compliance@pag.com
(Enquires are accepted from 9.30am to 5.30pm Japan time excluding weekends, public holidays, year end and New Year holidays).
to request for such information. If we are not relying on your consent to transfer your Personal Data out of Japan, to the extent required by law, a transfer to a third party will be made where the third party has established a system that conforms to the standards set forth in the Enforcement Regulations of the APPI as a system necessary to continuously take measures equivalent to those to be taken by the business operator handling personal information.
India Transfers: Any transfer of Personal Data from or originating in India shall be transferred outside India subject to restrictions and compliances prescribed by the Indian Government.
Safeguarding your Personal Data
We are committed to protecting and safeguarding your Personal Data from accidental, unlawful or unauthorized access, collection, use, disclosure, copying, modification, disposal, breach or similar risks and we have adopted reasonable and appropriate physical, technical, organizational, and administrative safeguards to do so.
However, we cannot guarantee that your Personal Data will not be accessed, collected, used, disclosed, copied, altered, destroyed, or breached, including by unauthorized third parties. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Privacy Rights
If you are a California resident or India resident, please disregard this section and review the information provided in the “California Rights” section or “India Rights” section, respectively, at the end of this Privacy Policy.
To the extent provided for and permitted under the applicable Data Protection Legislations, you may have the following rights (subject to certain conditions, limitations and exemptions) in relation to the Personal Data we collect, use, disclose and/or otherwise process about you, including:
- the right to request access to your Personal Data;
- the right to have your Personal Data rectified;
- the right to have your Personal Data erased;
- the right to request that your Personal Data is only used for restricted purposes;
- the right to object to your Personal Data being processed, for example, for marketing purposes;
- the right to withdraw your consent to the processing of your Personal Data; and
- the right to request for a copy of your Personal Data to be transferred to you or a third party.
You can seek to exercise any of these rights by contacting us at compliance@pag.com.
You also have the right to lodge a complaint about the processing of your Personal Data with the competent data protection authority.
Links to Other Sites
Our website may provide links to third party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Policy, this Privacy Policy does not apply to, and we are not responsible for, any Personal Data practices of third-party websites and online services or the practices of other third parties. To learn about the Personal Data practices of third parties, please read their respective privacy policies.
Modifications and Updates to Privacy Statement
We may update and modify this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will post the updated Privacy Policy on our website and where applicable, re-obtain your consent on the changes. All changes shall be effective from the date of publication unless otherwise provided.
Questions or complaints
If you have any questions or complaints regarding the collection, use, disclosure and otherwise processing of your Personal Data or would like further details of the safeguards implemented for the transfer of your Personal Data, please contact us directly at compliance@pag.com or for Japan enquiries, please contact us at:
Compliance Department
PAG Investment Management Limited
33/F Toranomon Hills Station Tower
2-6-1 Toranomon, Minato-ku Tokyo 105-5533, Japan
Tel: 03-4572-8000
Email: compliance@pag.com
(Enquires are accepted from 9.30am to 5.30pm Japan time excluding weekends, public holidays, year end and New Year holidays).
PAG Investment Management Limited is a member of the Japan Investment Advisers Association which is an Approved Personal Information Protection Organisation approved by Personal Information Protection Commission (PPC). An Approved Personal Information Protection Organisation will receive your complaints with regard to handling of Personal Information of their members. The contact information Japan Investment Advisers Association is:
Japan Investment Advisers Association Complaint Office (In charge of Personal Information)
1-5-8, Shouken Kaikan F7,
Nihonbashi Kayaba-cho, Chuo-Ku
Tokyo 103-0025, Japan
Tel: 03-3663-0505
Website: https://jiaa.or.jp/privacy/authorization.html
CALIFORNIA RIGHTS
If you are a California resident, the California Consumer Privacy Act (“CCPA”) and other laws provide you with the following rights with respect to your personal information:
Your Right To Know About Personal Information We Collect
You can ask us for the following information with respect to the personal information we have collected about you since January 1, 2022:
- Specific pieces of personal information we have collected about you;
- Categories of personal information we have collected about you;
- Categories of sources from which such personal information was collected;
- Categories of personal information that the business sold or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling your personal information.
Your Right To Request Deletion of Personal Information We Have Collected From You
Upon your request and subject to exceptions in the law, we will delete the personal information we have collected from you.
Your Right to Request to Correct Personal Information We Hold About You
You have the right to request that we correct personal information we hold that you believe is not accurate. We will take steps to determine the accuracy of the personal information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the personal information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct to assist us in evaluating the request.
California Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about the personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not sell information in this manner.
Do Not Track Signals
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals.
Our Commitment to Honoring Your Rights
If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly. If you exercise your rights under this Privacy Policy, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.
Exercising Your Rights and How We Will Respond
To exercise your rights to know, delete or correct your personal information, or to ask a question, contact us at compliance@pag.com. For such requests, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We will then provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request in certain jurisdictions or under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Verification of Identity – Requests to Know, Delete or Correct
We will ask you for two pieces of personal information and attempt to match those to information that we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.
Authorized Agents
You may designate an agent to submit requests on your behalf. The agent can be a natural person or a business entity.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. If the agent submits a request, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
INDIA RIGHTS
If you are located in India, you have certain rights under the data privacy laws of India regarding the personal data that we maintain about you, which in certain circumstances you will be able to exercise. The rights are as follows:
- Access: You may request:
- A summary of personal data which is being processed by us and the processing activities undertaken by us with respect to personal data;
- Identities of all the data fiduciaries and data processors with whom the personal data has been shared by PAG along with the description of the personal data so shared
- Correction, completion, update: You may make the following requests:
- Correct the inaccurate or misleading personal data pertaining to you in our possession;
- Complete the incomplete personal data;
- Update your personal data
- Erasure: You may request for the erasure of your personal data in our possession. Upon receipt of such request, PAG shall erase your personal data unless retention of the same is necessary for the purpose of processing or for compliance with any applicable law in force.
- Nomination: You may nominate an individual in accordance with the DPDP Act, who in the event of your death or incapacity can exercise the above mentioned rights in respect of your personal data.
- Withdrawal of Consent: Where you have provided consent, you shall have the right to withdraw consent too.
You can seek to exercise any of these rights by contacting us at compliance@pag.com.