Last Updated: November 2023
This investor privacy notice (this “Privacy Notice”) is being provided to you by Golden Gate Private Equity, Inc., and its affiliated management entities (collectively, “Golden Gate Capital”) in connection with a (proposed) investment in one or more Golden Gate Capital funds or separately managed accounts (together, “Investments”) and on behalf of those funds or accounts.
Golden Gate Capital is committed to handling personal data about investors (and connected persons) responsibly and consistent with applicable data protection and privacy requirements. This Privacy Notice describes how Golden Gate Capital and the relevant Investment vehicles, and the Golden Gate Capital and Investment vehicle administrators, legal and other advisors and agents, (the “Authorized Entities”, “we”, “our” or “us”) collect, use, and share personal data collected in connection with Investments. For the purposes of this Privacy Notice, we refer to “personal data” and “personally identifiable information” interchangeably to mean any information which, directly or indirectly, identifies or is capable of identifying any natural person.
Please read this Privacy Notice carefully. Please note that this Privacy Notice is supplemented by the “Additional Region-Specific Disclosures” to the extent that the European and Cayman Data Protection Legislation or “CCPA” (each as defined below) apply to our processing of your personal data.
Please contact us at GGCinfo@goldengatecap.com with any questions or concerns about this Privacy Notice.
If you are a natural person, this will affect you directly. If you are a corporate investor (including, for these purposes, legal arrangements such as trusts or exempted limited partnerships) that provides us with personal data on individuals connected to you for any reason in relation to your Investment, the information in this Privacy Notice, and the Additional Regional-Specific Disclosures, as applicable, will be relevant for those individuals and you should transmit this document (and any updated versions you receive from us) to such individuals or otherwise advise them of its content. For simplicity, where we refer to “investors” (or “you” or “your”) in this Privacy Notice and the Additional Regional-Specific Disclosures, except where the context otherwise requires, we mean individual and corporate investors, or persons connected to them, whose personal data we are processing in connection with the relevant Investment.
We collect (including via third parties) the following categories of personal data about investors:
- Contact information: name, address, email, telephone number
- Identification information: signature, date of birth, social security number, taxpayer identification number, driver’s license, passport, other government identification and numbers
- Background information: information revealed in know-your-customer (KYC) and anti- money laundering (AML) due diligence, investor accreditation and consents
- Financial information: assets, income, net worth, amounts and types of investments, capital account balances, capital commitments, capital contributions, account data, other investment participation information, funds transfer information, beneficiaries, positions, percentages of fund, share or option numbers and values, vesting information, investment history, transaction information, tax information
- Technical information: electronic device and usage information (for example, from cookies and similar technology), registration information and online account data
We collect this personal data from:
- Documentation or forms you complete, such as subscription agreements, investor questionnaires, applications, or other forms (including, without limitation, any anti-money laundering, identification, and verification documentation)
- Your telephone conversations (including voicemails) or correspondence with us (including e-mails and other electronic correspondence)
- Your transactions with us or others
- Third party service providers (e.g., background screening, investor placement, or public databases) who perform services on our behalf or verify or supplement our information
- Our website, data rooms and/or investor reporting portal (as applicable) and any information captured via cookies
- Public sources (e.g., publicly available and accessible directories and sources; bankruptcy registers; tax authorities, including those that are based outside the UK and the EEA if you are subject to tax in another jurisdiction; governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations; credit agencies; and fraud prevention and detection agencies and organizations
We collect this personal data for the purposes of:
- Complying with legal or regulatory obligations, such as our obligations regarding KYC and AML, as well as for tax purposes
- Other legitimate business interests, such as:
- for our everyday business purposes – such as to process your transactions, administer, maintain or service your account(s), communicate with you and other investors and your or their representatives, advisors and/or agents (including in connection with the negotiation, preparation and signature of Investment-related agreement(s)), pay funds, manage records, respond to court orders and legal investigations, administer and provide services to you, including onboarding, marketing, research and due diligence, and perform other administrative, accounting, reporting and other processes required to operate our business
- for our marketing purposes – to offer our services to you, to improve and customize our services for you and to understand how our services are used
- for our risk mitigation purposes – to protect against fraud and security risks, including through background screening
- Performing a contract with you or taking steps at your request before entering into a contract
- Any other purpose that has been notified, or has been agreed to, in writing
We may, in certain circumstances, combine personal data that we receive from an investor with other personal data that we collect about such investor. This will include personal data collected in an online or offline context.
In some cases, we rely on your consent for processing your personal data, but only in those cases where we specifically ask for your consent.
We may share your personal data with:
- Our affiliates for purposes and uses that are consistent with this Privacy Notice
- Legal or government regulatory authorities as required in connection with legal or regulatory matters, including in connection with background screens, claims, disputes or litigation, tax matters, or if we determine disclosure is necessary to enforce our legal rights or contractual commitments
- Service providers who, on our behalf or for your benefit, provide services to Golden Gate Capital for business purposes, which may include our accountants, auditors, bankers, prime brokers, insurers, lawyers, AML service providers, and other back-office service providers
- Employees and service providers who have a reasonable need to know the information in connection with the conduct of Golden Gate Capital’s business as an investment advisor
- Third parties to which you request or authorize us to disclose your personal data
We do not sell or share your personal data with unrelated third parties, and we have not sold your personal data in the preceding twelve (12) months. For clarity, we do not share any of your personal data, including your phone number or other contact information, with any unaffiliated third party for marketing purposes, unless you authorize us to do so.
We use appropriate organizational, technical, and administrative measures to protect personal data. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify Golden Gate Capital in accordance with the “Contact Us” section below.
We retain personal data pursuant to our records retention program for as long as we determine is necessary, including, but not limited to, for the purposes set out in this Privacy Notice or as needed to resolve disputes or protect our legal rights. We maintain personal data of our former investors and apply the same policies that apply to current investors.
Although most changes are likely to be minor, Golden Gate Capital may change this Privacy Notice from time to time, and at Golden Gate Capital’s sole discretion. Upon any substantive change to this Privacy Notice, Golden Gate Capital will provide a notice to investors to inform them of such changes.
If you have any questions, comments, requests or concerns about this Privacy Notice or other privacy- related matters, please contact:
Golden Gate Capital
One Embarcadero Center, Suite 3900 San Francisco, CA 94111
+1 (415) 983-2700
The following information supplements (and, in the case of conflict, takes precedence over) the information provided in the above Privacy Notice, and will apply if and to the extent that certain regional data protection and privacy laws apply to our processing of your personal data.
Privacy Notice Supplement: United Kingdom, European Union, European Economic Area, and Cayman Islands
This privacy notice supplement: United Kingdom, European Union, European Economic Area, and Cayman Islands (the “GDPR Privacy Notice”) incorporates, supplements (and, in the case of conflict, takes precedence over) the general Privacy Notice above if and to the extent that the European and Cayman Data Protection Legislation (as defined below) applies to our processing of personal data.
For the purpose of this GDPR Privacy Notice, the “European and Cayman Data Protection Legislation” means all applicable legislation and regulations relating to the processing or protection of personal data in force from time to time in the United Kingdom (“UK”), European Union (and its member states) (“EU”), and/or European Economic Area (and its member states) (“EEA”), including (without limitation) Regulation (EU) 2016/679 (the “EU GDPR”), the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (the “UK GDPR”), the UK Data Protection Act 2018, , the Cayman Islands Data Protection Law, 2017 (the “DPL”), and any national implementing or successor legislation, and any amendment or re-enactment, of any of the foregoing. The terms “controller”, “processor”, “data subject”, “personal data” and “processing” in this GDPR Privacy Notice shall be interpreted in accordance with the applicable European and Cayman Data Protection Legislation.
One or more of the Authorized Entities are “controllers” of personal data collected in connection with the Investment. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from potential investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in the general Privacy Notice in order to comply with our legal or regulatory obligations, as a matter of contractual necessity under or in connection with the Investment-related agreement(s) (e.g. subscription agreement and limited partnership agreement , and in the legitimate interests of the Authorized Entities (or those of a third party) to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with the data subject consent; if it is necessary to protect the vital interests of an investor; or if it is necessary for a task carried out in the public interest.
A failure to provide the personal data requested to fulfil the purposes described in this GDPR Privacy Notice may result in the applicable Authorized Entities being unable to provide the services in connection with the relevant Investment-related agreement(s).
We monitor communications where the law requires us to do so. We also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect our business and the security of our systems.
Your personal data may be transferred to, stored, and processed in a country other than the one in which it was collected. We may transfer your personal data to a Non-Equivalent Country (as defined below) outside the UK and EEA, including to the United States, and when we do so, we rely on appropriate or suitable safeguards recognized under data protection laws, including:
- Entering into international data transfer agreements (including, where relevant, incorporating the EU’s standard contractual clauses and UK international data transfer agreement) to legitimize such transfer under the applicable European and Cayman Data Protection Legislation
- Obtaining your consent to transfer personal data to a Non-Equivalent Country after first informing you about the possible risks of such a transfer
- When the transfer is necessary for the performance of a contract between you and Golden Gate Capital, or if the transfer is necessary for the performance of a contract between Golden Gate Capital and a third party, and the contract was entered into in your interest
- When the transfer is necessary to establish, exercise or defend legal claims or to protect your vital interests
For the purposes of this GDPR Privacy Notice, “Non-Equivalent Country” means a country or territory other than: (1) in respect of the processing of personal data to which the EU GDPR applies, a member state of the EEA or a country or territory which has at the relevant time been decided by the European Commission to ensure an adequate level of protection for personal data; (2) in respect of the processing of personal data to which the UK GDPR applies, a third country or territory which has at the relevant time been decided or the Government of the United Kingdom to ensure an adequate level of protection for personal data; (3) the Cayman Islands for transfers governed by the DPL; and (4) in respect of the processing of personal data to which other applicable European and Cayman Islands Data Protection Legislation applies, a third country or territory in respect of which cross-border transfers of personal data cannot be made without additional safeguards.
Data Subject Rights
If our processing of your personal data is governed by the European and Cayman Islands Data Protection Legislation, you will have certain data subject rights. These rights may include the right to:
- Obtain information about the processing of your personal data
- Access and receive a copy of your personal data
- Request rectification of your personal data
- Request erasure of your personal data
- Certain processing of your data by us
- Exercise your right to data portability where this is technically feasible
- Not be subject to automated decision-making
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. If you decline to provide or consent to our use of the data and we are relying on consent as the legal basis for its processing, there are circumstances in which we will not be able to provide you with services or take action on your behalf.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law. If you wish to withdraw any consent given for processing, please contact us at GGCinfo@goldengatecap.com.
Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal or regulatory obligation. In addition, erasure of the personal data requested to fulfil the purposes described in the general Privacy Notice, may result in the inability to provide the services required pursuant to the Investment-related governing agreement(s).
You can exercise these rights by contacting us at GGCinfo@goldengatecap.com. We will review your requests and respond accordingly.
We will not take decisions producing legal effects concerning data subjects, or otherwise significantly affecting data subjects, based solely on automated processing of personal data, unless we have considered the proposed processing in a particular case and concluded in writing that it meets the applicable requirements under the European and Cayman Data Protection Legislation.
In the event that you have a complaint that is not resolved by us to your satisfaction, you may refer the matter to your local data protection authority in the UK or EEA or, for purposes of the DPL, with the Ombudsman of the Cayman Islands.
Privacy Notice Supplement: California Consumer Privacy Act
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year. We do not distribute your personal information to outside parties without your consent for their direct marketing.
If you are a natural person California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, the following privacy notice supplements this Privacy Notice and sets out your rights with respect to any personal data that we process subject to the California Consumer Privacy Act of 2018, as amended (the “CCPA”). Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth above in this Privacy Notice. To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (the “GLB Rights”), the GLB Rights shall apply.
We have collected some or all the following categories of personal information from individuals within the last twelve (12) months:
Personal information Categories and Examples
- Identifiers: Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and drivers’ license or state identification card number).
- Yes, as to name, contact details and address (including physical address and email address), and other identification (including social security number).
- Additional data subject to Cal. Civ. Code § 1798.80: Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income, and assets).
- Protected classification characteristics under California or federal law: Date of birth, citizenship, and birthplace.
- Yes, as to date of birth and citizenship.
- Commercial information: Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s)
- Biometric information: Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
- Not Collected
- Internet or other similar network activity: Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries.
- Yes, as to fund data room and investor reporting portal, as well as information you provide to us when you correspond with us in relation to inquiries.
- Geolocation data: Physical location or movements.
- Not Collected
- Sensory data: Audio, electronic, visual, thermal, olfactory, or similar information.
- Not Collected
- Professional or employment-related information: Current or past job history or performance evaluations.
- Not Collected
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)): Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
- Not Collected
- Inferences drawn from other personal information: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Not Collected
- Sensitive Personal Information: Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.
- Yes, as to social security numbers and driver’s licenses.
We do not collect or use sensitive personal information other than:
- To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services
- As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information
- As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions
- As reasonably necessary and proportionate to ensure the physical safety of natural persons
- For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us)
- To perform services on behalf of your business
Purpose for Collecting Personal Information
We may collect or disclose the personal information we collect about you for one or more of the business or commercial purposes set out above in this Privacy Notice.
We retain the categories of personal information set forth above in the “Categories of Personal Information We Collect” section only as long as is reasonably necessary for those purposes set forth above, except as may be required under applicable law, court order or government regulations.
Disclosure of Information
We do not sell or share (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties. In the preceding twelve (12) months, we have not sold or shared any of the personal information we collect about you to third parties. We do not disclose any non-public personal information about you to anyone, except as permitted or required by law or regulation and to service providers.
Within the last twelve (12) months, we have disclosed personal information collected from you for a business purpose to the categories of third parties indicated in the chart below. We may disclose your information to other parties as required by law or regulation, or in response to regulatory inquiries.
Personal Information Category & Category of Third-Party Recipients
- Identifiers – Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants, and placement agents.
- Additional data subject to Cal. Civ. Code § 1798.80 – Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants, and placement agents.
- Protected classification characteristics under California or federal law – Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants, and placement agents.
- Commercial information – Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants, and placement agents.
- Biometric information – None.
- Internet or other similar network activity – Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants, and placement agents.
- Geolocation data – None.
- Sensory data – None.
- Professional or employment-related information – None.
- Non-public education information – None.
- Inferences drawn from other personal information – None.
Rights Under the CCPA California residents have a right to:
Request certain information related to our collection, use, and disclosure of personal data that we hold from the past twelve (12) month period. Such information includes:
- the categories of personal information we collected about you
- the categories of sources from which the personal information is collected
- our business or commercial purpose for collecting such personal information
- categories of third parties with whom we disclose the personal information
- the specific pieces of personal information we have collected about you
- whether we disclosed your personal information to a third party, and if so, the categories of personal information that each recipient obtained
Request deletion of your personal data that we hold from the past twelve (12) month period, provided that the data is not required by us, subject to certain exceptions, including, but not limited to, to comply with applicable laws or regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons
Request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules, and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons
California residents can make requests for disclosure, correction, or deletion of their personal data, or make requests to view this Privacy Notice in an alternate format or to exercise any other rights under the CCPA, by contacting us at +1 (415) 983-2700 or at GGCinfo@goldengatecap.com. If you would like to contact us by telephone without incurring telephone charges, please submit your request and telephone number by email at the GGCinfo@goldengatecap.com, and we will call you between 9 a.m. and 6 p.m. Pacific Time.
Our goal is to review your requests and respond to your requests accordingly within forty-five (45) days. We will notify you in writing if we are unable to complete review of your requests within forty-five (45) days. The rights described herein are not absolute and we reserve all our rights available to us at law in this regard. You will not have to pay a fee for the disclosure of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for disclosure is manifestly unfounded or excessive. We will not provide disclosure of your personal data more than twice in any twelve (12) month period.
Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until such individual’s identity is verified.
If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.
If you are making a request for deletion, we will ask that you confirm that you would like us to delete your personal information again before your request is submitted. In certain circumstances, we may not erase all personal information, as permitted by applicable law.
You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.
Agents who make requests on behalf of individuals will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
We will not discriminate on the basis that you have exercised any of your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you. We take very seriously any inquiries we receive about our privacy practices and our compliance with the CCPA, and we will ensure that all inquiries are handled in accordance with the CCPA’s requirements. Where CCPA requests are submitted to us, we will only use the information supplied to us to verify the request and any subsequent issues.