Regulation S-P (“Reg S-P”), the U.S. Privacy Act of 1974, the CCPA, GDPR, the Cayman Islands Data Protection Law (“DPL”), and the UK’s Data Protection Act 2018 (collectively referred to as “Privacy Rules”), all require companies to adopt and implement policies and procedures that are reasonably designed to protect the confidentiality of nonpublic personal records. Privacy Rules apply to “consumer” records, meaning records regarding individuals, families, or households. Reg S-P does not explicitly apply to the records of companies, investors in a private investment vehicle, or individuals acting in a business capacity, but the corresponding Privacy Rules may impose similar disclosure and safeguarding obligations. Pillsbury Lake Capital LLC (hereinafter, “Pillsbury” or the “Company”) is committed to protecting the confidentiality of all non-public information regarding its Clients, Investors, Borrowers, prospects, and Employees (“Nonpublic Personal Information”).
Privacy Rules require the Company to provide its Clients and Investors with notices describing the Company’s privacy policies and procedures. These privacy notices must be delivered to all new Clients upon inception of an arrangement, and at least annually thereafter. Reg S-P does not require the distribution of privacy notices to companies, to investors in a private investment vehicle, or to individuals acting in a business capacity, but in accordance with the Privacy Rules, the Company provides privacy notices to all Clients and Investors.
The Company will seek to limit its collection of Nonpublic Personal Information to that which is reasonably necessary for legitimate business purposes. The Company will not disclose Nonpublic Personal Information except in accordance with these policies and procedures, as permitted or required by law, or as authorized in writing by the Client or Investor. The Company will never sell Nonpublic Personal Information or share Nonpublic Personal Information with nonaffiliated third parties.
With respect to Nonpublic Personal Information, the Company will strive to: (a) ensure the security and confidentiality of the information; (b) protect against anticipated threats and hazards to the security and integrity of the information; and (c) protect against unauthorized access to, or improper use of, the information. The Company will promptly notify any impacted Clients, Investors, prospects, and Employees of any threats to, or improper disclosure of, Nonpublic Personal Information.
Although these principles and procedures apply specifically to Nonpublic Personal Information, Employees must be careful to protect all of the Company’s proprietary information.
In developing these policies and procedures, the Company considered the material risks associated with privacy protection. This analysis included risks such as:
The Company has established the following guidelines to mitigate these risks.
This Policy covers our use and treatment of personally identifiable information (also referred to as PII, personal data, “Personal Information”, or “Nonpublic Personal Information”):
By accessing or using the Company’s Services, a Client acknowledges and agrees that they consent to the practices and policies outlined in this Policy.
A Client’s choices include how one can object to certain uses of information about the Client and how one can access and update certain information about the Client.
The Company does not knowingly collect or solicit personal information from children or anyone under the age of 16 or knowingly allow such persons to use, access or register for the Services. Neither the Company’s website, Services, nor this Policy, are directed to such persons.
1. Information provided to the Company:
The Company receives and stores any information a Client knowingly provides. This can include collecting the following Nonpublic Personal Information in the context of the Company’s business relationship with the Client:
A Client can choose not to provide the Company with certain information, but then a Client may not be able to register with the Company or take advantage of some of the Company’s services and/or features or receive the Company’s mailings, articles, thought pieces, etc. Some of this information may include:
If a Client has provided the Company with a means of contacting the Client for particular purposes, the Company may use such means to communicate with the Client for those purposes. If a Client previously provided the Company with such information but no longer wishes to receive such communications, a Client can indicate their preference by contacting the Company.
2. Information the Company receives from other sources:
The Company may receive information about Clients from:
3. Personal Information Requests
Each individual has a right under the Privacy Rules to request from PILLSBURY the personal information and data that has been stored and used. PILLSBURY will provide the requested information in accordance with the specific jurisdictional requirements. If any Client wishes to request the usage of their personal information and data, they can contact the Company to make such request.
How the Company uses the Nonpublic Personal Information it collects depends in part on which Services are provided to a Client, how a Client uses them, and any preferences a Client has communicated to the Company.
The Company may use information about a Client:
Legal basis for processing (for EEA users):
If a Client is an individual in the European Economic Area (EEA), the Company collects and processes information about a Client only where the Company has the legal basis for doing so under applicable EU laws. The legal basis depends on the Services provided to a Client. This means the Company may collect and use a Client’s information only where:
Legal basis for processing (for CIMA users):
The legal basis for processing personal data are set out in schedule 2 of the Data Protection Legislation (DPL). Principally, all of the conditions are equal so that none is preferable to any other. At least one of these conditions must apply whenever personal data is processed:
The legal basis for processing sensitive personal data are set out in schedule 3 of the DPL. At least one of these conditions, in addition to a condition for processing above, must apply whenever sensitive personal data is processed:
Legal basis for processing (for UK users):
The Company’s use of personal data follows the rules called ‘data protection principles. This information needs to be:
Affiliated Third Parties:
The Company may disclose Client information to affiliated third parties, but only in the interest of conducting Company and Client-related business.
Employees will maintain the confidentiality of information acquired in connection with their employment, with particular care being taken regarding Nonpublic Personal Information. Improper use of the Company’s proprietary information, including Nonpublic Personal Information, is cause for disciplinary action, up to and including termination of employment for cause and referral to appropriate civil and criminal legal authorities. Consequently, all Employees (including long-term consultants and temporary interns) are required to sign and adhere to a confidentiality agreement covering these and other matters.
Nonpublic Personal Information will be restricted to Employees who have a need to know such information.
1. Cayman Islands Data Protection Law
PILLSBURY may act as a Controller of Personal Data and as a Processor of Personal Data in the following scenarios:
We have appointed a Data Protection Contact who is responsible for overseeing questions in relation to this Privacy Notice.
2.European Union GDPR
PILLSBURY will process personal data in the legitimate interests of providing or potentially providing investment management services. In Compliance with GDPR, we have appointed a Data Protection Compliance Manager (DPCM) who is responsible for overseeing questions in relation to this Privacy Notice. Individuals are free to withdraw their consent at any time.
3. United Kingdom – Data Protection Act
If you are a user located in the United Kingdom, The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). Under the Data Protection Act 2018, you have the right to find out what information PILLSBURY stores about you. These include the right to:
4. California – California Consumer Privacy Act of 2018 (“CCPA”)
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following additional details regarding the categories of Personal Information that we collect, use, and disclose about California residents.
Identifiers, such as name, contact information, IP address that can reasonably be linked or associated with a particular consumer or household, and online identifiers
Personal information as defined in the California customer records law, such as name, signature, address, and telephone number
Internet or network activity information, such as browsing history, search history and interactions with our online properties or ads
Employment Information. Professional or employment-related information, such as work history and prior employer
Under the CCPA, if a business sells Personal Information, it must allow California residents to opt-out of the sale of their Personal Information. However, we do not “sell” and have not “sold” Personal Information for purposes of the CCPA in the last 12 months.
Requests to Know and Delete
If you are a California resident, you may make the following requests:
“Request to Know” – you may request that we disclose to you the following information covering the twelve (12) months preceding your request:
“Request to Delete” – you may request that we delete Personal Information we collected from you.
To make a Request to Know or a Request to Delete, please contact the Company. We will verify and respond to your request consistent with applicable law, considering the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as provide a few examples of the types of Personal Information you may request in order to verify a request, in order to verify your identity and protect against fraudulent requests. You may make a request on behalf of a child who is under 13 years old if you are the child’s parent or legal guardian. If you make a Request to Delete, we may ask you to confirm your request before we delete your Personal Information.
If you want to make a Request to Know or a Request to Delete as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent, which also may include:
If you are an authorized agent and have not provided us with a power of attorney from the resident pursuant to Probate Code sections 4121-4130, we may also require the resident to:
Copyright © 2024 Pillsbury Lake Capital. All rights reserved.