Catterton Management Limited (“L
Catterton,” the “Company”, “we”, “us” or “our”) is a global investment firm that provides management services to private investment vehicles through its direct and indirect subsidiaries. For the purpose of the General Data Protection Regulation, we are the data controller. This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our website at (the “Website”).
We are subject to various laws and regulations in the jurisdictions in which we operate, including, but not limited to, rules and regulations issued by the United States Department of Commerce and Federal Trade Commission, the EU General Data Protection Regulation, the Singapore Personal Data Protection Act, the UK Data Protection Act and Japan’s Act on the Protection of Personal Information.
The Information We Collect
When you visit our Website, you remain anonymous. We may collect the information sent to us by your computer, mobile phone, or other access device. This information can include your IP address, device information including, but not limited to, identifier, name, and type of operating system, mobile network information, and standard web information, such as your browser type and the pages you access on our Website. We may use your information to communicate with you, enforce our Website terms and conditions, and provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
The Website may contain links to third-party websites. L
How We Share the Information
We do not share, distribute, sell or rent any of your personal information, described below, with/to third parties except in the following circumstances:
Transfers within L Catterton
- If you have opted out of our ability to use your e-mail address, we may share your decision to opt out with third parties to effectuate that decision;
- If the information is required by law in order to prevent, investigate, or take action regarding illegal activities. In addition, we will share information in response to legal process, court orders, subpoenas, or to establish or exercise our legal rights or defend against legal claims;
- We may also disclose the information to government agency or law enforcement authority or regulatory agency in response to lawful requests by applicable local law enforcement agencies or regulatory agencies, or agencies with responsibility to oversee and enforce national security;
- For the purpose of providing and operating the Website we may share personal data with trusted third-party service providers that require access to such data for purpose of providing Website-related services to us only. If personal data about you is transferred outside the European Economic Area (“EEA”), such transfer is conducted by way of the European Commission’s standard contractual clauses for the transfer of personal data to third countries, pursuant to Decision 2010/87/EU as amended, updated or replaced and by way of other mechanisms deemed adequate in accordance with the GDPR. Please contact email@example.com to make a request to examine a copy of the standard contractual clauses.; and,
- If we have your permission to do so.
Catterton takes security and legal precautions to ensure the safety and integrity of personal data that is transferred within its organization. Where a transfer of personal data within L
Catterton involves a transfer of personal data outside the EEA, the personal data that we collect from you may be transferred to, and stored at/processed by subsidiaries of L
Catterton located within or outside of the EEA. Personal data about you is transferred within L
Catterton by way of the European Commission’s standard contractual clauses for the transfer of personal information to third countries, pursuant to Decision 2004/915/EC or by way of the European Commission’s standard contractual clauses for the transfer of personal information to third countries, pursuant to Decision 2010/87/EU as amended, updated or replaced (together, the “Model Clauses”) and by way of other mechanisms deemed adequate in accordance with the GDPR. Please contact firstname.lastname@example.org
to make a request to examine a copy of the standard contractual clauses.
US Privacy Shield
Catterton complies with the US Department of Commerce's EU-US Privacy Shield and has certified adherence to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website (https://www.privacyshield.gov/welcome
If personal data is transferred to a third party, we will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the third party is obligated to provide at least the same level of privacy protection as is required by the EU-US Privacy Shield Framework; (iii) take reasonable and appropriate steps to ensure that the third party effectively processes the personal information transferred in a manner consistent with our obligations; and (iv) remain liable for onward transfers of personal data made to third parties. Furthermore, if the third party can no longer meet its obligation to provide the same level of protection as is required by the EU-US Privacy Shield, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.
In order to comply with the EU-US Privacy Shield, L
Catterton commits to the resolution of complaints about your privacy and have committed to resolve any complaints by European Union citizens relating to this notice, which cannot be resolved directly with our company, through the United States Council for International Business’s E.U.-U.S. Privacy Shield Dispute Resolution Procedures. As further explained in the EU-US Privacy Shield Framework, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. L
Catterton has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) regard to unresolved Privacy Shield complaints concerning human resources and non-human resources data transferred from the EU.
Disclosures and Transfers to Third Parties
Catterton engages the services of a third party, L
Catterton will seek to ensure that such suppliers protect personal data with appropriate security measures and prohibit them from using data other than as instructed by the Company. If personal data about you is transferred outside the EEA, such transfer is conducted by way of the European Commission’s standard contractual clauses for the transfer of personal data to third countries, pursuant to Decision 2010/87/EU as amended, updated or replaced and by way of other mechanisms deemed adequate in accordance with the GDPR. Please contact email@example.com
to make a request to examine a copy of the standard contractual clauses.
Our third-party service providers may use information (not including your name, address, email address or telephone number) about your visits to our web sites, mobile websites and/or mobile applications across your various devices, in order to provide content and advertisements about goods and services of interest to you across those various devices. If you would like more information about this practice and to know your choices with respect to it, please: visit the DAA opt-out program available at http://www.aboutads.info/choices/
to learn how to opt out of having your information collected in browsers for ad serving purposes.
Catterton is under an obligation to do so by law, it may disclose personal data to regulators, courts, tax authorities, or in the course of litigation. We may also disclose personal data to government agency or law enforcement authority or regulatory agency in response to lawful requests by applicable local law enforcement agencies or regulatory agencies, or agencies with responsibility to oversee and enforce national security. In some cases, in accordance with applicable law, it may not be possible to provide notification in advance about the details of such disclosures. The Company will use reasonable efforts to disclose the minimum personal data necessary in such cases.
The Security of your Personal Data
We follow generally accepted industry standards to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, and other factors, the security of the Website user information may be compromised at any time. Therefore, we cannot guarantee the absolute security of your information and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
You may have the following rights in relation to your personal data:
- Access: you have the right to access the personal data held by L Catterton about you and certain information about how we use it and who we share it with. If you wish to access, amend or confirm that L Catterton has personal data relating to you, please email firstname.lastname@example.org;
- Portability: in certain circumstances, you have the right to receive or ask us to provide your personal data to a third party in a structured, commonly used and machine-readable format, although we will not provide you with certain personal data if it would interfere with another’s individual’s rights (e.g. where providing the personal data we hold about you would reveal information about another person) or where another exemption applies (we can only do so where it is technically feasible; we are not responsible for the security of the personal data or its processing once received by the third party);
- Correction: you may insist that we correct any personal data held about you that is inaccurate and have incomplete data completed (including by the provision of a supplementary statement). Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below;
- Erasure: You may request that we erase the personal data we hold about you where you believe that it is no longer necessary for us to hold the personal data we hold about you; or where you believe the personal data we hold about you is being unlawfully processed by us; and
- Objection: in certain circumstances, in particular where you have provided personal data voluntarily, or otherwise consented to its use, you have the right to restrict or object to our processing of your personal data or withdraw your consent.
Please note that we will require you to verify your identity before responding to any requests to exercise your rights. For more detail on when these rights apply, or in order to exercise your rights, please send a message to email@example.com
. We must respond to a request by you to exercise those rights without undue delay and at least within one (1) month (although this may be extended by a further two (2) months in certain circumstances).
In the event that any person wishes to register a complaint about how we process personal data, please firstname.lastname@example.org
and we will endeavour to deal with your request as soon as possible. This is without prejudice to any right to launch a claim the relevant data protection authority as stated above.
The Company’s Website policy may be amended from time to time at the Company’s discretion. Any changes we will make to this policy in the future will be posted on this page.
Please address any questions, comments and requests regarding this policy to email@example.com
Last Updated October 15, 2020