BUSINESS CONTACTS PRIVACY NOTICE

1. PURPOSE OF THIS PRIVACY NOTICE
1.1       This Privacy Notice (“Notice”) details the Personal Information (defined below) that Hellman & Friedman LLC and/or its affiliates (collectively the “Firm”, “we”, “us” or “our”) collects about independent contractors or personnel of vendors to the Firm and any of their Restricted Persons (defined below) and any other of the Firm’s business contacts (hereinafter, “Business Contacts”, as applicable), how we collect, use,  disclose and retain their Personal Information and their rights and obligations in relation to such Personal Information, where applicable.   This Notice also applies to Personal Data we collect regarding any Restricted Persons (defined below), including but not limited to certain Business Contacts’ dependents and household members.  

2. FIRM CONTACT DETAILS
2.1       The Firm may be contacted at the below for all questions relating to this Notice:  

             E-mail:    privacy@hf.com 
             Phone:     +1 (415) 788-5111
             Post:        415 Mission Street, Suite 5700, San Francisco, CA 94105

3. SCOPE
3.1       This Notice applies only to Hellman & Friedman Business Contacts and their Restricted Persons, where applicable, whose Personal Information (defined below) is collected and used by the Firm.  

3.2       “Hellman & Friedman Group” means Hellman & Friedman LLC and any entity controlled by or under common control with Hellman & Friedman LLC, excluding any Portfolio Companies. “Portfolio Companies” means any portfolio companies in which funds affiliated with any members of the Hellman & Friedman Group are invested or propose to invest.

3.3       “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.  Personal Information does not include publicly available information. 

3.4       “Sensitive Personal Information” means Personal Information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of the individual’s mail, email, and text messages, unless we are the intended recipient of the communication; an individual’s genetic data; biometric information for the purpose of uniquely identifying an individual; personal information collected and analyzed concerning an individual’s health, sex life or sexual orientation.

4. WHICH CATEGORIES OF PERSONAL INFORMATION DOES THE FIRM COLLECT PURSUANT TOTHIS OTICE AND FOR WHAT PURPOSES?
4.1       The Firm may collect the following Personal Information about Business Contacts and where applicable, their Restricted Persons (defined below), and their emergency contacts, employers and/or references, as related to their relationship with the Firm.  If any of your Personal Information changes, please let us know at the earliest opportunity so that our records can be updated (see Section 9 (Your Obligations in Relation to Personal Information) below for more details).

4.2       Some of this Personal Information may be considered by Law (defined below) to be Sensitive Personal Information or Special Category Data.

4.3       Below are the categories of Sensitive Personal Information, pursuant to the California Consumer Privacy Act of 2018, as amended from time to time (the “CCPA”), that Firm may collect pursuant to this Notice and the purposes for their collection and use:

  1. Citizenship – Which may determine eligibility of contractors to work;
  2. Government ID — Social Security, driver’s license, state identification card or passport number, for the purposes of determining eligibility to work;
  3. Accounts — Account log-in, in combination with any required security or access code, password, or credentials allowing access to the account for use with any Firm system or application;
  4. Geolocation — Through the use of Firm-enabled devices for device tracking purposes;
  5. Race and ethnicity — Racial or ethnic origin, which may be revealed by a Government ID or when disclosed to us, for the purposes of enhancing diversity and inclusion initiatives and as may be requested by our existing or potential investors or required by applicable Law (defined below);
  6. Communications — Personal mail, email, and text messages communicated through Firm devices or otherwise to the extent we have access, for the purposes of monitoring or surveillance (where permitted by Law, as defined below);
  7. Biometrics —Thumbprints (for access to Firm devices, if any);
  8. Health — such as vaccination-related information, reasonable accommodations, food allergies, meal preferences and Personal Information related to accident reporting to maintain health and safety and/or to meet reporting obligations, should you visit our offices or attend a Firm event.

4.4       A few of the above categories of information are considered Sensitive Data under the General Data Protection Regulation (the “GDPR”), as amended from time to time, namely, geolocation data race/ethnicity information, biometrics and health information.

4.5       The following are categories and uses of other Personal Information that the Firm may collect pursuant to this Notice and the purposes for their collection and use:

  1. Identity information — such as title, employer, full name, preferred name, previous names, other unique ID numbers and Government ID. The Firm uses this information, where relevant, for eligibility and engagement purposes, including, verifying eligibility to perform services, obtaining professional and personal references and screening of educational and professional background data prior to and during course of a relationship with the Firm, including carrying out background checks (where permitted under applicable Law, as defined below), for monitoring compliance with Firm policies as well as to manage the engagement and services provided to the Firm.
  2. Contact information — such as home and work address, phone number(s), email address(es) and emergency contact information. The Firm uses this information to communicate with its Business Contacts and with respect to independent contractors and vendors, for engagement management and administrative purposes, as well as managing engagements, for work scheduling (both administratively and organizationally), and for planning, drafting and managing working schedules and tasks.
  3. Financial and Transactional Information — including wire instructions, engagement details, bank account details, and Tax Identification or Social Security Number, as applicable. The Firm uses this information for the administration of payment of invoices and the reimbursement of expenses, where applicable; for monitoring compliance with Firm policies as well as to the engagement and services provided to the Firm. Depending on your relationship with the Firm, data in relation to insider trading compliance policies, including details of personal trading, accounts, holdings or other transactions, details of bank or brokerage account and other financial information (such as name of broker, transaction and securities details, account holdings and balances, positions, amounts, account holder information and other account information), in each case in respect of the contractor, the contractor’s spouse, registered domestic partner (or the equivalent), any child under the age of 18, any child under the age of 25 for whom the contractor contributes materially to their support or any other relative residing with you (“Restricted Persons”);
  4. Commercial Information — such as data with respect to relationship management and development, including date of engagement, relationship category, full/part-time status, where applicable, travel for the purposes of the services provided, including credit card details, special meal requests and travel preferences, for the purposes of maintaining the relationship and scheduling any engagement-related travel;
  5. Professional and Education Information — such as data with respect to qualifications, references, resumé(s) or curriculum vitae and language(s) spoken, where applicable. The Firm uses this information for engagement eligibility purposes, including verifying eligibility to provide services, obtaining professional and personal references and screening of educational and professional background data prior to and during course of your relationship with Firm, and background checks (as explained further below and where permitted under applicable Law, as defined below), for engagement management and administrative purposes;
  6. Background information — such as proof of eligibility to work, such as citizenship status and details of any visa or work permit application, background checks (including education, professional licenses, litigation and criminal records, regulatory matters, including sanctions screening, directorships or other outside affiliations, social media and credit checks, where permitted by Law, as defined below) and membership in professional bodies or associations;
  7. Audio, electronic, visual, and similar information — such as data related to use of building access control systems, including time and location of entry and exit, license plate number, access to restricted zones and security camera footage, data related to access to and usage of office equipment and resources including but not limited to telephones, soft phones (and mobile phones where issued by the Firm), voice messages, computer systems, email and the internet, internal correspondence, cost recovery systems, document management systems, contact management systems and online databases, where applicable.The Firm uses this information for management of access controls of premises and usage of the building and facilities of the Firm (including CCTV and parking lot data which may be accessed by the Firm), for management of access to and usage of office equipment, systems and resources including but not limited to telephones, soft phones, (mobile phones, laptops and portable devices, where issued by the Firm) and more generally the computer network and applications, for maintaining the security of the Firm’s network, for physical security, and to manage the engagement and services provided to the Firm;
  8. Inferences — based on information concerning an individual to create a summary about, for example, skills and preferences; and
  9. Any other personally identifiable information about you that is shared with us, for example, during engagement pitches and meetings.

 4.6      Where provided to you, the Firm will monitor use of Firm email accounts, Firm electronic devices and/or your personal device, if used for Firm business purposes, including text messages, Firm phone lines (including any mobile device provided by the Firm for business use) and the internet while you are using Firm systems, including Wi-Fi, to meet our regulatory compliance requirements to surveil communications.  

5. FROM WHOM DO WE COLLECT PERSONAL INFORMATION COVERED BY THIS NOTICE?
5.1       Depending on the nature of the engagement or your relationship with the Firm, we may receive Personal Information from the following categories of sources:

  1. directly from you, your employer or agency;
  2. other entities in the Hellman & Friedman Group;
  3. other of our suppliers, for example: 
    1. background and verification check providers;
    2. training and communication providers;
    3. compliance monitoring and other compliance service providers;
    4. information security providers;
    5. physical security providers;
    6. emergency contact, emergency management and health and safety service system providers;
  • where applicable, your (and your Restricted Persons’) financial advisors, brokerage firms, banks or other financial institutions (including through trading data feeds); 
  • public sources, such as publicly available media, including social media; and
  • government agencies and regulatory bodies.

6. FOR HOW LONG DO WE RETAIN PERSONAL INFORMATION COVERED BY THIS NOTICE?
6.1         We retain Personal Information for so long as we need it to fulfil our business purposes, in accordance with schedules contained in Firm policies and procedures, including for effective management of firm practices (“Policies”). 

6.2       We may retain Personal Information for a longer period than as stated in our Policies:

  1. Where required by law, regulation, legal or judicial process or audit, decision of a court or arbitral tribunal, decision of a governmental authority with relevant powers, by the rules of applicable stock exchange or recognized marketplace, or by a regulator, bank examiner or self-regulatory organization or pursuant to mandatory ethics rules applicable to the Firm or its affiliates (collectively, “Law”); or
  2. As reasonably required in relation to any claim or investigation pursuant to any Law and/or any matter which may lead to such a claim or investigation.   

7. TO WHOM DO WE DISCLOSE PERSONAL INFORMATION COVERED BY THIS NOTICE?
7.1       Depending on the nature of the engagement or your relationship with the Firm, the categories of third parties to whom we may disclose Personal Information for our business purposes and to comply with Law are:

  1. other entities in the Hellman & Friedman Group;
  2. our service providers such as cloud and other data management and storage providers, IT asset managers, information security and desktop support providers; and IT consultants;
  3. physical security providers (e.g., office security);
  4. compliance monitoring agencies and other compliance service providers;
  5. invoicing, reimbursement and payment tracking services and other payment systems;
  6. our professional advisors, such as tax advisors and law firms;
  7. emergency contact, emergency management and occupational health and safety service system providers;
  8. existing or potential investors in funds affiliated with the Hellman & Friedman Group;
  9. financial institutions, business partners of and other vendors to the Firm; and
  10. corporate services providers to the Firm.

7.2       Where the Firm is under an obligation to do so by Law, it will disclose Personal Information to regulators, courts, law enforcement or tax authorities, or in the course of litigation or other legal or regulatory matters. The Firm will use reasonable efforts to disclose the minimum Personal Information necessary in such cases.

7.3       Personal Information may also be disclosed to other third parties, upon your request. 

7.4       We do not, and will not, sell or share Personal Information, as those terms are used in the CCPA, including on residents under age 16, pursuant to this Notice. 

8. RIGHTS OF CALIFORNIA RESIDENTS IN RELATION TO THEIR PERSONAL INFORMATION
8.1       Right to Know:

If you are a California resident, you have the right to request that we disclose Personal Information that we have collected, sold or shared about you. Subject to verification and any limitations under the CCPA, we will disclose the following:

  1. The categories of personal information we have collected;
  2. The categories of sources from which the personal information was collected;
  3. The business or commercial purpose for which we collected the personal information;
  4. The categories of third parties with whom we disclose personal information; and
  5. Specific pieces of personal information that we have collected about you.

8.2       Right to Delete:

If you are a California resident, you have the right to delete Personal Information that we collected from you, subject to exceptions. 

8.3       Right to Correct:

If you are a California resident, you have the right to request that we correct inaccurate Personal Information that we maintain about you.

8.4       Right to Limit Use of Sensitive Personal Information:

If you are a California resident, you have the right to request that we limit the use and disclosure of your Sensitive Personal Information.  We do not use or disclose Sensitive Personal Information pursuant to this Notice other than as permitted for purposes specified in section 7027, subsection (l) of the CCPA.  Accordingly, this right is inapplicable.

8.5       Right to opt-out of sale/sharing:

If you are a California resident, you have the right to opt out of the sale/sharing of your Personal Information.  We do not sell or share Personal Information with third parties as those terms are used in section 7013, subsection (g) of the CCPA, pursuant to this Notice.  Accordingly, this right is inapplicable.

8.6       If you are a California resident, you have the right not to receive discriminatory treatment by us for the exercise of privacy rights conferred by the CCPA, including, as applicable, your right as an employee, applicant, or independent contractor not to be retaliated against for the exercise of your CCPA rights.   

8.7       How to Exercise these Rights:

To exercise any of the above rights, you may submit a request by:

  1. Calling us toll-free at +1 (877) 215-0023;
  2. Visiting https: https://hf.com/your-california-consumer-privacy-act-rights//; or
  3. Emailing us at privacy@hf.com.

8.8       We will verify your identity prior to addressing or fulfilling a request made pursuant to the CCPA. The request must provide sufficient information that allows us to reasonably verify that you are the individual about whom we hold the Personal Information.

8.9       Only you or someone legally authorized to act on your behalf, may make a verifiable request under the CCPA.  Any such authorization must be in accordance with California Civil Code section 1633.1 et seq., the Uniform Electronic Transactions Act. To act on such request, your authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on your behalf.

9.         YOUR OBLIGATIONS IN RELATION TO PERSONAL INFORMATION AND THIS NOTICE
9.1       It is important that changes in personal circumstances are conveyed to us as soon as possible by contacting your contact at the Firm. These include changes to the following:

  • name;
  • contact details (address, phone number(s), email address(es)) and emergency contact information;
  • any bank details for payment of invoices; and
  • any of your Restricted Persons.

9.2      Any Business Contact that has personnel interacting with us is to provide a copy of this notice to such personnel.

9.3       Should you have Restricted Person(s), as defined above, you are to provide a copy of this Notice to them.

9.4       You may have access to Personal Information about other people and use this data during the course of your relationship with the Firm. Under the CCPA, the Firm must ensure that the Personal Information it holds about its investors, employees, contractors, vendors and other third parties is held securely.  Accordingly, you must take all reasonable steps to maintain the security of all Personal Information held by the Firm to which you may have access and use such Personal Information appropriately at all times. 

9.5       Failure to comply with this Notice may result in termination of your relationship with the Firm without notice.

10.       CHANGES TO THIS NOTICE
10.1      We may update this Notice from time to time.  This Notice was last updated on January 1, 2024. Any updated Notice will be available at hf.com.