The EU General Data Protection Regulation 2016/679 ("GDPR") is due to come into force with effect from 25th May 2018 and requires that we provide data subjects with information about who we are, how we collect and use the personal data provided to us as part of our contracting process, how we secure it and how data subjects can contact us to exercise their rights in respect of the personal data we hold.
We have set the information out in the table below and provided you with contact details of our data protection team should you need further details.
Further guidance and advice about GDPR is available from your local Data Protection Authority and we have included their contact details for you in the Statement.
PitchBook Data, Inc.
PitchBook Data, Inc. and its Affiliates and Group Companies, including its parent company, Morningstar, Inc. (collectively, "PitchBook").
For more information on the group please go to shareholders.morningstar.com.
The specific PitchBook entity with which you have contracted will be set out in the Order Form or Agreement signed with you.
We collect limited personal information, such as name, email, phone number and address from our Clients in respect of themselves and the Client's authorized users of our products and services ("Client Personal Data");
To fulfil our contractual obligations to our Clients. We use Client Personal Data to administer and support the contracts we have with Clients and our Client's authorised users, including providing updates about the products and services Clients have bought or licensed, managing and dealing with enquiries Clients make to Morningstar, informing Clients of other Morningstar products and services that we feel may be of interest, and invoicing Clients.
As part of PitchBook's research and analysis process to provide comprehensive information to investors and clients, PitchBook collects and includes names and a limited amount of personal information about company directors, fund managers and related senior management staff ("Management Data"). Our Clients' use of Management Data is subject to the terms of our subscription agreement and our Clients' obligation to ensure that their processing, storage and use of that data complies with GDPR.
PitchBook confirms that, in connection with the performance of its obligations or exercise of its rights under the Order Form and / or Agreements it has in place with the Client, it will be processing both Client Personal Data and Management Data for its own purposes, and as such will be a data controller under GDPR.
Only PitchBook staff within the Company Group who need access to personal data to perform their roles have access to it and do so in accordance with PitchBook's Data Protection Policy.
PitchBook uses a small number of third parties to provide systems and software for its administrative functions, such as sales processing, accounting / finance management and procurement. In such cases PitchBook remains controller of the personal data and the third parties only process the data in accordance with our instructions and we ensure such third parties are compliant with all applicable data protection regulations in relation to their processing activities.
PitchBook has in place technical and organisational measures to ensure a level of security appropriate to the nature, scope and purpose of its processing of personal data. Further information about PitchBook's security measures is available by contacting firstname.lastname@example.org.
PitchBook retains personal data only for as long as necessary to fulfil our contractual obligations or maintain our products and services. Individual jurisdictions have different tax, accounting, regulatory and legal retention requirements and PitchBook is bound to keep certain personal data in accordance with these local requirements.
PitchBook is part of a global company and does transfer and process personal data outside of the EU for the purposes of fulfilling its contractual obligations to Clients. PitchBook ensures it has appropriate safeguards in place to protect the personal data and make available to data subjects enforceability of their rights and effective legal remedies.
GDPR provides data subjects with rights in respect of their personal data, including the right to update or correct data, receive details of the personal data held, ask for the personal data to be erased or to be provided to another controller.
PitchBook has in place measures to ensure that these requests can be actioned within the statutory timescales set out under GDPR.
Data subjects should send their access requests to email@example.com.
PitchBook will respond to an access request as soon as possible and no later than within 30 days of request. In some cases, there may be reasons PitchBook cannot accede to a particular request, for example where local retention periods require the holding of personal data for a certain period of time or such data is required to perform our obligations or exercise our rights under an Order Form and/or Agreement. If we cannot accede fully to a data subject access request, we will respond as soon as possible with reasons.
If you have any questions or comments about the information contained in this statement and/or any other privacy enquiries, including if you want to complain about Morningstar's collection and use of personal data, please contact:
If you have any concerns about PitchBook's information rights practices, we would hope you would contact the DPO in the first instance. However, if you are still dissatisfied, you can complain to the relevant local Data Protection Authority via the links below.
PitchBook has implemented appropriate measures to deal with the breach notification requirements as set out in GDPR.
PitchBook is committed to protecting your privacy. As such, under the GDPR you have the right to view the information we collect about you, see how we use this information, and exercise your rights to be forgotten.
To learn more or update your information, fill out the form below.
Your request has been submitted, we will reach out to you soon.