Privacy Notice
(Rev.2 – September 2025)
This General Privacy Notice (the “Privacy Notice”) describes the types of personal information we collect about you, how we may use that information and with whom we may share it. It also describes how you can reach us to answer any questions you may have about our privacy practices.
As a business-to-business company, we handle only limited personal data, such as information about our investors, employees, portfolio companies, partners and its and their employees, as well as online visitors that we collect through our websites, social media accounts, mobile applications, and other online interactions and communications such as email (collectively, our “Digital Properties”). Please read this Privacy Notice carefully. In addition to this General Privacy Notice, please note the privacy notices listed below which include information on how we process your personal information that may apply to you depending on your relationship with General Atlantic:
- If you are an investor or prospective investor in GA investment funds or products, you will be subject to our Limited Partner Privacy Notice.
- If you are an employee, you will be subject to our Employee Privacy Notice.
- If you are a job applicant or included in our Global Talent Bank, you will be subject to our Applicant and Talent Bank Privacy Notice.
Whenever you interact with us on behalf of another individual or entity, such as by referring someone to us, you must obtain their consent (or have the legal authority without consent) to share their personal data with us.
If you reside in California, please refer to the California Notice of Collection below.
About Us
We are General Atlantic Service Company L.P. Our principal place of business is at Park Avenue Plaza, 55 East 52nd Street, 33rd Floor, New York, NY 10055 (“GA”). GA has a number of subsidiaries and offices located in various jurisdictions, details of which can be found on the GA website at https://ww.generalatlantic.com/offices and the Actis website (https://www.act.is/contact/) (collectively, “we”, “us” or “our”).
We are a data controller for the purposes of the applicable privacy laws in the jurisdictions in which we operate, including, but not limited to, the General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR and the UK Data Protection Act, the California Consumer Privacy Act of 2018 and any applicable national data protection acts (the “Data Protection Laws”). This means in relation to the personal information you provide to us, we will determine why and how it is used.
What personal information we collect
When you use our website or during the course of our business dealings with you or your employer, or when you interact with us at conferences, meetings, events, our office or your office, or otherwise in other public places, we may collect your “personal information”.
Personal information is information that either alone or in combination with other information can directly or indirectly identify you. We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
- Identity Data includes your, first name, last name, title, date of birth and gender, unique personal IDs, social media handles, device identifiers;
- Contact Data includes your postal address, e-mail address and telephone number(s);
- Professional Data includes information about your employer, job title, role and other information about your professional experience, education, professional licenses, credentials and affiliations;
- Communications Data includes calls you make to us, correspondence or messages (including emails, SMS or chat or social media messages or comments) that you send to us or that are on our Digital Properties, and the content of feedback or testimonials you leave about us;
- CCTV Data includes video footage of you when you visit one of our offices;
- Preferences Data includes information about your preferences where it is relevant to the services that we provide to our portfolio companies and/or investors;
- Marketing Data includes details of your marketing and communication preferences;
- Event Data includes information about our events which you have attended and additional details that you provide at one of our events, including images and recordings from events and information provided in surveys;
- Technical Data includes information about your devices and usage of the website, such as your IP address, identifiers associated with your device, browser and device characteristics, website preferences, information regarding websites accessed immediately before and after you visit the website, the date and time of your visit to the website, and information about how you navigate the website. GA collects this information by using cookies, web pixels and other similar automated technologies (collectively, “Digital Properties”). Collection may also include non-precise geolocation data, such as your approximate location based on your IP address. We use this information to better understand, customize and improve the user experience with our website and our services. For more information about these Digital Properties, please see our Cookie Policy (https://www.generalatlantic.com/cookie-policy/)’;
- Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences or behavior, including to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers; and
- Sensitive Data, such as social security numbers, driver’s license, account log-in information, any data about religious, ideological, political or trade union views or activities, your health, private life, the intimate sphere or racial origin, (personal data which is also referred to as Special Category Data).
How we collect your personal information
We may collect your personal information in circumstances such as:
- when you provide it to us directly (i.e. directly or indirectly through this website, when you contact us via email or provide us with a business card, or when you invest in one of our investment funds);
- from a third-party source (e.g. from a company for whom you work, other organizations with whom you have dealings, business partners, government agencies, a credit reporting agency, an information or service or content providers, from a publicly available record, social media companies, professional networking platforms or affiliated companies); and
- Data collected automatically and through Cookies. We may automatically collect information or inferences about you, such as through cookies, pixels, tags, scripts, and other tracking technologies (collectively, “Cookies”), when you interact with our Digital Properties. This may include information about how you use and interact with our Digital Properties, information about your device, and internet usage information.
We may combine information that we receive from the various sources described in this Privacy Notice, including third party sources, and use and disclose the combined information for the purposes identified below.
If you do not provide information requested by us from time to time, we may not be able to provide services to you or your employer, or otherwise fulfil the purpose for which we have requested the information.
Sensitive Data will only be collected by us if you have provided it to us directly.
How we use your personal information
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and complies with Data Protection Laws.
Data Protection Laws require us to have a valid reason to process your personal information for each of the different purposes for which we use that information. The law refers to each reason as a ‘lawful basis’. The purposes for which we use your personal information and the lawful basis on which we rely to process it for each purpose are as follows to:
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Establish and manage our business relationships. |
| Legitimate Interests – necessary to build and maintain our business relationships |
| Send you newsletters or other marketing or promotional materials about our investment products and services. |
| Legitimate interests – necessary to provide you with analysis of the markets General Atlantic operates in. |
| Send you information on news, publications, seminars and events. |
| Legitimate interests – necessary to provide you with updates that may be of interest to you. |
| Communicate with you (including to answer questions you may have) and improve our services and communications to you |
| Legitimate Interests – necessary to respond to you and process your requests and enquiries. |
| Facilitate introductions with General Atlantic portfolio companies and investment prospects. |
| Legitimate Interests – necessary to introduce you to our network. |
| Consider investment opportunities and evaluate the performance of portfolio companies. |
| Legitimate Interests – necessary to assess potential business opportunities. |
| Comply with local laws and regulations or where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process |
| Legitimate Interests – necessary to protect our business interests and enforce our legal rights. |
| Perform analytics (including market research and trend analysis) |
| Legitimate Interests –necessary to evaluate and improve our products and services. |
| Operate, evaluate, develop, manage and improve our business, website, products and services. |
| Legitimate Interests – necessary to help us improve our products and services. |
| Maintain network and information security. |
| Legitimate Interests – necessary to protect your information against loss or damage, theft or unauthorized access and protect our business. |
| Maintain the security of our offices and safety of our staff. |
| Legitimate Interests – necessary to ensure the safety of our staff and protect our business assets. |
| Protect against, identify and prevent fraud and other criminal activity, claims and other liabilities. |
| Legitimate Interests – necessary to ensure the security of our website, and business. |
| Manage and maintain records of services or advice we have received, and commissioning further services. |
| Legitimate Interests – necessary to ensure accurate information within our organization and comply with our legal and regulatory obligations. |
| Seek and obtain advice from our professional advisors, including lawyers, accountants and other consultants. |
| Legitimate Interests – necessary to enable us to see professional advice. |
| Invite you to presentations and events and organizing meetings between you and General Atlantic’s representatives. |
| Legitimate Interests – necessary to enable you to attend events and meetings. |
| Ensure that alumni are kept up to date with our news and events |
| Legitimate interests – necessary to provide you with updates that may be of interest to you. |
| Conduct internal and external audits |
| Legitimate Interests – necessary to ensure compliance with internal policies and comply with our legal and regulatory obligations. |
| Managing our business relationships with vendors. |
| Contract – necessary to comply with our obligations under our contract with you or your organisation. |
| Maintain records of investments and administering any transaction that one of our funds (or parties related to it) enters into. |
| Legitimate Interests – necessary to ensure accurate information within our organization and comply with our legal and regulatory obligations. |
| Comply with our (and our funds’) regulatory and legal obligations, including tax reporting and assessing and managing risk. |
| Legal obligation – to comply with tax laws and our regulatory obligations. |
| In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change. |
| Legitimate Interests – necessary to ensure accurate information within our organization and comply with our legal and regulatory obligations. |
Sensitive Data may be held for statistical analysis and reporting to identify or keep under review the existence or absence of equality of opportunity or treatment between groups of people where we are permitted to do so by applicable law.
Before collecting and/or using any Sensitive Data we will establish a condition for processing or similar requirement which allows us to use that information. This exemption will typically be:
- your explicit consent;
- the establishment, exercise, or defence by us or third parties of legal claims; or
- other uses allowed by applicable law including context specific exemptions provided for under applicable laws, such as the processing of special category data for the purposes of substantial public interest (e.g. preventing or detecting fraud).
Who else might receive your personal information
We may share or disclose your personal data to third parties, including the categories of recipients described below:
- Entities within the General Atlantic group (our “Affiliates”) in other locations around the world to the extent legally permitted. Please see Transferring information about you abroad.
- Third-party service providers (“Vendors”), for example, to complete transactions and administer investments, host your data, to pay for services, analytics providers, for the purposes described above, and for security purposes.
- Professional advisors such as lawyers and accountants, fund administrators, depositories, distributors, registered agents and other consultants and business partners (“Professional Advisors”). We may also disclose information to Professional Advisors where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process (“Legal Authorities”).
- Commercial data partners to whom we make information available for their own marketing purposes and partners who work with us on promotional opportunities, including co-branded products and services.
- Networks, social media platforms, third parties whose cookies we use as described in our Cookie Policy, commercial data partners to whom we make information available for their own marketing purposes, and partners who work with us on promotional opportunities.
- Your employer or coworkers.
- To the extent deemed necessary by General Atlantic for the purpose of this Privacy Notice, in particular, for security reasons or as required by mandatory laws and regulations.
- The public, such as when you have an opportunity to make comments regarding our products or services that we may share with the public, including comments on our social media pages or any personal data in comments, reviews or other content that you share in public areas of our Digital Properties.
- Entities to which you have consented to the disclosure.
- Other entities in connection with a corporate transaction, such as if we acquire assets of another entity, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
Children’s Privacy
Our Digital Properties are intended for individuals 18 years of age and older. The Digital Properties are not directed at, marketed to, nor intended for, children under 18 years of age. As a general rule, we do not knowingly collect any information, including personal data, from children under 18 years of age. If you believe that we have inadvertently collected personal data from a child under the age of 18, please contact us at the address in Section 10 (Contact Information) below, and we will take prompt steps to delete the information.
Transferring information about you abroad
Your data may be transferred to our international offices and the various entities that make up the General Atlantic group and accessed by authorized General Atlantic personnel outside the EEA and/or the UK as well as within it.
You should be aware that in territories outside the EEA and the UK, laws and practices relating to the protection of personal data are likely to be different and, in some cases, may not be equivalent to those within the EEA and the UK.
We will ensure that any such international transfers are made subject to appropriate safeguards (such as the EU Standard Contractual Clauses and UK Addendum thereto) as required by Data Protection Laws. To find out more about the safeguards we have in place to protect your personal information please contact us at [email protected].
What Rights Do You Have?
Depending on your jurisdiction you may have some or all of the rights listed below. For example, under the GDPR and the UK Data Protection Act, residents domiciled in the EU, EEA or the UK have certain rights with respect to their personal information. In particular, EU, EEA, and UK residents have the right to:
- Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
- Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Request restriction of processing of your personal information.
- Withdraw consent at any time where we are relying on consent to process your personal information. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
UK residents further have the right to:
- Complain to us about how we use your personal information.
Please email us at [email protected] to exercise your rights.
Where you exercise your right of access, exemptions (such as where disclosing your information would reveal legally privileged information or third-party personal data) may apply, meaning that you may not always receive all the personal information that we process about you. We consider and apply exemptions on a case-by-case basis.
If you are a UK resident exercising your right of access, please note that we are required to carry out a reasonable and proportionate search for your personal information when responding to your request.
We may contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex. In this case, we will notify you and keep you updated.
How long do we keep your personal data?
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Notice. For example, we may retain personal data we obtain from you when we have an ongoing legitimate business need to do so, or to fulfil an ongoing contract with you or your employer. Once you or your company has terminated your relationship with us, we may retain your personal data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, in order to demonstrate our business practices and contractual obligations, or to provide you with information about our products and services in case of interest.
When we have no ongoing legitimate business need or legal obligation to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will store your personal data securely and isolate it from further processing until deletion is possible.
Data Security
Although we maintain reasonable security safeguards, no security measures or communications over the Internet can be 100% secure, and we cannot guarantee the security of your information.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes if and where this is required by Data Protection Laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
If you have any questions or concerns concerning this Privacy Notice, the way we process your personal data, or are a resident of India and wish contact our Grievance Officer please contact us at:
Email: [email protected]
Complaints
If you wish to make a complaint about how we have handled your personal information, please contact us at the details above and we will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal information in accordance with the law, you can escalate your complaint to the data protection authority in your jurisdiction, details of which can be found online. For the countries in which we have offices, we have set out the details and a link to the relevant data protection authorities and, where required to do so by local laws, provided a local point of contact, in the table below:
| Country | Data Protection Authority Name and Details |
|---|---|
| Brazil | Autoridade Nacional de Proteção de Dados https://www.gov.br/anpd/pt-br |
| China | The Cyberspace Administration of China https://www.cac.gov.cn/ |
| Egypt | Personal Data Protection Centre https://mcit.gov.eg/en |
| Germany | The Federal Commissioner for Data Protection and Freedom of Information https://www.bfdi.bund.de/EN/Home/home_node.html |
| Hong Kong | The Office of the Privacy Commissioner for Personal Data https://www.pcpd.org.hk/ |
| India | The Ministry of Electronics and Information Technology https://www.meity.gov.in/ |
| Japan Contact: Yuri Nagaki (Office Manager)Address: Actis Limited (Tokyo Branch)Marunouchi Nijubashi Building3-2-3 MarunouchiChiyoda-ku100-0005 | The Personal Information Protection Commission https://www.ppc.go.jp/en/ |
| Kenya | Office of the Data Protection Commissioner https://www.odpc.go.ke/ |
| Luxembourg | National Commission for Data Protection https://cnpd.public.lu/en.html |
| Mauritius | Data Protection Office https://dataprotection.govmu.org/ |
| Mexico | Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales https://home.inai.org.mx/ |
| Netherlands | The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) https://www.autoriteitpersoonsgegevens.nl/ |
| Nigeria | The Nigeria Data Protection Commission https://ndpc.gov.ng/ |
| Republic of Korea | The Personal Information Protection Commission https://www.pipc.go.kr/np/ |
| Singapore | The Personal Data Protection Commission https://www.pdpc.gov.sg/ |
| South Africa | The Information Regulator https://inforegulator.org.za/ |
| Spain | Agencia Española de Protección de Datos https://www.aepd.es/ |
| United Arab Emirates | Office of Data Protection https://www.adgm.com/ |
| United Kingdom | Information Commissioner’s Office https://ico.org.uk/ |
Personal Information Rights for Residents of California
Data Subject Rights
If you live in California, you may have certain rights regarding personal data that you can exercise by emailing us at [email protected] or by calling (844) 470-0002:
- Right to Know. You may have the right to request information about the categories of personal data we have collected about you, the categories of sources from which we collected the personal data, the purposes for collecting, selling, or sharing the personal data, and to whom we have disclosed your personal data and why. You may also request the specific pieces of personal data we have collected about you.
- Right to Delete. You may have the right to request that we delete personal data that we have collected from you.
- Right to Correct. You may have the right to request that we correct inaccurate personal data that we maintain about you.
- Right to Opt Out of Profiling. You may have the right to opt out certain automated processing activities that are used to evaluate characteristics about you. We do not presently engage in such profiling.
- Right to Limit Use and Disclosure of sensitive personal data. You may have the right to limit the use and disclosure of sensitive personal data.
- Right to Opt Out of Sales, Sharing, and Targeted Advertising. You may have the right to opt out of selling, sharing, and targeted advertising. We do not knowingly sell data about minors under 18. On our website, www.generalatlantic.com, you may exercise the Right to Opt Out of Sale, Sharing, and Targeted Advertising by accessing our Cookie Preference Center and selecting “Reject Optional Cookies”. For websites hosted by third parties, please refer to the third party provider’s cookie policy / preference center.
To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.
We will not discriminate against you for exercising your privacy rights.
Verification: To process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request.
- For Requests to Opt-Out of Sale, Sharing, and Targeted Advertising and Requests to Limit Use and Disclosure of Sensitive personal data: We collect your name and email to locate you in our records.
- For Requests to Know, Delete, and Correct: We collect information necessary to verify your identity and that you are a resident of California, including name, mailing address, email address, phone number, relationship to General Atlantic.
Authorized Agents: Authorized agents may exercise rights on your behalf by submitting a request by emailing us at [email protected] or by calling (844) 470-0002.
- If you designate an authorized agent to submit a Request to Know, Delete, or Correct, we may seek additional information from the authorized agent or reach out to you directly to verify your identity or to confirm that you provided the authorized agent with permission to submit the request.
- If you designate an authorized agent to submit a Request to Opt Out of Sale, Sharing, and Targeted Advertising, we may seek additional information directly from the authorized agent to process the request.
Additional Data Processing Disclosures
In addition to the disclosures above, this section provides supplemental information about how we process personal data.
Disclosure of personal data
Below please find a chart detailing the categories of personal data we collected and to whom it was sold, shared, or disclosed for a business purpose in the past 12 months.
| Categories of personal data We Collect | Categories of Third Parties to Whom We Disclose personal data for a Business Purpose | Categories of Third Parties to Whom Personal Data is Sold or Shared for Targeted Advertising |
|---|---|---|
| Identity Data |
|
|
| Contact Data |
|
|
| Professional Data |
|
|
| Communications Data |
|
|
| CCTV Data |
| |
| Technical Data |
|
|
| Marketing Data and Preferences Data |
|
|
| Event Data |
|
|
| Inferences |
|
|
| Sensitive personal information |
|
|
Sensitive personal data: We only use and disclose Sensitive personal data for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.
Contact Information
If you have questions regarding this Privacy Notice, please contact us at: [email protected]