Pantheon Macroeconomics, Inc. Swiss-EU Privacy Shield Policy Effective October 2019

Note regarding the European Court of Justice Ruling July 2020

On 16th July 2020 the European Court of Justice ruled that the EU-US Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.  Both the European Data Protection Board (EDPB) and the US Government are committed to finding a solution to replace the Privacy Shield. This process gained momentum in March 2021 when the new US administration and the EU ageed to intensify the search for a solution.   In the meantime, The U.S. Department of Commerce’s International Trade Administration (ITA) continues to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield and maintaining the Privacy Shield List. 

We continue to transfer data to our US subsidiary as described below as we have data processing agreements in place between our UK and US companies which include standard contractual clauses giving EU and UK data subjects the same rights over their data when it is processed by us in the US as they have when it is processed in the UK.

We also continue to maintain our certification with the Privacy Shield Program as evidence of our commitment the highest standards of data protection and to provide an independent arbitrator in the event of complaints about our US data processing which cannot be resolved directly with Pantheon. In due course we will seek certification with whatever scheme replaces the Privacy Shield.

Pantheon Data Transfer between the UK/EU and US

The Privacy Policy on Pantheon Macroeconomics’ website, which can be found at www.pantheonmacro.com/legal_notes/privacy/ applies to both Pantheon Macroeconomics, Ltd and its US subsidiary, Pantheon Macroeconomics, Inc. If you are based in Europe, including the UK, your prime relationship will be with Pantheon Macroeconomics, Ltd. If you are based in any other country, you will have a relationship with Pantheon Macroeconomics, Inc. The two companies work closely together and both apply the same high standards of data privacy to your data regardless of where you are. In order to process your data as described in our privacy policy, we transfer data between our two companies and hence we move data relating to EU and Swiss data subjects out of the EU and Switzerland for processing in the US and move data from other countries into the UK.

Why do we process your information? 

If you or your employer have requested that we send you our products, we have a contractual right to process the data needed to do this and to manage your account. In most other circumstances, our lawful basis for processing your data is Legitimate Interest. This is where we have identified a genuine and legitimate reason for processing your data, which does not override your rights or interests. We process personal data in order to find and contact businesses who we believe have a commercial interest in reading our economics research, and to allow us to make existing customers aware of new products as they become available. We also retain the minimum information necessary to make sure that we do not contact anyone who has told us that they do not want to hear from us. In this case, we will have obtained consent to continue to process this data.

What information do we collect about you?

Pantheon Macroeconomics collects the minimum data required to meet our objectives, above.

We collect the following information from public and commercially available sources such as the financial media, social media and commercial financial market databases:

• name and job title
• email address
• company name & location
• telephone number
• which regional economies you are interested in
• the password you use to log into our website or app

Once we have contacted you, we keep a record of the date and content of any communications that we have had with you

Information automatically logged

When you enter our website, we may use your internet protocol (“IP”) address to monitor broad demographic information and for other purposes, such as monitoring visitor frequency. With your permission, we will install “cookies” on your computer which allow us to tailor your experience of our website. You will be offered information on our cookie policy before they are used and you can see our cookie policy here.

Who has access to your data?

As our website hosts, El Roboto Ltd (4th Floor Sunco House, 5 Carliol Square, Newcastle Upon Tyne, Tyne & Wear, NE1 6UF) have access to your data. Information is transferred between our U.K. Company (Pantheon Macroeconomics Limited) and our U.S. subsidiary (Pantheon Macroeconomics Inc) for sales and marketing purposes. We also send information to third-party companies, who maintain our marketing databases and ensure they are accurate and up to date. Our EU data is processed within the EU by carefully chosen partners who have shown that they comply with GDPR regulations and our own high data protection standards.

EU-US and Swiss-US Privacy Shield Compliance

Pantheon Macroeconomics, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  [INSERT your organization name] has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  [INSERT your organization name] has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Pantheon Macroeconomics, Inc. is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to info@pantheonmacro.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to info@pantheonmacro.com

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Pantheon Macroeconomics, Inc’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Pantheon Macroeconomics, Inc. remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Pantheon Macroeconomics, Inc. proves that it is not responsible for the event giving rise to the damage.

Resolution of Complaints

In compliance with the Privacy Shield Principles, Pantheon Macroeconomics, Inc, commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, UK, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Pantheon Macroeconomics, Inc at:

400 Columbus Ave., Suite 10s

Valhalla, NY 10595

By Email: info@pantheonmacro.com

Pantheon Macroeconomics, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Please note that European Union and Swiss individuals who have inquiries or complaints regarding our privacy policies other than as they relate to the Privacy Shield, should first contact Pantheon Macroeconomics, Ltd at: 

5th Floor Cathedral Buildings, Dean Street

Newcastle upon Tyne, NE1 1PG, UK

By email: info@pantheonmacro.com

Annex I: Section C

An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the organization and afford the organization an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles; (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual. This arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties. In addition, this option may not be invoked if an EU Data Protection Authority or the Commissioner (1) has authority under Sections III.5 or III.9 of the Principles; or (2) has the authority to resolve the claimed violation directly with the organization. A DPA’s/the Commissioner's authority to resolve the same claim against an EU or a Swiss data controller does not alone preclude invocation of this arbitration option against a different legal entity not bound by the DPA/Commissioner's authority.