Data Privacy and Protection Policy
Last modified in September 2025.
We (the ‘Company’) are committed to protecting the privacy, security, and lawful processing of Personal Data in accordance with applicable privacy laws and regulations, including, but not limited to, the European Union General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”). This Policy outlines our approach to collecting, using, processing, storing, transferring, disclosing, and deletion of personal information/data.
We reserve the right to amend this Policy periodically to reflect regulatory updates or operational changes.
We reserve the right to amend this Policy periodically to reflect regulatory updates or operational changes.
A. Definitions
Candidate: New and/or existing individual(s) who are considered suitable for a particular role, under a mandate.- Client(s): Individuals or companies which require executive search and/or leadership advisory services.
- Client Contact: An individual(s) who is an employee or representative of the Client.
- Company: August Leadership LLC, having its registered office at 275 Madison Av, Suite 1500, New York, New York 10016, including its subsidiaries, sub-contractors, and affiliates across the globe.
- Individual(s): Candidate(s), Client(s) and Client Contact(s) are collectively referred to as Individual(s).
- Personal Data: means any information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to an identified or identifiable natural person (‘Individual(s)’). This includes names, identification numbers, email addresses, online identifiers (such as IP addresses), location data, browsing history, and inferences drawn from other data, as well as information related to an individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.
- Policy: refers to this Data Privacy and Protection Policy.
B. Use Of Data
- We collect and use your data for the purpose of providing executive search and/or leadership advisory services (the ‘Services’).
- Data is collected from individuals through professional networking platforms, business contacts, networking events, and clients.
- Lawful basis for processing Personal Data — Candidates:
a. the processing is necessary for our legitimate business interest, and these interests are not overridden by your privacy rights or freedoms. We conduct a legitimate interest balancing test to ensure that our business interest in processing your data does not unfairly impact your privacy rights.
b. you have made your personal information publicly available on professional networking platforms like LinkedIn.
c. we have your explicit consent to do so. Consent will be obtained where required and documented. You have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal. - Lawful basis for processing Personal Data — Client and Client Contacts: We process Client and Client Contact Personal Data as necessary for fulfilling contracts and to provide our Services.
We may use AI-driven tools to have seamless client and candidate experience, but we do not engage in automated decision-making or profiling of our Candidates or Clients.
C. Data Retention and Deletion
- We retain certain Personal Data for up to seven (7) years in accordance with applicable laws and regulatory requirements. Upon expiry of the applicable retention period, Personal Data is securely deleted or anonymized. If requested, the Company can provide written certification confirming that all such Personal Data has been deleted or anonymized in compliance with this Policy and applicable laws.
- C. INDIVIDUAL(S) RIGHTS
1. We are committed to handling data responsibly and respecting the privacy of Individual(s). You may contact compliance@augustleadership.com if you wish to, where applicable:
a. Inquire about the source of your data
b. Understand how your data is processed, including restricting or objecting to the processing of your data c. Review the data held by the Company
d. Withdraw your consent
e. Update or amend your data
f. Opt out of career opportunities and request the removal of your data from our secure systems
g. Exercise your right to be forgotten
h. Report any suspected breaches or violations of the Policy. - 1. All requests (‘Data Requests’) sent to compliance@augustleadership.com shall be acknowledged by the Data Privacy Officer within 2 business days and processed within one calendar month of receipt. There is no charge to exercise your rights. Exceptions and limitations as per law may apply.
2. For reported Policy violations, an investigation shall commence within 2 business days of receipt, with every effort made to resolve the matter promptly.
D. Global Access to Personal Data
- To support the delivery of our Services, Personal Data may be accessed by our global teams through secure systems. Where such access involves the transfer of Personal Data to countries without an adequacy decision, these transfers are governed by appropriate safeguards, including the Standard Contractual Clauses(SCCs) approved under the GDPR, supplemented by additional measures as required to ensure compliance with applicable data protection laws.
E. Children's Personal Data
- We do not collect or retain personal data of minors. If we become aware of any such data collection, we shall promptly remove it from our secure systems.
F. Data Protection Measures
- 1. While internet communications and storage systems are not completely secure, we take necessary measures to protect and store data incompliance with applicable laws and regulations. However, we cannot guarantee the absolute security of any information submitted or collected by us.
2. To ensure data security, confidentiality, and proper handling of your Personal Data, we use secure cloud-based systems (‘secure systems’) for our business functions. These systems support activities such as candidate management, internal collaboration, communication, interview scheduling,document handling,and other related processes to our Services. These secure systems are integral to maintaining our data protection standards and compliance with applicable privacy regulations.We ensure that these secure systems comply with applicable data protection laws and implement adequate security measures. - 3. We implement technical and organizational measures including encryption, access controls, employee training, and regular security reviews to safeguard Personal Data.
1. In the event of a Personal Data breach, we will notify the relevant supervisory authority within 72 hours where required by law and affected Individuals will be informed without undue delay, and where feasible,within 72 hours of becoming aware of it.
G. Compliance Officers' Rule
Nothing in this policy may be construed in a way that conflicts with any reporting obligations or protections afforded by state or federal law.
E. Accountability and Governance
We maintain records of data processing activities, conduct privacy impact assessments for high-risk processes, and provide regular data protection training to our staff. Our Policy is reviewed at least annually or as needed, with the latest version available on ourwebsite with the effective date clearly stated.
B. THIRD-PARTY WEBSITES
Our website may contain links to third-party websites. We do not control and are not responsible for the content, privacy practices, or data collection policies of those websites. Individual(s) areen couraged to review the privacy policies of external sites before engaging with them.
C. OTHER LAW
Nothing in this Policy may be construed in a way that conflicts with any reporting obligations or protections afforded by any specific state or federal law.
B. THIRD-PARTY WEBSITES
Our website may contain links to third-party websites. We do not control and are not responsible for the content, privacy practices, or data collection policies of those websites. Individual(s) areen couraged to review the privacy policies of external sites before engaging with them.
C. OTHER LAW
Nothing in this Policy may be construed in a way that conflicts with any reporting obligations or protections afforded by any specific state or federal law.
F. Third-Party Websites
Our website may contain links to third-party websites. We do not control and are not responsible for the content, privacy practices, or data collection policies of those websites. Individual(s) areen couraged to review the privacy policies of external sites before engaging with them.
G. Other Law
Nothing in this Policy may be construed in a way that conflicts with any reporting obligations or protections afforded by any specific state or federal law.
