Privacy Policy

Gladwin International Leadership Advisors (“Gladwin International”, “we”, “us”, or “our”) is committed to protecting your privacy and safeguarding the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, retain and protect information when you visit our website at gladwininternational.com, use our executive portal (“The Apex Council”), or engage with our executive search, leadership advisory and talent intelligence services.

By accessing our website or providing us with your personal information, you consent to the practices described in this policy. If you do not agree, please do not use our services or provide us with your data.

1. Information We Collect

1.1 Information You Provide Directly

• Contact information — name, email address, phone number, postal address, and professional title, provided when you fill out a contact form, request a consultation, or correspond with us.
• Professional and career information — curriculum vitae / résumé, employment history, educational qualifications, compensation details, board memberships, professional certifications and references, shared during an executive search engagement or candidate registration.
• Portal registration data — login credentials, preferences, and self-assessment responses submitted through The Apex Council executive portal.
• Billing and engagement data — company name, GST identification number, purchase order details, and invoicing information provided during a client engagement.
• Communication records — contents of emails, messages, call notes and meeting records generated during the course of our professional relationship.

1.2 Information We Collect Automatically

• Device and browser data — IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage data — pages visited, time spent on pages, referring URLs, click patterns, and navigation paths through our website.
• Cookies and similar technologies — we use cookies, local storage, and pixel tags to recognise returning visitors, remember preferences, and analyse site traffic. See Section 7 for details.

1.3 Information from Third Parties

• Professional networking platforms — publicly available information from LinkedIn and similar professional platforms used to identify and evaluate potential candidates.
• Reference checks — information provided by professional references you have authorised us to contact.
• Client-provided data — information about roles, organisational context, and candidate specifications shared by our client organisations during search engagements.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Executive search and placement — identifying, evaluating, and presenting candidates for leadership positions; conducting reference checks; facilitating interviews and offer negotiations.
• Leadership advisory services — providing succession planning, compensation benchmarking, board transformation, and talent intelligence engagements.
• Portal services — operating The Apex Council executive portal, including self-assessment modules, career studio, compensation benchmarking, and the Whisper silent search agent.
• Communication — responding to enquiries, sending engagement-related correspondence, and sharing relevant research, insights, and leadership intelligence publications (with your consent).
• Website improvement — analysing usage patterns to improve site functionality, navigation, content relevance, and user experience.
• Legal compliance — fulfilling our obligations under applicable law, responding to legal process, and enforcing our contractual terms.

3. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent — where you have given explicit consent to the processing, such as subscribing to our insights publications or registering on our portal.
• Contractual necessity — where processing is necessary for the performance of a search engagement or advisory contract.
• Legitimate interest — where processing is necessary for our legitimate business interests (such as identifying candidates for client engagements), provided these interests are not overridden by your data protection rights.
• Legal obligation — where processing is required to comply with applicable laws and regulations.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

• With client organisations — candidate information (résumé, assessment summaries, reference feedback) is shared with client organisations during an active search engagement, only after the candidate has been informed and, where required, has consented.
• With service providers — we engage trusted third-party providers for hosting, email delivery, analytics, and payment processing. These providers are contractually bound to process data only on our instructions and in accordance with applicable data protection standards.
• For legal reasons — we may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers — in the event of a merger, acquisition, or sale of all or a portion of our business, personal data may be transferred as part of the transaction, subject to standard confidentiality agreements.

5. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Candidate data — retained for up to 5 years after the last active engagement to facilitate future opportunities. You may request earlier deletion at any time.
• Client engagement records — retained for 7 years in accordance with Indian tax and commercial law requirements.
• Website analytics data — aggregated and anonymised data is retained indefinitely. Individual-level data is retained for 26 months.
• Portal account data — retained for as long as your account is active and for 12 months after account closure.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls limiting data access to authorised personnel only.
• Regular security assessments and vulnerability testing of our infrastructure.
• Secure hosting on AWS infrastructure with SOC 2 and ISO 27001 certifications.
• Employee confidentiality agreements and regular data protection training.

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Cookies and Tracking Technologies

Our website uses the following categories of cookies:

• Essential cookies — required for basic site functionality such as page navigation, session management, and security. These cannot be disabled.
• Analytics cookies — used to understand how visitors interact with our website, including pages visited, time on site, and traffic sources. We use Google Analytics with IP anonymisation enabled.
• Functional cookies — remember your preferences (such as language, region, or portal settings) to provide a personalised experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing — request that we limit the processing of your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at anandh@gladwininternational.com. We will respond within 30 days of receiving your request.

9. International Data Transfers

Our primary operations are in India. Where we transfer personal data outside India — for example, when presenting candidates to international client organisations or using cloud services hosted in other jurisdictions — we ensure appropriate safeguards are in place, including contractual data protection clauses and, where applicable, compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and its subsequent rules.

10. Children’s Privacy

Our services are directed at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.

11. Third-Party Links

Our website may contain links to third-party websites, including LinkedIn, professional associations, and industry publications. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before sharing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The revised policy will be posted on this page with an updated effective date. We encourage you to review this page periodically. Material changes will be communicated via email to registered portal users.

13. Compliance with Indian Law

This Privacy Policy is designed to comply with applicable Indian data protection legislation, including the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as well as the Digital Personal Data Protection Act, 2023, as and when its rules are notified and come into effect. In the event of any conflict between this policy and applicable law, the provisions of applicable law shall prevail.

14. Grievance Officer

In accordance with applicable Indian regulations, the designated Grievance Officer for data protection matters is: