GDPR COMPLIANCE
This GDPR Notice (“Notice”) is addressed specifically to individuals located in the European Economic Area (EEA) and the United Kingdom (UK) and supplements the Global Accord Strategies Privacy Policy. It is provided in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation” or “GDPR”), as well as the UK General Data Protection Regulation (“UK GDPR”) as retained in UK domestic law by the European Union (Withdrawal) Act 2018, and the UK Data Protection Act 2018.
Global Accord Strategies recognizes that robust data protection is a fundamental right and a pillar of responsible corporate governance — values that sit at the heart of everything we advise our own clients on. We therefore take our GDPR obligations with the utmost seriousness and have structured our data practices to fully reflect both the letter and the spirit of the Regulation.
Section 1 — Data Controller Details
The data controller responsible for processing personal data of EEA and UK data subjects is:
Detail | Information |
Data Controller | Global Accord Strategies |
Registered Address | 1209 Orange Street, Wilmington, DE 19801, County of New Castle, United States |
Jurisdiction | State of Delaware, United States |
Data Protection Email | dpo@globalaccordstrategies.com |
General Legal Contact | legal@globalaccordstrategies.com |
Website | www.globalaccordstrategies.com |
As a U.S.-based entity processing the personal data of EEA and UK individuals, KGlobal Accord Strategies is subject to the GDPR and UK GDPR under their extra-territorial scope provisions (Article 3 GDPR; Section 3 UK GDPR), in so far as we offer services to individuals or businesses in the EEA and UK, or monitor the behavior of individuals in those territories.
Section 2 — Categories of Personal Data Processed
Global Accord Strategies processes the following categories of personal data of EEA and UK data subjects:
2.1 Contact and Identity Data
Full name, job title, professional designation, business email address, telephone number, business postal address, LinkedIn or professional profile URL, and the name of the organization you represent.
2.2 Engagement and Professional Data
Details of the advisory, regulatory, or coaching services you or your organization have engaged or inquired about; industry sector and regulatory environment of your business; organizational structure details; strategic challenges and growth objectives shared in the context of an engagement; meeting notes; and records of workshops, coaching sessions, and webinar participation.
2.3 Financial and Billing Data
Invoice details, billing address, and payment confirmation records relevant to commercial engagements. Full payment card data is not retained by Global Accord Strategies and is processed exclusively by our PCI-compliant third-party payment processor.
2.4 Technical and Website Usage Data
IP address, browser type and version, device type, operating system, pages visited on the Global Accord Strategies Website, session duration, referral source, and cookie identifiers. This data is collected automatically when you visit our Website.
2.5 Recruitment Data
Where you apply for a position at Global Accord Strategies, we process your curriculum vitae, educational and employment history, professional references, and other information submitted as part of your application.
2.6 Special Category Data
We do not intentionally or routinely collect special category data as defined in Article 9 GDPR (which includes data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation). Should any special category data be voluntarily disclosed to us in the context of a coaching or advisory engagement, we will process it only on the basis of your explicit consent and only to the extent strictly necessary for the delivery of the relevant service.
Section 3 — Legal Bases for Processing (GDPR Article 6)
Every processing activity carried out by Global Accord Strategies in relation to EEA and UK data subjects is grounded in a specific, valid legal basis under GDPR Article 6. The table below sets out the principal processing activities and their corresponding legal bases.
Processing Activity | Legal Basis | GDPR Article |
Service delivery and engagement management | Performance of a contract | Art. 6(1)(b) |
Billing and account administration | Performance of a contract | Art. 6(1)(b) |
Pre-engagement inquiries and proposals | Pre-contractual steps at your request | Art. 6(1)(b) |
Tax, financial, and corporate record-keeping | Legal obligation | Art. 6(1)(c) |
AML/KYC procedures where applicable | Legal obligation | Art. 6(1)(c) |
Website security and fraud prevention | Legitimate interests | Art. 6(1)(f) |
Website analytics and service improvement | Legitimate interests | Art. 6(1)(f) |
Business development outreach | Legitimate interests | Art. 6(1)(f) |
Marketing communications and newsletters | Consent | Art. 6(1)(a) |
Coaching participant data from enrolling org | Performance of a contract | Art. 6(1)(b) |
Responding to regulatory authority requests | Legal obligation / Legitimate interests | Art. 6(1)(c)/(f) |
Recruitment and talent acquisition | Pre-contractual steps / Legitimate interests | Art. 6(1)(b)/(f) |
Where Global Accord Strategies relies on legitimate interests as the legal basis for processing, we have conducted a balancing assessment to confirm that our interests are not overridden by your fundamental rights and freedoms. Details of those assessments are available on request by contacting dpo@globalaccordstrategies.com.
Section 4 — Your Rights Under the GDPR (Articles 15–22)
As a data subject located in the EEA or UK, you have a comprehensive set of rights with respect to your personal data. Global Accord Strategies is fully committed to facilitating the exercise of these rights without undue delay, unnecessary barriers, or charge (except where requests are manifestly unfounded or excessive).
Article 15 — Right of Access
You have the right to obtain confirmation from Global Accord Strategies as to whether or not we process personal data concerning you, and where we do, to receive a copy of that data together with supplementary information about the purposes of processing, the categories of data processed, recipients, retention periods, and the existence of your other rights.
Article 16 — Right to Rectification
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Article 17 — Right to Erasure (“Right to Be Forgotten”)
You have the right to obtain the erasure of personal data concerning you without undue delay where: (i) the data is no longer necessary for the purposes for which it was collected; (ii) you withdraw consent and there is no other legal basis for processing; (iii) you object to processing under Article 21 and there are no overriding legitimate grounds; (iv) the data has been unlawfully processed; or (v) erasure is required for compliance with a legal obligation. We may decline an erasure request where retention is required by law or is necessary for the establishment, exercise, or defence of legal claims.
Article 18 — Right to Restriction of Processing
You have the right to request restriction of processing in circumstances including: where you contest the accuracy of the data (while we verify it); where processing is unlawful and you oppose erasure; where we no longer need the data but you require it for legal claims; or where you have objected to processing and we are verifying whether our legitimate interests override yours.
Article 20 — Right to Data Portability
Where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format (such as CSV or JSON), and to transmit that data to another controller where technically feasible.
Article 21 — Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing based on legitimate interests (Article 6(1)(f)), including profiling. Global Accord Strategies shall cease processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or for the establishment, exercise, or defence of legal claims.
You have an absolute right to object to your personal data being processed for direct marketing purposes at any time. Upon receipt of such an objection, Global Accord Strategies will immediately cease direct marketing to you.
Article 22 — Rights in Relation to Automated Decision-Making and Profiling
Global Accord Strategies does not engage in solely automated decision-making — including profiling — that produces legal effects or similarly significantly affects you. All decisions made in the context of our advisory and coaching engagements involve meaningful human involvement.
How to Exercise Your Rights
To submit a data subject rights request, please contact us in writing at dpo@globalaccordstrategies.com or by postal mail to: Global Accord Strategies, Attn: Data Protection, 1209 Orange Street, Wilmington, DE 19801, United States.
Please include your full name, contact details, and sufficient information to enable us to identify you and understand the nature of your request. We will acknowledge your request within 72 hours and provide a full response within one (1) calendar month. In complex or numerous cases, we may extend this by a further two (2) months, with notification and explanation provided within the first month. We will not charge a fee for data subject requests unless a request is manifestly unfounded or excessive.
Section 5 — International Transfers of Personal Data
Global Accord Strategies is headquartered in the United States. The United States does not hold a general adequacy decision from the European Commission for the purposes of GDPR Chapter V. As a result, transfers of EEA personal data to Global Accord Strategies in the United States constitute a transfer to a third country.
Global Accord Strategies ensures that all such transfers are governed by appropriate safeguards as required by GDPR Article 46, specifically:
- Standard Contractual Clauses (SCCs): Global Accord Strategies relies on the Standard Contractual Clauses for controller-to-controller and controller-to-processor transfers, as adopted by the European Commission in Decision 2021/914. Where we transfer data to third-party processors or sub-processors outside the EEA, we require them to execute SCCs or equivalent transfer mechanisms.
- UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom, Global Accord Strategies relies on the UK IDTA as approved by the UK Secretary of State.
A copy of the relevant SCCs or transfer documentation may be requested by contacting dpo@globalaccordstrategies.com.
Section 6 — Data Retention Under GDPR
In accordance with the GDPR principle of storage limitation (Article 5(1)(e)), Global Accord Strategies does not retain personal data for longer than is necessary for the purposes for which it was collected.
Data Category | Retention Period |
Active engagement records | Minimum 7 years from end of engagement |
Prospective client inquiries (not converted) | 2 years from last contact |
Coaching participant records | 5 years post-engagement |
Marketing consent records | Until consent withdrawn |
Recruitment data | 12 months post-process |
Upon expiry of applicable retention periods, personal data is securely deleted or rendered permanently anonymous in a manner that prevents re-identification.
Section 7 — Data Security Under GDPR (Article 32)
In accordance with Article 32 of the GDPR, Global Accord Strategies implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing. These measures take into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk to the rights and freedoms of natural persons.
Our technical and organizational measures include: encryption of data in transit and at rest where appropriate; access controls and role-based access permissions; staff confidentiality obligations and data protection training; vendor due diligence and contractual data processing agreements with all sub-processors; regular vulnerability assessments of our digital infrastructure; and a documented data breach response procedure.
Section 8 — Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, Global Accord Strategies will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.
Where the breach is likely to result in a high risk to the rights and freedoms of the affected individuals, Global Accord Strategies will communicate the breach to those individuals directly without undue delay in accordance with Article 34 GDPR, providing a clear description of the nature of the breach, the likely consequences, the measures taken or proposed, and the contact details of our data protection contact point.
Section 9 — Right to Lodge a Complaint With a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data by Global Accord Strategies infringes the GDPR or UK GDPR.
For EEA residents: You may lodge a complaint with the supervisory authority in your EU Member State of habitual residence, place of work, or place of the alleged infringement. A full list of EU supervisory authorities is maintained by the European Data Protection Board at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For UK residents: You may lodge a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom. Website: https://ico.org.uk | Helpline: 0303 123 1113
Global Accord Strategies would appreciate the opportunity to address your concerns before you approach a supervisory authority, and we encourage you to contact us in the first instance at dpo@globalaccordstrategies.com.
Section 10 — Updates to This GDPR Notice
This Notice will be reviewed and updated periodically to reflect changes in our data practices or in applicable law. Material changes will be communicated directly to affected EEA and UK data subjects where we hold contact information, and will be prominently displayed on our Website. The current version will always be available at www.globalaccordstrategies.com.