Last updated: [DRAFT — pending legal review]
1. Who we are & scope
GloCoach International ("GloCoach", "we", "us") operates a leadership-intelligence platform used by enterprises across the Americas, Europe, and Asia-Pacific. We process behavioral data generated through leadership assessments and coaching — including structured interviews, observation-based assessment, and structured evaluations — to produce leadership intelligence for our clients.
This policy applies to personal data we process as a data controller (for our own site, accounts, and business relationships) and, where a client engages us to run an assessment or coaching program, as a data processor acting on that client's documented instructions. Where we act as a processor, the client's own privacy notice also applies to the participant.
2. Data we collect
We collect only the data required to deliver our services and operate our business:
- Identity & contact data — name, work email, job title, organization, and locale, used to administer accounts and engagements.
- Behavioral & assessment data — evidence generated during interviews, observation-based assessment, and structured evaluations, which forms the substance of the leadership intelligence we produce.
- Usage & technical data — log data, device and browser information, and interactions with the platform, used for security, support, and product improvement.
- Cookie & preference data — see our Cookie Policy for detail on how cookies are used, including the language switcher.
3. Lawful basis for processing (GDPR)
Where the EU GDPR (or equivalent UK GDPR) applies, we rely on the following lawful bases:
- Consent — every assessment participant explicitly consents before any behavioral data is collected. Consent is informed, specific to the engagement, and revocable.
- Contract — to administer accounts and deliver services requested by a client organization.
- Legitimate interests — to secure, support, and improve the platform, balanced against the rights of data subjects.
- Legal obligation — where we are required to retain or disclose data by law.
4. How we use data
We use behavioral and assessment data solely to produce leadership intelligence for the client organization that commissioned the engagement. We audit recommendation outputs for adverse-impact patterns before delivery, and we do not surface adverse recommendations without human review.
No third-party model training. We do not use any client's behavioral or assessment data to train models on behalf of, or for the benefit of, any other client or third party. Client data is segmented by organization and is not pooled across clients for external training.
5. Data ownership
Our ownership position is deliberately clear:
- Customers own their PII. Personally identifiable information about a client's participants belongs to the client. We hold it under the engagement contract and return or delete it per the agreed schedule.
- Residual and derived data is GloCoach's intellectual property. The aggregated, de-identified behavioral data and the models and frameworks derived from it — including the GloCoach Leadership Model — remain GloCoach's intellectual property.
This separation lets clients retain full control of their people's identifiable information while allowing GloCoach to maintain the validated intelligence layer that makes the platform work.
6. Retention & deletion
We retain personal data only as long as necessary for the purpose it was collected, or as required by the engagement contract or applicable law. Retention and deletion schedules for behavioral data are specified in each engagement contract. On contract end, identifiable behavioral data is deleted per the agreed schedule and is not retained for model training.
7. Your data-subject rights
Subject to applicable law, you may exercise the following rights over your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Deletion — request erasure of your personal data where a lawful basis to retain it no longer applies.
- Portability — request your data in a structured, machine-readable format.
- Objection & restriction — object to, or restrict, certain processing.
- Withdraw consent — where processing relies on consent, withdraw it at any time; your data is removed from processing on withdrawal.
To exercise any of these rights, contact us via the details in section 11. Where GloCoach acts as a processor for a client engagement, we will direct requests to the relevant client controller where appropriate.
8. International transfers
GloCoach operates globally, and personal data may be transferred to and processed in countries other than the one in which it was collected. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses — to ensure an equivalent level of protection. Details of the safeguards applied to a specific engagement are available on request.
9. China / PIPL addendum
GloCoach operates in the China market. For personal information collected within the People's Republic of China, or relating to individuals in the PRC, the following additional terms apply under the Personal Information Protection Law (PIPL):
- Separate consent — where PIPL requires it, we obtain separate, specific consent for the processing of sensitive personal information and for any cross-border transfer of personal information out of the PRC.
- Cross-border transfer mechanism — transfers of PRC personal information outside China are made only under a lawful mechanism (such as a standard contract filed with the relevant authority, security assessment, or certification, as applicable to the engagement).
- Local handling — where required, PRC personal information is handled and, where applicable, stored in accordance with local data-handling requirements agreed with the client.
- Rights of PRC individuals — individuals in the PRC may exercise their PIPL rights, including access, correction, deletion, and withdrawal of consent, via the contact in section 11.
This addendum supplements, and does not replace, the rest of this policy. Where a conflict arises for PRC personal information, the PIPL-specific terms in this section govern.
10. Security
GloCoach maintains an information-security program certified to ISO 27001 and aligned with EU GDPR. Behavioral data is among the most sensitive personal data an organization can process, and we treat it accordingly:
- Client behavioral data is segmented by organization — no cross-client data use.
- Data is encrypted in transit and at rest.
- Access is role-based, least-privilege, and logged for audit.
- Individual behavioral records are not disclosed without appropriate authorization.
For privacy requests, questions about this policy, or to exercise your data-subject rights, contact us through the Contact section on our About page. We will respond within the timeframes required by applicable law.