Skip to main content

Positive Moves Global Data Protection & Privacy Framework

Overview
This document describes how Positive Moves Consulting International LLP and its affiliates (“Positive Moves,” “we,” “our,” or “us”) govern, protect, and manage Personal Data across our global operations. It supplements our Privacy Policy and provides an overview of the privacy governance, data protection measures, and information security practices we maintain in accordance with applicable data protection laws. Positive Moves operates internationally and processes Personal Data in multiple jurisdictions. Accordingly, our data protection framework is designed to comply with, without limitation, the Digital Personal Data Protection Act, 2023 of India (“DPDP Act”), the EU General Data Protection Regulation and UK GDPR (“GDPR”), the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data, the DIFC Data Protection Law, and other applicable privacy and data protection regulations.

Who We Are & What We Do
Positive Moves is a global executive search and leadership advisory firm with over three decades of experience partnering with leading organizations worldwide. We support our clients in identifying, assessing, and appointing senior leadership talent through highly confidential executive search and leadership advisory engagements. Due to the nature of senior leadership hiring, our services often involve engaging with experienced professionals over extended periods of time and maintaining carefully curated leadership talent networks across industries and geographies. The confidentiality of information and the responsibility for handling of Personal Data are fundamental to our business model and our long-standing client and candidate relationships.

Our Commitment to Privacy
Trust is the foundation of our relationships with clients, candidates, employees, and business partners. Positive Moves is committed to protecting Personal Data through responsible governance, transparent practices, and robust technical and organizational safeguards. Depending on the jurisdiction and processing context, Positive Moves acts as a Data Fiduciary under Indian law and as a Data Controller under GDPR, UAE, and similar global privacy regimes. We embed privacy and data protection principles into our business processes, technology platforms, and service delivery activities to ensure the confidentiality, integrity, and availability of Personal Data entrusted to us.

Privacy Accountability & Regulatory Compliance
Data protection laws require organizations to process Personal Data in a lawful, fair, and transparent manner while enabling legitimate business activities. Positive Moves determines the purposes and means of processing Personal Data and is accountable for compliance across the entire data lifecycle, including collection, use, disclosure, storage, cross border transfer, and deletion. Our privacy framework is designed to meet global regulatory expectations while allowing for jurisdiction specific adaptations where required by law.

Privacy Governance Framework
Positive Moves maintains a structured privacy governance framework supported by senior leadership and cross functional operational teams. Oversight is provided by management, with responsibility shared across legal, privacy, information security, IT, HR, and operations functions. Policies, procedures, and controls are reviewed periodically to ensure continued effectiveness, regulatory alignment, and consistency across geographies. This governance structure enables the consistent application of privacy principles across all regions in which we operate.

Privacy Policies & Transparency
We maintain Privacy Notices and related disclosures that explain, in clear and accessible terms, the categories of Personal Data we collect, the purposes for which it is processed, the lawful bases for processing, the rights available to individuals, and the safeguards we use to protect Personal Data. These notices are reviewed and updated periodically to reflect changes in law, regulatory guidance, and business operations.

Lawful Processing & Consent
Personal Data is processed only for defined and legitimate business purposes. Depending on the jurisdiction and context, processing may be based on consent, contractual necessity, legitimate interests, or compliance with legal obligations. Where consent is required, it is obtained through clear and specific notices and may be withdrawn in accordance with applicable law. Appropriate records of processing activities are maintained to support accountability and compliance.

Data Minimization & Retention
Positive Moves applies the principles of data minimization and storage limitation. We collect only the Personal Data necessary for the purposes for which it is processed and retain such data only for as long as required to meet business needs, legal obligations, or regulatory requirements. When Personal Data is no longer required, it is securely deleted, anonymized, or archived in accordance with documented retention and disposal practices.

Individual Rights
We have established procedures to enable individuals to exercise their rights under applicable data protection laws. Depending on the jurisdiction, these rights may include access to Personal Data, correction of inaccurate data, erasure where legally permissible, restriction or objection to certain processing activities, and withdrawal of consent.

Requests and inquiries may be submitted to:
Legal@positivemoves.com
Data.Safety@positivemoves.com

Grievance & Complaint Handling
In accordance with applicable data protection laws, Positive Moves maintains grievance redressal and complaint handling mechanism. All complaints are acknowledged and reviewed in a timely manner and resolved in accordance with defined internal procedures, with escalation where appropriate.

Personal Data Breach Management
Positive Moves maintains documented procedures to detect, assess, and respond to Personal Data breaches and security incidents. These procedures include mechanisms for internal reporting, incident containment, remediation, and notification to affected individuals and regulators where required by law. Incident response processes are tested periodically to support operational readiness.

Cross Border Transfers
Given the global nature of our operations, Personal Data may be transferred across borders. Such transfers are conducted in accordance with applicable data protection laws and government notifications and are supported by appropriate contractual, technical, and organizational safeguards. Cross border data transfer arrangements are reviewed periodically.

Information Security Measures
Our information security program supports global privacy compliance and aligns with recognized industry standards, including ISO/IEC 27001. It includes documented security policies, centralized oversight, secure infrastructure, access controls based on least privilege, encryption where supported, continuous monitoring, and incident response capabilities designed to protect Personal Data against unauthorized access, loss, or misuse.

Employee Awareness & Confidentiality
Employees receive regular privacy and information security training and are subject to contractual confidentiality obligations. Physical and logical access controls, along with clean desks and secure workspace practices, further support the protection of Personal Data.

Conclusion
Positive Moves recognizes its responsibilities as a Data Fiduciary and Data Controller across multiple jurisdictions. We are committed to protecting Personal Data through strong governance, effective safeguards, and continuous improvement of our privacy and information security practices. Leadership oversight, employee accountability, and transparency remain central to our approach.

For questions regarding our privacy and data protection practices, please contact:
Legal@positivemoves.com
Data.safety@positivemoves.com

New York | London | Paris | Dubai | Mumbai | New Delhi | Singapore