Privacy

Data Protection Protocol

This Protocol describes how personal data is handled in connection with briefing requests, candidacy review, membership administration, and compliance.

1. Data Collection

Personal data is collected on a data-minimisation basis. Information is requested only where necessary to review a briefing request, assess candidacy, perform verification where applicable, administer membership, and meet legal obligations.

Identity and contact: name, email address, phone number, country of residence, and information provided in the briefing request.
Professional profile: role, background submitted by the candidate, and optional reference links.
Candidacy information: statements regarding expectations and fit.
Verification data (where applicable): identity verification outputs and background review information obtained directly or via specialist providers.
Contract and transaction data (if admitted): agreements, invoices, payment confirmations, refunds, and related correspondence.
Technical and security logs: limited logs for security, reliability, and abuse prevention.

2. Cookies & Analytics

The website uses cookies and similar technologies for essential functionality, security, and analytics.

Google Analytics 4 (GA4)

GA4 is used to produce aggregated statistics about site usage and to improve website performance.

Where required by applicable law, analytics cookies are set only after consent is provided through the cookie banner.

Google may process certain data as a service provider. International transfers may occur depending on Google’s processing locations. Where required, appropriate safeguards are applied.

3. Purposes & Legal Bases

Briefing and candidacy review: to review submissions and, where appropriate, schedule a confidential briefing.
Verification (where applicable): to verify identity and perform background review and compliance checks where required or appropriate.
Membership administration: to administer membership, communications, invoices, and payments.
Compliance and risk: to meet legal obligations and manage fraud and abuse risk.

4. Security

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, alteration, disclosure, or loss.

Access control: limited on a need-to-know basis, subject to confidentiality obligations.
Service providers: specialist providers may be used for hosting, communications, and verification, under contractual data protection obligations.
Incident response: notifications are made where required by applicable law.

5. Retention

Personal data is retained only as long as necessary for the purposes described in this Protocol and as required by applicable law.

Admitted members: retained for the duration of membership and for limited periods thereafter where required for administration, audits, or legal claims.
Non-admitted candidates: deleted or anonymised within a reasonable period unless retention is required for compliance, fraud prevention, or legal defence.
Termination of the initiative: handled in accordance with legal retention requirements and any contractual processes (including refunds where relevant).

6. Rights

Depending on jurisdiction (including GDPR where applicable), data subjects may have rights such as access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.

Requests may be submitted to privacy@thetazouda.com. Additional information may be requested to verify identity before acting on a request.