GDPR Policy


  1. A Personal Data policy is required by both the United Kingdom and European Union data protection regulations. This is that policy (the Policy) for Marbal Holdings Limited and its global subsidiaries (together the Company).
  2. The Company’s Policy is available on request to any person with whom its employees come into contact whilst conducting the business of executive search. Any employee receiving such a request must inform both their senior Partner and the COO within 24 hours. A copy of the Policy must be provided to a data subject who issues a request within 5 working days of the request being made.
  3. Any data subject requesting that their personal data be removed will be considered by the Directors of the company. All decisions will be made fairly and transparently. The company would be biased in favour of continuing to store any personal data that is publicly available but in respect of other data will respect the data subject’s right to rectify inaccurate personal data concerning them and to have data erased and to have confirmation of erasure.
  4. This Policy will be available via the Company’s website.
  5. This Policy will be advertised as being available on request via our e-mail signatures.
    Whilst the regulations are primarily aimed at both United Kingdom and the European Union organisations carrying out their work within either the United Kingdom or European Union, the Company applies it to its worldwide business dealings.
  6. Likewise, whilst the regulations are primarily aimed at the storage and/or processing of personal data of individuals residing in both the United Kingdom and the European Union, even if they are neither United Kingdom nor European Union citizens, the Company applies this GDPR Policy to its worldwide business dealings.
  7. The Policy is a stand-alone document and not incorporated into the Company’s employee handbook. Each employee is expected to acknowledge their understanding of and compliance with the Policy in writing on an annual basis. Breaching this Policy may result in disciplinary action for misconduct, including dismissal. Obtaining (including accessing) or disclosing personal data in breach of the Company’s Policy may also be a criminal offence.
  8. The Policy is reviewed annually, being approved by both the Partners and Chair of the Company. The Director of the Company takes ultimate responsibility for data protection.


The Company adheres to the core principles under-pinning the Regulations:

  • that all personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject,
  • that such data will only be collected and processed for specified, explicit and legitimate purposes.


“Candidate” means any individual with whom the Company interacts with for the purposes of introducing them to a Client, discussing future employment opportunities or sourcing market intelligence (including referencing).

“Client” means any organisation and individual/employee of that organisation that the Company provides executive search or advisory services to (including compensation analysis, diversity studies, business introductions and other benchmarking).

“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Supplier” means any organisation and individual/employee of that organisation that provides services to the Company.