Privacy Policy

Last updated: 12.12.2025

P2T Global Search Oy (operating under the brand AIKON Partners) (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, store, share and protect personal data during the course of our executive search, advisory and related consulting services, and through interactions with our website and marketing activities.

We encourage you to read this Policy carefully. Transparency and trust are foundational to how we operate.

1 Data Controllers within the AIKON Partner Network

The primary Data Controller for all operations is:

P2T Global Search Oy
ID: 3186970-2, PL 10, 02101 Espoo, Finland
Email: [email protected]

We work with legally independent partner firms under the AIKON Partners brand in several countries. When a local partner leads or significantly contributes to delivery in their country, that local entity may act as an Independent Joint Controller of personal data. In such cases:

AIKON HQ remains responsible for contract and overall assignment governance
The local partner entity is responsible for data handling under its own controller role for activities conducted locally
Both parties cooperate to protect personal data and respond to rights requests

All partner entities are required to operate with GDPR-equivalent standards and are bound by internal data protection agreements.

The Data Protection Lead for our network can be contacted at: [email protected]

2 The Types of Personal Data We Collect

We collect and process personal data depending on your relationship with us (e.g. candidate, client contact, referee, website visitor).

Data categories include:

Candidate and executive data

Contact details (name, email, phone, address)
Career history, CVs, education, qualifications
Interview assessments and notes
Compensation and motivation details
Third-party references (with consent)
Publicly available professional data (e.g. LinkedIn)

Client and business contact data

Name, job title, employer, contact details
Business communications, proposals and agreements

Marketing & website usage data

Technical data (IP address, browser, OS, device)
Cookies, analytics, user behaviour data
Communication preferences, unsubscribes

We do not intentionally collect sensitive data unless it is clearly relevant and necessary (e.g. DE&I initiatives), and where required we will request explicit consent.

3 How We Collect Personal Data

We may obtain personal data:

Directly from you (email, calls, applications, business cards, meetings)
From clients who engage us for executive search
From publicly available sources (LinkedIn, company websites, press, databases)
From professional referrals and networks (with transparency & respect)
Through our website and digital marketing tools

4 Why We Process Personal Data (Purposes & Legal Bases)

Purpose	Legal Basis
Executive search assignments — identifying, assessing and presenting candidates	Legitimate interest (GDPR Art. 6(1)(f)) and/or Contract (Art. 6(1)(b))
Candidate representation and long-term career advisory	Consent (Art. 6(1)(a))
Managing client relationships and delivering services	Contract and Legitimate interest
Legal, compliance, finance and invoicing	Legal obligation (Art. 6(1)(c))
Relationship-building and marketing communications	Consent or Legitimate interest (with opt-out)
Analytics, security and performance of website	Consent (cookies) and/or Legitimate interest

Where we rely on legitimate interest, we ensure our interest does not override your rights and freedoms.

You may withdraw consent at any time.

5 Recruitment & Candidate Data Practices

Because we provide executive search services, we apply the following principles:

We ensure confidential handling of candidate profiles and backgrounds.
We only share a candidate’s information with a client with candidate consent.
We collect relevant information needed to match and evaluate candidates for roles.
For individuals considered for future opportunities, we renew consent every 24 months; if not renewed, data is deleted.
Candidates may request correction or deletion at any time.

6 Shared Responsibility with Local Partner Controllers

In cross-border assignments:

AIKON HQ determines overall strategy, client relations and data governance.
Local partner-entities may determine local sourcing, candidate communication, assessment and evaluation methods.

Where the local partner acts as an Independent Joint Controller, individuals will be informed of the identity and contact information of the relevant local partner when required.

Data subject rights may be exercised with either HQ or the local controller.

Internal processes ensure coordination of responses within GDPR timelines (1 month).

7 International Transfers

We operate internationally, including cooperation with stakeholders in:

United Kingdom
United States
China
United Arab Emirates

Whenever personal data is transferred outside the European Economic Area (EEA), we ensure an appropriate safeguard is in place such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where available
Explicit consent where applicable

We ensure that any recipient protects data to GDPR-equivalent standards.

8 Data Sharing & Third-Party Processors

We may share personal data with:

Clients who have entrusted us with executive search
Local partner firms within AIKON network (see Section 6)
Service providers supporting our operations (e.g. CRM, IT hosting, cloud platforms, digital marketing)
Legal, compliance or auditing advisors when necessary

All processors are bound by data processing agreements ensuring confidentiality , data security and GDPR compliance.

We never sell personal data to third parties.

9 Data Retention

We retain personal data only as long as needed for the purposes described:

Data Type	Retention
Candidates under active recruitment	Duration of assignment + 24 months (consent renewal)
Clients and business contacts	Minimum 10 years due to legal/accounting obligations
Marketing contacts	Until consent withdrawn
Website & analytics	As per Cookie Policy

When retention expires, data is securely deleted or irreversibly anonymised.

10 Your Rights as a Data Subject

Under GDPR, you have the right to:

Access your personal data
Request correction of inaccuracies
Request deletion (“right to be forgotten”)
Object to processing based on legitimate interest
Restrict processing under certain conditions
Request a copy of your data in a portable format
Withdraw consent for future processing

To exercise your rights, contact: [email protected]
We respond within one month, free of charge (unless requests are unfounded or excessive).

You have the right to lodge a complaint with:
Office of the Data Protection Ombudsman – Finland
https://tietosuoja.fi/en/home

11 Cookies & Website Analytics

We use cookies to improve website performance and usability.
Details — including how to manage consent — are provided in our Cookie Policy.

Non-essential cookies are used only with consent.

12 Data Security & Breach Handling

We implement technical and organisational measures to protect personal data including:

Secure access controls
Encryption where appropriate
Confidentiality obligations
Regular compliance review

In the unlikely event of a personal data breach creating risk to individuals:

We notify Finnish supervisory authorities within 72 hours
If high risk, we inform affected individuals without undue delay

13 Updates to This Policy

We may update this Policy to remain compliant with law and adapt to business changes.
The latest version is always available on our website.
We will notify data subjects where required for significant changes.

14 Contact

If you have any questions or wish to exercise your rights:
📩 [email protected]

We are committed to treating all personal data with respect, discretion and care, reflecting the trust placed in us by our clients and candidates worldwide.