Data privacy

23MSQ Privacy Policy

Last Updated: 26 January 2026

Europe, UK, Switzerland

1. Introduction

23MSQ is a leadership advisory firm focused on advising on leadership assessment, 360 diagnostics, development and change delivery.

We are committed to protecting your personal information. This Privacy Policy explains:

  • What personal information we collect

  • How and why we use it

  • How we protect it

  • Who we share it with

  • How long we retain it

  • Your rights in relation to your personal information

2. Who We Are

23MSQ and its associated companies ("23MSQ", "we", "our" or "us") process personal information relating to:

  • Individuals participating in assessments and other diagnostics

  • Individuals engaged in coaching, development or other advisory programmes

  • Client executives and employees connected to an advisory engagement

  • Consultants and contractors

  • Directors

  • Third parties connected to an engagement (e.g. raters, referees, emergency contacts or dependants)

(together referred to as "participants" or "you").

The relevant 23MSQ entity on whose behalf you are engaged will act as the data controller of your personal information. In some cases, other associated 23MSQ companies may also act as independent data controllers where they process your information for their own purposes.

If you have any questions about how your personal information is handled, please contact us.

3. Personal Information We Collect

"Personal information" means any information relating to an identified or identifiable individual.

We may collect and process information including:

  • Employment history and current role

  • Educational background and qualifications

  • Professional certifications

  • Languages and skills

  • Contact details

  • Psychometric and assessment data (e.g. personality, motives and competency profiles)

  • 360 feedback and rater responses

  • Coaching, development and progress notes

  • Records of our communications with you

  • References, comments or assessments provided by third parties

We advise you not to include sensitive personal information (also known as "special category data") in materials you provide unless necessary. This includes information about:

  • Racial or ethnic origin

  • Religious beliefs

  • Health information

  • Trade union membership

  • Sexual orientation

  • Biometric or genetic data

  • Criminal records

If you provide such information, it may be retained in accordance with this policy.

We may also use anonymised and aggregated data for benchmarking, industry insights and statistical analysis. When anonymised, such data no longer identifies you.

4. Sources of Personal Information

We collect personal information from:

You directly (in person, by phone, email, assessment platforms or other correspondence)

  • Psychometric and assessment instruments completed by you

  • 360 raters and feedback providers nominated within an engagement

  • Public sources such as LinkedIn, company websites, press and online publications

  • Our clients, where relevant to an advisory or assessment engagement

Where information is required by contract or law, we will inform you at the time of collection. If mandatory information is not provided, we may not be able to deliver the relevant assessment, development or advisory service.

5. How We Use Your Personal Information

We use your personal information for purposes including:

a) Assessment and Advisory Services

  • Conducting leadership assessments and 360 diagnostics

  • Delivering coaching, development and change-delivery programmes

  • Preparing reports and recommendations for clients

  • Managing engagement processes and communicating with you

Lawful basis:

  • Legitimate interests (delivering our leadership advisory services and assisting clients in assessing and developing talent)

  • Performance of a contract (where applicable)

  • Taking steps at your request prior to entering into a contract

b) Verification and Due Diligence

  • Verifying employment history

  • Confirming professional qualifications

  • Checking regulatory status (where required)

Lawful basis:

  • Compliance with legal obligations

  • Legitimate interests of 23MSQ and its clients

c) Legal and Regulatory Compliance

  • Responding to legal requests

  • Defending legal claims

  • Complying with statutory obligations

Lawful basis:

  • Legal obligation

  • Legitimate interests

We may also process personal information where necessary to protect the legitimate interests of a client, provided those interests are not overridden by your fundamental rights.

Unless specifically stated, we do not rely on consent as our primary lawful basis for processing.

6. Sharing of Personal Information

With Clients

Where we conduct an assessment, diagnostic or development programme on behalf of a client, we share assessment outputs, reports and recommendations with that client in accordance with the engagement terms. We will make clear at the outset of any engagement how your information and results will be shared.

Within 23MSQ

Your personal information may be accessed on a need-to-know basis by:

  • Advisory partners, consultants and analysts

  • Managers

  • IT and system administrators

  • Finance and HR support teams

  • With Service Providers

We work with trusted third parties who support our operations, including:

  • IT system providers and hosting services

  • Assessment and psychometric platform providers

  • Database providers

  • Professional advisers

Where third parties act as data processors, they process personal information only on our instructions and are required to maintain appropriate security and confidentiality.

We may also disclose personal information to public authorities where legally required.

7. Data Security

We implement appropriate technical and organisational measures to protect personal information from:

  • Unauthorised access

  • Loss

  • Misuse

  • Alteration

Our internal policies are designed to ensure data accuracy, integrity and confidentiality. Where we share information with third parties, we require them to protect it in accordance with applicable data protection laws.

8. Data Retention

We retain personal information only for as long as necessary for:

  • Assessment, development and advisory purposes

  • Legal and regulatory compliance

  • Legitimate business needs

We retain personal information in line with the principles of the UK GDPR and EU GDPR — kept only for as long as necessary for the purposes for which it was collected. Specific retention periods are set in accordance with applicable client agreements and engagement terms. Where no longer required, records are securely deleted or anonymised in accordance with our retention policies.

9. International Transfers

23MSQ operates internationally. Your personal information may be transferred to associated companies or service providers located outside your country, including in:

  • European Union

  • United Kingdom

  • United States

  • Switzerland

  • India

  • New Zealand

  • Australia

Where required, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or relevant supervisory authorities.

You may request further details by contacting us.

10. Your Rights

Subject to applicable law, you have the right to:

  • Access your personal information

  • Request correction of inaccurate data

  • Request erasure of your data (in certain circumstances)

  • Restrict processing

  • Object to processing based on legitimate interests

  • Withdraw consent (where processing is based on consent)

  • Request data portability (where applicable)

If you object to processing based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds or the processing is required for legal claims.

You also have the right to lodge a complaint with a supervisory authority in your country of residence.

11. Additional Privacy Notices

Certain processing activities may be subject to additional privacy notices. Where applicable, these will be provided separately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory or operational changes. Where appropriate, we will notify you of material updates.

United States

1. Introduction

23MSQ is a leadership advisory firm advising clients on leadership assessment, 360 diagnostics, development and change delivery.

This Privacy Policy explains how we collect, use, disclose and protect personal information in the United States, and describes the rights available to you under applicable U.S. privacy laws.

By interacting with 23MSQ, submitting your information to us, or participating in a leadership assessment, diagnostic or advisory engagement, you acknowledge the practices described in this Privacy Policy.

2. Who We Are

"23MSQ," "we," "our," or "us" refers to 23MSQ and its affiliated companies operating in the United States and globally.

We process personal information relating to:

  • Individuals participating in leadership assessments or 360 diagnostics

  • Individuals engaged in coaching, development or advisory programmes

  • Client executives and employees connected to an advisory engagement

  • Consultants and contractors

  • Directors

  • Raters, referees and business contacts

  • Other individuals connected to an engagement

(collectively, "participants" or "you").

For purposes of applicable U.S. privacy laws, 23MSQ acts as the "business" responsible for the collection and use of your personal information.

3. Personal Information We Collect

We collect personal information that identifies, relates to, describes, or could reasonably be linked to you.

Depending on your interaction with us, we may collect:

  • Professional Information

  • Employment history

  • Job title and work experience

  • Education and qualifications

  • Professional licenses and certifications

  • Skills and language capabilities

  • Contact Information

  • Name

  • Email address

  • Telephone number

  • Mailing address

  • LinkedIn or professional profiles

  • Assessment Information

  • Psychometric and assessment data (e.g. personality, motives and competency profiles)

  • 360 feedback and rater responses

  • Coaching, development and progress notes

  • Verification of qualifications

  • Communications

  • Records of communications between you and 23MSQ

  • Notes, evaluations or feedback relating to engagement processes

We request that you do not provide sensitive personal information (such as Social Security numbers, health information, racial or ethnic origin, or criminal history) unless specifically requested and legally required.

4. Sources of Personal Information

We collect personal information from:

  • You directly (e.g., submissions, email, phone, meetings, assessment platforms)

  • Psychometric and assessment instruments completed by you

  • 360 raters and feedback providers nominated within an engagement

  • Public sources (e.g., LinkedIn, company websites, press releases)

  • Clients in connection with advisory and assessment engagements

5. How We Use Personal Information

We use personal information for business purposes, including:

  • Assessment & Advisory Services

  • Conducting leadership assessments and 360 diagnostics

  • Delivering coaching, development and change-delivery programmes

  • Preparing reports and recommendations for clients

  • Managing engagement processes

  • Verification & Due Diligence

  • Verifying qualifications and employment history

  • Conducting professional reference checks

  • Supporting client regulatory compliance

  • Business Operations

  • Managing our internal records

  • Maintaining our database

  • Improving our services

  • Legal & Compliance

  • Complying with applicable laws

  • Responding to legal requests

  • Defending legal claims

We do not sell personal information in exchange for monetary consideration.

6. Disclosure of Personal Information

We may disclose personal information to:

Clients

Where we conduct an assessment, diagnostic or development programme on behalf of a client, we share assessment outputs, reports and recommendations with that client in accordance with the engagement terms.

Service Providers

We engage third-party service providers who support our business, including:

  • IT hosting and database providers

  • Assessment and psychometric platform providers

  • Background verification services

  • Professional advisors

These service providers are contractually required to use personal information only for the purposes of providing services to 23MSQ.

Legal Authorities

We may disclose personal information when required by law or to protect legal rights.

7. Data Retention

We retain participant information for as long as reasonably necessary to:

  • Support assessment, development and advisory activities

  • Maintain professional records

  • Comply with legal and regulatory requirements

Specific retention periods are set in accordance with applicable client agreements and engagement terms. Where no longer required, records are securely deleted or anonymized.

8. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, misuse, or alteration.

However, no method of transmission or storage is completely secure.

9. International Transfers

23MSQ operates globally. Personal information may be stored or processed in the United States or other countries where we or our service providers operate.

By submitting your personal information, you understand that it may be transferred to and processed in jurisdictions that may have different privacy laws than your state or country of residence.

10. U.S. Privacy Rights (Including California Residents)

Depending on your state of residence, you may have certain rights under applicable privacy laws (including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)).

These rights may include:

  • The right to know what personal information we collect, use, disclose, or retain

  • The right to request deletion of your personal information

  • The right to request correction of inaccurate information

  • The right to opt out of the sale or sharing of personal information (Note: 23MSQ does not sell personal information)

  • The right to non-discrimination for exercising privacy rights

To submit a privacy request, contact 23MSQ.

We may verify your identity before processing your request.

Authorized agents may submit requests on your behalf, subject to verification requirements.

11. Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised "Last Updated" date.