GMA Trust Center

Global Management Associates (“GMA”, “we”, “us”, “our”) respects your privacy and is committed to handling your personal data in line with globally recognized privacy principles. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you visit or interact with our website at https://www.globalpmapl.com (the “Website”), submit enquiries or information, schedule a consultation, subscribe to communications (if offered), attend a webinar or event (if organized), or communicate with us by email, phone, WhatsApp, or other channels. For the purposes of applicable privacy laws, GMA generally acts as the “data controller” (or equivalent term such as “data fiduciary”) for personal data processed through this Website and for our business administration activities, unless we clearly inform you otherwise in writing for a specific engagement.

When you interact with the Website, we may collect personal data you choose to provide, such as your name, business email, phone number, company name, designation, country, and the content of your message, query, or request. We may also collect technical and usage data automatically through standard web technologies, which can include IP address, approximate location inferred from IP (not precise geolocation), device type, browser type, operating system, timestamps, referring URLs, pages viewed, and interaction events. Where cookies and similar technologies are used, this information may be collected to maintain core site operations, protect security, measure performance, and improve user experience. We do not intentionally request sensitive personal data through open web forms, and you should not provide sensitive personal data (such as passwords, government identifiers, health data, or financial account details) unless we specifically request it through secure channels for a lawful purpose.

We process personal data for legitimate business purposes, including to respond to enquiries and provide requested information, proposals, and communications; to schedule consultations or meetings; to maintain business records and relationship history; to operate, maintain, secure, and improve the Website; to detect and prevent fraud, misuse, security incidents, and unauthorized access; to evaluate and improve the quality of our services and communications; and to comply with legal, regulatory, tax, audit, and contractual obligations. Where required, we rely on an appropriate lawful basis for processing. Depending on the context and your jurisdiction, our lawful bases may include your consent (for example, for optional marketing communications or non-essential cookies where consent is required), performance of a contract or taking steps at your request prior to entering into a contract, compliance with legal obligations, and legitimate interests (for example, responding to B2B enquiries, improving service quality, and ensuring security) balanced against your rights and expectations.

We do not sell personal data. We may share personal data with vetted service providers and business partners who support the operation of the Website and our business functions, such as hosting providers, email and communications tools, CRM systems, scheduling tools, analytics providers, and IT/security vendors. Such parties are permitted to process personal data only to perform services on our behalf (or as otherwise contractually agreed), and are expected to maintain appropriate confidentiality, security, and compliance controls. We may also disclose personal data to professional advisors (such as legal, financial, or tax advisors) where necessary, and to competent authorities, regulators, or law enforcement where required by law or where disclosure is necessary to protect our rights, the safety of users, or the integrity of our operations.

Because we operate internationally, your personal data may be transferred to and processed in jurisdictions outside your country of residence. Where cross-border transfer requirements apply, we implement appropriate safeguards consistent with applicable law, which may include contractual protections, vendor assessments, and security governance measures designed to ensure an adequate level of protection. We retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Policy, to maintain internal records for legitimate business needs, to meet legal and regulatory retention obligations, and to resolve disputes or enforce agreements. Retention periods vary depending on the nature of the data and relationship; when personal data is no longer required, we delete, anonymize, or de-identify it, unless continued retention is required by law or necessary to establish, exercise, or defend legal claims.

We maintain reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, loss, misuse, or disclosure. These measures may include access controls, least-privilege permissions, encryption in transit, security monitoring, vendor governance, and incident response processes. While we apply enterprise-grade controls appropriate for our operations, no system can be guaranteed to be completely secure, and you acknowledge that transmission of information via the internet carries inherent risk. Subject to applicable law and your location, you may have rights in relation to your personal data. These may include the right to request access, correction, deletion or erasure, objection to certain processing, restriction of processing, portability (where applicable), and withdrawal of consent where processing is based on consent. If you reside in jurisdictions that provide additional rights (such as California) or specific grievance mechanisms (such as India), those rights may apply subject to lawful conditions and exceptions. We will respond to verified requests within timelines required by applicable law, and we may request proportionate information to verify identity and prevent fraud. To exercise rights or submit a complaint or grievance, contact privacy@globalmapl.com or grievances@globalmapl.com with your name, email, and the request details, including your country of residence.

This Website is intended for business audiences and is not directed at children. We do not knowingly collect personal data from children in violation of applicable law. We may update this Policy periodically to reflect changes in practices, technology, or legal requirements. The updated version will be published on this page with a revised “Last Updated” date.

California Notice (CCPA/CPRA): For California residents, we may collect identifiers (such as name and business contact details), internet or network activity (such as browsing and device data), and professional information you provide in an enquiry. We use this information for the business purposes described above, including responding to enquiries, operating and securing the Website, analytics, and business communications. We do not sell personal information. If we ever engage in “sharing” for cross-context behavioral advertising as defined by California law, we will provide required opt-out mechanisms and notices on the Website.

This Cookie Policy explains how Global Management Associates (“GMA”, “we”, “us”, “our”) uses cookies and similar technologies on https://www.globalpmapl.com. Cookies are small text files stored on your device by websites you visit. Similar technologies can include pixels, SDKs, tags, scripts, and local storage. Some cookies are set by GMA (“first- party cookies”), and some may be set by providers we use (“third-party cookies”). Cookies can be session-based (deleted when you close your browser) or persistent (stored until they expire or you delete them).

We use cookies to ensure the Website functions properly, to protect security, to prevent fraud and abuse, to manage traffic and load balancing, and to provide a consistent user experience. Where enabled, we may also use cookies to remember preferences and to measure Website performance so we can understand how visitors use the Website and improve content, navigation, and stability. If marketing or advertising technologies are deployed, such technologies may help measure campaigns or show relevant content across platforms; where applicable law requires, these cookies will be deployed only after you provide consent via the cookie banner or cookie settings.

Where consent is required for non-essential cookies, we provide a cookie banner and a preference center that allows you to accept, reject, or customize categories of cookies. You can change your choices at any time through the Website’s cookie settings tool (for example, a “Cookie Preferences” link in the footer). If you block or delete cookies through your browser settings, some parts of the Website may not function properly. If you use multiple browsers or devices, you will need to set your preferences on each.

For cookie-related questions, contact privacy@globalmapl.com.

Global Management Associates provides mechanisms for privacy requests and grievance redressal consistent with applicable privacy laws. If you wish to request access to personal data, correction of inaccuracies, deletion or erasure, objection to certain processing, restriction of processing, portability (where applicable), withdrawal of consent (where processing is based on consent), or if you wish to raise a privacy grievance or complaint, you may submit a request using the contact details below.

To protect you and prevent fraud, we may require reasonable verification of identity and may request proportionate information to process your request. Where we cannot fulfill a request due to legal obligations, lawful exceptions, or the need to retain data for compliance or legal claims, we will explain the reasons to the extent permitted by law. We aim to respond within legally required timelines based on your jurisdiction and the nature of the request.

In some client engagements, Global Management Associates may process personal data on behalf of a client as a “processor” (or equivalent term) under applicable privacy laws. Where we act as a processor, our processing activities are governed by the client contract and a Data Processing Addendum (“DPA”) that sets out processing instructions, confidentiality commitments, security measures, sub-processor controls, assistance obligations (including support for data subject requests where applicable), incident handling expectations, and cross-border transfer provisions where relevant.

Clients, procurement teams, and compliance teams may request our standard DPA by contacting compliance@globalmapl.com and copying privacy@globalmapl.com. Where appropriate, we can execute a DPA aligned with enterprise procurement standards, subject to mutual agreement and scope.

GMA retains personal data and business information only as long as necessary for legitimate purposes, including responding to enquiries, maintaining relationship history, delivering contracted services, meeting legal and regulatory obligations, resolving disputes, and enforcing agreements. Retention periods vary depending on the nature of the engagement, the type of information, and applicable legal requirements.

When information is no longer required, we take reasonable steps to delete, anonymize, or de-identify it, unless retention is required by law or necessary for legal claims. Where vendors or tools store information on our behalf, we expect deletion or retention controls consistent with contractual requirements.

For retention or deletion queries, contact privacy@globalmapl.com. For compliance matters, contact compliance@globalmapl.com.