Privacy Policy

Peopletree Group ("Peopletree Group", "we", "us", "our") is a talent management services company with registered offices in Wilmington, Delaware, U.S.A. and Cascavelle, Mauritius. We operate the website at https://www.peopletreegroup.com and provide talent management technology and consulting services to corporate clients globally.

Registered offices: (1) 251 Little Falls Drive, Wilmington, Delaware 19808, U.S.A.; (2) 1st Floor, 18 Cascavelle Business Park, Riviere Noire Road, Cascavelle, Mauritius 90522.

For the purposes of the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA), Peopletree Group acts as a data controller in respect of personal data collected through this website and our marketing activities, and as a data processor in respect of personal data processed on behalf of our corporate clients through our platform.

Our Data Protection contact: [email protected]

Website visitors

• Contact information provided via forms: name, email address, company name, job title, phone number.
• Usage data: IP address, browser type, pages visited, time on site, referring URL - collected via analytics tools.
• Communication records: emails, chat transcripts, and meeting notes from interactions with our team.
• Booking information: name, email, and responses to pre-meeting questions submitted via our scheduling tool.

Platform users (processed on behalf of our clients)

When our corporate clients use the Peopletree platform, we process personal data on their behalf as a data processor. This data is governed by the Data Processing Agreement (DPA) between Peopletree Group and the relevant client. It may include employee names, job titles, assessment responses, performance data, and development records.

Data we do not collect

We do not knowingly collect personal data from individuals under 16 years of age. Our services are directed exclusively at business professionals and corporate clients.

We use personal data collected through this website for the following purposes:

• Responding to enquiries and providing information about our services.
• Scheduling and conducting consultations and product demonstrations.
• Sending relevant marketing communications where you have consented or where we have a legitimate interest.
• Improving our website and services through aggregated analytics.
• Complying with legal obligations.
• Enforcing our terms and protecting our legal rights.

Legal bases (GDPR Article 6)

• Consent - where you have explicitly opted in to marketing communications.
• Contract - where processing is necessary to fulfil a service agreement.
• Legitimate interests - for analytics, improving our services, and direct marketing to business contacts, where these interests are not overridden by your rights.
• Legal obligation - where we are required to process data to comply with applicable law.

We do not sell personal data. We share data only with the following categories of third parties, under appropriate contractual protections:

• Cloud infrastructure providers: Microsoft Azure (hosting, storage, compute) - data hosted in Germany West Central.
• Authentication services: Auth0 - identity and access management.
• Scheduling tools: [scheduling provider] - used for booking consultations.
• Analytics providers: [analytics provider] - aggregated website usage analytics.
• CRM and marketing tools: [CRM provider] - contact management and marketing communications.
• Professional advisors: legal, accounting, and compliance advisors under confidentiality obligations.

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

• Website enquiry data: 3 years from last contact, unless a client relationship is established.
• Client contact data: duration of the client relationship plus 7 years for legal and accounting purposes.
• Marketing data: until you withdraw consent or opt out.
• Platform data (processed on behalf of clients): as defined in the applicable DPA - typically deleted within 30 days of contract termination on written request.
• Server and access logs: 90 days, unless retained longer for security investigation purposes.

Under GDPR and POPIA, you have the following rights in respect of your personal data:

• Right of access - to request a copy of the personal data we hold about you.
• Right to rectification - to request correction of inaccurate or incomplete data.
• Right to erasure - to request deletion of your data in certain circumstances.
• Right to restriction - to request that we limit how we use your data.
• Right to data portability - to receive your data in a structured, machine-readable format.
• Right to object - to object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent - where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Where applicable, you also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction - for example, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) for EEA residents, or the Information Regulator for South African residents.

Peopletree Group implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Multi-factor authentication enforced for all platform access.
• Role-based access controls limiting data access to authorised personnel.
• Annual third-party penetration testing with remediation of all findings.
• SOC 2 Type II certification.
• Incident response procedures with defined notification timelines.

Full details are available on our Security page.

We use cookies and similar technologies on this website. For full details, see our Cookie Policy.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or via a notice on our website.

Continued use of our website or services after changes are published constitutes acceptance of the updated policy.