Effective date: April 26, 2026

McGeorge Ah is a retained executive search firm headquartered in the Washington, DC area. Protecting the privacy of the candidates and clients we work with is a core part of how we run our practice. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over your information.

If you are a candidate, the most relevant document for you is our Candidate Privacy Notice, which describes in detail how we identify, contact, evaluate, and present candidates throughout a search engagement. This Privacy Policy supplements that notice and applies to everyone who interacts with our website or with our firm.

1. Who we are

McGeorge Ah is a retained executive search firm headquartered in the Washington, DC area, with a mailing address at 2300 Wilson Blvd, Suite 700, Arlington, VA. We are the controller of personal information collected through this Website and through the search engagements we conduct. References to "McGeorge Ah," "we," "our," or "us" mean McGeorge Ah; references to "you" mean any individual whose personal information we hold, including website visitors, candidates, references, client contacts, and prospective clients.

2. Information we collect

From website visitors

When you visit www.mcgeorgeah.com or use the contact form, we collect:

• Name, email address, organization, role, and phone number (if you choose to share it) when you submit an inquiry
• The content of any message you send us
• IP address, approximate location derived from IP, browser type, device type, and pages visited, collected through standard server logs and through Google Analytics or a comparable analytics service
• Cookie identifiers, as described in section 7

We do not collect postal addresses, government identifiers, biometric data, payment card data, browsing or search history outside our website, social media user IDs, calendar account information, or device fingerprints from website visitors.

From candidates

If you are a candidate, our Candidate Privacy Notice describes in detail what we collect at each stage of a search. In summary, the categories include:

• Identifying information (name, current title, current employer, business contact details)
• Public professional profile information (LinkedIn, conference speaker lists, news coverage)
• Resume or CV, work history, education, and credentials, when shared with us
• Compensation history and expectations, when shared with us
• Professional references that you provide
• Notes from interviews and conversations
• For specific cleared or government-facing searches, U.S. person status and existence and level of an active security clearance, where directly relevant to a role's eligibility requirements
• Background-check, credit-check, and reference-verification information may be collected by clients or third-party vendors as part of a placement process; we do not collect this information through our Website

Most candidate information is collected through email, telephone, video conference, our applicant tracking system, and licensed sourcing platforms (such as LinkedIn Recruiter), not through this Website.

From clients and prospective clients

When you engage us for a search, we collect business contact information for the individuals at your organization who work with us, the parameters of the engagement, and information needed to manage the relationship and to invoice for services.

From references

When a candidate offers us references, we collect basic identifying and contact information for the reference and the substance of the reference conversation, used solely to support the relevant search.

3. How we use information

We use the information we collect to:

• Operate, maintain, and improve our Website
• Respond to inquiries submitted through the Website
• Conduct executive search engagements: identify and evaluate candidates, present qualified candidates to clients, conduct reference checks, and support placement
• Manage our client relationships, including engagement administration and invoicing
• Maintain a confidential record of prior interactions to inform future searches
• Send occasional firm communications to individuals who have agreed to receive them
• Comply with our legal, regulatory, and contractual obligations
• Protect the security of our systems, candidates, clients, and firm

4. Who we share information with

We share personal information only as described below, and only to the extent necessary for the relevant purpose:

• Client organizations. We share candidate information with a client only after the candidate knows who the client is and has agreed to be considered for the role.
• Service providers. Our applicant tracking system, email and calendar providers, web host, analytics provider, licensed sourcing platforms, and document storage provider, all under contract and limited to processing on our behalf.
• Professional advisors. Legal, accounting, and insurance advisors, where reasonably necessary.
• Legal and safety reasons. Where we believe in good faith that disclosure is required by law, a court order, or a valid legal process, or is necessary to protect the rights, property, or safety of any person.
• Business transfers. In the unlikely event of a merger, acquisition, or sale of assets affecting our firm, in which case any successor will be bound by commitments materially equivalent to those in this Privacy Policy.

We do not provide personal information to third-party advertising networks for advertising purposes.

5. Use of AI-assisted tools

We use AI-assisted tools to help with research, drafting outreach, transcription of recorded conversations, and summarizing notes. AI is a drafting and research aid only. No candidate is rejected, advanced, or recommended on the basis of an automated decision: every assessment is reviewed and made by a member of the McGeorge Ah team.

We do not use candidate or client data to train third-party AI models, and we do not permit content from this Website to be used to train AI or machine-learning systems without our prior written consent. When we record or transcribe a conversation, we do so only with the participant's knowledge and consent at the time of the call.

6. Sale or sharing of personal information

We do share personal information, only as necessary to operate our search practice, with the following limited categories of third parties:

• Client organizations. Candidate information shared with a client organization is shared only after the candidate is informed of the client and has agreed to be considered for the role.
• Email and cloud-hosting providers. The platforms we use to host email, calendars, and documents (for example, our business email and document-storage providers), all under contract and limited to processing on our behalf.
• Background-check and reference-verification vendors. Where a client or vendor conducts background, reference, or credential checks as part of a placement process, limited candidate information may be shared to facilitate that check.
• Professional advisors. Legal, accounting, and insurance advisors, where reasonably necessary.

We do not use payment processors or third-party advertising or analytics platforms in connection with this Website.

We honor the Global Privacy Control (GPC) browser signal as an opt-out of sharing for residents of states that recognize it (including California and Virginia).

7. Cookies and similar technologies

Our Website uses only a small number of strictly necessary cookies that are required for the site to function and to keep it secure. We do not run analytics cookies, advertising cookies, marketing cookies, or third-party tracking on this Website.

For details on the specific cookies set, see our Cookie Policy.

8. How long we keep information

We retain personal information only as long as we have a legitimate business need for it. The duration depends on the nature of our relationship with you and the type of information involved. Examples of legitimate business needs include providing search and advisory services, maintaining ongoing relationships with candidates and clients, evaluating individuals against current and future engagements, complying with legal, tax, and accounting obligations, and exercising or defending legal rights.

Where the information is processed on behalf of a client (for example, candidate information shared in connection with a specific engagement), retention is governed by our agreement with that client.

When we no longer have a legitimate business need to process your personal information, we will delete or anonymize it. Where deletion is not immediately possible (for example, because the information is held in backup archives), we will securely store the information and isolate it from any further processing until deletion is possible.

Specific records may be retained longer where necessary to comply with a legal obligation, to resolve a dispute, or to enforce our agreements. Website analytics data is retained at the analytics provider in line with the provider's default retention settings.

9. How we protect information

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include access controls, encryption in transit, vendor due diligence, and limited access on a need-to-know basis. No system is perfectly secure, and we cannot guarantee absolute security; we ask that you also take steps to protect your own information.

10. International data transfers

All data processing activities undertaken by us take place in the United States. If you are located outside the United States, including in the United Kingdom or the European Economic Area, your information will be transferred to and stored in the United States. Where required, we rely on appropriate transfer safeguards, including the consent of the individual to be considered for a U.S.-based or cross-border role.

11. Your rights

Subject to applicable law, you have the right to:

• Know what personal information we hold about you and how we collected it
• Ask us to correct inaccurate information
• Ask us to delete your information
• Receive a copy of your information in a portable format
• Opt out of sharing of personal information
• Withdraw consent for marketing communications at any time
• Lodge a complaint with a relevant regulator or supervisory authority

To exercise any of these rights, contact us at hello@mcgeorgeah.com. We aim to respond within 30 to 45 days. We may ask for additional information to confirm your identity before acting on a request.

12. California, Virginia, Colorado, Connecticut, and other state privacy rights

Residents of certain U.S. states have additional rights under state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and similar laws in other states. These rights generally include the right to know, the right to access, the right to correct, the right to delete, the right to data portability, the right to opt out of sale or sharing, the right to limit use of sensitive personal information, the right to opt out of profiling that produces legal or similarly significant effects, and the right to appeal a denial of any of these requests.

Categories of personal information collected and disclosed

Within the past 12 months, we have collected the following categories of personal information defined under the CCPA: identifiers (name, contact information, IP address); professional or employment-related information (resume content, work history, references); education information; internet or other electronic activity information limited to interaction with our Website; and inferences drawn from professional and employment information for the purpose of evaluating candidacy. We have disclosed these categories to service providers as described in section 4, and to client organizations only with candidate consent.

Sensitive personal information

For specific cleared or government-facing searches, we may collect U.S. person status and existence and level of an active security clearance from candidates, where directly relevant to a role's eligibility requirements. Under the CCPA / CPRA, citizenship and immigration status are categorized as sensitive personal information. We use this information solely to assess candidate eligibility for the specific role for which it is collected, and we do not use it to infer characteristics about the candidate. We do not collect other categories of CCPA-defined sensitive personal information (such as racial or ethnic origin, religious beliefs, health data, genetic data, biometric data, sexual orientation, or precise geolocation) from website visitors or candidates in the ordinary course of our work.

Sale, sharing, and targeted advertising

We have not sold or shared personal information for cross-context behavioral advertising in the past 12 months and do not do so. We honor opt-out preference signals, including the Global Privacy Control (GPC), as required by California and Virginia.

How to exercise state privacy rights

To exercise any state privacy right, including the right to access, correct, delete, or appeal a denial, contact us at hello@mcgeorgeah.com. You may designate an authorized agent to submit a request on your behalf; we will require written authorization and may verify the request directly with you. We do not discriminate against any individual for exercising a state privacy right.

13. EEA, UK, and Swiss residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our processing of your personal information is subject to the General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection, as applicable.

Legal bases for processing. We process personal information on the basis of: (a) our legitimate interests in operating our retained executive search practice, identifying and evaluating candidates, and managing client relationships, where those interests are not overridden by your rights; (b) the necessity of processing to enter into or perform a contract with you; (c) your consent, where we ask for it (for example, to record a call or to send marketing communications); and (d) compliance with a legal obligation.

Your rights. Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal information; to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal; to data portability; and to lodge a complaint with a supervisory authority in your country of residence.

International transfers. If your personal information is transferred to the United States, we rely on appropriate safeguards, including obtaining your consent to be considered for a U.S.-based or cross-border role and applying contractual protections with our service providers.

14. Children

Our Website and our services are intended for executives and business professionals, not for children. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected such information, please contact us so we can delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the effective date at the top and, where appropriate, notify affected individuals directly. The most current version is always posted at this URL.

16. How to contact us

For any question, request, or concern about this Privacy Policy, please contact us at:

McGeorge Ah
2300 Wilson Blvd, Suite 700
Arlington, VA
hello@mcgeorgeah.com

---

Effective April 26, 2026. See also our Candidate Privacy Notice, Cookie Policy, Terms of Service, Disclaimer, and Do Not Sell or Share My Personal Information.