McKinsey Alumni Program Privacy Notice

Last updated and effective: April 2026

McKinsey & Company, Inc., United States, and its affiliates and subsidiaries, is committed to respecting your privacy and protecting your personal data. This Alumni Program Privacy Notice (the “Privacy Notice”) describes how we handle and protect your personal data in connection with the McKinsey’s Alumni Center website (the “Alumni Site” or “Site”), and when we interact with you and collect data from you for use by and on behalf of McKinsey in connection with the Alumni program (i.e., when McKinsey is acting as a data controller or similar term under applicable privacy law). In case of a conflict between this Privacy Notice and applicable law, applicable law will govern.

This Privacy Notice applies to the personal data of current and former McKinsey colleagues, as well as personal data of approved external recruiters who are permitted to publish job postings on the Alumni Site.

If you are a California resident, please see our specific privacy information for you below.

For the purposes of this Privacy Notice, personal data means information about an identified or identifiable individual (collectively, “personal data”), and does not include information that cannot be attributed to an identifiable individual, such as information of an anonymous nature (collectively, “anonymous data”). You are not required to share your personal data with us, but failing to do so may result in McKinsey being unable to properly provide you with our full range of services or a good user experience with our Alumni program.

By accessing our Site or signing up to participate in our Alumni program, you confirm that you have read and understand the terms of this Privacy Notice. If you do not understand or agree with any part of this Privacy Notice, please refrain from using our Site and contact us for clarification before proceeding.

“McKinsey,” “Firm,” or “we” refers to the McKinsey & Company group of commonly owned affiliates. While our affiliates engage in a number of business activities and have different entity names, they all share the “McKinsey,” “a McKinsey company,” “by McKinsey,” or “acquired by McKinsey” branding or sub-logo, and they all follow, and are covered by, this Privacy Notice.

1. Personal data we collect

McKinsey collects personal data at various stages during the course of your membership to the Alumni Program and your interactions with the Alumni Site. We strive to uphold data minimization principles and only seek to collect personal data from you for the purposes described in this Privacy Notice.

For former employees joining the Alumni Program, we collect the following information from the Firm’s HR management systems upon termination of their employment relationship with McKinsey:

• Basic information like your name, surname, location, contact information (including personal email, phone numbers, and mailing address), gender, birthdate, and profile photo.
• Employment-specific information and history, including positions held, McKinsey employment history (time at McKinsey, office affiliations, and tenure).
• Education history, including degrees earned, educational institutions attended, and dates of enrollment.

We may also obtain the following information directly from the former employees themselves:

• Additional employment information and history.
• Additional educational information.
• Social media links.
• Stated interests (including function, industry, affinity groups, etc.).
• Communication preferences.
• Alumni program survey data.
• Phone number.
• Personal and business email.
• Profile photo.
• Location.

For current employees, we may collect:

• Basic information like name, surname, location, contact information (including personal email and phone numbers), gender, birthdate, and profile photo.
• Employment-specific information and history, including positions held, McKinsey employment history (time at McKinsey, office affiliations, and tenure).
• Education history, including degrees earned, educational institutions attended, and dates of enrollment.

For external recruiters we may collect the following information:

• Basic information like name, surname, location, contact information (including personal email and phone numbers).
• Professional information, including job title, company, type of recruiter account (i.e., executive search firm, retained, contingent, etc.), and address.

For former employees, current employees and approved external recruiters we also collect information regarding your access and use of the Alumni Site such as:

• Website usage data, including logins, page views, clicks. We also automatically collect information about the devices used to interact with our Alumni Site. The information we automatically collect may include IP address, device identifier, web browser, and browsing information collected through cookies. We may also automatically collect information about how users use the Alumni Site, such as what visitors may have searched for and viewed on the site. The information automatically collected will be associated with any personal data they have provided.

When we collect personal data from you, you may choose to not provide certain personal data, but your failure to do so may result in us not being able to properly administer or manage your participation in the Alumni program or to offer to you its full range of services.

Unless you opt out by contacting the Alumni program team at mckinsey_alumni_relations@mckinsey.com, at the time of your onboarding into the Alumni program (as per the terms of the Affinity Network Privacy Notice) information about your membership in any of the Firm’s Affinity Networks will be shared by the All inDiversity and Inclusion (“ADI”) team with the Alumni program team. This information will help to identify you as an alumni member of a Firm’s Affinity Network(s) to other members of the same Affinity Network(s), Firm alumni relations team, and ADI team members for purposes related to the management of diversity related initiates within the Alumni program (e.g., sourcing and staffing volunteers for Affinity Network and/or ADI events and initiatives; outreach to invite you to participate in programming and events). The Alumni program team may also collect information directly from you about your interest in receiving communications and event invitations managed by the Alumni program team and related to any of the Firm’s Affinity Networks.

2. Use of your personal data

We do not use personal data for the purpose of profiling that produces significant effects.

We use your personal data to manage your participation in the Alumni program. For instance, we use your personal data:

• to invite you to relevant online and offline events and to track your attendance for the purpose of refining offerings we provide to you;
• to provide you with relevant training opportunities and offerings that you may find beneficial;
• to facilitate connections with other members of the Alumni program; and
• to present you with job offers that may be of your interest.

Please note that we may also process your personal data and transform it into anonymized or aggregated data, and we may use such data for our own legitimate business purposes.

We may also use your personal data (or aggregated/pseudonymized data related to the Alumni program) to analyze overall alumni engagement, identify opportunities to improve our program and technology offering, and for other similar legitimate business purposes.

McKinsey does not use automated decision making to make decisions that have a legal impact on you or that significantly affect your rights and liberties. All automated processing activities are conducted with appropriate human supervision and review.

3. Legal Basis for Processing Your Data

Our processing of your personal data for the purposes mentioned above is based on one or both of the following grounds:

• in part, on our legitimate interests in operating our Alumni program. When we rely on this legal ground, McKinsey will only process your personal data after assessing the adequacy, proportionality, and legitimacy of the data processing activity. If legitimate interest is not a lawful basis in your particular jurisdiction, we process your personal data under another basis in accordance with applicable law; and
• in part, and where permitted by applicable law, on your freely given consent. If we rely upon consent as a legal basis for processing, you can withdraw your consent at any time. If you do so, and processing cannot continue based on any other legal grounds, we may not be able to properly manage your membership in the Alumni program or make available to you certain services associated to it.

4. Data recipients and international data transfers

Your personal data may be disclosed to recipients within our organization and with service providers. For instance, your personal data may be processed by:

• our Firm members at McKinsey affiliates and subsidiaries as well as by external workers working on behalf of the Firm (e.g., members of the HR / IT / Professional Development / Staffing departments);
• our legal and professional advisors;
• suppliers and providers of services (e.g., event management partners, emarketing platform, etc.) engaged by us at local or at global level;
• approved external recruiters; and
• government authorities, when legally required or permitted to do so.

These disclosures may take place for one or many of the following purposes:

• to manage and administrate our Alumni program and website and our relationship with our former employees;
• if we are required to do so by law or legal process, including to law enforcement authorities or other government officials pursuant to lawful request;
• when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
• if disclosure is necessary to protect the vital interests of a person;
• to enforce our policies;
• to protect our property, services and legal rights;
• to prevent fraud against McKinsey, our subsidiaries, affiliates and/or business partners;
• to aid in McKinsey’s investigation of an actual or suspected security incident such as a breach involving confidential information or personal information or a violation of McKinsey policy;
• to support auditing, compliance, and corporate governance functions;
• to a successor or different business entity in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business; and/or
• to comply with any and all applicable laws.

Since McKinsey is a global organization, the affiliates and service providers to which we transfer your personal data may be located in countries which may have different data protection laws than those in your country of residence. To protect personal data that is transferred internationally, McKinsey complies with all applicable data transfer laws and will implement safeguards to protect your personal data across McKinsey’s global operations. Where required by law, McKinsey has put in place legal mechanisms, which include Standard Contractual Clauses, that are designed to ensure appropriate data protection of your personal data that is processed by McKinsey subsidiaries, affiliates, and third-party service providers.

To be clear, we do not sell personal data governed by this Privacy Notice to third parties for monetary or other valuable consideration, and we do not share personal data governed by this Privacy Notice with third parties for targeted advertising or cross-context behavioral advertising.

We do not acquire, use, or allow others to use anonymous data with the intent of identifying or reidentifying individuals. When we receive anonymous data or we transform personal data that we have collected into anonymous data, we make the following commitments:

• McKinsey will maintain anonymous data in anonymized form.
• Except to the extent necessary to confirm that personal data has been transformed into anonymous data, McKinsey will not attempt to identify or reidentify specific individuals within a anonymized data set or otherwise use anonymous data to attempt to associate specific individuals with their individual characteristics and will not permit any entity or individual acting on McKinsey’s behalf to do so.
• To the extent, if any, that McKinsey provides access to or otherwise discloses a anonymized data set to a non-McKinsey recipient, for example, a service provider or a client, it will require each such recipient to agree to maintain the anonymized data in its anonymous form and not attempt, or permit others to attempt, to identify or reidentify specific individuals within the anonymized data set or otherwise use anonymous data to attempt to associate specific individuals with their individual characteristics.

5. Data retention

McKinsey keeps your personal data only as long as necessary to accomplish the business purposes for which it was collected, to meet our legal or contractual obligations, and in compliance with McKinsey’s data retention policy.

Some of the data may be also retained beyond the termination of our contractual relationship with you, in accordance with the Firm data retention schedules, but in no event longer than the period required or permitted by applicable law.

6. Security

McKinsey protects and safeguards your personal data globally, in accordance with applicable law, our privacy and data security policies, and this Privacy Notice We use generally accepted standards of technical and operational security to protect your personal data against accidental or unlawful loss, misuse, alteration, or destruction, in consideration of the risks associated with the personal data and its processing, and we require the same level of protection and safeguarding from our subsidiaries and affiliates, our service providers, and third parties. Only authorized personnel of McKinsey and of our third-party service providers are permitted to access personal data, and these employees and third-party service providers are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized individuals will not obtain access to your personal data.

7. Your rights

Subject to the local data privacy laws in your jurisdiction, including exceptions, you may have the following rights with regard to the personal data we collect about you:

• Right to request information about the personal data we hold about you, including the details of how we use that information and who we share it with;
• Right to request a copy of the personal data that we hold about you;
• Right to request that we correct or otherwise amend your personal data if any of the information held about you is incorrect or otherwise not accurate for the purpose(s) for which we are using it;
• Right to portability of your personal data to permit you to provide a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that personal data to another controller;
• Right to request deletion of your personal data;
• Right to request that we cease the processing of your personal data or that we restrict or limit the processing of your personal data;
• Right to withdraw your consent to the processing of your personal data, to the extent our processing relies on your consent as the lawful basis for processing. This right may not apply if there are other legal grounds to continue processing or we need to retain certain personal data where required or permitted under applicable law;
• Right to not be discriminated or retaliated against for exercising your individual rights regarding your personal data;
• Right to request review by McKinsey’s Global Privacy Officer and, if applicable, McKinsey’s Data Protection Officer for your jurisdiction, of our response to your request to exercise your individual data protection rights; and
• Right to seek additional legal remedies regarding our response to your request to exercise your individual data protection rights, including, depending upon your jurisdiction, by lodging a complaint with your data protection authority or initiating a legal proceeding.

Certain US residents also have the right to appeal our decision to your request regarding your personal data. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

See the appendix below for our appeal process.

If you would like to exercise your data protection rights regarding your personal data, you can do so by:

• Completing the data subject request form;
• Emailing your request to us at datasubjectrights@mckinsey.com;
• Contacting us by phone at +1 (844) 582-3015;
• (for opt-out requests) clicking the “Your Privacy Choices” link on the applicable homepage. We also recognize Global Privacy Control (GPC) signals and other user-enables opt-out preference signals as valid opt-out requests where required by applicable law. Please note that your opt-out preference signal will be applied only to your current browser and device. To learn more about the GPC, you can visit its website here.

Upon receipt of your request to exercise your data protection rights, we will acknowledge receipt within the time period required by applicable law and provide you with information about the next steps in the process and the timing. Depending upon the nature of your request, we may take reasonable steps to verify your identity before acting on certain data protection rights, in accordance with applicable law. This process may require us to request additional personal data from you, including, but not limited to, your email address, mailing address, and/or date of last interaction with us. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity.

You may designate an authorized agent to submit a request on your behalf. To designate an authorized agent, you must (1) verify your own identity directly with us; and (2) provide the authorized agent with written documentation of their authority to act on your behalf, such as a power of attorney or sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf. We may request further evidence of the agent’s right to act on your behalf, including contacting you to verify the request. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

Please note that applicable laws include exceptions to assertions of data protection rights that may prevent us from providing access to your personal data or otherwise fully complying with your request. If we believe exceptions apply, we will respond to your request to the extent we are able to do so, and we will provide an explanation of the basis for not complying wholly or partially with your request.

Certain US residents also have the right to appeal our decision to your request regarding your personal data. We respond to all appeal requests as soon as we reasonably can, and no later than legally required. See the appendix below for our appeal process.

8. Cookies and other tracking technologies

McKinsey may use first- and third-party cookies, pixel tags, web beacons, and other similar technologies to gather information on our digital properties. This information is used for a variety of purposes, such as to manage our websites and services, identify you and your interests and remember your preferences, and to collect analytics about how you use our websites and services. McKinsey may also collect information about whether you open or click any links in the knowledge, research, or event communications that we send you. You have options regarding our use of cookies and other tracking technologies. Please refer to our Cookie Notice and “Your data protection rights” section below for more details and to manage your choices. There is no industry standard for how Do Not Track consumer browser settings should work on commercial websites and therefore, due to the lack of such standards, our websites and services do not currently change the way they operate upon detection of a Do Not Track setting.

In addition, we use tools and applications that reduce security threats and reduce the risk of access by bots and automated devices, but we do not use those tools and applications for non-security purposes.

9. Children’s data

McKinsey does not intentionally use its Alumni program to collect or maintain personal data from children or individuals under the age of 16. Individuals who are children or those under the age of 16 should not attempt to provide us with any personal data. If you think we have received personal data from children or those under the age of 16, please contact us immediately.

10. Third party websites and apps

Our Alumni Program and Site may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third-party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.

11. Changes to this privacy notice

McKinsey reserves the right to modify this Privacy Notice as required by changes to our business processes or applicable law. We will post any changes to our Privacy Notice on this page. Please check this page regularly to keep up-to-date.

Please note that the rules and regulations implementing various data privacy laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these rules and regulations are finalized.

12. Contacts

We welcome questions, comments, and feedback on this Privacy Notice and our management of personal data. If you have questions, concerns, or feedback, you can always contact us using the information below. For your protection, we may need to verify your identity before assisting with your questions, comments, or feedback.

• Alumni Program Email: Mckinsey_Alumni_Relations@mckinsey.com
• Data Privacy Team: Privacy@mckinsey.com
• Phone: +1 (844) 582-3015
• Mail:
  McKinsey & Company
  Attn: Privacy
  1200 19th St NW STE 1000
  Washington, DC 20036

Your California Privacy Rights Appendix

This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice.

As disclosed above, we do not “sell” or “share” personal data as that term is defined under California privacy law. We also do not share personal data with third parties for their own direct marketing purposes without your consent. We do not purposefully “sell” or “share” the personal data of individuals under the age of 16. California residents under 18 years old, in certain circumstances, may request and obtain removal of personal data or content that you have posted on our websites. Please be mindful that this would not ensure complete removal of the content posted by you on our websites.

To learn more about the categories of personal data we collect, how we collect it, why it is collected, with whom we share it, and how long we retain it, please see the items below. Please see the instructions provided above in order to submit a privacy right request.

US Privacy Rights Appeal Appendix

Certain US residents have the right to appeal our decision regarding their privacy rights if they have submitted a request (e.g., to access, delete, or correct your information) and we have denied it, either in whole or in part. We are committed to addressing appeals in a transparent and timely manner.

We encourage you first to discuss relevant issues with our legal team, who may resolve the issue so that you do not have to formally initiate the appeals process. Our legal team will consider your perspective and seek to address your concerns in accordance with our company policies and applicable law. To contact our legal team, please email privacy@mckinsey.com.

Appeal Process

1. Submit your appeal

   • Email the following information to datasubjectrights@mckinsey.com with the subject line “Notice of Appeal”:

     • Your name and contact information.
     • A copy of the original request you submitted.
     • Any correspondence or communications related to your original request.
     • The remedy that you seek by appealing.
     • The reason for your appeal (e.g., why you believe the decision should be reconsidered).

     Please also provide any documentation necessary to validate the claims you are making in the appeal.

2. Acknowledgement of appeal
   • You will receive a confirmation email acknowledging receipt of your appeal within ten (10) business days.
   • This acknowledgement may contain requests for additional information to help us properly investigate or adjudicate the appeal. Your failure to provide substantive responses to our requests may materially impact our ability to investigate and/or adjudicate the relevant issue.
3. Investigation
   • Your appeal will be reviewed and investigated by members of our Privacy Legal Team who were not involved in the original decision, based on the information and documentation you have provided.
   • We will evaluate all relevant facts and applicable laws during the review process.
4. Notification of outcome
   • Following the investigation, we will reach a determination of your appeal, which may include modifying or upholding the original decision.
   • We will notify you of our determination in writing within sixty (60) days of receipt of your written notice of appeal, and we will include the explanation for our determination of your appeal. If we deny your appeal, you may file an appeal with the relevant regulator.

Scope of Appeal

The appeal will review whether the decision made by the privacy team that you appealed was fair and consistent with applicable privacy law. You may only appeal a decision that applies to your personally unless you are otherwise authorized to act on another person’s behalf, in which case you must provide evidence that you are authorized by the person on whose behalf you have submitted an appeal.

The appeal will focus exclusively on the decision being appealed. Broader issues related to our company policies, management style, or other issues will not be considered as part of the appeal.

Withdrawal of Appeal

You may withdraw or end your appeal at any time by providing us with written notice.

No Discrimination

We do not discriminate against any person who initiates an appeal.

Record Keeping

We will retain a record of your appeal, including the final determination, in accordance with applicable laws and our record retention policies.