Legal

Privacy Policy

This Privacy Policy explains how Get First Value collects, uses, shares, and protects personal data in connection with our website and services. Please read it carefully.

Last updated: 25 June 2026 Jurisdiction: United States CCPA/US Privacy Law
Section 01
Who We Are and How to Contact Us

Get First Value ("GFV", "we", "us", "our") is a digital marketing agency providing services including Search Engine Optimization, Generative Engine Optimization, Local SEO, AI Search Optimization, Social Media Marketing, and Web Development.

For the purposes of the California Consumer Privacy Act (CCPA) and applicable US privacy laws, Get First Value is the data controller in respect of personal data collected through this website and in connection with our services.

Data Controller Contact Details

Get First Value · 350 Fifth Avenue, Suite 4100, New York, NY 10118
Email: [email protected]
Phone: (908) 661-2009

Our Data Protection Officer ("DPO") can be contacted at [email protected]. We aim to respond to all data protection inquiries within 30 days.


Section 02
What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

2.1 Data You Provide Directly
  • Identity data: first name, last name, job title, company name
  • Contact data: email address, telephone number, postal address
  • Business data: website URL, marketing budget range, service interest, business description
  • Communications data: the content of messages, emails, or inquiry forms you send us
  • Application data: CV, cover letter, employment history, and other information provided when applying for a role
2.2 Data We Collect Automatically
  • Technical data: IP address, browser type and version, operating system, device identifiers, time zone
  • Usage data: pages visited, referral source, time on page, click interactions, and navigation path through our site
  • Cookie data: preferences, session identifiers, and analytics identifiers set by us or third-party tools (see Section 6)
2.3 Data We Receive from Third Parties
  • Publicly available professional information from LinkedIn or similar platforms when reviewing prospective candidates or clients
  • Analytics data from Google Analytics, Google Search Console, and similar tools where you interact with content we manage on behalf of clients
  • Referral information from partners or introducers who share your contact details with your consent

We do not collect or process special category data (as defined by applicable US privacy law) through this website, and we ask that you do not submit any such data via our contact or inquiry forms.


Section 03
How We Collect Your Data

We collect personal data through the following channels:

  • Contact and inquiry forms on this website, including the "Book Free Audit" form
  • Direct email or telephone communications initiated by you
  • Careers applications submitted by email to [email protected] or via a listed role
  • Automated technologies including cookies, server logs, and analytics tools when you visit our website
  • Third-party sources including referral partners, professional networks, and analytics platforms
  • Events and meetings where you provide your business card or contact details in person or virtually

Section 04
How and Why We Use Your Data

We use personal data only for the purposes set out below. We will not use your data in any manner incompatible with the purpose for which it was collected.

Purpose Data Used Legal Basis
Responding to an inquiry or audit request Identity, contact, business data Pre-contractual steps (Art. 6(1)(b))
Providing our digital marketing services under a contract Identity, contact, business data Contract performance (Art. 6(1)(b))
Sending marketing communications about our services, insights, or case studies Identity, contact data Legitimate interests / consent (Art. 6(1)(a) or (f))
Improving and analysing website performance Technical, usage, cookie data Legitimate interests (Art. 6(1)(f))
Processing job applications and assessing candidates Identity, contact, application data Pre-contractual steps / legitimate interests
Complying with legal obligations (e.g. accounting, tax) Identity, contact, financial data Legal obligation (Art. 6(1)(c))
Protecting our legitimate business interests and preventing fraud Technical, usage data Legitimate interests (Art. 6(1)(f))

Section 05
Legal Bases for Processing

Under applicable US privacy law, we rely on one or more of the following legal bases depending on the processing activity:

  • Consent: where you have given clear, specific, and freely-given consent — for example, opting in to marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Contract: where processing is necessary to perform a contract with you, or to take steps at your request before entering into one — such as preparing a proposal or scoping a project.
  • Legal obligation: where processing is required to comply with a legal or regulatory obligation applicable to us under US law.
  • Legitimate interests: where processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving our business, preventing fraud, ensuring network security, and direct marketing to existing clients and qualified prospects.

Where we rely on legitimate interests, you have the right to object to that processing. Please see Section 10 for details of how to exercise your rights.


Section 06
Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to operate correctly and to help us understand how visitors use it. A cookie is a small text file placed on your device when you visit a website.

6.1 Categories of Cookies We Use
Category Purpose Basis
Strictly Necessary Essential for the website to function — session management, security tokens, load balancing No consent required
Analytics Google Analytics (GA4): page views, session duration, traffic sources, device type. Data is anonymised where possible Consent
Functional Remembering your preferences (e.g. region, form progress) to improve your experience Consent
Marketing Tracking ad performance and remarketing via Google Ads and LinkedIn Insight Tag, where applicable Consent
6.2 Managing Cookies

You can control and manage cookies in several ways:

  • Using our cookie consent banner when you first visit the site
  • Adjusting your browser settings to block or delete cookies — note that this may impair certain site functionality
  • Opting out of Google Analytics tracking at tools.google.com/dlpage/gaoptout
  • Managing LinkedIn advertising preferences at linkedin.com/psettings

Section 07
Sharing and Disclosure of Your Data

We do not sell, rent, or trade your personal data. We share it only in the following circumstances and only to the extent necessary:

7.1 Service Providers (Data Processors)

We use third-party companies to support our operations. These parties act as data processors under our instruction and are bound by data processing agreements:

  • Google LLC — Google Analytics (website analytics), Google Workspace (email and document management), Google Ads (advertising)
  • HubSpot Inc. — CRM and marketing automation for managing client and prospect relationships
  • Stripe Inc. — Payment processing for invoices and subscriptions
  • Slack Technologies Inc. — Internal team communications
  • Notion Labs Inc. — Internal documentation and project management
  • LinkedIn Corporation — Advertising and candidate sourcing
7.2 Professional Advisers

We may share data with lawyers, accountants, auditors, and insurers where necessary in the course of professional services they provide to us, subject to confidentiality obligations.

7.3 Legal and Regulatory Authorities

We may disclose personal data to law enforcement agencies, regulators, courts, or other authorities if required to do so by applicable law or to protect the rights, property, or safety of Get First Value, our clients, or others.

7.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or similar corporate transaction, personal data may be transferred to a successor entity. We will provide notice before data is transferred and becomes subject to a different privacy policy.


Section 08
International Transfers

Some of our third-party service providers operate outside the United States. When personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable US privacy law, including:

  • Transfers to countries that provide an adequate level of data protection
  • Use of Standard Contractual Clauses or equivalent data transfer mechanisms approved by relevant authorities
  • Binding Corporate Rules where applicable within a multinational corporate group

Several of our processors (including Google, HubSpot, and Stripe) are headquartered in the United States. These transfers are governed by appropriate data transfer mechanisms and, where applicable, the EU–US Data Privacy Framework adequacy decision.

You may request a copy of the relevant transfer mechanism by contacting us at [email protected].


Section 09
How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account our legal obligations and legitimate business interests. The following retention periods apply:

Data Type Retention Period Reason
Enquiry and audit request data 2 years from last contact Business relationship management
Client contract and billing data 7 years from contract end Legal and tax obligation (IRS/applicable US law)
Marketing contact data Until withdrawal of consent or opt-out Consent-based processing
Job application data (unsuccessful) 6 months from application date Potential re-engagement; legal claims window
Job application data (hired) Duration of employment + 7 years Employment law obligations
Website analytics data 26 months (GA4 default) Performance analysis
Server and access logs 90 days Security monitoring

At the end of the applicable retention period, data is securely deleted or anonymised so that it can no longer be attributed to you.


Section 10
Your Rights Under CCPA/US Privacy Law

Under CCPA/US Privacy Law, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions in certain circumstances.

Right of Access
Request a copy of the personal data we hold about you (a "Subject Access Request"). We will respond within 30 days.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data ("the right to be forgotten"), subject to our legal obligations to retain it.
Right to Restrict Processing
Request that we limit how we use your data in certain circumstances, such as while accuracy is contested.
Right to Data Portability
Receive your personal data in a structured, machine-readable format, and transmit it to another controller where technically feasible.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes. We must stop unless we have compelling legitimate grounds.
Rights re: Automated Decisions
Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Right to Withdraw Consent
Where processing is based on your consent, withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected] with your full name and sufficient information to verify your identity. We will respond within 30 calendar days. We do not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.


Section 11
Children's Privacy

Our website and services are directed at business professionals and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at [email protected] and we will take prompt steps to delete that data.


Section 12
Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

For material changes — those that significantly affect your rights or how we use your data — we will provide more prominent notice, which may include an email notification to existing clients or a banner on our website. We encourage you to review this page periodically.

Your continued use of our website or services after any change constitutes acceptance of the updated policy. If you do not accept the updated policy, please cease using the website and contact us to discuss your options.


Section 13
Complaints

If you have a concern about how we have handled your personal data, we ask that you contact us first at [email protected] so that we have the opportunity to address it. We take all data protection complaints seriously and will respond promptly.

If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Federal Trade Commission ("FTC"), the US supervisory authority for privacy and consumer protection matters:

Federal Trade Commission (FTC)
Website: ftc.gov
Phone: 1-877-382-4357
Post: 600 Pennsylvania Avenue NW, Washington, DC 20580

You also have the right to seek judicial remedy in the courts of the State of New York if you believe your rights have been infringed.

This Privacy Policy was drafted in accordance with the California Consumer Privacy Act (CCPA) and applicable US privacy law, including guidance published by the Federal Trade Commission. It is effective as of 25 June 2026. For questions, contact [email protected].