Privacy Policy
This Privacy Policy explains how Get First Value collects, uses, shares, and protects personal data in connection with our website and services. Please read it carefully.
- Who We Are and How to Contact Us
- What Personal Data We Collect
- How We Collect Your Data
- How and Why We Use Your Data
- Legal Bases for Processing
- Cookies and Tracking Technologies
- Sharing and Disclosure of Your Data
- International Transfers
- How Long We Keep Your Data
- Your Rights Under CCPA/US Privacy Law
- Children's Privacy
- Changes to This Policy
- Complaints
Get First Value ("GFV", "we", "us", "our") is a digital marketing agency providing services including Search Engine Optimization, Generative Engine Optimization, Local SEO, AI Search Optimization, Social Media Marketing, and Web Development.
For the purposes of the California Consumer Privacy Act (CCPA) and applicable US privacy laws, Get First Value is the data controller in respect of personal data collected through this website and in connection with our services.
Data Controller Contact Details
Get First Value · 350 Fifth Avenue, Suite 4100, New York, NY 10118
Email: [email protected]
Phone: (908) 661-2009
Our Data Protection Officer ("DPO") can be contacted at [email protected]. We aim to respond to all data protection inquiries within 30 days.
Depending on how you interact with us, we may collect the following categories of personal data:
- Identity data: first name, last name, job title, company name
- Contact data: email address, telephone number, postal address
- Business data: website URL, marketing budget range, service interest, business description
- Communications data: the content of messages, emails, or inquiry forms you send us
- Application data: CV, cover letter, employment history, and other information provided when applying for a role
- Technical data: IP address, browser type and version, operating system, device identifiers, time zone
- Usage data: pages visited, referral source, time on page, click interactions, and navigation path through our site
- Cookie data: preferences, session identifiers, and analytics identifiers set by us or third-party tools (see Section 6)
- Publicly available professional information from LinkedIn or similar platforms when reviewing prospective candidates or clients
- Analytics data from Google Analytics, Google Search Console, and similar tools where you interact with content we manage on behalf of clients
- Referral information from partners or introducers who share your contact details with your consent
We do not collect or process special category data (as defined by applicable US privacy law) through this website, and we ask that you do not submit any such data via our contact or inquiry forms.
We collect personal data through the following channels:
- Contact and inquiry forms on this website, including the "Book Free Audit" form
- Direct email or telephone communications initiated by you
- Careers applications submitted by email to [email protected] or via a listed role
- Automated technologies including cookies, server logs, and analytics tools when you visit our website
- Third-party sources including referral partners, professional networks, and analytics platforms
- Events and meetings where you provide your business card or contact details in person or virtually
We use personal data only for the purposes set out below. We will not use your data in any manner incompatible with the purpose for which it was collected.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Responding to an inquiry or audit request | Identity, contact, business data | Pre-contractual steps (Art. 6(1)(b)) |
| Providing our digital marketing services under a contract | Identity, contact, business data | Contract performance (Art. 6(1)(b)) |
| Sending marketing communications about our services, insights, or case studies | Identity, contact data | Legitimate interests / consent (Art. 6(1)(a) or (f)) |
| Improving and analysing website performance | Technical, usage, cookie data | Legitimate interests (Art. 6(1)(f)) |
| Processing job applications and assessing candidates | Identity, contact, application data | Pre-contractual steps / legitimate interests |
| Complying with legal obligations (e.g. accounting, tax) | Identity, contact, financial data | Legal obligation (Art. 6(1)(c)) |
| Protecting our legitimate business interests and preventing fraud | Technical, usage data | Legitimate interests (Art. 6(1)(f)) |
Under applicable US privacy law, we rely on one or more of the following legal bases depending on the processing activity:
- Consent: where you have given clear, specific, and freely-given consent — for example, opting in to marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Contract: where processing is necessary to perform a contract with you, or to take steps at your request before entering into one — such as preparing a proposal or scoping a project.
- Legal obligation: where processing is required to comply with a legal or regulatory obligation applicable to us under US law.
- Legitimate interests: where processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and improving our business, preventing fraud, ensuring network security, and direct marketing to existing clients and qualified prospects.
Where we rely on legitimate interests, you have the right to object to that processing. Please see Section 10 for details of how to exercise your rights.
Our website uses cookies and similar tracking technologies to operate correctly and to help us understand how visitors use it. A cookie is a small text file placed on your device when you visit a website.
| Category | Purpose | Basis |
|---|---|---|
| Strictly Necessary | Essential for the website to function — session management, security tokens, load balancing | No consent required |
| Analytics | Google Analytics (GA4): page views, session duration, traffic sources, device type. Data is anonymised where possible | Consent |
| Functional | Remembering your preferences (e.g. region, form progress) to improve your experience | Consent |
| Marketing | Tracking ad performance and remarketing via Google Ads and LinkedIn Insight Tag, where applicable | Consent |
You can control and manage cookies in several ways:
- Using our cookie consent banner when you first visit the site
- Adjusting your browser settings to block or delete cookies — note that this may impair certain site functionality
- Opting out of Google Analytics tracking at tools.google.com/dlpage/gaoptout
- Managing LinkedIn advertising preferences at linkedin.com/psettings
We do not sell, rent, or trade your personal data. We share it only in the following circumstances and only to the extent necessary:
We use third-party companies to support our operations. These parties act as data processors under our instruction and are bound by data processing agreements:
- Google LLC — Google Analytics (website analytics), Google Workspace (email and document management), Google Ads (advertising)
- HubSpot Inc. — CRM and marketing automation for managing client and prospect relationships
- Stripe Inc. — Payment processing for invoices and subscriptions
- Slack Technologies Inc. — Internal team communications
- Notion Labs Inc. — Internal documentation and project management
- LinkedIn Corporation — Advertising and candidate sourcing
We may share data with lawyers, accountants, auditors, and insurers where necessary in the course of professional services they provide to us, subject to confidentiality obligations.
We may disclose personal data to law enforcement agencies, regulators, courts, or other authorities if required to do so by applicable law or to protect the rights, property, or safety of Get First Value, our clients, or others.
In the event of a merger, acquisition, sale of assets, or similar corporate transaction, personal data may be transferred to a successor entity. We will provide notice before data is transferred and becomes subject to a different privacy policy.
Some of our third-party service providers operate outside the United States. When personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable US privacy law, including:
- Transfers to countries that provide an adequate level of data protection
- Use of Standard Contractual Clauses or equivalent data transfer mechanisms approved by relevant authorities
- Binding Corporate Rules where applicable within a multinational corporate group
Several of our processors (including Google, HubSpot, and Stripe) are headquartered in the United States. These transfers are governed by appropriate data transfer mechanisms and, where applicable, the EU–US Data Privacy Framework adequacy decision.
You may request a copy of the relevant transfer mechanism by contacting us at [email protected].
We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account our legal obligations and legitimate business interests. The following retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Enquiry and audit request data | 2 years from last contact | Business relationship management |
| Client contract and billing data | 7 years from contract end | Legal and tax obligation (IRS/applicable US law) |
| Marketing contact data | Until withdrawal of consent or opt-out | Consent-based processing |
| Job application data (unsuccessful) | 6 months from application date | Potential re-engagement; legal claims window |
| Job application data (hired) | Duration of employment + 7 years | Employment law obligations |
| Website analytics data | 26 months (GA4 default) | Performance analysis |
| Server and access logs | 90 days | Security monitoring |
At the end of the applicable retention period, data is securely deleted or anonymised so that it can no longer be attributed to you.
Under CCPA/US Privacy Law, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions in certain circumstances.
To exercise any of these rights, contact us at [email protected] with your full name and sufficient information to verify your identity. We will respond within 30 calendar days. We do not charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.
Our website and services are directed at business professionals and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at [email protected] and we will take prompt steps to delete that data.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
For material changes — those that significantly affect your rights or how we use your data — we will provide more prominent notice, which may include an email notification to existing clients or a banner on our website. We encourage you to review this page periodically.
Your continued use of our website or services after any change constitutes acceptance of the updated policy. If you do not accept the updated policy, please cease using the website and contact us to discuss your options.
If you have a concern about how we have handled your personal data, we ask that you contact us first at [email protected] so that we have the opportunity to address it. We take all data protection complaints seriously and will respond promptly.
If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Federal Trade Commission ("FTC"), the US supervisory authority for privacy and consumer protection matters:
Website: ftc.gov
Phone: 1-877-382-4357
Post: 600 Pennsylvania Avenue NW, Washington, DC 20580
You also have the right to seek judicial remedy in the courts of the State of New York if you believe your rights have been infringed.
This Privacy Policy was drafted in accordance with the California Consumer Privacy Act (CCPA) and applicable US privacy law, including guidance published by the Federal Trade Commission. It is effective as of 25 June 2026. For questions, contact [email protected].