Privacy Policy

Summary of Key Points

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
• Do we process any sensitive personal information? We do not process sensitive personal information.
• Do we collect any information from third parties? We may receive limited member data from LinkedIn's and Meta's Marketing APIs in connection with our own marketing activities and when providing campaign management and lead generation services on behalf of clients.
• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
• In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
• How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. No electronic transmission can be guaranteed 100% secure.
• What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
• If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the GDPR, including access, correction, deletion, restriction, objection, and data portability.

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Information You Give Us: Names, phone numbers, email addresses, mailing addresses, job titles, company information, contact preferences, and communication consent records (including consent to receive emails or text messages).

Information Collected Automatically: IP addresses, browser/device characteristics, and location data are collected via cookies and Google Analytics.

Sensitive Information: We do not process sensitive information.

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser type, operating system, language preferences, referring URLs, device name, country, and location.

We may also collect aggregated behavioral data such as page interactions, scrolling activity, mouse movement patterns, and clicks to understand how users interact with our website. This data does not include keystrokes, form inputs, or content entered into forms.

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

• To send you marketing and promotional communications: We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences.
• To send transactional or informational text messages: We may use your phone number to send appointment confirmations, scheduling updates, or other service-related messages related to your interactions with us. These messages are not promotional in nature. You may opt out of text messages at any time by replying "STOP."
• To deliver targeted advertising to you: We may process your information to develop and display personalized content and advertising tailored to your interests.
• To protect our Services: We may process your information as part of our efforts to keep our Services safe and secure.
• To identify usage trends: We may process information about how you use our Services to better understand how they are being used so we can improve them.
• To save or protect an individual's vital interest: We may process your information when necessary to prevent harm.

3. What Legal Bases Do We Rely On to Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (legal basis) to do so under applicable law.

If you are located in the EEA, UK, or Switzerland, our legal bases for processing personal information under the GDPR include:

• Consent: We may process your information if you have given us permission (consent) for a specific purpose. This includes consent provided through website forms or other communications where you agree to receive emails or text messages.
• Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests. This includes website analytics, service improvement, and business communications, provided these interests are not overridden by your rights and freedoms.
• Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations.
• Performance of a Contract: We may process your information when necessary to fulfill a contract with you or to take steps at your request before entering into a contract.

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.
• Email Service Provider: We use an email marketing platform to send newsletters and follow-up communications. They have access to the contact information you provide.
• Messaging and scheduling service providers: We may use third-party tools to send emails or text messages and to manage scheduling and meeting confirmations. These providers only process personal information on our behalf and according to our instructions.
• Google Analytics: Google receives analytics data to help us track site traffic. They process this data according to their own privacy policy.
• LinkedIn Marketing APIs: We integrate with LinkedIn's Marketing APIs, including the Lead Sync API, Advertising API, Conversions API, and Events Management API, to manage advertising campaigns, capture leads, track conversions, and manage events — both for our own marketing activities and on behalf of clients. In connection with these integrations, we may receive LinkedIn member data such as names, email addresses, job titles, and company information submitted through LinkedIn Lead Gen Forms. When this data is collected for our own marketing purposes, it is used solely to follow up on expressed interest in GBM's services. When collected on behalf of a client, it is processed solely for the purpose of delivering marketing services to that client and is not used for any other purpose, sold, or shared outside the authorized client environment. We also send conversion event data back to LinkedIn to support campaign measurement and optimization for both GBM and client campaigns. All LinkedIn data is handled in accordance with LinkedIn's API Terms of Use and applicable data protection laws.
• Meta Marketing APIs (Facebook and Instagram): We integrate with Meta's Marketing APIs to manage advertising campaigns, track conversions, and measure campaign performance across Facebook and Instagram — both for our own marketing activities and on behalf of clients. In connection with these integrations, we may receive data such as names, email addresses, and engagement information from Meta's lead generation and conversion tracking tools. When this data is collected for our own marketing purposes, it is used solely to follow up on expressed interest in GBM's services. When collected on behalf of a client, it is processed solely for the purpose of delivering marketing services to that client and is not used for any other purpose, sold, or shared outside the authorized client environment. We also send conversion event data back to Meta via the Conversions API to support campaign measurement and optimization. All Meta data is handled in accordance with Meta's Platform Terms and applicable data protection laws.
• Legal Requirements: We may disclose information if required by law, court order, or to protect our legal rights.

4A. How Do We Handle Client Data?

In Short: When we manage advertising campaigns on behalf of clients, we act as a data processor, not a controller. The client is the data controller and is responsible for ensuring the lawful basis for processing their customers' personal data.

When GBM manages LinkedIn or Meta advertising campaigns on behalf of a client, any personal data processed in connection with those campaigns (including lead data, conversion data, and audience data) is processed solely on the client's instructions and for the client's purposes. We do not use client campaign data for our own marketing purposes, and we do not sell or share it outside the authorized client environment.

Where required by applicable law, we enter into appropriate data processing agreements with clients governing how client campaign data is handled. If you are a client and have questions about our data processing practices, please contact us at [email protected].

5. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. To opt out, visit https://tools.google.com/dlpage/gaoptout.

You can also opt out of Google Analytics by adjusting your browser settings to block or delete cookies, or by using privacy-focused browsers and extensions. Note that blocking cookies through your browser settings may affect how our website functions.

Cookie Consent (EEA and UK Visitors). If you are visiting from the European Economic Area, United Kingdom, or Switzerland, we will request your consent before placing non-essential cookies (including analytics cookies) on your device. You can withdraw consent at any time by adjusting your cookie preferences via the cookie consent banner on our website, or by emailing us at [email protected]. Essential cookies necessary for the website to function are placed without consent on the basis of our legitimate interest in operating a functional website.

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information. We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Notice, or as required or permitted by applicable law. The criteria we use to determine how long we keep data include: the duration of our business relationship with you; whether we have a legal obligation to retain the data; and whether retention is advisable given our legal position, such as applicable statutes of limitations. When data is no longer needed for these purposes, we delete or anonymize it. We will remove you from active marketing lists upon request but may retain some data for legal record-keeping.

7. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We use standard security practices (like SSL/TLS encryption) to protect your data. However, no electronic transmission over the Internet is 100% secure. We limit access to personal information to those who need it and work with service providers who maintain appropriate security standards.

Data Breach Notification. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law. If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.

If you are located in the EEA, UK, or Switzerland, you also have the right to object to processing based on legitimate interests and to request restriction of processing in certain circumstances. You may exercise these rights by contacting us at [email protected].

8. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old. Our website is intended for business professionals. If you are a parent and believe your child under 18 has provided us with personal information, contact us at [email protected], and we will delete it.

10. Links to Other Websites

In Short: Our website may link to other sites we don't control. This privacy policy only applies to our domain; when you click a link to another website, you should read their privacy policy to understand how they handle your information.

11. What Are Your Privacy Rights?

In Short: In some regions, such as the EEA, UK, Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

You may review, change, or terminate your account at any time. If you are located in the EEA or UK, you have the right to complain to your member state data protection authority.

For EU Residents: Under the GDPR, our legal basis for processing your information is consent (when you fill out forms) and legitimate business interests (analytics and business communications).

To exercise any of these rights, email [email protected] with your request. We will respond within the timeframes required by applicable law.

If you have opted in to receive text messages, you may opt out at any time by replying "STOP." Opting out of text messages does not affect your ability to receive email communications unless you also unsubscribe from those.

12. Controls for Do-Not-Track Features

Most web browsers include a Do-Not-Track ("DNT") feature. We do not currently respond to DNT browser signals, as no uniform technology standard has been finalized.

We are evaluating support for the Global Privacy Control (GPC) signal, which several U.S. state laws (including California, Colorado, and Connecticut) recognize as a valid opt-out from the sale or sharing of personal information. If you submit a GPC signal through a supported browser or extension, please also submit an explicit opt-out request to [email protected] while we complete our technical implementation.

13. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have specific rights regarding your personal information.

Categories of Personal Information We Collect

Retention: We retain these categories until the user requests deletion.

Do Not Sell or Share My Personal Information. We do not sell your personal information. We may share personal information with advertising platforms (such as Meta and LinkedIn) for purposes of targeted advertising and campaign measurement. Under the California Privacy Rights Act (CPRA) and similar state laws, this may constitute "sharing" for cross-context behavioral advertising. California residents, and residents of other states with applicable opt-out rights, may opt out of this sharing by emailing [email protected] with the subject line "Do Not Share My Personal Information." We will process your request within 15 business days.

Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of service because you exercised a privacy right.

14. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by an updated "Revised" date at the top. If we make significant changes to this privacy policy, we will update the "Last Updated" date at the top and may notify you directly through our website or email.

We do not knowingly transfer personal data from the EEA, UK, or Switzerland to countries without adequate data protection safeguards. Where such transfers are necessary (for example, to U.S.-based service providers), we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Article 46. For transfers of UK personal data, we rely on the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as applicable.

15. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at [email protected].

16. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information. To make a request, please email [email protected].