Legal
Privacy Policy
Last updated: May 2026
Who we are
This site is operated by GTM Experts, founded by Wesley Henderiks, at hire-gtm-experts.com. For any privacy question, or to exercise your rights below, email us at info@hire-gtm-experts.com.
This policy explains how we handle the personal data of website visitors and applicants. Where you become an engaged agency or a placed SDR, the handling of data within that relationship is governed by separate written agreements (see “Engagements are governed by separate agreements” below).
Note for counsel: confirm the data-controller legal entity name and the lead EU supervisory authority before publication. (Placeholder — to be finalized.)
What we collect
- Form submissions. When you submit the agency application, the SDR application, or the contact form, we collect the fields you provide — such as your name, work email, company or agency name, and any message. The SDR application also collects a phone number and a link to an intro video.
- Referral attribution. If you arrive via a referral link, a hidden referral value is recorded with your form submission so we can credit the referrer.
- Scheduling data. If you book a call, the scheduling tool collects your name, email, and chosen time.
- Server and edge logs. Our hosting provider records standard technical data (such as IP address and request details) to serve and secure the site.
- No analytics cookies. Our analytics are cookieless and do not track you across sites. See our Cookie Policy.
Why we use your data
- To respond to agency, SDR, and general inquiries.
- To qualify and onboard founding agencies.
- To assess SDR applicants and match talent with agencies.
- To attribute referrals correctly.
- To send the confirmation and follow-up emails you would expect after contacting us.
Lawful basis (for visitors in the EU, UK, and similar regimes)
- Legitimate interest — responding to business-to-business inquiries and assessing recruitment applications.
- Consent — for any optional updates or marketing emails you choose to receive, which you can withdraw at any time.
- Contract — where we are entering into or performing an agreement with you (for engaged agencies and placed SDRs).
How long we keep it
We keep personal data only as long as we need it for the purpose it was collected, then delete or anonymize it. Our standard windows are:
- Inquiry and application data — kept for the duration of the conversation or assessment, then for up to 12 months in case the conversation resumes, after which it is deleted.
- Unsuccessful SDR applicant data — deleted within 6 months of the decision, unless you ask us to keep your details on file for future openings.
- Data tied to a signed engagement — retained for as long as the law requires us to keep contract and tax records, then deleted.
Third-party services we rely on
We keep our stack small and disclose every service that may handle personal data. Below is each provider, the role it plays under data-protection law, the data it receives, and how international transfers are covered.
Formspree
- Role
- Processor (we are the controller of applicant and contact data)
- Data received
- Form fields you submit — name, work email, company or agency name, phone (SDR application), free-text message, and a hidden referral value if you arrived via a referral link.
- Purpose
- Receiving and forwarding website form submissions to our inbox.
- Transfer safeguard
- Data Processing Agreement and sub-processor chain; Standard Contractual Clauses or the Data Privacy Framework as applicable.
Stripe
- Role
- Independent data controller (determines its own purposes — payment processing, fraud prevention, and legal compliance)
- Data received
- Name and billing/payment details, entered at Stripe’s own off-site checkout — we never see or store full card numbers.
- Purpose
- Processing payments and invoices for engaged agencies.
- Transfer safeguard
- Self-certified under the EU–US, UK, and Swiss Data Privacy Framework.
Calendly
- Role
- Processor (scheduling)
- Data received
- Name, email, and scheduling details, only when you choose to book a call. Calendly opens in a new tab via an outbound link — it is not embedded in our pages.
- Purpose
- Booking and managing scheduled calls.
- Transfer safeguard
- Calendly Data Processing Agreement; Standard Contractual Clauses or the Data Privacy Framework.
YouTube (Google)
- Role
- Independent controller for embedded video — but only after you click play
- Data received
- Device and cookie data, set by YouTube only when you click play on an embedded video. Until then, our pages load no YouTube scripts or cookies.
- Purpose
- Delivering optional embedded videos.
- Transfer safeguard
- Google’s Data Privacy Framework certification.
Cloudflare
- Role
- Processor — static hosting and cookieless Web Analytics
- Data received
- Standard server and edge logs (for example IP address and request metadata) needed to serve and secure the site. Our analytics beacon sets no cookies and stores no client-side state.
- Purpose
- Hosting this static website (served by a Cloudflare Worker) and measuring aggregate traffic and performance without cookies.
- Transfer safeguard
- Cloudflare Data Processing Agreement.
Zoho Mail
- Role
- Processor — email handling for info@hire-gtm-experts.com
- Data received
- The content and metadata of emails you send to us, and of any replies or confirmations we send you.
- Purpose
- Sending and receiving email for inquiries and confirmations.
- Transfer safeguard
- Zoho Data Processing Agreement.
International transfers
Some of the providers above are based outside the EU and UK, and our talent is currently based in the Philippines, so personal data may be transferred to and processed in the United States, the Philippines, and other countries. Where it is, we rely on Standard Contractual Clauses and/or the relevant Data Privacy Framework certifications to keep those transfers protected.
Engagements are governed by separate agreements
When an agency engages us, the agency remains the data controller of its own lead lists and prospect data, and we act as a data processor on the agency’s documented instructions for that data, while remaining the controller of our own operational data (such as our talent and visitor records). The detailed handling of an agency’s prospect data — including ownership, recording notices, and deletion — is set out in the separate agreements that govern the engagement, not in this public policy.
Your rights
Depending on where you live, you have the right to access, correct, delete, port, object to, or restrict our use of your personal data, and to withdraw consent at any time. To exercise any of these, email info@hire-gtm-experts.com. You also have the right to lodge a complaint with your local data-protection supervisory authority.
Cookies
For details on cookies and similar technologies, see our Cookie Policy. In short, we do not set non-essential cookies before you take an action.
Changes to this policy
We may update this policy as our services or providers change. When we do, we will update the “Last updated” date at the top of this page.