Privacy Policy

GTM Forge ("GTM Forge", "we", "us" or "our") is an executive search and recruitment consultancy specialising in Go-To-Market, revenue leadership, enterprise sales and technical GTM hiring for software companies. We operate from England and Wales and provide retained and contingent search services to clients across the UK, EMEA and globally.

This Privacy Policy explains how we collect, use, share and protect personal data when we provide our services and when you interact with our website at gtmforgesearch.com. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

GTM Forge is the data controller for personal data processed in connection with our candidate database, client engagements and website.

2.1 Candidate data

When we engage with candidates as part of an executive search or recruitment assignment, we may collect and process:

• Name, contact details and location
• Curriculum vitae and professional biography
• Employment history, current role and notice period
• Education, qualifications and professional certifications
• References and recommendations
• Salary, bonus, equity and compensation expectations
• Interview notes, assessment scorecards and search consultant observations
• Right-to-work and visa status, where relevant to a specific role
• Diversity information, where voluntarily provided and where lawful to process

2.2 Client data

For clients and prospective clients, we typically process:

• Name, job title and business contact details of key stakeholders
• Company information, structure and commercial context
• Hiring requirements, role specifications and search briefs
• Correspondence and meeting notes relating to assignments

2.3 Website visitor data

When you visit our website, we may collect:

• Analytics data, including pages viewed and time on site
• Cookies and similar technologies (see Section 11)
• IP address and approximate geographic location
• Browser type, device information and referring URL
• Information you submit through enquiry, contact or download forms

We collect personal data through a number of channels, including:

• Forms and downloads on our website
• CVs submitted directly or shared with us by a candidate
• LinkedIn and other professional networking platforms
• Direct email and phone communication
• Referrals from trusted contacts, candidates and clients
• Client engagements and search briefings
• Publicly available professional sources, such as company websites, conference speaker lists and industry publications

Where we obtain information about a candidate from a source other than the candidate directly, we will inform the candidate at the earliest appropriate opportunity.

We use personal data for the following purposes:

• Identifying, evaluating and assessing candidates for current and future roles
• Conducting executive search and recruitment assignments on behalf of clients
• Introducing candidates to prospective employers
• Communicating with candidates and clients about active and potential opportunities
• Business development and relationship management
• Improving our website, services and assessment methodologies
• Meeting legal, regulatory and contractual obligations

We rely on the following lawful bases under UK GDPR:

• Consent — where you have provided clear consent, for example by submitting an enquiry, downloading a resource or opting in to receive communications.
• Legitimate interests — where it is in our legitimate interest as an executive search firm to identify and approach senior GTM professionals about relevant roles, provided your interests and fundamental rights are not overridden.
• Contractual necessity — to deliver services to clients under retained or contingent search agreements, and to progress candidates through an assignment.
• Legal obligations — where processing is required to meet our regulatory, employment or tax obligations.

Candidate information is treated as confidential and is shared only where appropriate to the search assignment. We may share candidate information with:

• Prospective employers and clients engaged on a specific assignment
• Reference providers nominated by the candidate
• Trusted service providers acting on our behalf under appropriate agreements
• Regulators, advisers or authorities where required by law

We do not sell candidate data and we do not share full CVs or detailed candidate profiles with clients without the candidate's prior knowledge.

Our clients and candidates operate globally. Where we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to jurisdictions covered by an adequacy decision.

We retain personal data only for as long as is necessary for the purposes for which it was collected, including to meet legal, accounting or reporting requirements.

• Candidate records: retained for up to six years from the date of last meaningful engagement, reflecting the long-cycle nature of executive search and the likelihood of relevance for future senior roles.
• Client records: retained for the duration of the commercial relationship and for six years following its conclusion.
• Website enquiry data: retained for up to 24 months unless an active relationship develops.

You may request earlier deletion at any time, subject to any overriding legal obligation we may have to retain certain records.

We apply appropriate administrative, technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include access controls, encryption in transit, secure cloud infrastructure, vetted service providers and confidentiality obligations on our personnel.

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access to the personal data we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") in defined circumstances
• Right to restrict processing
• Right to object to processing, including direct marketing
• Right to data portability
• Right to withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at the address in Section 12. We will respond within one month of receiving a valid request.

Our website uses cookies and similar technologies to operate the site, measure performance and improve the user experience. Further information about the cookies we use and how to manage them is available in our separate Cookie Policy and through your browser settings.

For any questions about this Privacy Policy or to exercise your rights, please contact us:

GTM Forge
Email: hello@gtmforgesearch.com
Jurisdiction: England and Wales

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113. Website: ico.org.uk.

We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO.