Privacy Policy

Users of our websites and applications

This section describes our privacy practices with respect to https://www.broadreachcg.com and any related BRCG-operated subdomains, web applications, and online tools (such as the GTM Maturity Assessment) that link to this privacy statement (together referred to as the “Site”).

We may provide a separate privacy statement in connection with certain websites and applications that we offer, and where we do so, such privacy statement will apply to our collection and use of personal information collected through such websites and applications.

Information collection

When you access or otherwise use our Site, we will collect information about you and how you interact with our Site. We may collect information about you through: (1) information you provide; (2) automatic tracking technologies; and (3) third parties.

Information you provide

When you access our Site, you may choose to provide information about yourself, such as your name, address, email address, telephone number, job title, and company name. By way of example, you may choose to provide your information in the following circumstances:

• Subscription to or ordering of periodic newsletters, benchmark reports, or other publications that BRCG may make available from time to time at its sole discretion as to timing, content, and approach;
• Participation in “join our mailing list” initiatives;
• Participation in any bulletin boards, discussion areas, support comment threads, or user forums that BRCG may make available from time to time, including in connection with its software or diagnostic tools;
• Completing assessments, surveys, quizzes, or benchmarking exercises (such as the GTM Maturity Assessment);
• Registration for events, webinars, working sessions, or conferences;
• Registration for premium online services, software-as-a-service tiers, or diagnostic tools that BRCG may make available from time to time;
• Contacting us through the contact form to request a consultation or further information;
• Visiting our Site while logged into a social media platform.

Automatically collected information

We may use online identification technologies, such as cookies, web beacons, or pixels on some pages of our Site (“Tracking Technologies”). The information we collect using these technologies includes IP address, browser type, language, access time, and referring website. Cookies are small text files placed on your hard drive that assist us in providing a more customized website experience. For example, a cookie can be used to store registration information in an area of the website so that a user does not need to re-enter it on subsequent visits to that area. BRCG may use Tracking Technologies on our Site, third-party sites, and social media platforms. These Tracking Technologies help to measure the efficacy of our marketing and awareness activities and to understand how visitors navigate to our Site. We use these technologies to compile aggregated statistics about visitors who interact with BRCG online content, to gauge the effectiveness of our outreach, and to better provide more pertinent information to our visitors.

BRCG uses third-party analytics providers (currently Google Analytics 4 and Microsoft Clarity) and uses sales engagement and customer relationship management platforms (currently Apollo.io and HubSpot) to support business development and client communications. Some of these technologies set cookies or persistent identifiers that may recognize you across BRCG’s Site and other sites for analytics, marketing, and personalization purposes.

Third-party analytics

BRCG uses website analytics providers, which may set cookies in your browser. Site activity information collected by these analytics providers may be combined with personal information held by BRCG.

To properly manage our Site, we also log anonymous information on our operational systems and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to inform Site improvements. This is to improve the web experience of our Site’s visitors and to provide us with an effective information resource.

When we send you emails, we may use email tracking technologies, including small embedded tracking pixels and unique link identifiers added to the URLs in the message, to determine whether the email has been opened, whether and when the links contained within the message have been clicked, and other engagement signals. We may combine information collected through these means with other information we maintain about you, including information from our sales engagement and customer relationship management platforms (currently Apollo.io and HubSpot), to measure interest in our specific offerings and email campaigns, improve our offerings to specific target audiences, and tailor our interactions with you. You can limit pixel-based tracking by configuring your email client not to load remote images automatically, and you can unsubscribe from marketing emails at any time using the unsubscribe link included in those messages. Where required by applicable law, we will obtain your consent before using such tracking in marketing emails.

Information use and legal bases

We use the information we collect as described above for various purposes, depending on the context in which we collected the information. Where required by applicable data protection law (including the EU and UK General Data Protection Regulation), we rely on one of the following legal bases to process your personal information:

• Performance of a contract: where processing is necessary to provide a service or product you have requested, or otherwise to perform a contract between us;
• Legitimate interests: where processing is necessary for our legitimate business interests (such as operating and improving the Site, business development, fraud prevention, and securing our systems), provided those interests are not overridden by your rights;
• Consent: where you have given consent to a specific use of your information (which you may withdraw at any time);
• Legal obligation: where processing is necessary to comply with a legal or regulatory obligation that applies to BRCG.

We use the information we collect for the following business purposes:

• Operating and improving the Site;
• Fulfilling your requests for information, content, or services;
• Managing your subscription and communication preferences;
• Customizing the Site for you;
• Understanding how the Site is being used;
• Exploring ways to develop and grow our practice;
• Maintaining and improving the safety and security of the Site;
• Preventing and enhancing protection against fraud, spam, harassment, intellectual property infringement, crime, and security risks;
• Sending you renewal notifications and/or service notifications;
• Conducting customer satisfaction surveys;
• Improving our products and services;
• Running our operations;
• Complying with the law and legal obligations;
• Responding to your inquiries; and
• Sending communications about BRCG products, services, and events.

Information retention

We will retain the personal information collected by us through the Site for as long as is necessary for the purpose(s) for which it was collected as set out in this privacy statement, provided that personal information may be held for longer periods where extended retention periods are required by law, regulation, or professional standards, and in order to establish, exercise, or defend our legal rights.

Information sharing

We may share personal information as described in the Information disclosure section below. To deliver our services and run our operations, we engage technology vendors and service providers, and we may from time to time engage individual operators (such as contracted analysts or members of a 1099 delivery bench) to act on BRCG’s instruction on a need-to-know basis. These recipients are restricted by contract from using personal information for their own marketing or any other independent purpose. They process personal information only as our processors or service providers, not as independent controllers, and not as third parties acting for their own benefit.

For the avoidance of doubt, where any BRCG product or service materials (such as the GTM Maturity Assessment report) state that BRCG does not share specific customer data with “third parties,” that statement refers to outside parties who would use the data for their own purposes. It does not refer to subcontractors, service providers, and engaged operators who access information solely on BRCG’s instruction and on a need-to-know basis as described in this section.

Third-party sites

Our Site may link to other websites that do not operate under BRCG’s privacy practices. When you link to other websites, BRCG’s privacy practices no longer apply. We encourage you to review each site’s privacy policy before disclosing any personal information.

Children

BRCG understands the importance of protecting children’s privacy, especially in an online environment. The Site is not intentionally designed for or directed at children under the age of 13 years. It is BRCG’s policy never to knowingly collect or maintain personal information about children under the age of 13.

Security

BRCG has implemented generally accepted standards of technology and operational security designed to protect personal information from loss, misuse, alteration, or destruction. Only authorized BRCG personnel, subcontractors, service providers, and engaged operators acting on BRCG’s instruction are provided access to personal information, and these recipients are bound by written confidentiality and data-handling obligations. Please note that in the unlikely event that we might need to contact you about a matter involving your personal information, we may email you about the matter.

Cross-border transfer

BRCG is a consulting practice based in the United States. Our customers and engagement counterparts are predominantly US-based, and our day-to-day business is conducted in the United States.

Some of our customers (including private equity firms acting as Operating Partners) hold portfolio companies or affiliates located outside the United States, and some of our service providers and technology vendors process data from facilities in other countries. As a result, personal information that BRCG collects or processes may, in limited circumstances, be transferred outside the countries where the relevant individual, customer, or service provider is located. This includes transfers to or from countries outside the European Economic Area (“EEA”) and the United Kingdom (“UK”), and to countries whose laws may not provide the same degree of protection for personal information as the individual’s home country. In accordance with applicable legal requirements, we take appropriate measures to facilitate an adequate level of protection for any personal information so transferred.

Where we transfer personal information from the EEA or the UK to a country or framework that has not been recognized by the European Commission or the UK government as providing an adequate level of protection for personal information, we rely on an appropriate transfer mechanism. Depending on the circumstances, this may include the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (or the UK International Data Transfer Agreement), an applicable adequacy decision, or another lawful transfer mechanism. Where appropriate, we apply supplementary technical, organizational, or contractual measures to address risks to the personal information transferred.

Information disclosure

We will only share personal information with others for a business purpose and when we are legally permitted or required to do so. When we share information with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the information and to comply with our information protection, confidentiality, and security standards.

In addition to any information sharing practices described in the relevant section under our processing activities, we share personal information with the following categories of recipients:

• Subcontractors, service providers, and engaged operators acting on BRCG’s instruction.

  We may share personal information with subcontractors and service providers, and from time to time with individual operators (such as contracted analysts or members of a 1099 delivery bench), where necessary for administrative purposes and to provide professional services to our customers. These recipients act on a need-to-know basis under written confidentiality and data-handling obligations, use personal information solely as instructed by BRCG, and are not authorized to use it for their own marketing or any independent purpose.

• Third-party service providers.

  Third-party organizations that provide applications/functionality, data processing, or IT services to us. We use third parties to support us in providing our services and to help provide, run, and manage our internal IT systems. Examples include providers of information technology, cloud-based software-as-a-service providers, identity management, website hosting and management, data analysis, data back-up, security, and storage services. The servers powering and facilitating that cloud infrastructure may be located in data centers around the world, and personal information may be stored in any one of them.

• Auditors, professional advisors, and insurers.

  We engage auditors and other professional advisors, for example, law firms, as necessary to establish, exercise, or defend our legal rights and obtain advice in connection with the running of our business. Personal information may be shared with these auditors and other advisors as necessary in connection with the products and services they have been engaged to provide. We also have a number of business insurance policies in place, and we may need to share personal information with the insurer, for example, in the event of a claim.

• Law enforcement or other government and regulatory agencies, or other third parties as required by, and in accordance with, applicable law or regulation.

  Occasionally, we may receive requests from third parties with the authority to obtain disclosure of personal information, such as to verify our compliance with applicable law and regulation, to investigate an alleged crime, or to establish, exercise, or defend legal rights. We will only fulfill requests for personal information where we are permitted to do so in accordance with applicable law or regulation.

• Third party organizations in connection with a corporate transaction.

  We may disclose your information to a third party as necessary in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or capital.

European Economic Area and United Kingdom Privacy Rights

If you are an individual located in the European Economic Area or the United Kingdom, in certain circumstances under applicable law (specifically in connection with certain services that we provide), you may have the right to access or obtain a copy of your personal information, to rectify your personal information, to have your personal information deleted, to restrict the processing of your personal information, to object to the processing of your personal information, to data portability, and to withdraw your consent for processing (where processing is based on your consent). Please note that if you withdraw your consent, we may not be able to provide you the services for which it was necessary to process your information based on your consent.

To submit a request relating to any of these rights, please use our general contact form. We will respond to your request within a reasonable timeframe in accordance with applicable law.

We hope that you won’t ever need to, but if you do want to complain about our use of personal information, please send us a message with the details of your complaint by completing our general contact form.

If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with a data protection supervisory authority in the country in which you live, in which you work, or in which you believe an alleged infringement of applicable data protection law has occurred. Contact details for EEA supervisory authorities are available on the European Data Protection Board’s website, and contact details for the UK supervisory authority are available from the Information Commissioner’s Office. We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority, and we encourage you to contact us first using the channels described above.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.

Categories of personal information we collect

In the past 12 months, BRCG has collected the following categories of personal information, as defined under the CCPA:

• Identifiers: such as name, postal address, email address, telephone number, online identifiers, IP address, and similar identifiers;
• Customer records: contact information and professional details (such as job title and company name) that may be considered personal information under California Civil Code §1798.80;
• Characteristics of protected classifications: only where voluntarily provided in connection with employment or contractor applications;
• Commercial information: records of services requested, content downloaded, and engagement history;
• Internet or other electronic network activity information: browsing activity on our Site, interactions with content and emails, and similar information collected through Tracking Technologies;
• Geolocation data: approximate location derived from IP address;
• Professional or employment-related information: business contact information, role, and company affiliation;
• Inferences: inferences drawn from the categories above to create a profile reflecting professional interests and likely engagement needs.

Sources and business purposes

We collect these categories of personal information directly from you (when you contact us, complete an assessment, or subscribe to communications), automatically through Tracking Technologies, and from third parties such as analytics and marketing providers. We use this information for the business purposes described under “Information use and legal bases,” including operating the Site, providing services, business development, security, and legal compliance.

Categories disclosed for a business purpose

In the past 12 months, BRCG has disclosed the following categories of personal information for a business purpose: identifiers, customer records, commercial information, internet or other electronic network activity information, geolocation data, professional or employment-related information, and inferences. The categories of recipients are described in the “Information disclosure” section above.

Sale or sharing of personal information

BRCG does not sell personal information for monetary consideration. However, the CCPA defines “sharing” broadly to include disclosures of personal information for cross-context behavioral advertising, and the “sale” definition can include certain disclosures for other valuable consideration. Because BRCG uses third-party analytics technologies (such as Google Analytics 4 and Microsoft Clarity) and sales engagement and customer relationship management platforms (such as Apollo.io and HubSpot), some disclosures of identifiers and internet activity information may constitute “sharing” under the CCPA. You have the right to opt out of such sharing at any time through the cookie consent banner on our Site or by submitting a request through our general contact form.

Sensitive personal information

BRCG does not knowingly collect sensitive personal information (as defined under the CCPA) for the purpose of inferring characteristics about you. To the extent any sensitive personal information is collected (for example, login credentials in connection with an account on the Site), it is used only for the purposes permitted by the CCPA without a separate right to limit use, such as performing the services requested.

Your California rights

Subject to verification and applicable exceptions, you have the following rights under the CCPA:

• Right to know: request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, business purposes, and categories of third parties with whom we have shared the information;
• Right to delete: request that we delete personal information we have collected from you;
• Right to correct: request that we correct inaccurate personal information we maintain about you;
• Right to opt out of sale or sharing: direct us not to sell or share your personal information for cross-context behavioral advertising;
• Right to limit use of sensitive personal information: to the extent applicable, direct us to limit the use of sensitive personal information to permitted purposes;
• Right to non-discrimination: not to receive discriminatory treatment for exercising any of these rights;
• Right to designate an authorized agent: use an authorized agent to submit a request on your behalf.

How to exercise your California rights

To submit a request to know, delete, correct, opt out, or limit use, please use our general contact form. We will verify your identity using reasonable means appropriate to the sensitivity of the request and the personal information at issue, which may include matching information you provide with information we already maintain or asking you to confirm certain account or transaction details. If you use an authorized agent, we may require written proof of the agent’s authorization and may require you to verify your own identity directly with us.

Global Privacy Control

BRCG does not currently respond to Global Privacy Control (“GPC”) browser signals at the technology level. We are evaluating GPC handling as part of our consent and opt-out program. In the interim, California residents may exercise opt-out rights through the cookie consent banner on our Site or by submitting a request through our general contact form, and we will honor those requests.

Notice of financial incentive

BRCG does not offer financial incentives or price or service differences in exchange for the collection, sale, sharing, or retention of personal information.