Data Protection

Introduction
Thank you for visiting the Growify GmbH website and for your interest in our company. We value the protection of your personal data. We ask you to read the following statement carefully.

Important: Our websites may contain links to websites of other providers to which this data protection declaration does not apply. We cannot be held liable for the handling of your personal data by third parties.

In the following, we would like to inform you about the types of your personal data (hereinafter "data") that we process, to what extent and for what purposes. The privacy policy applies to all processing of personal data carried out by us, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").

Status: March 25, 2020.

Information about the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior etc.

(2) The responsible party pursuant to Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is:      
Growify GmbH
Franz-Jacob-Straße 2B
10369 Berlin
Contact: dataprotection@growify.de

You can reach our data protection officer here or at our postal address with the suffix "data protection officer".

(3) When you contact us by e-mail or via a contact form, the data you provide (e-mail address, name, company and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accrued in this context after the storage is no longer necessary, or restrict the processing if there are legal obligations to retain data.

Your rights
(1) As a data subject, you have various rights under the GDPR with regard to the personal data concerning you. These result from Art. 15 to 21 GDPR:
· Right of information,
· Right of rectification or erasure,
· Right of restriction of processing,
· Right to oppose processing,
· Right of data portability.

(2) You also have the right to complain about the processing of your personal data by us to a data protection supervisory authority.

Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing, as well as the persons concerned.

Types of processed data
· Inventory data (e.g. names, addresses)
· Content data (e.g. entries in online forms, content of correspondence)
· Contact details (e.g. e-mail, telephone numbers)
· Meta/communication data (e.g. device information, IP addresses)
· Usage data (e.g. web pages visited, interest in content, access times)
· Location data (information about the geographical position of a device or person)

Categories of affected persons
· Staff (e.g. employees, applicants, former employees)
· Business and contractual partners
· Interested parties
· Communication partners
· Clients
· Users (e.g. website visitors, users of online services)

Processing purposes
· Provision of our online offer and usability
· A/B testing
· Monitoring of visits
· Office and organization procedures
· Cross-device tracking (processing of usage data across devices for marketing purposes)
· Direct marketing (e.g. by e-mail or postal mail)
· Feedback (e.g. collecting feedback via online form)
· Firewall
· Heatmaps (mouse activity on the part of the user, which is combined to form an overall image)
· Interest-based and behavioral marketing
· Contact requests and communication
· Conversion measurement (measurement of the effectiveness of marketing measures)
· Remarketing
· Measurement of reach (e.g. access statistics, recognition of returning visitors)
· Security measures
· Tracking (e.g., interest/behavioral profiling, use of cookies)
· Server monitoring and error detection
· Surveys and questionnaires (e.g. surveys with input options, multiple-choice questions)
· Provision of contractual services and customer service
· Managing and responding to requests
· Target group formation (determination of target groups relevant for marketing purposes or other output of content)

Relevant legal basis
Any data processing is done on the basis of the General Data Protection Regulation (GDPR), which we communicate below. (Please note that in addition to the provisions of the GDPR, the national data protection regulations in your country of residence may apply.

Consent (Art. 6 para. 1 p. 1 lit. a. GDPR): The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.

Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR): The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures, which are carried out at the request of the data subject.

Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.

Protection of vital interests (Art. 6 para. 1 p. 1 lit. d. GDPR): Processing is necessary to protect the vital interests of the data subject or another natural person.

Legitimate interests (Art. 6 (1) p. 1 lit. f. GDPR): Processing is necessary to protect the legitimate interests of the controller(s) or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. These include, in particular, the Federal Data Protection Act (BDSG). Furthermore, state data protection laws may apply in the individual federal states.

Security measures
(1) Technical and organizational measures: We have implemented appropriate technical and organizational measures, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, so that you can browse our website with the most complete protection of your personal data.  Our security measures are continuously improved in line with technological developments. Nevertheless, we must point out that Internet-based data transmissions can generally have security gaps. Unfortunately, we cannot guarantee absolute protection.

(2) SSL or TLS encryption: We use SSL or TLS encryption for this site for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

(3) Shortening of the IP address: If it is possible and storage of the IP address is not necessary, we have your IP address shortened (IP masking). This means that the last octet, i.e. the last two numbers of an IP address, is deleted.


Transfer and disclosure of personal data
As part of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that the data is disclosed to the aforementioned bodies.  In these cases, the data recipients may include, for example, providers of services and content that are integrated into a website, service providers commissioned with IT tasks or payment institutions in the context of payment transactions. We comply with the legal requirements in such cases and conclude corresponding contracts or agreements with the recipients of the data, which serve to protect your data.


Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU) and the European Economic Area (EEA)) or have such data processed, this is always done in accordance with the legal requirements.

We only process or allow your data to be processed in third countries with a recognized level of data protection or contractual obligations through so-called standard protection clauses of the EU Commission. (See also Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).


Information on specific data processing procedures
Commercial and business services
We process the data of our interested parties, customers, business and contractual partners (hereinafter collectively referred to as "contractual partners") for communication purposes, e.g. to answer inquiries, and for contractual and comparable legal relationships, as well as associated measures.

We transmit the data of the contractual partners to third parties (e.g. to participating telecommunication, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities) only to the extent that this is done within the framework of the applicable law for the aforementioned purposes or with the consent of the data subjects or is necessary to fulfill legal obligations. Information on further processing, e.g. for marketing purposes, is provided in this privacy statement.

The deletion of the data takes place after the expiry of legal warranty and comparable obligations, i.e. generally after 4 years. This does not apply to data stored in a customer account, e.g. as long as it must be retained for legal archiving reasons (e.g. for tax purposes usually 10 years). If data has been disclosed to us by the contractual partner in the context of an order, we delete it in accordance with the specifications of the order, generally after the end of the order.

If we use platforms or service providers to provide our services, the privacy notices and terms and conditions of the respective third-party providers or platforms apply.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of contract, term, customer category).

Affected persons: Interested parties, business and contractual partners.

Purposes of processing: customer service, contact requests and communication, management and response to requests, provision of contractual services.

Legal basis: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Provision of the online offer and web hosting
Our website is hosted by an external service provider (hoster). The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.

Our hoster will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions with respect to such data.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times), content data (e.g. entries in online forms), meta/communication data (e.g. device information, IP addresses).

Affected persons: Users (e.g. website visitors, users of online services).

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).


Contacting Growify
If you contact us (e.g. by contact form, email, phone or via social media), your information will be processed to respond to the contact requests and any requested actions.

The response is made in order to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).

Affected persons: Communication partners.

Purposes of processing: Communication and contact requests    

Legal basis: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Newsletter and electronic notifications
We only send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") with your consent or legal permission. Our newsletters contain industry information and trending topics, as well as information about our services and us.

To register for the newsletter, it is sufficient to provide an e-mail address.

Double opt-in procedure: To register for our newsletter, you must go through a so-called double opt-in process. This means that after registering on our website, you will receive an email in which you must confirm your registration again so that no one else can register your email address for the newsletter.

Deletion and restriction of processing: For a possible defense against claims by proving a given consent, we may store the unsubscribed e-mail addresses for up to three years based on our legitimate interests. An individual deletion request is possible at any time.  

The registration and consent to the newsletter is logged. The logging of the registration process takes place for the purpose of proving its proper course on the basis of our legitimate interests.  

Notes on legal basis: The newsletter is sent on the basis of the recipients' consent. If consent is not required, the dispatch takes place on the basis of our legitimate interests in direct marketing, if and to the extent permitted on a legal basis. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. In order to prove that the registration process has been carried out in accordance with the law, it is recorded on the basis of our legitimate interests.

Types of data processed: Contact data (e.g. e-mail, telephone numbers), inventory data (e.g. names, addresses), meta/communication data (e.g. device information, IP addresses), usage data (e.g. web pages visited, interest in content, access times).

Affected persons: Interested parties, contractual partners, pre-contractual partners, communication partners.

Purposes of processing: Direct marketing (e.g. by e-mail or postal mail), sending information.

Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Opt-out: You can unsubscribe from our newsletter at any time by revoking your consent or opting out of further receipt. You will find a link to unsubscribe at the end of each newsletter.

Presence in social networks (social media)
In order to communicate with active users and share information about us, we maintain online presences within social networks and process user data in this context.

We explicitly point out that user data may be processed outside the European Union. This may result in risks for users, as it could, for example, make it more difficult to comply with and enforce user rights.

We would also like to point out that the data of users within social networks is generally processed for market research and advertising purposes. In this context, for example, user profiles are created based on the usage behavior and resulting interests of the users, which in turn can be used, for example, to place presumably interesting advertisements. For these purposes, cookies are usually stored on the users' computers.  

For a more detailed description, please refer to the data privacy statements and information provided by the operators of the respective networks. For information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the respective networks and providers themselves.  

Types of data processed: Contact data (e.g. e-mail, telephone numbers), inventory data (e.g. names, addresses), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Affected persons: Users (e.g., website visitors, users of online services).

Purposes of processing: Contact requests and communication, tracking, remarketing, reach measurement.

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Used services and service providers
Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data privacy policy: https://www.facebook.com/about/privacy; Possibility of objection (Opt-Out): Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional notes on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy notice for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data. LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Website: https://www.linkedin.com; Data privacy policy: https://www.linkedin.com/legal/privacy-policy; Possibility of objection (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.Twitter: Social network; Service provider: Twitter Inc.; San Francisco, USA; Website https://twitter.com/; Data privacy policy: https://twitter.com/de/privacy

Plugins and Tools 
Google Analytics and Google Tag Manager
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Cookies are stored on your computer, which enable an analysis of your use of the website. This information is usually transferred to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

The legal basis for the use of Google Analytics is Art. 6 (1) p. 1 lit. f GDPR. Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data privacy policy: http://www.google.de/intl/de/policies/privacy.

In addition, the "Google Tag Manager" service is used to better manage the other services mentioned herein. Through this service, website tags can be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you visit the page, your browser loads the required web fonts into your browser cache in order to display the texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that this website was accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a GDPR; the consent can be revoked at any time. Translated with www.DeepL.com/Translator (free version)

If your browser does not support web fonts, a default font from your computer will be used.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and in the privacy policy of Google: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The purpose of reCAPTCHA is to check whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from spam. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

For more information about Google reCAPTCHA, see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

Facebook Plugins
Facebook social plugins and content - This may include, for example, content such as images, videos or texts and buttons with which users* can share content of this online offering within Facebook. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data privacy policy: https://www.facebook.com/about/privacy; Possibility of objection (Opt-Out): Settings for advertisements: https://www.facebook.com/settings?tab=ads

LinkedIn plugin and content
In order to be able to display individualized advertising on the web pages of the LinkedIn network portal and to obtain analyses of user behavior on our website, we use Linkedin services. Cookies are stored on your computer, which collect different data regarding the type and duration of the website visit by LinkedIn. This service is only available to users who have registered for LinkedIn services. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; Website: https://www.linkedin.com; Data privacy policy: https://www.linkedin.com/legal/privacy-policy; Possibility of objection (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Hubspot
In addition, for marketing and optimization purposes, we use on this website products and services of HubSpot, Inc. ("HubSpot"). Cookies are stored on your computer, which allow an analysis of your use of the website. This information may also be transferred to a HubSpot server outside the EU and stored there. Personal data is only collected in the course of this if you fill out forms on this website. In this case, your IP address will be stored in addition to the data you entered yourself. You can prevent the storage of cookies and the exchange of data with Hubspot by using the opt-out option provided.
Third party information: Hubspot Inc. 25 First Street, 2nd FloorCambridge, MA 02141, USA. Data privacy policy: https://legal.hubspot.com/privacy-policy.

Hotjar
In order to analyze and improve our web presence, we use services from Hotjar. Here, different data regarding the type and duration of the website visit are processed by Hotjar. The use of Hotjar is based on Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.

Service provider: Hotjar Ltd Website: https://www.hotjar.com/ Data privacy policy: https://www.hotjar.com/legal/policies/privacy/

Matomo
In order to analyze and improve our web presence, we use services from Matomo. Here, different data regarding the type and duration of the website visit are processed by Matomo. The use of Matomo is based on Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Service provider: Matomo: https://matomo.org/ Data privacy policy: https://matomo.org/privacy-policy/

Microsoft Tools
For purposes of analysis and improvement of our web presence as well as search engine optimization, search engine advertising and marketing in social media channels, we use various tools from Microsoft: Bing Places for Business, Microsoft Advertising, Bing Webmaster Tools, Micrsosoft Clarity.

In some cases, cookies are stored on your computer, which allow Microsoft to analyze your use of the website. The use of Microsoft tools is based on Art. 6 para. 1 lit. f GDPR. If a corresponding consent was requested (e.g. consent to the storage of cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Service provider: Microsoft Corporation Website: https://www.microsoft.com/
Data privacy policy: https://privacy.microsoft.com/en-us/privacystatement

Data deletion
As soon as consents for processing are revoked or permissions cease to apply (e.g. the purpose of data processing no longer applies), we delete the data we process in accordance with legal requirements.

If the data is required for other and legally permissible purposes, it will not be deleted, but the processing will be limited to the permissible purposes. I.e. the data will be blocked and not processed for other purposes. This applies, for example, to data whose storage is necessary for the exercise, assertion or defense of legal claims or for the protection of the rights of another natural or legal person, or which must be retained for reasons of commercial or tax law.

Modification and update of the privacy policy
As soon as changes or updates to our data protection declaration require an act of cooperation (e.g. consent) or other individual notification, you will be informed immediately.

Rights of data subjects
You have the following rights (Art. 15 to 21 GDPR) with respect to the personal data concerning you:

Right of objection: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to processing for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

Right of withdrawal of consent: You have the right to revoke any consent you have given at any time.

Right of information: You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

Right of rectification: In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

Right of erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately, or alternatively, in accordance with the statutory provisions, to demand restriction of the processing of the data.

Right of data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another responsible party.

Complaint to supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Vielen Dank für deine Nachricht.
Wir melden uns umgehend bei Dir zurück.
Ups! Hier ist etwas schief gelaufen. Probiere es später nochmal