Privacy Policy

Privacy Policy

Last updated: July 11, 2026

Table of Contents

  1. Controller

  2. Overview of Processing Activities

  3. Legal Bases

  4. Hosting and Content Delivery (Framer)

  5. Server Log Files

  6. Cookies and Consent Management

  7. Contact by Email or Phone

  8. Appointment Scheduling (Cal.com)

  9. Online Forms and Self-Audit (Typeform)

  10. CRM and Marketing Automation (HubSpot)

  11. LinkedIn Insight Tag and Conversion Tracking

  12. RAM Platform (app.growth-consultants.de)

  13. Our LinkedIn Company Page

  14. Data Transfers to Third Countries

  15. Storage Periods

  16. Your Rights as a Data Subject

  17. Right to Object (Art. 21 GDPR)

  18. Data Security

  19. No Automated Decision-Making

  20. Changes to This Privacy Policy


1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

COMANFIZE GmbH, Kirchfeldstraße 16, 40217 Düsseldorf, Germany

Managing Director: Jérôme Fischer
Phone: +49 211 15821207
Email: hello@growth-consultants.de

Growth Consultants (growth-consultants.de) is a brand of COMANFIZE GmbH.

2. Overview of Processing Activities

We process personal data when you:

  • visit our website (server logs, cookies, tracking technologies)

  • contact us by email or phone

  • book an appointment via Cal.com

  • complete our self-audit or other forms via Typeform

  • register for or use our RAM platform at app.growth-consultants.de

  • interact with our LinkedIn company page

The categories of data concerned include contact data (name, email address, phone number), company data, usage data (IP address, browser information, pages visited), and the content you submit through forms or during appointments.

3. Legal Bases

We process personal data on the following legal bases:

  • Art. 6(1)(a) GDPR (consent): for cookies and tracking technologies that are not strictly necessary, in particular marketing and analytics tools such as the LinkedIn Insight Tag and HubSpot tracking. You can withdraw your consent at any time with effect for the future.

  • Art. 6(1)(b) GDPR (contract or pre-contractual measures): when you book an appointment, request a proposal, register for the RAM platform, or otherwise take steps toward entering into a contract with us.

  • Art. 6(1)(f) GDPR (legitimate interests): for the technically necessary operation and security of our website, for server log files, and for responding to general inquiries. Our legitimate interest lies in providing a functional, secure website and communicating with visitors and prospects.

  • Art. 6(1)(c) GDPR (legal obligation): where we are required to retain data under commercial or tax law.

In addition, the storage of information on your device or access to information already stored on your device (e.g., cookies) is governed by Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). Where such storage or access is not strictly necessary, it takes place only with your consent.

4. Hosting and Content Delivery (Framer)

Our website is built and hosted with Framer, a service of Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. When you visit our website, your browser connects to Framer's servers and content delivery network (including framerusercontent.com), which processes your IP address and technical connection data to deliver the website content.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest is the reliable and performant provision of our website. We have concluded a data processing agreement (Art. 28 GDPR) with Framer.

Further information: https://www.framer.com/legal/privacy-statement/

5. Server Log Files

When you access our website, the hosting provider automatically collects and stores information in server log files that your browser transmits. This includes:

  • IP address

  • date and time of the request

  • browser type and version

  • operating system

  • referrer URL

  • requested page or file

This data is not merged with other data sources. It is processed to ensure the stability, security, and functionality of the website.

Legal basis: Art. 6(1)(f) GDPR.

6. Cookies and Consent Management

Our website uses cookies and similar technologies. Strictly necessary cookies are set on the basis of our legitimate interest (Art. 6(1)(f) GDPR, Section 25(2) TDDDG). All other cookies, in particular those used for marketing and analytics, are set only after you have given your consent via our consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

You can adjust or withdraw your consent at any time via the cookie settings on our website. You can also configure your browser to block or delete cookies; this may limit the functionality of the website.

7. Contact by Email or Phone

If you contact us by email or phone, we process the data you provide (name, contact details, content of your inquiry) to handle your request and for possible follow-up questions.

Legal basis: Art. 6(1)(b) GDPR if your inquiry relates to a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.

We delete inquiry data once it is no longer required, unless statutory retention obligations apply.

8. Appointment Scheduling (Cal.com)

For booking strategy calls and discovery calls we use Cal.com, a service of Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA. When you book an appointment, Cal.com processes the data you enter (name, email address, selected time slot, optional notes) as well as technical usage data.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request). We have concluded a data processing agreement with Cal.com. Where data is transferred to the USA, the transfer is safeguarded by the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Further information: https://cal.com/privacy

9. Online Forms and Self-Audit (Typeform)

For our self-audit and other online forms we use Typeform, a service of TYPEFORM S.L., C/ Bac de Roda, 163, 08018 Barcelona, Spain. When you complete a form, Typeform processes the answers you submit together with technical usage data. Form submissions may be linked with our CRM (see Section 10) using identifiers such as your email address, the HubSpot user token (hubspot_utk), and the page from which you accessed the form.

Legal basis: Art. 6(1)(b) GDPR for processing your form content as a pre-contractual measure; Art. 6(1)(a) GDPR for the linking with CRM tracking identifiers. We have concluded a data processing agreement with Typeform.

Further information: https://www.typeform.com/privacy-policy/

10. CRM and Marketing Automation (HubSpot)

We use HubSpot, a service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, with its European office HubSpot Ireland Ltd., 1 Sir John Rogerson's Quay, Dublin 2, Ireland. We use HubSpot as our CRM system to manage contacts, inquiries, and customer relationships, and for marketing automation.

If you have given your consent, HubSpot also sets cookies (including the hubspot_utk cookie) that allow us to recognize returning visitors and to attribute form submissions and page visits to your contact record.

Legal basis: Art. 6(1)(a) GDPR for tracking cookies; Art. 6(1)(b) GDPR for managing contractual and pre-contractual relationships; Art. 6(1)(f) GDPR for organizing our customer communication.

HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. Transfers to the USA are additionally safeguarded by EU Standard Contractual Clauses. We have concluded a data processing agreement with HubSpot.

Further information: https://legal.hubspot.com/privacy-policy

11. LinkedIn Insight Tag and Conversion Tracking

Subject to your consent, our website uses the LinkedIn Insight Tag, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Insight Tag collects data about your visit to our website (URL, referrer, IP address, device and browser characteristics, timestamps) and enables us to measure the performance of LinkedIn ad campaigns, receive aggregated reports on our website audience, and display interest-based advertising to you on LinkedIn (retargeting).

LinkedIn does not share personal data with us; we receive only aggregated reports. IP addresses are truncated or hashed, and direct identifiers of LinkedIn members are removed within 7 days. The remaining pseudonymized data is deleted by LinkedIn within 180 days.

Legal basis: Art. 6(1)(a) GDPR (consent) and Section 25(1) TDDDG. The Insight Tag only loads after you have consented via our cookie banner. You can withdraw your consent at any time via the cookie settings.

Where data is transferred to LinkedIn Corporation in the USA, the transfer is safeguarded by the EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses.

Opt-out for LinkedIn members: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out Further information: https://www.linkedin.com/legal/privacy-policy

12. RAM Platform (app.growth-consultants.de)

When you register for and use our RAM platform at app.growth-consultants.de, we process your registration data (name, email address, company, password in hashed form), your usage data, and the content you enter into the platform (e.g., audit answers and sales metrics).

We process this data to provide the platform, operate your account, and deliver the contractually agreed functionality.

Legal basis: Art. 6(1)(b) GDPR. Account data is deleted after the account is closed, unless statutory retention obligations require longer storage.

13. Our LinkedIn Company Page

We operate a company page on LinkedIn (linkedin.com/company/growth-consultant-de). When you visit our page, LinkedIn processes your data as described in its own privacy policy. LinkedIn provides us with aggregated statistics (Page Insights) about the use of our page. For the processing of Page Insights data, we and LinkedIn Ireland Unlimited Company are joint controllers within the meaning of Art. 26 GDPR; the relevant arrangement is available at https://legal.linkedin.com/pages-joint-controller-addendum.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in presenting our company and communicating with visitors on LinkedIn. Please direct requests concerning data processed by LinkedIn preferably to LinkedIn, as only LinkedIn has full access to this data.

14. Data Transfers to Third Countries

Some of the service providers named in this policy process data in countries outside the European Economic Area, in particular the USA. Where this is the case, we ensure an adequate level of data protection through:

  • an adequacy decision of the European Commission, in particular the EU-U.S. Data Privacy Framework for certified providers (Art. 45 GDPR), and/or

  • EU Standard Contractual Clauses together with supplementary measures where required (Art. 46(2)(c) GDPR).

You can request a copy of the relevant safeguards via the contact details in Section 1.

15. Storage Periods

We store personal data only as long as necessary for the purposes described in this policy or as required by statutory retention obligations (in particular Section 257 HGB and Section 147 AO: 6 or 10 years for business correspondence and accounting records). After expiry of these periods, the data is deleted or anonymized.

16. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR): you can withdraw any consent you have given at any time with effect for the future.

  • Right to lodge a complaint (Art. 77 GDPR) with a supervisory authority. The authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany, https://www.ldi.nrw.de.

To exercise your rights, contact us at hello@growth-consultants.de.

17. Right to Object (Art. 21 GDPR)

Where we process your personal data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you object, we will no longer process the personal data concerned unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing. If you object, your personal data will no longer be used for direct marketing.

18. Data Security

This website uses TLS/SSL encryption for all data transmitted between your browser and our servers. We apply appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect your data against loss, misuse, and unauthorized access.

19. No Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

20. Changes to This Privacy Policy

We update this privacy policy whenever changes to our website, our services, or the legal situation require it. The current version is always available on this page.

Privacy Policy

Last updated: July 11, 2026

Table of Contents

  1. Controller

  2. Overview of Processing Activities

  3. Legal Bases

  4. Hosting and Content Delivery (Framer)

  5. Server Log Files

  6. Cookies and Consent Management

  7. Contact by Email or Phone

  8. Appointment Scheduling (Cal.com)

  9. Online Forms and Self-Audit (Typeform)

  10. CRM and Marketing Automation (HubSpot)

  11. LinkedIn Insight Tag and Conversion Tracking

  12. RAM Platform (app.growth-consultants.de)

  13. Our LinkedIn Company Page

  14. Data Transfers to Third Countries

  15. Storage Periods

  16. Your Rights as a Data Subject

  17. Right to Object (Art. 21 GDPR)

  18. Data Security

  19. No Automated Decision-Making

  20. Changes to This Privacy Policy

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

COMANFIZE GmbH, Kirchfeldstraße 16, 40217 Düsseldorf, Germany

Managing Director: Jérôme Fischer
Phone: +49 211 15821207
Email: hello@growth-consultants.de

Growth Consultants (growth-consultants.de) is a brand of COMANFIZE GmbH.

2. Overview of Processing Activities

We process personal data when you:

  • visit our website (server logs, cookies, tracking technologies)

  • contact us by email or phone

  • book an appointment via Cal.com

  • complete our self-audit or other forms via Typeform

  • register for or use our RAM platform at app.growth-consultants.de

  • interact with our LinkedIn company page

The categories of data concerned include contact data (name, email address, phone number), company data, usage data (IP address, browser information, pages visited), and the content you submit through forms or during appointments.

3. Legal Bases

We process personal data on the following legal bases:

  • Art. 6(1)(a) GDPR (consent): for cookies and tracking technologies that are not strictly necessary, in particular marketing and analytics tools such as the LinkedIn Insight Tag and HubSpot tracking. You can withdraw your consent at any time with effect for the future.

  • Art. 6(1)(b) GDPR (contract or pre-contractual measures): when you book an appointment, request a proposal, register for the RAM platform, or otherwise take steps toward entering into a contract with us.

  • Art. 6(1)(f) GDPR (legitimate interests): for the technically necessary operation and security of our website, for server log files, and for responding to general inquiries. Our legitimate interest lies in providing a functional, secure website and communicating with visitors and prospects.

  • Art. 6(1)(c) GDPR (legal obligation): where we are required to retain data under commercial or tax law.

In addition, the storage of information on your device or access to information already stored on your device (e.g., cookies) is governed by Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). Where such storage or access is not strictly necessary, it takes place only with your consent.

4. Hosting and Content Delivery (Framer)

Our website is built and hosted with Framer, a service of Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. When you visit our website, your browser connects to Framer's servers and content delivery network (including framerusercontent.com), which processes your IP address and technical connection data to deliver the website content.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest is the reliable and performant provision of our website. We have concluded a data processing agreement (Art. 28 GDPR) with Framer.

Further information: https://www.framer.com/legal/privacy-statement/

5. Server Log Files

When you access our website, the hosting provider automatically collects and stores information in server log files that your browser transmits. This includes:

  • IP address

  • date and time of the request

  • browser type and version

  • operating system

  • referrer URL

  • requested page or file

This data is not merged with other data sources. It is processed to ensure the stability, security, and functionality of the website.

Legal basis: Art. 6(1)(f) GDPR.

6. Cookies and Consent Management

Our website uses cookies and similar technologies. Strictly necessary cookies are set on the basis of our legitimate interest (Art. 6(1)(f) GDPR, Section 25(2) TDDDG). All other cookies, in particular those used for marketing and analytics, are set only after you have given your consent via our consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

You can adjust or withdraw your consent at any time via the cookie settings on our website. You can also configure your browser to block or delete cookies; this may limit the functionality of the website.

7. Contact by Email or Phone

If you contact us by email or phone, we process the data you provide (name, contact details, content of your inquiry) to handle your request and for possible follow-up questions.

Legal basis: Art. 6(1)(b) GDPR if your inquiry relates to a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.

We delete inquiry data once it is no longer required, unless statutory retention obligations apply.

8. Appointment Scheduling (Cal.com)

For booking strategy calls and discovery calls we use Cal.com, a service of Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA. When you book an appointment, Cal.com processes the data you enter (name, email address, selected time slot, optional notes) as well as technical usage data.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request). We have concluded a data processing agreement with Cal.com. Where data is transferred to the USA, the transfer is safeguarded by the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Further information: https://cal.com/privacy

9. Online Forms and Self-Audit (Typeform)

For our self-audit and other online forms we use Typeform, a service of TYPEFORM S.L., C/ Bac de Roda, 163, 08018 Barcelona, Spain. When you complete a form, Typeform processes the answers you submit together with technical usage data. Form submissions may be linked with our CRM (see Section 10) using identifiers such as your email address, the HubSpot user token (hubspot_utk), and the page from which you accessed the form.

Legal basis: Art. 6(1)(b) GDPR for processing your form content as a pre-contractual measure; Art. 6(1)(a) GDPR for the linking with CRM tracking identifiers. We have concluded a data processing agreement with Typeform.

Further information: https://www.typeform.com/privacy-policy/

10. CRM and Marketing Automation (HubSpot)

We use HubSpot, a service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, with its European office HubSpot Ireland Ltd., 1 Sir John Rogerson's Quay, Dublin 2, Ireland. We use HubSpot as our CRM system to manage contacts, inquiries, and customer relationships, and for marketing automation.

If you have given your consent, HubSpot also sets cookies (including the hubspot_utk cookie) that allow us to recognize returning visitors and to attribute form submissions and page visits to your contact record.

Legal basis: Art. 6(1)(a) GDPR for tracking cookies; Art. 6(1)(b) GDPR for managing contractual and pre-contractual relationships; Art. 6(1)(f) GDPR for organizing our customer communication.

HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. Transfers to the USA are additionally safeguarded by EU Standard Contractual Clauses. We have concluded a data processing agreement with HubSpot.

Further information: https://legal.hubspot.com/privacy-policy

11. LinkedIn Insight Tag and Conversion Tracking

Subject to your consent, our website uses the LinkedIn Insight Tag, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Insight Tag collects data about your visit to our website (URL, referrer, IP address, device and browser characteristics, timestamps) and enables us to measure the performance of LinkedIn ad campaigns, receive aggregated reports on our website audience, and display interest-based advertising to you on LinkedIn (retargeting).

LinkedIn does not share personal data with us; we receive only aggregated reports. IP addresses are truncated or hashed, and direct identifiers of LinkedIn members are removed within 7 days. The remaining pseudonymized data is deleted by LinkedIn within 180 days.

Legal basis: Art. 6(1)(a) GDPR (consent) and Section 25(1) TDDDG. The Insight Tag only loads after you have consented via our cookie banner. You can withdraw your consent at any time via the cookie settings.

Where data is transferred to LinkedIn Corporation in the USA, the transfer is safeguarded by the EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses.

Opt-out for LinkedIn members: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out Further information: https://www.linkedin.com/legal/privacy-policy

12. RAM Platform (app.growth-consultants.de)

When you register for and use our RAM platform at app.growth-consultants.de, we process your registration data (name, email address, company, password in hashed form), your usage data, and the content you enter into the platform (e.g., audit answers and sales metrics).

We process this data to provide the platform, operate your account, and deliver the contractually agreed functionality.

Legal basis: Art. 6(1)(b) GDPR. Account data is deleted after the account is closed, unless statutory retention obligations require longer storage.

13. Our LinkedIn Company Page

We operate a company page on LinkedIn (linkedin.com/company/growth-consultant-de). When you visit our page, LinkedIn processes your data as described in its own privacy policy. LinkedIn provides us with aggregated statistics (Page Insights) about the use of our page. For the processing of Page Insights data, we and LinkedIn Ireland Unlimited Company are joint controllers within the meaning of Art. 26 GDPR; the relevant arrangement is available at https://legal.linkedin.com/pages-joint-controller-addendum.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in presenting our company and communicating with visitors on LinkedIn. Please direct requests concerning data processed by LinkedIn preferably to LinkedIn, as only LinkedIn has full access to this data.

14. Data Transfers to Third Countries

Some of the service providers named in this policy process data in countries outside the European Economic Area, in particular the USA. Where this is the case, we ensure an adequate level of data protection through:

  • an adequacy decision of the European Commission, in particular the EU-U.S. Data Privacy Framework for certified providers (Art. 45 GDPR), and/or

  • EU Standard Contractual Clauses together with supplementary measures where required (Art. 46(2)(c) GDPR).

You can request a copy of the relevant safeguards via the contact details in Section 1.

15. Storage Periods

We store personal data only as long as necessary for the purposes described in this policy or as required by statutory retention obligations (in particular Section 257 HGB and Section 147 AO: 6 or 10 years for business correspondence and accounting records). After expiry of these periods, the data is deleted or anonymized.

16. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR): you can withdraw any consent you have given at any time with effect for the future.

  • Right to lodge a complaint (Art. 77 GDPR) with a supervisory authority. The authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany, https://www.ldi.nrw.de.

To exercise your rights, contact us at hello@growth-consultants.de.

17. Right to Object (Art. 21 GDPR)

Where we process your personal data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you object, we will no longer process the personal data concerned unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing. If you object, your personal data will no longer be used for direct marketing.

18. Data Security

This website uses TLS/SSL encryption for all data transmitted between your browser and our servers. We apply appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect your data against loss, misuse, and unauthorized access.

19. No Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

20. Changes to This Privacy Policy

We update this privacy policy whenever changes to our website, our services, or the legal situation require it. The current version is always available on this page.

Privacy Policy

Last updated: July 11, 2026

Table of Contents

  1. Controller

  2. Overview of Processing Activities

  3. Legal Bases

  4. Hosting and Content Delivery (Framer)

  5. Server Log Files

  6. Cookies and Consent Management

  7. Contact by Email or Phone

  8. Appointment Scheduling (Cal.com)

  9. Online Forms and Self-Audit (Typeform)

  10. CRM and Marketing Automation (HubSpot)

  11. LinkedIn Insight Tag and Conversion Tracking

  12. RAM Platform (app.growth-consultants.de)

  13. Our LinkedIn Company Page

  14. Data Transfers to Third Countries

  15. Storage Periods

  16. Your Rights as a Data Subject

  17. Right to Object (Art. 21 GDPR)

  18. Data Security

  19. No Automated Decision-Making

  20. Changes to This Privacy Policy

1. Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

COMANFIZE GmbH, Kirchfeldstraße 16, 40217 Düsseldorf, Germany

Managing Director: Jérôme Fischer
Phone: +49 211 15821207
Email: hello@growth-consultants.de

Growth Consultants (growth-consultants.de) is a brand of COMANFIZE GmbH.

2. Overview of Processing Activities

We process personal data when you:

  • visit our website (server logs, cookies, tracking technologies)

  • contact us by email or phone

  • book an appointment via Cal.com

  • complete our self-audit or other forms via Typeform

  • register for or use our RAM platform at app.growth-consultants.de

  • interact with our LinkedIn company page

The categories of data concerned include contact data (name, email address, phone number), company data, usage data (IP address, browser information, pages visited), and the content you submit through forms or during appointments.

3. Legal Bases

We process personal data on the following legal bases:

  • Art. 6(1)(a) GDPR (consent): for cookies and tracking technologies that are not strictly necessary, in particular marketing and analytics tools such as the LinkedIn Insight Tag and HubSpot tracking. You can withdraw your consent at any time with effect for the future.

  • Art. 6(1)(b) GDPR (contract or pre-contractual measures): when you book an appointment, request a proposal, register for the RAM platform, or otherwise take steps toward entering into a contract with us.

  • Art. 6(1)(f) GDPR (legitimate interests): for the technically necessary operation and security of our website, for server log files, and for responding to general inquiries. Our legitimate interest lies in providing a functional, secure website and communicating with visitors and prospects.

  • Art. 6(1)(c) GDPR (legal obligation): where we are required to retain data under commercial or tax law.

In addition, the storage of information on your device or access to information already stored on your device (e.g., cookies) is governed by Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG). Where such storage or access is not strictly necessary, it takes place only with your consent.

4. Hosting and Content Delivery (Framer)

Our website is built and hosted with Framer, a service of Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands. When you visit our website, your browser connects to Framer's servers and content delivery network (including framerusercontent.com), which processes your IP address and technical connection data to deliver the website content.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest is the reliable and performant provision of our website. We have concluded a data processing agreement (Art. 28 GDPR) with Framer.

Further information: https://www.framer.com/legal/privacy-statement/

5. Server Log Files

When you access our website, the hosting provider automatically collects and stores information in server log files that your browser transmits. This includes:

  • IP address

  • date and time of the request

  • browser type and version

  • operating system

  • referrer URL

  • requested page or file

This data is not merged with other data sources. It is processed to ensure the stability, security, and functionality of the website.

Legal basis: Art. 6(1)(f) GDPR.

6. Cookies and Consent Management

Our website uses cookies and similar technologies. Strictly necessary cookies are set on the basis of our legitimate interest (Art. 6(1)(f) GDPR, Section 25(2) TDDDG). All other cookies, in particular those used for marketing and analytics, are set only after you have given your consent via our consent banner (Art. 6(1)(a) GDPR, Section 25(1) TDDDG).

You can adjust or withdraw your consent at any time via the cookie settings on our website. You can also configure your browser to block or delete cookies; this may limit the functionality of the website.

7. Contact by Email or Phone

If you contact us by email or phone, we process the data you provide (name, contact details, content of your inquiry) to handle your request and for possible follow-up questions.

Legal basis: Art. 6(1)(b) GDPR if your inquiry relates to a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR based on our legitimate interest in responding to inquiries.

We delete inquiry data once it is no longer required, unless statutory retention obligations apply.

8. Appointment Scheduling (Cal.com)

For booking strategy calls and discovery calls we use Cal.com, a service of Cal.com, Inc., 2261 Market Street #4382, San Francisco, CA 94114, USA. When you book an appointment, Cal.com processes the data you enter (name, email address, selected time slot, optional notes) as well as technical usage data.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request). We have concluded a data processing agreement with Cal.com. Where data is transferred to the USA, the transfer is safeguarded by the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Further information: https://cal.com/privacy

9. Online Forms and Self-Audit (Typeform)

For our self-audit and other online forms we use Typeform, a service of TYPEFORM S.L., C/ Bac de Roda, 163, 08018 Barcelona, Spain. When you complete a form, Typeform processes the answers you submit together with technical usage data. Form submissions may be linked with our CRM (see Section 10) using identifiers such as your email address, the HubSpot user token (hubspot_utk), and the page from which you accessed the form.

Legal basis: Art. 6(1)(b) GDPR for processing your form content as a pre-contractual measure; Art. 6(1)(a) GDPR for the linking with CRM tracking identifiers. We have concluded a data processing agreement with Typeform.

Further information: https://www.typeform.com/privacy-policy/

10. CRM and Marketing Automation (HubSpot)

We use HubSpot, a service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, with its European office HubSpot Ireland Ltd., 1 Sir John Rogerson's Quay, Dublin 2, Ireland. We use HubSpot as our CRM system to manage contacts, inquiries, and customer relationships, and for marketing automation.

If you have given your consent, HubSpot also sets cookies (including the hubspot_utk cookie) that allow us to recognize returning visitors and to attribute form submissions and page visits to your contact record.

Legal basis: Art. 6(1)(a) GDPR for tracking cookies; Art. 6(1)(b) GDPR for managing contractual and pre-contractual relationships; Art. 6(1)(f) GDPR for organizing our customer communication.

HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. Transfers to the USA are additionally safeguarded by EU Standard Contractual Clauses. We have concluded a data processing agreement with HubSpot.

Further information: https://legal.hubspot.com/privacy-policy

11. LinkedIn Insight Tag and Conversion Tracking

Subject to your consent, our website uses the LinkedIn Insight Tag, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The Insight Tag collects data about your visit to our website (URL, referrer, IP address, device and browser characteristics, timestamps) and enables us to measure the performance of LinkedIn ad campaigns, receive aggregated reports on our website audience, and display interest-based advertising to you on LinkedIn (retargeting).

LinkedIn does not share personal data with us; we receive only aggregated reports. IP addresses are truncated or hashed, and direct identifiers of LinkedIn members are removed within 7 days. The remaining pseudonymized data is deleted by LinkedIn within 180 days.

Legal basis: Art. 6(1)(a) GDPR (consent) and Section 25(1) TDDDG. The Insight Tag only loads after you have consented via our cookie banner. You can withdraw your consent at any time via the cookie settings.

Where data is transferred to LinkedIn Corporation in the USA, the transfer is safeguarded by the EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses.

Opt-out for LinkedIn members: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out Further information: https://www.linkedin.com/legal/privacy-policy

12. RAM Platform (app.growth-consultants.de)

When you register for and use our RAM platform at app.growth-consultants.de, we process your registration data (name, email address, company, password in hashed form), your usage data, and the content you enter into the platform (e.g., audit answers and sales metrics).

We process this data to provide the platform, operate your account, and deliver the contractually agreed functionality.

Legal basis: Art. 6(1)(b) GDPR. Account data is deleted after the account is closed, unless statutory retention obligations require longer storage.

13. Our LinkedIn Company Page

We operate a company page on LinkedIn (linkedin.com/company/growth-consultant-de). When you visit our page, LinkedIn processes your data as described in its own privacy policy. LinkedIn provides us with aggregated statistics (Page Insights) about the use of our page. For the processing of Page Insights data, we and LinkedIn Ireland Unlimited Company are joint controllers within the meaning of Art. 26 GDPR; the relevant arrangement is available at https://legal.linkedin.com/pages-joint-controller-addendum.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in presenting our company and communicating with visitors on LinkedIn. Please direct requests concerning data processed by LinkedIn preferably to LinkedIn, as only LinkedIn has full access to this data.

14. Data Transfers to Third Countries

Some of the service providers named in this policy process data in countries outside the European Economic Area, in particular the USA. Where this is the case, we ensure an adequate level of data protection through:

  • an adequacy decision of the European Commission, in particular the EU-U.S. Data Privacy Framework for certified providers (Art. 45 GDPR), and/or

  • EU Standard Contractual Clauses together with supplementary measures where required (Art. 46(2)(c) GDPR).

You can request a copy of the relevant safeguards via the contact details in Section 1.

15. Storage Periods

We store personal data only as long as necessary for the purposes described in this policy or as required by statutory retention obligations (in particular Section 257 HGB and Section 147 AO: 6 or 10 years for business correspondence and accounting records). After expiry of these periods, the data is deleted or anonymized.

16. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR): you can withdraw any consent you have given at any time with effect for the future.

  • Right to lodge a complaint (Art. 77 GDPR) with a supervisory authority. The authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany, https://www.ldi.nrw.de.

To exercise your rights, contact us at hello@growth-consultants.de.

17. Right to Object (Art. 21 GDPR)

Where we process your personal data on the basis of Art. 6(1)(f) GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you object, we will no longer process the personal data concerned unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing. If you object, your personal data will no longer be used for direct marketing.

18. Data Security

This website uses TLS/SSL encryption for all data transmitted between your browser and our servers. We apply appropriate technical and organizational measures in accordance with Art. 32 GDPR to protect your data against loss, misuse, and unauthorized access.

19. No Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

20. Changes to This Privacy Policy

We update this privacy policy whenever changes to our website, our services, or the legal situation require it. The current version is always available on this page.