Legal

Privacy Policy

Last updated: 20/11/2025

This Privacy Policy explains how Growzz Media ("Growzz", "we") processes personal data when you interact with our website and our services.

1. Data controller

  • Growzz Media
  • Contact email: info@growzzmedia.com
  • Registered address: Calle Tossal 14, 2ºB
  • Tax ID: B22867394

If we appoint a Data Protection Officer (DPO) in the future, we will add their contact details here. (If you do not have a DPO, this is fine: it is not mandatory unless the circumstances of art. 37 GDPR apply).

2. What data we process and how we obtain it

Data you provide: name, surname, email, telephone, company/position, and any information you include in contact forms, content downloads, diagnostic requests or meetings.

Browsing data: IP address, device identifiers, pages viewed, approximate geolocation, and analytics events (e.g., clicks or form submissions) through cookies or similar technologies, according to your consent settings.

Data from third parties: analytics and advertising platforms (e.g., Google/Meta/TikTok) when you have consented to the use of cookies or another lawful basis exists.

The information that must be provided when collecting personal data is based on arts. 13 and 14 GDPR.

3. Purposes and legal bases

We process data for:

  1. Responding to requests and providing services (consultancy/diagnosis, proposals, support). Legal basis: performance of pre-contractual measures or a contract (art. 6.1.b GDPR).
  2. Communications related to our services (opportunity follow-up, meeting coordination). Legal basis: legitimate interest in managing the B2B relationship, balanced and with reasonable expectations (art. 6.1.f). You may object at any time.
  3. Sending commercial communications (only if you subscribe or authorise us). Legal basis: consent (art. 6.1.a). You may withdraw it at any time without affecting prior lawfulness.
  4. Analytics, measurement and website improvement, including basic personalisation. Legal basis: consent for non-essential cookies/identifiers in accordance with the AEPD Cookie Guide and EDPB guidelines.
  5. Compliance with legal obligations (tax/accounting, rights requests, security). Legal basis: legal obligation (art. 6.1.c).

We do not process special categories of data (art. 9 GDPR).

4. Data retention

  • Leads and contacts: up to 24 months from the last significant exchange or earlier if you request deletion.
  • Clients/suppliers: for the duration of the relationship and, thereafter, the legal limitation periods (typically 5–6 years for commercial/accounting matters).
  • Commercial communications: until you revoke consent or object.
  • Cookies/analytics: according to the lifetime defined in the configuration panel and your consent.

Retention periods are set in accordance with storage limitation principles (art. 5 GDPR).

5. With whom we share data

  • Data processors (providers who deliver services on our behalf): hosting, CRM, analytics tools, appointment management, automation and collaboration platforms. We sign agreements in accordance with art. 28 GDPR.
  • Third parties when required by law (authorities, judges and courts).
  • Advertising/analytics platforms (e.g., Google, Meta, TikTok) only if you have consented to cookies or another lawful basis exists.

We do not sell your data to third parties.

6. International transfers

Some providers may be located outside the EEA. In such cases, we apply appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) (Decision 2021/914) and supplementary assessments where applicable.

7. User rights

You may exercise at any time: access, rectification, erasure, objection, restriction, portability and the right to withdraw consent. You also have the right not to be subject to automated decisions with legal effects.

To do so, write to us at info@growzzmedia.com indicating the right you wish to exercise. You may also file a complaint with the Spanish Data Protection Agency (AEPD).

8. Security

We apply appropriate technical and organisational measures to protect data against loss, misuse, unauthorised access, alteration and destruction, in accordance with art. 32 GDPR. In the event of a security breach affecting personal data, we will notify the authority and, where appropriate, the affected individuals in accordance with arts. 33 and 34 GDPR.

9. Cookies and similar technologies

We use our own and third-party cookies for technical, analytical and — if you accept — advertising purposes. In the cookie banner you will find three options at the same level: Accept, Reject and Configure, with a panel to choose purposes/providers and view the duration of each cookie. Simply scrolling or continuing to browse does not constitute consent. You can change or withdraw your consent at any time from the panel.

10. Minors

Our services are not aimed at minors under 14 years of age. If we detect that we have obtained data from a minor without a valid basis, we will delete it immediately.

11. Automated decisions and profiling

We may carry out basic segmentations to prioritise communications or measure results. We do not adopt automated decisions with legal or similar effects without informing you and without a valid legal basis (art. 22 GDPR).

12. Changes to this policy

We may update this Policy to reflect regulatory or processing changes. We will publish the update date and, when the change is significant, we will communicate it to you through reasonable channels.

13. Contact

For any questions or to exercise your rights: info@growzzmedia.com.

If you consider that the processing does not comply with regulations, you may file a complaint with the AEPD.