Privacy Policy

Last updated: September 22, 2025

56 Makarios Avenue, 1077 Nicosia, Cyprus

Phone: +357 22 518 734

Introduction and Data Protection Commitment

At Growth Hub, we take your privacy seriously and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website or use our digital marketing services. We comply with the General Data Protection Regulation (GDPR), Cyprus data protection laws, and other applicable privacy regulations.

This policy applies to all personal data we process as a data controller when you interact with our website, contact us, or engage our services. By using our website, you acknowledge that you have read and understood this Privacy Policy.

We are transparent about our data practices and provide you with meaningful control over your personal information. If you have questions about our privacy practices, please contact us using the information provided at the end of this policy.

Data Collection Information

Personal Data We Collect

We collect different types of personal data depending on how you interact with our website and services. This information helps us provide you with better service and improve our offerings.

Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, and job title when you fill out contact forms or request information about our services.
  • Communication Data: Messages, inquiries, feedback, and any other information you choose to share when communicating with us.
  • Service Data: Information about your business, marketing goals, preferences, and requirements when you engage our services.

Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system, referring URLs, and pages viewed on our website.
  • Usage Data: Information about how you interact with our website, including time spent on pages, links clicked, and navigation paths.
  • Cookie Data: Data collected through cookies and similar tracking technologies as described in our Cookie Policy.

Legal Basis for Data Processing

Under GDPR, we must have a legal basis for processing your personal data. We process data based on:

  • Consent: You have given clear consent for us to process your personal data for specific purposes (such as marketing communications).
  • Contract: Processing is necessary for fulfilling our contractual obligations when providing services to you.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services and website functionality.
  • Legal Obligations: Processing is necessary to comply with legal requirements under Cyprus and EU law.

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:

  • Contact Form Data: Retained for 24 months after the last interaction unless you request earlier deletion.
  • Service Client Data: Retained for the duration of the service agreement plus 7 years for legal and accounting purposes.
  • Analytics Data: Anonymized after 26 months in accordance with standard analytics practices.
  • Cookie Data: Retained according to cookie expiration periods as described in our Cookie Policy.

How We Use Your Data

We use your personal data for specific, legitimate purposes that benefit both you and our business operations. We do not use your data for purposes beyond what is described here without obtaining your explicit consent.

Service Provision and Client Support

We use your data to respond to inquiries, provide digital marketing services, deliver project results, process payments, and offer ongoing client support. This includes communicating about service details, sharing progress updates, and addressing technical or strategic questions.

Website Improvement and Analytics

We analyze website usage patterns to understand how visitors interact with our site, identify areas for improvement, optimize user experience, and enhance our content. This helps us create a better website that serves your needs more effectively.

Marketing Communications

With your consent, we may send you information about our services, industry insights, and relevant marketing updates. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

Legal Compliance and Protection

We process data to comply with legal obligations, enforce our terms and conditions, protect our rights and property, prevent fraud, and ensure the security of our website and services. This may include responding to legal requests and cooperating with regulatory authorities.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We only share your data with trusted service providers and partners who help us operate our business and deliver services to you. All third parties are required to maintain appropriate security measures and use your data only for specified purposes.

Service Providers and Processors

We work with trusted service providers who process data on our behalf, including:

  • Web hosting and cloud storage providers
  • Analytics platforms (such as Google Analytics)
  • Email service providers for communications
  • Marketing and advertising platforms

Legal Requirements and Business Transfers

We may disclose personal data when required by law, in response to legal processes, to protect our rights and property, or during business transactions such as mergers or acquisitions. In such cases, we ensure appropriate safeguards are in place to protect your data.

International Data Transfers

Some of our service providers may be located outside the European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

Data Security and Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. While no system is completely secure, we continuously work to maintain robust security practices.

Data Encryption

We use SSL/TLS encryption to protect data transmitted between your browser and our servers, ensuring secure communication.

Access Controls

We restrict access to personal data to authorized personnel only, implementing role-based access controls and authentication measures.

Secure Storage

Personal data is stored on secure servers with regular backups, firewalls, and intrusion detection systems.

Regular Monitoring

We continuously monitor our systems for security threats and promptly address any vulnerabilities or breaches.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR. We will provide clear information about the nature of the breach, the likely consequences, and the measures we are taking to address it.

Your Rights and Data Management

Under GDPR and Cyprus data protection laws, you have comprehensive rights regarding your personal data. We are committed to honoring these rights and making it easy for you to exercise them.

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format within one month of your request.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. We will make the necessary changes promptly upon verification.

Right to Erasure

You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing. We will comply unless we have legitimate grounds to retain the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Restrict Processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within one month and may request additional information to verify your identity before processing your request.

Contact Us About Your Data

Your Rights and Opt-Out Instructions

You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:

  • Avoid filling out contact forms, account registrations, or any data-submitting features.
  • Disable cookies through your browser settings (see our Cookie Policy for more details).
  • Contact us directly to request the deletion of any previously shared personal data.

We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided below. We will process your request promptly and in accordance with applicable data protection laws.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make significant changes, we will notify you by updating the "Last updated" date at the top of this page. For material changes, we may provide additional notice through our website or via email if you have provided your contact information. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us:

Growth Hub

56 Makarios Avenue, 1077 Nicosia, Cyprus

+357 22 518 734

Contact Form

Supervisory Authority

You have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection if you believe we have not complied with applicable data protection laws. However, we encourage you to contact us first so we can address your concerns directly.