Last updated: June 1, 2026
GDPR Compliance
GrowthNodes is committed to protecting personal data and upholding the rights of individuals under the General Data Protection Regulation (GDPR).
1. Our Commitment to GDPR
GrowthNodes is committed to complying with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA). We have implemented comprehensive data protection measures across our organization and services.
2. Lawful Basis for Processing
We process personal data under the following lawful bases: contractual necessity (to provide the services you have subscribed to), legitimate interest (to improve our products and prevent fraud), consent (for marketing communications and optional cookies), and legal obligation (to comply with applicable laws).
You have the right to know which lawful basis applies to each processing activity. Contact our Data Protection Officer for a detailed breakdown.
3. Data Subject Rights
Under GDPR, you have the right to access your personal data and obtain a copy of it. You can request correction of inaccurate data or completion of incomplete data. You have the right to erasure (the right to be forgotten) in certain circumstances.
You also have the right to restrict processing, the right to data portability, and the right to object to processing based on legitimate interests. You can withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at dpo@growthnodes.com. We will respond within 30 days as required by GDPR.
4. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance efforts. You can reach our DPO at dpo@growthnodes.com for any questions or concerns regarding data protection.
5. Data Processing Agreements
When we act as a data processor on behalf of our customers, we enter into Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. Our standard DPA covers the nature and purpose of processing, types of personal data, categories of data subjects, and obligations of both parties.
6. International Data Transfers
When personal data is transferred outside the EEA, we ensure adequate protection through approved mechanisms including Standard Contractual Clauses (SCCs) adopted by the European Commission.
We regularly assess the legal frameworks of recipient countries and implement supplementary measures where necessary to maintain the level of protection required by GDPR.
7. Data Breach Notification
In the event of a personal data breach that poses a risk to individuals, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by Articles 33 and 34 of the GDPR.
8. Privacy by Design
We integrate data protection principles into the design and development of our products. This includes data minimization, purpose limitation, storage limitation, and implementing appropriate technical and organizational measures to ensure security.
9. Sub-Processors
We maintain a list of sub-processors who have access to personal data. We conduct due diligence on all sub-processors and ensure they provide sufficient guarantees of GDPR compliance. Customers are notified of any changes to our sub-processor list.
10. Supervisory Authority
If you are in the EEA and believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we can address your concerns directly.
11. Contact
For any GDPR-related inquiries, please contact our Data Protection Officer at dpo@growthnodes.com or reach out through our contact page.