Privacy Policy
Information According to § 6 TDG / § 6 MDStV
Responsible for the content:
Grandify LLC
1209 Mountain Road Pl NE STE R
Albuquerque, NM 87110, USA
Represented by: Dustin Althaus
E-Mail: office@grandify.group
Privacy Policy

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Status: June 15, 2025

Table of Contents

Controller

Grandify LLC
1209 Mountain Road Pl NE STE R
Albuquerque, NM 87110, USA

Authorized representative: Dustin Althaus

Email address: dustin@wachstumsformel.de

Legal notice: wachstumsformel.de/impressum

Overview of Processing Operations

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Master data.
  • Payment data.
  • Location data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Education and course participants.
  • Customers.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Range measurement.
  • Tracking.
  • Office and organizational procedures.
  • Audience formation.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and economic procedures.

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes.
  • Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Applicability of data protection regulations in the country of domicile: In the country where the controller is domiciled, national data protection regulations apply in addition to the General Data Protection Regulation (GDPR).

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and through privacy-friendly default settings.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that this data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies (which becomes apparent from the postal address of the respective provider or if the privacy policy expressly refers to the data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission dated July 10, 2023. Additionally, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual protection ensures comprehensive protection of your data: The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the framework of the DPF, the standard contractual clauses will step in as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For the individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information about the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consent or legally required transfers. Information on third country transfers and applicable adequacy decisions can be found in the information offered by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject under the GDPR, you have various rights, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and further information in accordance with legal provisions.
  • Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed.
  • Right to erasure and restriction of processing: You have the right to obtain from us the erasure of personal data concerning you without undue delay in accordance with legal provisions, or alternatively to obtain restriction of processing in accordance with legal provisions.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller in accordance with legal provisions.
  • Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Business Services

We process data of our contractual and business partners, e.g. customers and prospects (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships as well as related measures and in relation to communication with the contractual partners (or pre-contractually), e.g. to answer inquiries.

We use this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any update obligations and remedies in case of warranty and other performance disruptions. In addition, we use the data to protect our rights and for the purpose of administrative tasks associated with these obligations as well as company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the framework of this privacy policy.

We inform contractual partners which data is required for the aforementioned purposes before or as part of data collection, e.g. in online forms, through special marking (e.g. colors) or symbols (e.g. asterisks, etc.), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal reasons of archiving (e.g. for tax purposes usually ten years). We delete data that was disclosed to us as part of an order by the contractual partner in accordance with the specifications and generally after the end of the order.

  • Types of data processed: Master data (e.g. full name, residential address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of contract, term, customer category).
  • Data subjects: Service recipients and clients; Prospects; Business and contractual partners. Education and course participants.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and administrative procedures. Business processes and economic procedures.
  • Retention and deletion: Deletion in accordance with information in the section "General information on data storage and deletion".
  • Legal bases: Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

  • Agency services: We process our customers' data as part of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; Legal bases: Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Education and training services: We process the data of participants in our education and training programs (uniformly referred to as "trainees") in order to be able to provide our training services to them. The data processed here, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and training relationship. Processing forms also include performance evaluation and evaluation of our services as well as those of the instructors. In the course of our activities, we may also process special categories of data, here in particular information on the health of trainees as well as data from which ethnic origin, political opinions, religious or philosophical beliefs emerge. For this, we obtain explicit consent from the trainees if necessary and otherwise only process the special categories of data if it is necessary for the provision of training services, for purposes of health care, social protection or the protection of vital interests of the trainees; Legal bases: Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as related activities as well as their payment and provision or execution or performance.

    The required information is marked as such in the context of the order, order or comparable contract conclusion and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to information of end customers, employees or other persons, we process this in accordance with legal and contractual requirements; Legal bases: Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Provision of software and platform services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as "users") in order to be able to provide our contractual services to them as well as on the basis of legitimate interests in order to ensure the security of our offer and to be able to further develop it. The required information is marked as such in the context of the order, order or comparable contract conclusion and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations; Legal bases: Performance of a contract and pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Business Processes and Procedures

Personal data of service recipients and clients – including customers, clients or in special cases mandators, patients or business partners as well as other third parties – are processed within the framework of contractual as well as comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting and project management.

The collected data serve to fulfill contractual obligations and to design business processes efficiently. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies as well as ensuring internal accounting and financial processes. Additionally, the data support the protection of the controller's rights and promote administrative tasks as well as the organization of the company.

Personal data may be disclosed to third parties if this is necessary for the fulfillment of the aforementioned purposes or legal obligations.

Payment Procedures

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers include master data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, sum and recipient-related information. The information is required to carry out the transactions. However, the entered data is only processed by the payment service providers and stored with them. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is for the purpose of identity and credit checks. For this, we refer to the terms and conditions and privacy notices of the payment service providers.

The terms and conditions and privacy notices of the respective payment service providers apply to payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and assertion of withdrawal, information and other data subject rights.

Provision of Online Services and Web Hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for different purposes, such as for the functionality, security and convenience of online services as well as for creating analyses of visitor flows. We use cookies in accordance with legal provisions. For this, we obtain users' consent in advance if necessary. If consent is not necessary, we rely on our legitimate interests. This applies when the storage and reading of information is essential to provide expressly requested content and functions. This includes, for example, the storage of settings as well as ensuring the functionality and security of our online service. Consent can be withdrawn at any time. We clearly inform about the scope and which cookies are used.

Newsletter and Electronic Notifications

We send newsletters, emails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or on a legal basis. If the contents of a newsletter are specifically mentioned when registering for the newsletter, they are decisive for the users' consent. For registration for our newsletter, it is usually sufficient to provide your email address. However, in order to offer you a personalized service, we may ask for your name for personal address in the newsletter or for additional information if this is necessary for the purpose of the newsletter.

Content:

Information about us, our services, campaigns and offers.

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as "reach measurement") serves to evaluate the visitor flows of our online service and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can recognize, for example, at what time our online service or its functions or content are used most frequently, or invite reuse. Likewise, we can understand which areas need optimization.

Online Marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on potential interests of users as well as measuring their effectiveness.

Presence in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.

Plugins and Embedded Functions and Content

We integrate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as "third parties"). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

Management, Organization and Auxiliary Tools

We use services, platforms and software from other providers (hereinafter referred to as "third parties") for the purposes of organization, administration, planning and provision of our services. When selecting third parties and their services, we observe legal requirements.

Created with free privacy policy generator from Dr. Thomas Schwenke

© 2025 Grandify LLC - All Rights Reserved.