Skip to content
Get Your Free Planting Guide

Privacy Policy

Last updated: 13 May 2026

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit GrowPerma. Personal data is any data that can be used to personally identify you. For detailed information, please refer to the full privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Responsible Party” below.

How do we collect your data?

Some data is collected when you provide it to us, for example when you subscribe to our newsletter or send us an enquiry. Other data is collected automatically or with your consent when you visit the website (primarily technical data such as browser type, operating system, or time of page access).

What do we use your data for?

Some of the data is collected to ensure the reliable and error-free provision of the website. Other data, subject to your consent, may be used to analyse usage of our content, perform marketing attribution, and improve our articles and guides. We use HubSpot to manage newsletter subscriptions and content distribution.

What rights do you have regarding your data?

You have the right to receive free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request correction or deletion of this data, and to withdraw any consent you have given. You may also request restriction of processing under certain circumstances, and have the right to lodge a complaint with the competent supervisory authority.

2. Hosting and Content Management System

This website is delivered in full via the HubSpot CMS Hub platform of HubSpot, Inc. (25 First Street, Cambridge, MA 02141, USA). The European subsidiary is HubSpot Ireland Limited (1 Sir John Rogerson’s Quay, Dublin 2, Ireland).

The data in our HubSpot account is hosted in the AWS data centre in Frankfurt am Main (Germany, EU region). When you visit our website, your browser establishes a connection to HubSpot’s servers, during which technical data (IP address, browser type, page views) is automatically collected and stored in server log files.

The use of HubSpot CMS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the professional and efficient provision of our website. Where consent has been obtained, processing is carried out on the basis of Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, in force since 14 May 2024).

Support and logging data may be transmitted to the United States. HubSpot is certified under the EU-US Data Privacy Framework (DPF) following the European Commission’s adequacy decision of 10 July 2023. EU Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 apply in addition. A summary of the safeguards in place (Transfer Impact Assessment) is available on request.

Data processing agreement and joint controllership: We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR (HubSpot Data Processing Agreement of 14 April 2026). With regard to the HubSpot tracking pixel and behavioural analytics, HubSpot is additionally a joint controller pursuant to Art. 26 GDPR; the arrangements are set out in Section 10 of the HubSpot DPA. The essential terms are available on request. Details: https://legal.hubspot.com/dpa

3. General Information and Mandatory Disclosures

Data Protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

We would like to point out that data transmission over the Internet may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

Peter Vogel
GrowPerma (operated under peppereffect)
Provinzialstraße 41
46499 Hamminkeln, Germany
Phone: +49 163 7096754
Email: hello@growperma.com

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

Data Protection Officer

The appointment of a data protection officer is not currently required pursuant to Art. 37 GDPR or §38 of the German Federal Data Protection Act (BDSG), as the statutory thresholds are not reached. For data protection enquiries, please use the contact details above.

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for processing no longer applies. If you assert a legitimate request for deletion or revoke your consent, your data will be deleted unless we have other legally permissible reasons for storing it (e.g., tax or commercial law retention periods).

General Information on the Legal Basis for Data Processing

Where you have consented to processing, we rely on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR. In the case of explicit consent to the transfer of personal data to third countries, processing is additionally based on Art. 49(1)(a) GDPR. Where processing is necessary for the performance of a contract or for pre-contractual measures, we rely on Art. 6(1)(b) GDPR. Where processing is necessary to comply with a legal obligation, we rely on Art. 6(1)(c) GDPR. Processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Storing or reading information on the user’s end device is governed by §25(1) TDDDG.

Information on Data Transfers to the USA and Other Third Countries

Our website includes tools from companies based in the United States. Where you consent to the relevant category, your personal data may be transferred to these third countries. We would like to point out that no level of data protection comparable to that of the EU can be guaranteed in these countries.

Where the respective companies are certified under the EU-US Data Privacy Framework (DPF), this constitutes an appropriate basis for the transfer in accordance with the EU Commission’s adequacy decision of 10 July 2023. EU Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 apply in addition.

We would like to point out that even with adequate safeguards, it cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no influence over these processing activities.

Withdrawal of Your Consent

Many data processing operations are only possible with your express consent. You may revoke any consent at any time via the “Cookie Settings” link in the footer of this website. On withdrawal, already-placed cookies in the relevant category are removed from your browser. The lawfulness of any processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THIS PROCESSING; THIS ALSO APPLIES TO RELATED PROFILING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf, Germany
https://www.ldi.nrw.de/

If you reside in the United Kingdom, you may also lodge a complaint with the UK Information Commissioner’s Office (ICO), https://ico.org.uk/. We rely on the UK Addendum to the EU Standard Contractual Clauses (IDTA) where personal data of UK residents is transferred to processors outside the United Kingdom.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://” prefix in your browser’s address bar and the padlock icon.

Information, Deletion, and Correction

You have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of processing, as well as the right to correction or deletion of this data.

4. Data Collection on This Website

Cookies and Consent Management

Our website uses cookies. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device.

Cookies that are strictly necessary for carrying out the electronic communication process, providing certain functions you have requested, or optimising the website (e.g., the cookie that stores your cookie consent preferences) are stored on the basis of §25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR.

All other cookies and comparable technologies are activated only after your express consent via our HubSpot cookie banner (§25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the “Cookie Settings” link in the footer. On withdrawal, already-placed cookies in the relevant category are removed from your browser.

The HubSpot cookie banner separates processing into the following categories:

  • Strictly necessary: technically required cookies (session ID, consent storage, security cookies).
  • Analytics: audience measurement via Google Analytics 4 and HubSpot behavioural analytics.
  • Advertisement: conversion measurement and remarketing (active only if advertising tools are connected).
  • Functionality: storage of your language and display preferences.

Before you grant consent, all tools in the Analytics, Advertisement, and Functionality categories are set to “denied” via Google Consent Mode v2 and the HubSpot doNotTrack API, so that no personal analytics data is collected.

Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser automatically transmits to us:

  • browser type and browser version
  • operating system used
  • referrer URL
  • hostname of the accessing computer
  • time of the server request
  • IP address

This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR. Log data is deleted or anonymised after 14 days.

HubSpot CRM, Marketing Hub, and CMS

We use HubSpot to manage newsletter subscriptions, distribute content, and host the website. Provider: HubSpot, Inc. (25 First Street, Cambridge, MA 02141, USA); European subsidiary: HubSpot Ireland Limited (1 Sir John Rogerson’s Quay, Dublin 2, Ireland).

CRM data is hosted in the EU data centre Frankfurt am Main. Specifically, we use the following HubSpot features:

HubSpot Forms (newsletter and contact): When you subscribe to our newsletter or send us an enquiry via a contact form, your details (typically email address, optionally first name) are stored in our HubSpot CRM for the purpose of fulfilling the subscription or processing your enquiry. Legal basis: consent under Art. 6(1)(a) GDPR for newsletter subscription, Art. 6(1)(b) GDPR for contractually motivated enquiries, otherwise Art. 6(1)(f) GDPR.

HubSpot Email (newsletter delivery): If you have subscribed to our newsletter, HubSpot is used to deliver the emails. HubSpot processes opens, clicks, and bounces to measure deliverability. Legal basis: Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in every newsletter.

HubSpot tracking pixel and behavioural analytics: After your consent to the “Analytics” category, HubSpot sets its own cookies (including hubspotutk, __hstc, __hssc) to analyse content engagement on our website. Before consent is granted, the HubSpot tracker is technically blocked via the doNotTrack API, so that no personal pageviews are processed.

Data processing agreement and joint controllership: We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR. With regard to the tracking pixel and behavioural analytics, HubSpot is a joint controller pursuant to Art. 26 GDPR (Section 10 of the HubSpot DPA). The essential terms are available on request.

Third-country transfer: Primary storage in Frankfurt; support and logging data may be transmitted to the United States. Legal basis: EU-US Data Privacy Framework and supplementary EU Standard Contractual Clauses.

HubSpot privacy policy: https://legal.hubspot.com/privacy-policy

Attribution Tracking (UTM parameters and click identifiers)

When you reach our website via a campaign link (for example from our newsletter, an external publication, or a social media post), and you have consented to the “Analytics” category, we capture the UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) along with the click identifiers gclid and fbclid.

  • Purpose: understanding which channels bring readers to our content and improving how we share future articles.
  • Legal basis: consent under Art. 6(1)(a) GDPR and §25(1) TDDDG for first-party cookie storage; legitimate interest under Art. 6(1)(f) GDPR for the subsequent analysis.
  • Retention: first-touch cookie 90 days, last-touch cookie one session.
  • Recipients: no transmission to third parties. Data is processed solely within our HubSpot contact record.

AI Referrer Detection

We detect whether you arrived from an AI search engine or AI chatbot (in particular ChatGPT, Perplexity, Claude, Gemini, Microsoft Copilot, Google AI Overviews) by inspecting the HTTP referrer.

  • Purpose: measuring our content reach via AI-powered search systems. The information is used solely for internal reporting and is not fed into automated decisions.
  • Legal basis: legitimate interest under Art. 6(1)(f) GDPR for transient analysis. Where the information is persistently stored, consent under Art. 6(1)(a) GDPR and §25(1) TDDDG additionally applies.
  • Retention: 90 days in the cookie.

HubSpot Custom Behavioural Events

When the “Analytics” category is enabled, we capture behavioural signals such as scroll depth, time on page, internal clicks, and FAQ interactions in order to understand which content readers find most useful.

  • Purpose: optimisation of content and reading experience.
  • Legal basis: consent under Art. 6(1)(a) GDPR and §25(1) TDDDG.
  • Retention: 90 days.

No Automated Decision-Making

We do not make any decisions affecting you that are based solely on automated processing within the meaning of Art. 22 GDPR. Newsletter segmentation, where applied, is reviewed by a human before any communication is sent.

Inquiries by Email

If you contact us by email, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR).

5. Analytics Tools

Google Analytics 4 with Consent Mode v2

This website uses Google Analytics 4, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), for statistical analysis of website usage. Collection occurs only after your consent to the “Analytics” category.

  • Purpose: audience measurement, optimisation of content and reader experience.
  • Legal basis: consent under Art. 6(1)(a) GDPR and §25(1) TDDDG.
  • Retention in GA4: 14 months.
  • Reporting identity: device-based only; Google Signals and Google-signed advertising IDs are disabled.
  • Redact data: enabled; sensitive URL parameters are filtered before storage.
  • Third-country transfer: transmission to Google LLC in the United States on the basis of the EU-US Data Privacy Framework and supplementary EU Standard Contractual Clauses.

Google Consent Mode v2 is implemented on our website. Before you grant consent, all relevant Consent Mode parameters (ad_storage, analytics_storage, ad_user_data, ad_personalization, functionality_storage, personalization_storage) are set to “denied” and are only changed to “granted” upon consent. Without consent, no cookies are set and no personal data is transmitted to Google.

Data processing agreement: We have concluded a data processing agreement with Google (Google Ads Data Processing Terms).

Provider’s privacy notice: https://policies.google.com/privacy

Google Search Console

We use Google Search Console to analyse the search queries through which our website is found. The data is provided directly by Google and integrated into our reporting tools. No additional cookies are set on your device through this.

6. Plugins and Tools

Google Web Fonts (locally hosted)

This site uses Google Web Fonts for consistent typography. The Google Fonts are served locally through the HubSpot CMS. No direct connection to Google’s servers takes place; your IP address is not transmitted to Google.

7. Categories of Recipients

We share personal data with the following categories of recipients:

  • Processors (Art. 28 GDPR): HubSpot Inc. (CMS, CRM, email delivery, hosting).
  • Joint controllers (Art. 26 GDPR): HubSpot Inc. with regard to the HubSpot tracking pixel and behavioural analytics (Section 10 of the HubSpot DPA); Google Ireland Limited with regard to Google Analytics.

A complete list of our processors and joint controllers is available on request at hello@growperma.com.

8. Note on the EU AI Act

For the sake of transparency, we would like to note that no AI systems with which visitors directly interact are used on this website. There is no chatbot, no automated decision system, and no AI-based customer communication tool on this website.

Where we use AI-powered tools internally (e.g., to support content creation or to analyse content performance), this is always done under human supervision and without solely automated decision-making within the meaning of Art. 22 GDPR.

We continuously monitor the requirements of the EU AI Act (Regulation (EU) 2024/1689) and will update this privacy policy as required.

Last updated: 13 May 2026