Privacy Policy
Last updated: 16 July 2026
This Privacy Policy explains how B2B Growth Lab ("we", "us", "our") processes personal data — that is, collects, records, stores, uses, discloses, and deletes information relating to an identified or identifiable natural person (Art. 4(1) and 4(2) GDPR) — when you visit b2bgrowthlab.net (the "Website") or contact us. We process personal data as a data controller in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR.
1. Data Controller
For any questions about this policy or how your personal data is processed, contact us at the address above.
2. Categories of Personal Data We Process
Depending on how you interact with the Website, we process the following categories of personal data:
- Identity and contact data: your name and email address (contact form, email, Calendly booking);
- Business data: your company name and role, where you provide them;
- Communication content: the marketing challenge and message you describe in the form, and the content of any email correspondence;
- Technical and usage data: IP address, date and time of access, pages requested, referrer URL, browser type, and operating system (server logs, processed automatically by our hosting provider).
We do not process special categories of personal data (Art. 9 GDPR), and we ask you not to include such data in your messages. We do not knowingly process data relating to criminal convictions (Art. 10 GDPR).
3. How and Why We Process Your Personal Data
a. Contact form
When you submit our contact form, we collect the information you provide: your name, email address, company name, your marketing challenge, and your message.
- Purpose: to respond to your enquiry and prepare for or schedule a strategy call.
- Legal basis: Art. 6(1)(b) GDPR — steps taken at your request prior to entering into a contract; and Art. 6(1)(f) GDPR — our legitimate interest in responding to business enquiries.
- Retention: we keep enquiry data for as long as needed to handle your request, and for up to 24 months afterwards unless a business relationship follows or you ask us to delete it sooner.
b. Email correspondence
If you email us directly, we process your email address and the contents of your message on the basis of Art. 6(1)(b) or 6(1)(f) GDPR, and retain it as described above.
c. Server log data (hosting)
Our Website is hosted by Netlify (see Section 4). When you visit the Website, the hosting infrastructure automatically processes technical data such as your IP address, date and time of access, pages requested, browser type, and operating system in server logs. This is technically necessary to deliver the Website and to ensure its stability and security.
- Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in the secure and reliable operation of the Website.
- Retention: log data is retained by our hosting provider for a short period (typically less than 30 days) and is not merged with other data.
d. Cookies, tracking, and analytics
This Website does not set cookies and does not use analytics or advertising trackers. See our Cookie Policy for details. Because we use no cookies or similar technologies requiring consent, no cookie banner is shown. Fonts are served from our own domain — no font requests are sent to third parties.
4. Processors and Third-Party Services
We use a small number of carefully selected service providers, who may process personal data on our behalf as processors under Art. 28 GDPR:
| Service | Purpose | Data processed | Location / transfer safeguard |
|---|---|---|---|
| Netlify, Inc. (USA) | Website hosting and processing of contact form submissions | Server log data; contact form data | USA — EU Standard Contractual Clauses / EU-US Data Privacy Framework |
| Calendly LLC (USA) | Scheduling of strategy calls (only if you choose to book via the "Book a Call" links) | Name, email address, meeting details you provide on Calendly | USA — EU Standard Contractual Clauses / EU-US Data Privacy Framework; see Calendly's Privacy Notice |
Our Website also contains an outbound link to our LinkedIn profile. Clicking it takes you to LinkedIn, where LinkedIn's privacy policy applies. No data is sent to LinkedIn simply by visiting our Website.
We do not sell personal data, and we do not share it with third parties for their own marketing purposes.
5. International Data Transfers
Where data is transferred to providers outside the European Economic Area (in particular to the USA, as listed above), we rely on an adequacy decision under Art. 45 GDPR (such as the EU-US Data Privacy Framework, where the provider is certified) and/or Standard Contractual Clauses under Art. 46(2)(c) GDPR.
6. How Long We Keep Your Data
- Contact form and email enquiries: up to 24 months after our last contact, unless a business relationship follows (in which case statutory commercial and tax retention periods may apply) or you request earlier deletion.
- Server logs: typically deleted within 30 days by our hosting provider.
7. Your Rights Under the GDPR
You have the following rights regarding your personal data:
- Access (Art. 15) — request a copy of the personal data we hold about you;
- Rectification (Art. 16) — have inaccurate data corrected;
- Erasure (Art. 17) — request deletion of your data ("right to be forgotten");
- Restriction of processing (Art. 18);
- Data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format;
- Objection (Art. 21) — object at any time to processing based on legitimate interests;
- Withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time with effect for the future.
To exercise any of these rights, email us at nadezhda@b2bgrowthlab.net. We will respond within one month, as required by Art. 12(3) GDPR.
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement. As we are established in Croatia, our lead supervisory authority is the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka, AZOP), Selska cesta 136, 10000 Zagreb, Croatia — azop.hr. A list of all EU data protection authorities is available on the EDPB website.
8. Data Security
We use appropriate technical and organisational measures to protect your data, including TLS/HTTPS encryption for all traffic to and from the Website, access controls on systems where enquiry data is stored, and data minimisation — we only ask for the information we need to respond to you.
9. No Automated Decision-Making
We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR.
10. Children
Our services are directed at businesses and are not intended for children under 16. We do not knowingly collect personal data from children.
11. Whether You Are Required to Provide Data
Providing personal data on this Website is neither legally nor contractually required. However, if you choose not to provide contact details, we will not be able to respond to your enquiry.
12. Changes to This Policy
We may update this Privacy Policy from time to time, for example if our services or legal requirements change. The current version is always available on this page, with the "Last updated" date shown above.