Privacy Policy / ConsciousGrowth platform

Last amended: October 21st, 2019

We respect your privacy and the privacy of your users. This Privacy Policy explains how ConsciousGrowth GmbH (collectively “Conscious Growth“, or “we“, or “us“, or “our“) collects, uses and shares your personal information in connection with your use of our website and the ConsciousGrowth platform and explains your choices for how we handle your personal information. For convenience, the site and the services regarding our platform are collectively also referred to as the “Service.”

1. Contact details of the controller

The website and the ConsciousGrowth platform are provided by Conscious Growth GmbH, HRB 210504, Chorinerstrasse 81, 10119 Berlin. ConsciousGrowth is also the controller within the meaning of the EU General Data Protection Regulation (GDPR) for the collection, processing and use of personal data of website visitors and users of the ConsciousGrowth platform (hereinafter referred to as “you”). Should you have any questions or suggestions regarding data protection, please do not hesitate to contact us. You are welcome to direct your data protection concerns to our data protection team by sending an email to Our full contact details are available at:

2. Data processing when you use our website

2.1. Visiting the site. In the context of visiting the site and using the ConsciousGrowth platform personal data is only collected if this is necessary for technical reasons to use our website or if you use certain functions or services offered on our website, e.g. the contact form or the sign up process.

The following access data is automatically recorded every time the service is accessed:

  • date and time of access (“time stamp”)
  • name of the file requested
  • website from which the file was requested
  • access status (e.g. file transferred, file not found)
  • Browser type / version
  • used operating system

It is necessary to process this data to make it possible to visit the website or ConsciousGrowth platform and to guarantee the long-term functionality, availability and security of our systems. The legal basis for this data processing is Art. 6(1) (b) GDPR.

2.2. Sign-up and login. To us our service, you first need to set up a user account for the ConsciousGrowth plattform. This requires you to provide a business name, your company's website and an email address. We also ask you to provide additional information about your company (e.g. industry, registered office, monthly online revenue and monthly budget for ads as well as the return on advertising spend. These categories are also summarized below as "company datta"). We also collect your first and last name, a phone number and your title / role with your company. A password will be required to login to your ConsciousGrowth account. The legal basis for this data processing is Art. 6(1) (b) GDPR. The data collected when you use the sign up form will be stored for the duration of our business relationship.

2.3. Application. In order to apply for ConsciousGrowth funding you need to provide us with company data and connect your aggregated sales, marketing, and bank account data with the ConsciousGrowth platform. We need an insight into this information in order to asses the state of growth of your business and the risks associated with a potential funding. 

For accessing the bank account data, we do not look into specific transactions of your users but the analysis focuses on the categorization and data enrichment of transactions in your account history. For this purpose we use the P.S.D. true software of Geldspeicher Gmbh, c/o rent24, Oberwallstraße 6, 10117 Berlin. In addition, bank account information is processed with the help of subcontractors of Geldspeicher GmbH, (finAPI GmbH, Adams-Lehmann-Str. 44, 80797 München and FinTecSystems GmbH, Gottfried-Keller-Str. 33, 81245 München, both of which are account information service providers regulated by BaFin). The account information is only collected if you instruct finAPI or FinTecSystems to transmit the bank account information by entering your bank account access information in the corresponding input mask. The enriched information is used for risk assessment purposes. 

We will review your application based on your company data and the aggregated data mentioned above and send you several funding offers, from which you can pick the one that matches best your sales and marketing needs. All data regarding your application is stored with your ConsciousGrowth account. Only aggregated or anonymized data is processed in the application and review process. The legal basis for this data processing is Art. 6(1) (b) GDPR. 

2.4. Using the ConsciousGrowth platform. When you login to your ConsciousGrowth account, you can examine your funded budget, account balance, repayment history and the repayment terms we agreed on. This information and data about your related use of the ConsciousGrowth platform (e.g. timestamps, changes to your account, settings and status) is stored in connection with your ConsciousGrowth account. The legal basis for this data processing is Art. 6(1) (b) GDPR.

2.5. Repayment. In the context of the repayment of your funding, we process your company data and data on the funding and the repayment plan we agreed to as well as information on your bank account to coordinate and control the repayment. The legal basis is Art. 6 (1) (b) GDPR. 

2.6. Support. We process information you provide in the support contact form to respond to your support request. In the context of your support request, we also collect your account name and other account related data. We will process this data and, if necessary, data regarding your funding or other company data stored in your ConsciousGrowth account to answer your request. The legal basis is Art. 6 (1) (b) GDPR. 

2.7. Controlling, reporting and analytics. We also use information on transactions for internal cost and performance accounting, controlling and internal reporting, which serves us for corporate management and planning. The legal basis is Art. 6 (1) (b) GDPR. In this context, no personal data is processed.

2.8. ConsciousGrowth newsletter. You have the opportunity to subscribe to our ConsciousGrowth newsletter, which informs you regularly about our release notes, new features and updates regarding our service. When registering for the ConsciousGrowth newsletter, we ask you to provide your email address so that we can send you the newsletter. We will also ask you during the sign-up process, if you would like to subscribe to the ConsciousGrowth newsletter. We will then use the email address from your account.

For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you ConsciousGrowth newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the ConsciousGrowth newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered.

You can unsubscribe from the ConsciousGrowth newsletter at any time. An unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of the above processing is your consent pursuant to Art. 6(1)(a) GDPR.

2.9. Customer and partner management. For the administration of our business contacts we process information about your company (in particular address, branches, authorized representatives and their contact data) as well as information about the respective contact persons (in particular name, position, professional contact information) and any communication with you. We use this data in order to be able to contact the contact persons with your company and to process your requests appropriately and to maintain our business relationship. The legal basis is Art. 6(1)(b) GDPR.

2.10. Cookies, marketing and analytic tools

2.10.1. Google services

  We use the Google services Google Analytics, Google Analytics Remarketing, Google Ads, Google Search Ads 360 and Google Tag Manager. These services are provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"). Google is based in the so-called third country USA, which means that a level of data protection equivalent to that in the EU is generally lacking. However, Google is certified under the EU-U.S. Privacy Shield and thus offers an adequate level of data protection in accordance with Art. 45 DSGVO. You can find more information about Google in the Google Privacy Policy.

2.10.2. Google Analytics

Google Analytics uses cookies. The information collected by these cookies is usually sent to a Google server in the USA and stored there. IP anonymization is used on this website. The IP address of the website visitors is shortened. Only in individual cases is the IP address initially transmitted in full to a Google server in the USA and shortened there. This shortening eliminates the personal reference of the IP address. The IP address transmitted by the browser is not combined with other data stored by Google.  Within the framework of the agreement on the contract data agreement which the website operator has concluded with Google Inc., the latter uses the information collected to create an evaluation of website use and website activity and provides associated services.  The data collected by Google on behalf of the website operator is used to evaluate the use of the online offer by individual users, e.g. to create reports on the activity on the website and to improve our online offer. The cookie stored in your browser with your consent will be completely deleted after 90 days at the latest.

2.10.3. Google Analytics Remarketing

Google Analytics Remarketing allows you to link the created advertising target groups with the cross-device functions of Google Ads and Google Campaign Manager. In this way, interest-based, personalised advertising messages that have been adapted to the previous usage and surfing behaviour of the website visitor on one device can also be displayed on another device of the website visitor. This requires that the website visitor has given Google permission to do so. If such consent is given, Google will link the web and app browsing history to the personal Google Account for this purpose.  To support this feature, Google Analytics collects Google-authenticated visitor IDs that are temporarily linked to Google Analytics data to define and create target groups for cross-device advertising.  Visitors who have a Google Account can opt-out of cross-device remarketing/targeting permanently by disabling personalised advertising in their Google Account (

2.10.4. Google Ads (former AdWords) and Conversion-Tracking

In the context of Google Ads, this website uses so-called conversion tracking. When website visitors click on an ad served by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used to personally identify website visitors. If the user visits certain pages of this website and the cookie has not expired, we can tell that the user clicked on the ad and was redirected to that page. The information collected using the conversion cookie is used to compile conversion statistics for us as AdWords customers. This tells us the total number of website visitors who clicked on an ad we placed and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies website visitors. The cookie stored in your browser with your consent will be completely deleted after 90 days at the latest.

2.10.5. Google Tag Manager

To manage the Google Analytics tracking (see above) we use the Google Tag Manager service. The Google Tag Manager itself does not collect any personal data.

2.10.6. Facebook Pixel & Use of Facebook Remarketing

We use the remarketing function Custom Audiences from Facebook. This service is provided by Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland; "Facebook"). Facebook has its headquarters in the so-called third country USA, which means that a level of data protection corresponding to that of the EU is generally lacking. However, Facebook is certified under the EU-U.S. Privacy Shield and thus offers an adequate level of data protection in accordance with Art. 45 DSGVO. This function serves the purpose of targeting website visitors with a Facebook account with interest-based advertising on the social network Facebook. For this purpose, the Facebook remarketing tag was implemented on the website. This tag is used to establish a direct connection to the Facebook servers when visiting the website. This is used to tell the Facebook servers which of our pages were visited by the website visitor. If a Facebook account exists, Facebook assigns this information to the personal Facebook user account. Within Facebook, personalized, interest-related Facebook ads are then displayed to the website visitor and Facebook member. As a website visitor and Facebook member, you can deactivate the remarketing function Custom Audiences by clicking the following link: You can find more detailed information on the collection and use of data by Facebook, on related rights and possibilities for protecting privacy on Facebook in the Facebook privacy policy. The cookie stored in your browser with your consent will be completely deleted after 90 days at the latest.  

2.10.7. LinkedIn Ads

We use the LinkedIn ad feature of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, "LinkedIn"). LinkedIn is based in the third country USA, which generally does not have an EU level of protection. However, LinkedIn is certified under the EU-U.S. Privacy Shield and thus offers an adequate level of protection for personal data in accordance with Article 45 DSGVO. This function is used to address visitors with a LinkedIn user account specifically with interest-based advertising on the LinkedIn social network.  A remarketing tag has been implemented on this website for this purpose. With the help of this tag, a direct link to the LinkedIn servers is established when the website is visited and the LinkedIn servers are informed which pages of our website have been visited by the visitors. LinkedIn associates this information with your LinkedIn user account if one exists. Within LinkedIn, visitors to our site who are also LinkedIn members will then see personalized, interest-based LinkedIn advertising and sponsored posts/messages. The cookie stored in your browser with your consent will be completely deleted after 90 days at the latest.  

2.11. General use of cookies. When you visit and use our website and the ConsciousGrowth platform, we store a variety of cookies. Cookies are small text files stored in your web browser’s memory which contain information that can be used to recognize you when you visit web servers later on. However, this does not mean that we are immediately aware of your identity. Cookies cannot execute any programs or transfer viruses to your computer.

The primary purpose of our own cookies is rather to make using our service as time-saving and user-friendly as possible.

We use cookies in particular 

  • for load balancing;
  • to store language settings;
  • to store form data; and
  • to note that information placed on our website has been displayed to you, so that it will not be displayed again the next time you visit the website.

For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These cookies are deleted 30 minutes after you stop interacting with our website. In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site or platform again to take advantage of our services, it will automatically recognize that you have already been with us and what inputs and settings you have made, so you do not have to re-enter them.

We do this to be able to make your use of our website more convenient and personalized. The processing of the respective cookies is based on our aforementioned legitimate interests, meaning the legal basis is Art. 6(1) (f) GDPR.

You can prevent the storage of cookies by adjusting your browser settings to disable the acceptance of cookies via this website. If you do not accept cookies, however, this may in some cases lead to considerable functional restrictions on our website.

2.12. Cookies and other technologies from third-party providers. In addition, we also use cookies and technologies from third-party providers for analysis and marketing purposes and analysis of general usage behaviour based on access data as well as collected basic device information (e.g. browser type / version, used operating system) and the collected IP address of our website visitors. 

We use the results of such analyses to improve our website and services and adapt them to the actual needs of our users. The legal basis for the individual examples of data processing described below is Art. 6(1) (f) GDPR, based on our legitimate interest in the demand-oriented design and continuous optimization of our website and the ConsciousGrowth platform and in the advertising of our services. 

You have the right to object at any time to the processing of your data for the purposes described. In the following, we provide you with opt-out options for the respective tools and third-party services. Alternatively, you can prevent cookies from being stored in your browser settings.


                     a. [… Tracking-Services e.g. Google Analytics]

3. Links to other websites and online content

Our website may contain links to websites and online content of other providers not affiliated with us. If you activate these links, we naturally no longer have any influence on which data is collected by the respective providers and which data they record. For more detailed information on data collection and use, please refer to the privacy policies of the respective providers. Since the collection and processing of data by third parties is beyond our control, we cannot assume any responsibility for this.

4. Our social media profiles

We are represented in various social networks.

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, D2 Dublin, Ireland), Privacy Policy

  • Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA), Privacy Policy

  • Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, D2 Dublin, Ireland), data protection notices

  • LinkedIn (LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA), privacy policy

On our website we link to our company profiles on the respective social networks. Please note, that when you activate a link to a social network, data is transferred to servers of the respective provider. If you are logged in to the respective social network at that moment with your username and password, the information that you are visiting our website will be transferred to the social network and the respective provider may assign this information to your user account.

Basically, we have no way of influencing the data processing regarding the social networks. But we do receive statistics about usage and visits of our company profiles on the social networks (e.g., information about the number of views, interactions such as likes, comments and retweets, and aggregated demographic and other information or statistics). For this purpose, we submit certain parameters regarding our company and the services and content we offer on our company profile to the social network. This information is used by the providers to create more detailed statistics. In addition, the providers may use data they collect when you visit the social network for their own purposes beyond our control. For more detailed information, please refer to the providers' privacy notice linked above. 

If we receive your personal data via our social media profiles (e.g. via direct messages), you are entitled to the rights set out in this privacy policy (see section 9 "Your rights"). You can send us your inquiries to gain access to stored personal data with regard to data processing in the context of our company profiles using contact data specified in section 1. We will then inform you about the data we have collected on our own and data which was transmitted to us to comply with the rights you have exercised against us.

If you also intend to assert rights against the social network provider, the easiest way to do so is to directly contact the respective provider. The provider knows the details on the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can put appropriate measures into practice to comply with your inquiry. The contact details can be found in the privacy notice linked above. We gladly support you in asserting your rights to the extent of our competence.

The legal basis for linking and operating our company social media profiles is Art. 6(1) (f) GDPR based on our legitimate interest in our corporate communications in the respective social networks.

5. Disclosure of data

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) (a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) (c) GDPR; or
  • this is permitted by law and is required under Art. 6(1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centres that store our website and databases, IT service providers that maintain our systems or provide CRM functionalities and consulting firms. If we pass data on to our service providers, they may use the data only for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

6. Security

The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. Our security is subject to constant improvement and our privacy policies are constantly being revised. 

7. Personal data retention

We store personal data only for as long as is necessary to fulfil contractual or statutory duties for which the data were collected. We then erase or anonymize the data immediately, unless we still need it until expiry of the statutory period of limitation for purposes of evidence in civil claims or due to statutory duties of storage. For purposes of evidence we must still store data for three years from the end of the year in which business relations with you end or an ConsciousGrowth account is deleted. We are also required to store some of your data for accounting purposes. We have an obligation to do so under statutory duties of documentation which may arise under the German Commercial Code (HGB), the German Tax Code (AO) or the German Anti-Money Laundering Act (GwG). The retention periods are up to 10 years.

8. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing and provide you with an overview of the data stored about you.

If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose.

You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. 

You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided on the basis of consent or a contractual relationship.

In order to assert your rights described here, you can contact us at any time using the contact details provided in Section 1 above.

In addition, you have the right to object to data processing if it is based on Art. 6(1) (f) GDPR or for marketing purposes. 

Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in Berlin is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

Right of withdrawal and objection. Pursuant to Art. 7(3) GDPR, you have the right to withdraw consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

If we process your data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data, and to give us reasons which arise from your particular situation which, in your opinion, show that your legitimate interests override ours. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.

If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

9. Updates to this Privacy Policy

This privacy policy is currently valid. As a result of the further development of our website and platform or due to changed legal or official requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed and printed by you at any time on the website at