Introduction

Growth Assembly ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website yourgrowthmindset.com, take our assessment, or use our services.

Data Controller

Growth Assembly is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at:

Email: privacy@yourgrowthmindset.com
Address: 's-Gravenpark, Capelle a/d IJssel, Zuid-Holland

Personal Data We Collect

We may collect the following types of personal data:

• Identity Data: First name, last name
• Contact Data: Email address
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website and services
• Assessment Data: Responses to our growth mindset assessments

How We Collect Your Data

We collect data through:

• Direct interactions (forms you complete, correspondence)
• Automated technologies (cookies, server logs)
• Third parties (analytics providers, advertising networks)

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: Where you have given clear consent to process your personal data for specific purposes
• Contract: Processing necessary for the performance of a contract with you
• Legitimate Interests: Processing necessary for our legitimate interests (providing and improving our services)
• Legal Obligation: Processing necessary to comply with legal obligations

How We Use Your Data

We use your personal data to:

• Provide and manage our services
• Personalize your experience
• Process and deliver assessment results
• Send relevant marketing communications (with consent)
• Improve our website and services
• Comply with legal obligations

Data Sharing

We may share your personal data with:

• Service providers who perform services on our behalf
• Professional advisers (lawyers, bankers, auditors)
• Regulators and other authorities who require reporting in certain circumstances

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

International Transfers

Some of our external third-party providers may be based outside the European Economic Area (EEA), which means processing of your personal data may involve a transfer outside the EEA. Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:

• Transfer to countries that have been deemed to provide an adequate level of protection
• Use of specific contracts approved by the European Commission
• Transfer to providers participating in approved certification mechanisms

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorized way. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

Your Legal Rights

Under the GDPR, you have the following rights:

• Right to access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request restriction of processing your data
• Right to data portability: Request transfer of your data to you or a third party
• Right to object: Object to processing of your personal data
• Right regarding automated decision making: Not to be subject to decisions based solely on automated processing

To exercise any of these rights, please contact us at privacy@yourgrowthmindset.com. You will not have to pay a fee to access your personal data or exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Cookies

Our website uses cookies to distinguish you from other users and enhance your experience. A cookie is a small file of letters and numbers that we store on your browser or device. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.