Legal

Privacy Policy

How GroovyMark collects, uses, and protects your personal data.

Effective Date: March 30, 2026Last Updated: March 30, 2026GDPR Compliant

1. Introduction

GroovyMark PVT Ltd (trading as "Revenue Growth Partner", "we", "us", or "our") is committed to protecting the privacy and personal data of our website visitors, clients, and leads. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the UK GDPR, and applicable data protection laws in Sri Lanka.

This policy applies to all personal data processed through our website, lead capture forms, CRM system, analytics tools, and any other services we provide.

2. Data Controller

The data controller responsible for processing your personal data is:

Company Name: GroovyMark PVT Ltd

Trading As: Revenue Growth Partner

Registered Address: GM HQ, Colombo, Sri Lanka

Data Protection Contact: privacy@groovymark.com

If you have any questions about this Privacy Policy or our data practices, please contact us at the email address above.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data You Provide Directly

Full name, email address, phone number, and company name (via contact and lead capture forms)
Job title, role, and business information you share during discovery calls or onboarding
Communication records including emails, virtual meetings, messages, and call notes
Any other information you voluntarily submit through our website or services

3.2 Data Collected Automatically

IP address, browser type, operating system, and device information
Pages visited, time spent on pages, referral source, and navigation paths
Cookie data and tracking identifiers (see Section 8 for Cookie Policy)

3.3 Behavioral & CRM Data

Lead scoring data based on your interactions with our content and website
Engagement history including content views, form submissions, and email opens
Buyer journey tracking data from first touch to conversion
Lead classification (High, Medium, Low) based on scoring criteria

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following lawful bases:

Lawful Basis	Purpose	Examples
Consent (Art. 6(1)(a))	Processing based on your explicit, freely given consent	Cookie consent, newsletter subscription, marketing communications
Contract (Art. 6(1)(b))	Processing necessary to perform or prepare a contract with you	Service delivery, onboarding, CRM management, invoicing
Legitimate Interest (Art. 6(1)(f))	Processing necessary for our legitimate business interests	Lead scoring, analytics, website improvement, fraud prevention
Legal Obligation (Art. 6(1)(c))	Processing required by law	Tax records, regulatory compliance, legal proceedings

5. How We Use Your Personal Data

We use your personal data for the following purposes:

Lead management: capturing, scoring, prioritizing, and qualifying inbound leads through our CRM system
Service delivery: onboarding clients, managing accounts, tracking buyer journeys, and providing performance reports
Communication: responding to inquiries, sending follow-up sequences, and providing customer support
Marketing: sending newsletters, case studies, and promotional content (only with your consent)
Analytics: understanding website traffic patterns, optimizing content, and improving conversion rates
Behavioral tracking: monitoring engagement with our content to provide more relevant experiences and accurate lead scoring
Business operations: invoicing, internal reporting, and process improvement

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your data with:

6.1 Service Providers (Data Processors)

Our custom-built CRM system (hosted and managed internally by GroovyMark PVT Ltd)
Cloud hosting and storage providers for secure data backup
Email service providers for transactional and marketing communications

All data processors are bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant handling of your data.

6.2 Legal & Regulatory Disclosures

We may disclose your data when required by law, court order, or regulatory authority, or to protect our legal rights and the safety of our users.

6.3 International Data Transfers

As we are based in Sri Lanka and serve global clients, your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

Lead data (non-clients): Retained for 24 months from your last interaction with us. After this period, data is anonymized or deleted.
Client data: Retained for the duration of the contractual relationship plus 6 years to comply with legal and accounting obligations.
Analytics and cookie data: Retained for a maximum of 13 months from the date of collection.
Marketing consent records: Retained for as long as the consent remains active, plus 3 years after withdrawal for audit purposes.

You may request deletion of your data at any time by contacting privacy@groovymark.com, subject to our legal retention obligations.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our lead management services. We obtain your consent before placing any non-essential cookies on your device.

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize your device and remember your preferences, actions, and browsing patterns across visits.

8.2 Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner that allows you to:

Accept all cookies
Reject all non-essential cookies
Customize your cookie preferences by category

You can change your cookie preferences at any time through the cookie settings link in our website footer. Essential cookies cannot be disabled as they are required for the website to function.

8.3 Types of Cookies We Use

Category	Purpose	Examples	Duration
Strictly Necessary	Essential for website functionality and security	Session cookies, CSRF tokens, cookie consent preferences	Session / 1 year
Analytics	Help us understand how visitors use our website	Page views, traffic sources, navigation paths, time on page	Up to 13 months
Functional	Remember your preferences and personalize your experience	Language preference, form auto-fill, display settings	Up to 12 months
Marketing / Tracking	Track engagement for lead scoring and retargeting	Lead source tracking, content engagement, CRM behavioral data	Up to 13 months

8.4 Managing Cookies

In addition to our cookie consent tool, you can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website and our ability to provide accurate lead scoring and personalized content.

9. Your Rights Under GDPR

If you are in the EEA, UK, or where applicable law grants similar rights, you have the following rights regarding your personal data:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing (Art. 18): Request that we limit the processing of your data in certain circumstances.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format and transfer it to another controller.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your data rights have been violated.

To exercise any of these rights, please contact us at privacy@groovymark.com. We will respond to your request within 30 days. If we need additional time (up to 60 days for complex requests), we will inform you of the extension and reasons.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

Encryption of data in transit (TLS/SSL) and at rest
Access controls limiting data access to authorized personnel only
Regular security reviews of our custom CRM and internal systems
Secure cloud storage with redundancy and backup protocols
Employee confidentiality agreements and data protection training
Incident response procedures for data breach detection and notification

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Articles 33 and 34.

11. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact privacy@groovymark.com immediately.

12. Automated Decision-Making & Profiling

Our lead scoring system uses automated processes to classify leads as High, Medium, or Low based on behavioral and firmographic data. This profiling helps us prioritize response times and tailor communications.

This automated scoring does not produce legal effects or similarly significant effects on you. However, under GDPR Article 22, you have the right to:

Request human review of any automated decision that significantly affects you
Express your point of view and contest the decision
Receive an explanation of the logic involved in the scoring process

To request a review, contact us at privacy@groovymark.com.

13. Third-Party Links

Our website and content may contain links to third-party websites, platforms, or services (such as YouTube, LinkedIn, or partner sites). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

We will update the "Last Updated" date at the top of this policy
We will notify existing clients and active leads via email
We will display a prominent notice on our website

We encourage you to review this policy periodically. Continued use of our website and services after changes are posted constitutes your acknowledgment of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Data Protection Contact: privacy@groovymark.com

Company: GroovyMark PVT Ltd (trading as Revenue Growth Partner)

Location: Sri Lanka

For EU/UK residents, you may also lodge a complaint with your local Data Protection Authority (DPA) if you believe your data protection rights have been infringed.