This Policy is a legally binding agreement between Creoate and you. All of the services available on or through the Site or otherwise provided by us (including our application programming interfaces), and all of our mobile applications, are maintained and provided by Creoate. We refer to all of these as our “Services. By visiting our site or using any of our apps and services, you consent to our collection, transfer, manipulation, storage, disclosure and other uses of your information as described in this policy.
When you use or interact with us through the Services, we may collect Personally Identifiable Information (“PII”) without your prior express permission. As used within the scope of this Policy, PII shall be any data relating to an individual who can then be personally identified from that data and/or from data in the possession or likely to come into the possession of Creoate. The words “obtain”, “hold”, “use”, “process”, “disclose” and similar, as used in this Policy and elsewhere, are related to PII and other data that we may receive from our clients, users and/or visitors, including cookies inside a computer, along with statistical and analytical complication thereof in order to create aggregate databases and business strategies.
Here at Creoate, we work hard to earn and keep your trust. We adhere to the following principles in order to protect your privacy:
- We will not rent or sell your PII to third parties other than as explained elsewhere in this policy in conjunction with our Terms and Conditions
- We will not disclose your information with other users or third parties without your consent
- Any PII that you provide to Creoate will be secured with industry standard safety protocols and technology
- PII shall be processed fairly and lawfully and only as necessary for our business, and not in any manner incompatible with such purposes
- Sensitive PII shall only be processed as and when strictly necessary
- PII shall be kept adequate, relevant, accurate and not longer than necessary for our business purposes
- PII of our users shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the privacy of our users.
Scope of this Policy
Creoate is an online marketplace platform that allows people to purchase carefully selected workshops offered by exciting suppliers. There are two types of accounts: accounts for customers that purchase workshops within the Site (the “Participants”) and accounts for suppliers of workshops (the “Organisers”). We refer to Organisers, Participants and other visitors and browsers of the Services collectively as “Users” or “you.” We may also include other services and functionalities from time to time. Your access to the Site is only offered for your individual, non-commercial use, and not for the use or benefit of any third party you may represent.
For all Users we collect Personal Data when you voluntarily provide such information to the Services, such as when you register for access to the Services, contact us with inquiries, respond to one of our surveys or browse or use certain parts of the Services. The Personal Data we may collect includes without limitation your name, address, email address and other information that enables Users to be personally identified. We will store your PII for our internal business purposes, such as improving your user experience, send newsletters, offer promotions, improve our Site and services, study our user’s behavior, to enforce our Terms or Policy, and to contact you about our services, among other legitimate business purposes. We may also collect anonymized, non-personally identifying information.
Please be aware that if you post information on a public forum or bulletin board, any PII you elect to disclose therein there may or will be read, collected and/or used by other users of such forums and could be used to send you unsolicited messages.
Creoate does not knowingly collect any kind of information from persons under the age of thirteen (13). Through the simple use of our Services and/or browse of the Site, you hereby represent and warrant that you are at least eighteen (18) years of age –or older– as of the date of first access to the Site, and, if you are still a minor (which may depend on the jurisdiction where you reside), are using the Site under the direct supervision of your parent or legal guardian.
Information collected, purpose and use
In order for us to provide our Services, and to improve the user experience for our clients, we will need to undertake the storage, use, combination, integration, disclosure, process and transfer of your PII, either among our affiliates or other authorized third parties. Our Site or ads do not collect any sensitive personal data about you (i.e. gender, racial origin, financial information other than those details collected to process payments in line with our Terms and Conditions). We will generally collect, use and disclose your PII, amongst other reasonable activities to offer our Services, to:
- Verify your e-mail address; send password retrieval links and other account notices
- Provide news regarding our services and Site
- Send communications and updates about your orders
- Improve your user experience and provide you with customer support
- Develop, research, process, safeguard and improve our communications and services
- Answer to queries and suggestions you submit to us.
Our Site may also offer you the functionality of using your social media credentials (e.g. Facebook, Instagram, Google, and Twitter) to use single-sign-off to enter our Site, and in that manner we may also collect certain PII from you. We will not collect more information from you when using your social media credentials beyond the personal information such third parties disclose to us.
Control of your information
Our customers will generally be able to edit, select or delete the amount and type of PII they may disclose to us when using our Site. We continuously try to improve our user experience, and strive to provide you the best choices for the disclosure, edition or removal of the PII being processed by us. Accordingly, we will undertake the open and transparent management of your PII and will: (i) inform you about how your personal information may be used and disclosed (including overseas); (ii) maintain the safety and integrity of your personal information; and/or (iii) enforce your individual right to access and correct your personal information. Passwords and financial data are stored in encrypted databases, which we cannot access.
Safety of your information
We will undertake any and all appropriate technical and organisational measures against unauthorised or unlawful access of our user’s PII. We use industry standard protocols and technology to protect you registered user information and PII, such as VeriSign and Secure Socket Layer (SSL) sessions. However, please take into account that the Internet and e-mail transmissions are not secure or error free communication means.
Additionally, we may undertake internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store PII.
Information release and disclosure
We must reserve our right to disclose your PII, when we or our affiliates, licensors, officers, agents and/or representatives reasonably believe it necessary to protect our interests or where you result to be in breach of our Terms and/or Policy. Accordingly, we will have the right to disclose any and all collected PII and/or personal data, under the following circumstances:
- If required under applicable law, rules or regulations;
- In response to a valid request or subpoena from a government or law enforcement agency;
- To defend ourselves and our affiliates, licensors, officers, agents and representatives from legal claims and processes brought to us by third parties (including takedown notices);
- To defend the property, rights and integrity of any of our users, advertisers or licensors;
- To stop or cause to cease any actions that we may consider to cause –whether allegedly or factually– a contingency or liability.
From time to time, we may temporarily share our users’ PII only to our authorized third party service providers, which perform certain services on our behalf, and only after your express consent. The purposes of this temporary transfer may include, but are not limited to: customer support service, community management, web analytics, advertising, marketing, surveys, contests, promotions and other features offered via our Site.
Commercial Electronic Messages
Where it is in accordance with your marketing preferences, we may use your PII to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about services we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Services that we believe might be of interest to you.
From time to time, we will ask you for express permission and consent to receive Commercial Electronic Messages (‘CEM’), which we will sometimes send from or to computers to our users. A CEM is a message in an electronic format (e.g. emails, SMS, social media messages, push notifications and other form of communications) which is then sent to an electronic address (e.g. email, instant message accounts, smart phone, social media profile) that contains a message asking recipients to participate in certain activities (e.g. purchase of products and services). It will be necessary to disclose your email to our workshop organizers, who may use our Site to contact you, and you may subscribe or unsubscribe from such communications sent via our Services at will, though doing so may impair your optimum experience of our Site.
Express consent for CEMs does not apply for those that we may send for security, refunds or guarantees of products and services of our Site.
Our optional email newsletters are also considered CEMs, and therefore you may subscribe or unsubscribe from them at will, usually on your account settings, or by following the unsubscribe links contained thereof you elect to disclose your email to an Organizer via our Site, you are responsible for any consequences thereof, including receiving further CEMs from the Organizer or third parties. You can elect to unsubscribe to receive such CEMs via our Site, but you will have to unsubscribe from further CEMs send by Organizers themselves.
How we collect your personal data
We collect your personal data at the point when you first interact with us. This could be when you sign up to our newsletter or make a purchase online, when you register as a host or seller or when you sign up to receive one of our regular communications. We also collect your personal data when you subsequently update it, or communicate with us.
We may also collect your personal data when this is provided to us by a third party, for example when a friend, family member or employer buys for you.
We may also collect your personal data through cookies or from publicly available sources (such as Companies House, social media or your company website).
How we use your personal data
We use the data we collect to provide you with products and services we offer. We also use data to communicate with you about our activities, special promotions, events we organise, etc. We only use your information if we have legal grounds to do so which might be for any of the following reasons:
- you gave us consent
- it is necessary for us to perform a contract with you (for example a sale), or to take steps at your request prior to entering into a contract with you, or if
- we have legal or regulatory obligation to do so, or it is necessary for the establishment, exercise or defence of legal claims
Your rights and how to make a complaint
We want you to be completely happy with the ways in which we hold and use your personal data. You always have the right to opt out of marketing and other communications and you also may want to opt out of the use of publicly available data. At any time you can also contact us to request that we:
- Stop holding or processing your personal data;
- Correct or update the personal data we hold about you;
- Erase your personal data;
- Restrict or stop the way we use your data (including by objecting to our processing based on our legitimate interest and by withdrawing your consent);
- Access to the personal data we hold about you, and for us to provide that to you in an easily accessible format, either for your own use or to transfer to another organisation of your choosing;
Please note that these rights are not absolute and there may, for example, be instances where we are not able to comply with your request, for example if certain activities are necessary in order to provide a service.
Please contact us if you would like to exercise any of these rights. You can contact us by writing to firstname.lastname@example.org.
If, despite our best efforts, you feel we have fallen short and are not satisfied with our response, you can make a complaint to the Information Commissioner’s Office, which regulates information rights in the UK.
How we protect your information and how long we keep it for
We follow appropriate security procedures in the storage and disclosure of personal data so as to guard against loss, damage and unauthorised access by third parties. We also require those parties to whom we transfer personal data to comply with the same. We adopt robust technological solutions to ensure your personal data is protected from unauthorised access. For example we use state of the art third party encryption for logging in to your online account and for all financial information you provide to us.
Who we share your personal information with
We use a number of trusted data processors in order to deliver our goods and services. We share personal data with:
- your personal data may be shared with our employees, interns and/or third party organisations that we appoint to assist us. We will only share the personal information necessary for the purposes in question and we shall endeavour to ensure that any such recipients of your personal data use appropriate security measures to protect your personal data
- where appropriate measures have been taken to minimise the extent of the personal data in question, this data may be provided to third parties to process lawfully:
- in relation to any marketing campaigns, competitions and promotions that we run jointly with a third party
- in circumstances in which we are required or authorised by regulatory or governmental authorities requesting disclosure of your personal data, for example in the case of court orders
From time to time, we may allow a third party to sponsor a promotion, offer, competition [or] page of the website [or one of our mobile applications (or a part of one)].
Cookies and beacons
We may place the so-called ‘cookies’ in your computer or mobile device in order to track and collect data regarding your use of our Site and Services. Cookies are small text files that our Site transfers to you and that allow us permit us to recognize you and obtain data such as how, when and how long you browse pages in our Site. We also use the so-called ‘beacons’, which are small files, sometimes only a pixel in size, embedded onto the pages of our Site. Beacons are used to identify each of our pages in order to be analyzed by our system tools.
We may use session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to store your preferences, identify you and maintain your signed-in status, and provide you with a more personal and interactive experience. We do not offer no-track mechanisms, since as of the effective date of this Policy, there is no industry standard yet.
Third party sites and services
Our Site and Services may also implement hyperlinks to the websites of our commercial partners and other third parties. If you click on such links, you are choosing to visit such websites, and will be redirected thereto. Please take into consideration that we are not responsible for the privacy and personal data practices undertook by such third parties (including any tools, cookies, information or content contained thereinto), and that we do not have control over the manner in which such third-parties may collect, process, treat or use your PII.
Please be advised that when you use a link to go from our Site or Services to another website, our Policy and Terms are no longer into effect and that your browsing thereof is at your own and final risk. In addition, any banner or ad that we may have on our Site does not constitute any endorsement of any third party thereof.
Financial data and information
For example, third party vendors may show you Creoate’ ads on certain websites across the Internet, even after you leave our Site. The collected information is anonymized, meaning it cannot be tracked back to individuals. Using Google and other analytics tools, we learn how to optimize, and serve ads based on a user’s past visits, giving you a better experience.
In order to enforce and uphold your right to privacy, you have the option to elect not to receive this type of advertising from us or third parties, now or in the future. You can learn more about how to opt-out by browsing Google’s opting-out and privacy pages located at www.google.com, or the Network Advertising Initiative website located at www.networkadvertising.org. In addition, you may set browser and system preferences for how other third parties serve ads to you.
International Residents Notice
Creoate has its headquarters in the United Kingdom of the Great Britain and Northern Ireland (‘UK’), and some or all of its servers are located in the United States of America (‘USA’). Henceforth, your PII may be accessed by us or our affiliates, agents, partners, advertisers or third party service providers elsewhere, and you hereby consent to such access and transfer by providing us such information. If you are accessing our Site from other regions, you ought to know that you are thereby transferring your PII to the UK/USA and, thus, you hereby consent to such transfer to the UK/USA or to any other country in which we operate.
Notice to Residents of the United Kingdom
In compliance with the Data Protection Act 1998 (DPA), we have implemented mechanisms that comply with the European Union’s Data Protection Directive. We have hereby posted this conspicuous Policy to the public, indicating the PII being collected and the manner in which it may be disclosed and with whom. Accordingly, our users can may visit our Site using anonymous browsing, this Policy linked in our home page, with the link including the word ‘Privacy’ or similar. We also comply with Policy changes notification to our users, and provide mechanisms that allow our users to manage their PII personal information.
Creoate’s main business operations are located in London, United Kingdom. British nationals can contact the Information Commissioners Office in order to make inquires about their privacy rights, by email to email@example.com and by phone to 0303 123 1113. If calling from outside the UK please call +44 1625 545 745.
In compliance with the DPA, we are responsible for any and all factual or suspected security data breaches into our PII databases, and are also required to notify our UK customers of any such factual or suspected breach (by email and/or post). A breach of security is defined as an unauthorized access, or authorized access for an illegitimate purpose of PII, that compromises the security, confidentiality or integrity of such PII.
Such notification will be subject to a variety of factors, including but not limited to, the type of PII breached, whether the database was secured or not, type of key/cipher used, whether the PII was factually or allegedly acquired by an unauthorized person, and whether misuse of the PII is reasonably possible. Our customers can rest assured that we will undertake any and all necessary safety, managerial and technical measures in order to protect your PII and our right to privacy.
We reserve the right to amend, change and/or update our Site, our services, this Policy and/or our Terms, from time to time and at our sole and final discretion. Your continued use of our services after the last effective date of modifications thereof indicates your acceptance of any such modifications. We will post any updates on our Site, and may also send you an email or otherwise notify you of any material changes to this Policy.
For inquires or comments regarding this Policy or our Terms, please contact with us via email to: firstname.lastname@example.org.
Date of last effective update: 23rd May, 2018.