The Controller of your personal data collected in accordance with this Policy is Creatsy Sp. z o.o., headquartered at ul. Ignacego Paderewskiego 53/2, 40-282 Katowice Poland, having NIP [Tax Identification No.]: 9542842510, REGON [National Official Business Register No.]: 522501726, share capital of PLN 20,000.00. Contact information: e-mail: firstname.lastname@example.org
For the purposes of this Policy, the following definitions shall mean:
Controller/Creatsy - means Creatsy Sp. z o.o. with its registered office in Katowice (40-282), at ul. Ignacego Paderewskiego 53/2, having NIP [Tax Identification No.]: 9542842510, REGON [National Official Business Register No.]: 522501726, share capital of PLN 20,000.00.
Personal data - means information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Account - means an account established by the User on the Website.
Newsletter - means an online newsletter, sent out systematically to Users who have agreed to it.
Processing of Personal Data - means operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Regulation or GDPR - means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Website - means the online store run by the Controller at the following address www.creatsy.com
User, Users - mean any person who uses the services offered on the Website.
Creatsy makes every effort to ensure that Personal Data is processed in accordance with applicable laws and regulations and is protected from loss, destruction, disclosure, unauthorised access or misuse. Creatsy guarantees the confidentiality of any data provided to it, by taking effective security measures and protecting Personal Data. When suspecting that the User’s Personal Data is not adequately secured, or if there is evidence of abuse, please contact us by e-mail at: email@example.com
Each time, the purpose, scope and recipients of the Personal Data processed by Creatsy result from the User’s consent or legal regulations, and are further specified as a result of actions taken by the User on the Website or through other channels of communication with the User.
Possible purposes for the collection and processing of Users’ Personal Data by Creatsy:
Conclusion and performance of a service agreement (e.g., Account, placing an order) and acceptance and processing of complaints:
The main purpose of Creatsy’s processing of Personal Data and other information is to provide services to Users, maintain the Website and ensure safe and guaranteed service performance. On the Website, the User has the option to create an Account by completing the registration form and purchasing a license.
In addition to the data marked “mandatory”, the provision of other data is voluntary
The legal basis for the processing will be Article 6(1)(b) of the GDPR (necessary for the performance of the agreement for the provision of electronic services).
If the User has an account on the Website, the User’s data will be processed for the duration of the User’s use of the Account, and in the case of its deletion, expiration or termination of the agreement for the provision of electronic services (regardless of the reason and basis for its termination), no longer than necessary for the purpose of processing complaints and claims related to the use of services provided by Creatsy (statutory period of limitation of claims).
Establishing an Account using social media:
Creatsy will process Users’ Personal Data provided in the registration form and Account profile. In the case of registration/logging into the Website via a social media platform, only the data used for logging/registration will be processed.
Any Personal Data or content that the User voluntarily discloses for posting on the Website, such as their name or User name, becomes publicly available (and may be searchable by search engines), regardless of whether they are logged into their Account. If a User deletes information that they have posted on the Website, copies of the information may remain visible on cached and archived pages of the Website or if other Users have copied or saved the information.
Making financial settlements:
Creatsy processes Users’ Personal Data to the extent necessary to make settlements, such as issuing invoices/receipts or verifying payments.
The legal basis for the processing of Users’ Personal Data contained in billing documents is Article 6(1)(c) of the GDPR (fulfilment of a legal obligation incumbent on the Controller, e.g., issuance of an invoice/receipt, verification of payment).
Data in this regard will be processed until the statute of limitations for claims under the concluded agreements expires. In addition, all accounting documents issued, e.g. invoices/receipts, are included in Creatsy’s accounting records, and therefore Users’ data will be processed in this regard for the period of time required by generally applicable laws.
For the purpose of establishing, investigating and enforcing claims, Creatsy may process certain Personal Data provided by the User, in particular, name, contact data (e-mail address), data on purchased licenses, use of services/Website and other data that will be necessary to prove the existence of a claim, its enforcement and defence against claims in proceedings before courts and other state authorities.
The legal basis for data processing is Article 6(1)(f) of the GDPR, i.e. Creatsy’s legitimate interest. Data in this regard is processed for the statutory period of limitation of claims.
However, the processing of the data will include only the storage of the data to the exclusion of any other operations on the data, subject to Creatsy’s different obligations indicated in the applicable legislation or imposed on Creatsy by authorised authorities.
Creation of statistics on the use of the Website and profiling:
Creatsy monitors the quality of its services because it is committed to meeting Users’ expectations. For this purpose, statistics are kept on the use of individual functions and sub-sites of the Website using internal analytical tools and statistical tools provided by partners providing analytical services.
A User of the Website may agree to the processing of the Personal Data provided by them for the purpose of advertising, market research and research into the behaviour and preferences of Users, with the results of such research being used to improve the quality of services provided on the Website. Lack of consent does not affect the rights and obligations of the User.
In order to achieve this purpose, data concerning the User’s activity on the Website (e.g. sites and sub-sites of the Website visited by the User, the amount of time spent on the Website, the User’s IP address, location, device ID and data concerning the browser and operating system used by the User) are processed.
Creatsy, in order to develop the services it offers, may use profiling in some cases. Profiling means automated data processing that involves the use of User data to evaluate selected factors specific to the User for the purpose of analysing the User’s behaviour or making a forecast for the future. This allows the Controller to better tailor the services it offers to the individual preferences and interests of the User.
Due to this technology, the Controller can not only present the User with advertising tailored to them, but also, from among the available offers, present primarily those that will best suit the User’s needs. The information collected and contained in cookies may be stored after the end of the browser session which allows, for example, their use during the User’s next visit.
The legal basis for data processing is Article 6(1)(a) of the GDPR, i.e. the User’s consent.
The Controller processes Users’ Personal Data in order to carry out marketing activities, which may include:
displaying marketing content to the User that corresponds to the User’s interests (behavioural advertising);
conducting other types of analytical and statistical activities and activities related to direct marketing of services (sending commercial information electronically).
Detailed legal grounds for processing data for marketing activities are indicated in the document Cookies Policy
The User may give the Controller permission to process their Personal Data in the form of their e-mail address for the purpose of direct marketing of the Controller’s services. Giving consent to data processing is voluntary.
Providing Personal Data is necessary for the User to use the Newsletter service. Failure to provide data will result in the User’s inability to use the Newsletter service.
The User may cancel the Newsletter service at any time by revoking their consent. To do this, just click on the unsubscribe function in the footer of the received message or make a change in the Account settings.
The legal basis for the provision of the Newsletter mailing service is that the processing is necessary for the performance of the agreement (Article 6(1)(b) of the GDPR). In the scope of data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the GDPR), and in the case of directing marketing content to the User via the Newsletter – the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), in connection with the User’s consent to receive the Newsletter.
The Controller may communicate with the User through system information, notifications and e-mail.
The User may, at any time, directly contact the Controller by sending an appropriate message in writing or by e-mail to the Controller’s address indicated in Section I of the Policy.
The Controller stores correspondence with the User for statistical purposes and for the best and fastest possible response to emerging inquiries, as well as for the resolution of complaints and possible decisions on administrative interventions, made on the basis of notifications, in the indicated account. Addresses and data collected in this way will not be used to communicate with Users for any purpose other than the consideration of the application.
When the User contacts the Controller to perform a given action (e.g., filing a complaint), the Controller may again ask the User to provide data, including personal data, e.g., in the form of name, surname, e-mail address, etc., in order to confirm the User’s identity and enable the User to be contacted back on the matter. The above applies to the same data, including personal data, which were previously provided by the User, and to the processing of which the Customer has consented. Provision of this data is not mandatory but may be necessary to perform an action or obtain information of interest to the User.
Information about Cookies used on the Website by the Controller can be found here: Cookies Policy
The User may grant permission for Cookies by using the Cookies settings on the Website.
The User may revoke the granted consents at any time.
In addition to the entities indicated in Part VII of the Policy, in order to maintain the User’s account, provide requested services and ongoing maintenance, the User’s data may be transferred to specialised entities for processing. Data may be entrusted in particular to:
IT service providers,
marketing agencies, marketing partners and marketing platform providers,
entities that process and coordinate payment processing including payment service providers
(Stripe and PayPal). All Stripe and PayPal transactions are
subject to the relevant rules, which can be found on the website of the aforementioned entities, i.e.:
cloud service providers,
data analytics service providers,
consultants, lawyers, accountants and other professional service providers,
entities affiliated with Creatsy in terms of personal and capital matters, which help it provide services or perform data processing tasks on its behalf, with such entities processing data on the basis of an agreement concluded with Creatsy with and only in accordance with its instructions.
The Controller also provides Users’ data to authorised state authorities if they request so from the Controller in connection with their tasks. These may include, in particular, organizational units of the prosecutor’s office, the police, the Inspector General for Personal Data Protection (in the future, the President of the Office of Personal Data Protection), the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
In the course of Creatsy’s use of tools to support its day-to-day business operations, Personal Data, if necessary and with an appropriate degree of protection, may be transferred outside the European Economic Area (EEA). If this situation occurs, Personal Data will be transferred only to recipients who guarantee the highest protection and security of the data, including through:
use of standard contractual clauses issued by the European Commission,
application of binding corporate rules approved by the relevant supervisory authority,
cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued regarding the determination of ensuring an adequate level of protection of Personal Data.
Creatsy’s trusted partners are mostly based in countries in the European Economic Area (EEA). Some of the Controller’s Trusted Partners, e.g. Google or Facebook, are based outside the EEA. In connection with the User’s transfer of data outside the EEA, the Controller verifies that trusted partners provide a guarantee of a high level of personal data protection. Such guarantees arise in particular from the obligation to use standard contractual clauses adopted by the Commission (EU), in accordance with Article 46(2) of the GDPR.
The User has the right to request that the Controller provide a copy of the standard contractual clauses by directing an inquiry to: firstname.lastname@example.org
Creatsy guarantees that the User’s Personal Data will be kept only for the time necessary to fulfil the purposes for which the data was collected.
Data will be kept as long as it is needed by Creatsy to provide services and deliver services to Users, or until the User deletes the Account, whichever occurs first.
The retention period for Personal Data is determined on an individual basis and depends on, among other things, the nature of the data, the reason for its collection and processing. After this time, the data is deleted or anonymised in such a way that it is not possible to determine the identity of the User.
After closing or deactivating a User Account, Creatsy may retain the information contained in the User’s profile for backup, archiving, performance and enforcement of agreements, but no longer than necessary and only if the information is accurate and relevant to Creatsy.
Personal data will be processed until there is no longer a basis for processing, i.e.:
if consent has been given: until revoked, restricted, or other actions on the part of the User limiting such consent,
in the case of the necessity of the data for the performance of the agreement: for the duration of its performance and until the expiration of the statute of limitations for claims under this agreement (3 years or 6 years). The beginning of the period is calculated from the date the claim is due,
where the basis for processing is Creatsy’s legitimate interest: until the User raises an effective objection,
for tax and accounting purposes: to the extent and for the duration consistent with applicable regulations.
In connection with Creatsy’s processing of Personal Data, Users have the following rights:
the right to request access to their Personal Data, rectification, deletion or restriction of processing,
the right to object to processing,
the right to portability of Personal Data,
the right to withdraw consent to the processing of Personal Data for a specific purpose if the User has previously given such consent,
the right to lodge a complaint with a supervisory authority in connection with Creatsy’s processing of the User’s Personal Data.
Users may exercise the above rights in accordance with the rules described in Articles 16–21 of the GDPR by sending a message to the e-mail address: email@example.com
All applications received will be treated with special attention and processed as soon as possible. In the case of certain applications (of a complex nature or involving data processing burdened by specific legal regulations), the processing time may be extended, but in any case, within one month the User will be informed of the steps that Creatsy has taken to process the application. In providing a response and in order to ensure that Creatsy will properly process the application, Creatsy reserves the right to verify the identity of the User.
Creatsy shall apply technical and organisational measures to ensure the protection of the processed Personal Data appropriate to the risks and categories of data under protection, and in particular shall protect the data from unauthorised access, processing in violation of applicable regulations, and alteration, loss, damage or destruction, such as, but not limited to:
securing the dataset against unauthorised access,
SSL certificate on the sub-sites of the Website where Users’ data is provided,
access to the account only after providing an individual login and password,
encryption of data used for User authorisation.
For Policy issues, please contact us at: firstname.lastname@example.org
Creatsy reserves the right to change the Policy in the future – this may occur for the following important reasons, among others:
changes in applicable laws, in particular in the area of Personal Data protection, telecommunications law, electronic services provision and regulating consumer rights, affecting the rights and obligations of Creatsy or the rights and obligations of the User
development of electronic functionality or services dictated by advances in Internet technology, including the use/implementation of new technological or technical solutions, affecting the scope of the Policy.
In the event of an amendment to the Policy, its new content will be announced at www.creatsy.com
The new version of the Policy enters into force on the date of its promulgation.
In case of doubt or discrepancies between the Policy and the consents given by the User, regardless of the provisions of the Policy, the User’s voluntary consents or the law shall always be the basis for Creatsy taking actions and determining the scope of activities.
To the extent not regulated in the Policy, the provisions of the GDPR and the mandatory laws of the Republic of Poland shall apply.
The Policy has been drafted in two language versions: Polish and English. In case of discrepancies between language versions, the English language version is binding.
The competent court for disputes arising out of the application of the Policy shall be the court with jurisdiction over Creatsy’s registered office, if exclusive jurisdiction does not apply.
Last update: February 1, 2023