Last update: September 27, 2021
The following Privacy Notice was designed for www.creative-tim.com and it will be reviewed and updated periodically according to all applicable laws and regulations.
The purpose of this Privacy Notice is to easily inform you regarding:
- The definitions of the terms provided by the GDPR
- Who is Creative Tim and what is www.creative-tim.com
- Where can you find us and how can you contact us
- What personal data may Creative Tim process about you
- How your personal data are processed by Creative Tim
- The purposes and legal basis of the processing
- The disclosure of your personal to third parties
- Which are your rights and how can you effectively exercise them
- Children’s personal data – you must be over 16 years old
- What security precautions does Creative Tim take to protect you
- Links to other websites
- Changes to the privacy policy
- Information concerning Data Protection Supervisory Authority
- Requesting, Modifying or Deleting Your Data (GDPR)
1. Definition according to the GDPR
NSAPDP | represents The National Supervisory Authority for Personal Data Processing |
Personal data | represents any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; |
Processing | represents any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; |
Restriction of processing | represents the marking of stored personal data with the aim of limiting their processing in the future; |
Controller | represents the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; |
Processor | represents a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller; |
Recipient | represents a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; |
Third-party | a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; |
Consent of the data subject | represents any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her; |
Data Breach | represents a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This means that a breach is more than just losing personal data. |
Supervisory Authority | an independent public authority which is established by a Member State; |
2. Who is Creative Tim and what is www.creative-tim.com?
”Creative Tim” is the commercial name of the company Creative Code S.R.L a Romanian limited liability company registered in Bucharest under the unique number: RO 32193813.
www.creative-tim.com is the official website and online store of the company which is continually developing to become your first choice of dedicated infrastructure for your web and mobile apps.
According to the GDPR regulation, we (Creative Tim) are considered a data controller in connection with the personal data processed through our website www.creative-tim.com.
3. Where can you find us and how can you contact us
- Our registered office address is Bucharest, 56 Dionisie Lupu, floor 4, ap. 11, District 1, Romania.
- You can contact us at the following e-mail: [email protected]
4. What personal data may Creative Tim process about you
For transparency, we have classified the personal data into categories of processing, so that you can easily identify them. Personal data collected by Creative Tim may include data such:
Class a. |
essential data (e-mail and username), for creating your client account; optional data (first name, last name, photo, and your social network’s username) when you decide to personalize your account |
Class b. | e-mail, when you provide it to us for marketing purposes; |
Class c. | e-mail, full name and other info provided by you when you contact us using the form available on our website in the section “Contact us”; |
Class d. |
technical standard internet login information which may include: only a truncated version of your IP address, information about your computer or device used to access www.creative-tim.com (device type, operating system, screen resolution, language, the country you are located in, web browser type, and so on); Your IP is captured and stored in an anonymized format by suppressing the last octet, so your full IP address never reaches our servers, and we never have access to it. | | CLass e. | aggregate statistical data such as the city from where your traffic is coming from, customer demographics or interests, your behavior which may be revealed from your activity on our website; |
Class e. | aggregate statistical data such as the city from where your traffic is coming from, customer demographics or interests, your behavior which may be revealed from your activity on our website; |
Class f. | the source of your access when you access our website through a website/app which is registered in our affiliate program or if you accessed our website using a coupon/voucher; |
Class g. |
items added in your basket, your login credentials, invoicing details (such as e-mail, full name, your country, and purchased items) and your payment details such as the last digits of your Credit Card, if you select this payment method; We never collect your payment method details in clear. When you choose a payment method, you will be automatically redirected to the corresponding payment provider’s web page. |
5. How your personal data are collected by Creative Tim
Your personal data may be collected by Creative Tim in two ways:
- When you voluntarily provide such information to us by filling in the available fields - e.g, for creating your account, for contacting us, for registering to our newsletter, and so forth. Based on our contractual relationship, we may use your e-mail to send you relevant information about our services, offers, and activity status updates. In other cases, your personal data will be used for marketing purposes only after obtaining your prior consent. Please note that you can choose at any time to withdraw your consent, without affecting the processing already performed, by contacting us at [email protected].
- We may automatically collect some technical information about your activity or the device used to access Creative Tim, such as a truncated version of your IP address, operating system type, browser type, screen resolution, suspicious IPs, cyber-attacks, and so forth.
In general, we use cookies to collect the information mentioned above, which are essential for our website’s functionality and security or for collecting other data for marketing purposes.
If you want to know more about the cookies implemented on our website, please check out Cookie Policy.
All the collected personal data mentioned above are stored on our partner’s servers, and they have taken high-security measures to respect the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.
We will keep:
- any information that you provide to us (such as e-mail for receiving our newsletter) until you will request to unsubscribe or to delete them;
- all information collected using cookies according to our Cookie Policy;
- your billing and payment information for invoicing and receiving your payment will be kept according to the regulation applicable to our Payment Processor and by us for 10 years, according to the Romanian law;
6. Purposes and legal basis of the processing
All the information collected by Creative Tim according to Section 3 of this Privacy Notice, is processed for the following purposes:
Class a. |
we need your personal data such as e-mail and username to create your account and, optionally, your personal data such as first name, last name, photo, social account’s username to personalize your Creative Tim’s account and to offer you the best experience; If you purchase our products, you may receive e-mails regarding technical instructions and similar products using an emails sender service, such as SendGrid. Creative Tim processes your personal data mentioned above on the legal basis stipulated in Art. 6, para. b) of GDPR – contractual performance. |
Class b. |
we use the e-mail you have subscribed to our newsletter for sending you marketing info about our services, promotions, and activity. To optimize this activity we may use an e-mail sender, such as MailChimp. Creative Tim processes your e-mail address on the legal basis stipulated in Art. 6 paras. 1 letter a) of GDPR – the data subject’s consent. Please note that you can choose at any time to withdraw your consent, without affecting the processing already performed, by contacting us at [email protected]. |
Class c. |
we use the information provided to us by filling in the available fields to offer you support in connection with the products purchased, or to answer your questions regarding our products and services. For this activity, we may use a communication platform, such as ZenDesk. Creative Tim processes the e-mail address on the legal basis stipulated in Art. 6 paras. 1 letter b) of GDPR – performance of a contract or necessary steps at the request of the data subject prior to entering into a contract. |
Class d. |
we process your technical standard internet login information, as defined above because some of them are essential for our website to be functional while others help us to offer you the best experience by displaying the website’s content in the best shape for your device. The technical data is processed to facilitate your access to our website (e.g., to adjust our website for your device), to recognize and stop any misuse and so forth. Creative Tim processes your technical data on the legal basis stipulated in Art. 6 paras. 1 letter f) of the GDPR, which allows us to process personal data when it is necessary for the purpose of our legitimate interests – website functionality. |
Class e. |
we may collect data regarding your activity to improve our services and for marketing purposes. We may collect analytic aggregated statistic data as defined above, using cookies created by companies such as Google Analytics or HotJar. According to Google Analytics policy, “Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example, the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages/interactions with the website.” We also try to measure ad conversions or retarget advertisements on Facebook using their cookie called Facebook Pixel; The aggregated information does not identify you personally. This information is gathered and expressed in a summary form for purposes such as statistical analysis. Through cookies, based on visitor’s activity on our website, we collect standard information and details of visitor behavior patterns for being able to offer them a better experience. Cookies are stored on your device, and you have full control over their use. You may deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time. For more information related to the data processed by each cookie, please check our Cookie Policy. Creative Tim processes the aggregated statistic data on the legal basis stipulated in Art. 6 paras. 1 letter a) of GDPR – the data subject’s consent. Please note that you can choose at any time to withdraw your consent, without affecting the processing already performed, by changing the settings of your web browser. | | Class f. | we may collect information regarding the source of your access such as the third-party’s websites, marketing campaigns or banners from which you accessed our website. With the visitor’s consent, we use a cookie to identify and reward our affiliates for purchases made by the users who accessed our site through the affiliate’s website. If you access our website directly or through our affiliates' website, we must honor our commitment under the affiliate agreement by rewarding them. Rewarding our affiliates is very important for us and for you (our user) because thanks to our affiliates we have the chance to meet and collaborate. If you access our website from one of our affiliate’s links, you may have some benefits but, we never charge you extra. Our affiliates' reward is fully covered by Creative Tim. Creative Tim processes the aggregated statistic data on the legal basis stipulated in Art. 6 paras. 1 letter a) of GDPR – the data subject’s consent. |
Class f. |
we may collect information regarding the source of your access such as the third-party’s websites, marketing campaigns or banners from which you accessed our website. With the visitor’s consent, we use a cookie to identify and reward our affiliates for purchases made by the users who accessed our site through the affiliate’s website. If you access our website directly or through our affiliates' website, we must honor our commitment under the affiliate agreement by rewarding them. Rewarding our affiliates is very important for us and for you (our user) because thanks to our affiliates we have the chance to meet and collaborate. If you access our website from one of our affiliate’s links, you may have some benefits but, we never charge you extra. Our affiliates' reward is fully covered by Creative Tim. Creative Tim processes the aggregated statistic data on the legal basis stipulated in Art. 6 paras. 1 letter a) of GDPR – the data subject’s consent. |
Class g. |
we process your personal data to keep you logged in, to remember the products added to the shopping cart, to generate and validate your coupon/voucher, to issue the invoice and receive payment for the purchased products;
Creative Tim processes your personal data indicated in Class g - Section 4 on the legal basis stipulated in Art. 6 paras. 1 letter b) of GDPR – performance of a contract. |
7. Any disclosure of your personal data to third parties
Our employees: Our employees have access to your personal data, and they have been trained to respect confidentiality.
Business development: We will not share your information with any third parties for the purposes of direct marketing.
We are trying to do the best in our industry, so sometimes we may choose to collaborate with other companies to perform certain business-related functions such as hosting or Google Analytics’ features. In this case, we provide them only with the information that they need to perform their specific job.
For example, we may use:
- for Hosting and data storage Amazon Web Services, Digital Ocean and Heroku - if you want to know more about their privacy policy, you can find it here, here and here.
- for delivering e-newsletter: MailChimp and SendGrid- if you want to know more about their privacy policy, you can find them here and here;
- for monitoring website activity: Google Analytics, Facebook Pixel, Hotjar - if you want to know more about their activity, please check our Cookie Policy.
- for process your payment: 2checkout - if you want to know more about their privacy policy, you can find it here.
Legal Requirements: Your personal data may be communicated to governmental authorities and/or law enforcement agencies if required by the applicable law.
8. Which are your rights and how can you effectively exercise them?
Creative Tim, as a controller, ensures technical and organizational measures to be sure that your rights (as a data subject) are respected:
Right of access | You have the right to obtain the confirmation as to whether or not personal data concerning you are being processed by us, and, where that is the case, access to your personal data and information on how they are processed |
Right to data portability | You have the right to receive some of your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you have also the right to transmit those data to another controller without hindrance from us, where technically feasible. |
Right to object | You have the right to object to the processing of your personal data when processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. You have the right to object at any time if your personal data are being processed for direct marketing purposes. |
Right to rectification | You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. The rectification shall be communicated to each recipient to whom the data was sent unless this proves impossible or involves disproportionate (demonstrable) efforts. |
Right to erasure
(‘right to be forgotten’) |
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase your personal data without undue delay where one of the following grounds applies: your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent on which the processing is based and there is no other legal ground for the processing; you object to the processing and there are no overriding legitimate grounds for the processing; your personal data have been unlawfully processed; your personal data have to be erased for compliance with a legal obligation; your personal data have been collected in relation to the offer of information society services. |
Right to restriction
of processing |
You have the right to obtain from us restriction of processing where one of the following applies: you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data; the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. |
For any information or requests in accordance with your rights, please contact us at the following email address: [email protected]
9. Children’s personal data
Creative Tim does not collect any Personal Data from children under the age of 16. So, if you are under 16 please do not submit to us any Personal Data.
10. What security precautions does Creative Tim take to protect you?
We have assumed the responsibility to implement proper technical and organizational measures regarding the protection of privacy and security of your personal data. We have taken all reasonable measures to protect your Personal Data from damage, loss, misuse, unauthorized access, alteration, destruction, or disclosure, as follows:
- People who have access to our filing system are only those nominated by Creative Tim. To accesses the system, they use individual accounts and passwords which are changed periodically.
- All our employees, collaborators and service providers who are in contact with personal data must act in accordance with the principles and policies regarding the processing of personal data. They were informed and they have assumed to respect the GDPR by signing the Data Processing Agreements or as an effect of the law.
- our employees and collaborators access personal data for the performance of their professional duties and only in accordance with the stated purpose of data collection.
- Computers from which the filing system is accessed are password-protected and have antivirus, antispam and firewall security updates.
- Personal data is printed only by authorized users if it is necessary to perform our activity or to fulfill our legal obligations.
Please also select carefully what personal data do you choose to submit thinking that the internet or e-mails aren’t impenetrable spaces, and a technical error can cause an unhappy event anytime.
11. Links to other websites
On our website, you can find links to other organizations. This Privacy Notice does not cover the personal data processed by them.
If you decide to access other organization’s links, we encourage you to carefully read their Privacy Notices which should be found on their websites.
12. Changes to the privacy policy
Believing that we are constantly developing our services, we are confident that our platform may soon have new functions, so our Privacy Notice will be updated accordingly.
In order to keep you informed, we always publish the latest version of the Privacy Notice on our website.
We assure you that the way we collect and process your personal data is in accordance with the provisions of the GDPR Regulation.
If you have any questions about our Privacy Policy, please contact us at [email protected]
13. Information concerning Data Protection Supervisory Authority
If you consider that your rights provided by Regulation no. 679/2016 have been violated, you can address directly to us or to our Data Protection Supervisory Authority: National Authority for the Supervision of the Processing of Personal Data (Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal) ”ANSPDC” by submitting a complaint.
Contact details of the authority:
- Link for compliances: https://www.dataprotection.ro/?page=Plangeri_pagina_principala
- Contact link: https://www.dataprotection.ro/?page=contact&lang=ro
- Website: https://www.dataprotection.ro/
- Address: 28-30, G-ral. Gheorghe Magheru Sector 1, cod postal 010336 Bucharest, Romania
- Tel: +40.318.059.211 or +40.318.059.212
- Fax: +40.318.059.602
14. Requesting, Modifying or Deleting Your Data (GDPR)
If you want to request a modification or an export to any data we have related to your account, or delete of all the data permanently, please email us at [email protected] and we’ll complete your request in a timely manner.