Privacy Policy.

Privacy Policy version 2.1, effective date 21st May 2018

This Privacy Policy describes the information (“data”) that we (“Creasis Ltd.”) gather on or through our services (and the reasons why) as well as how we use and disclose such information, and the steps we take to protect such information. Your data is important and that is why we are committed to safeguarding the privacy of our website visitors and users of our services.

As you may be aware, the EU General Data Protection Regulation becomes law as of the 25th May 2018. The regulation ensures the security of the personal data of EU citizens irrespective of where the processing of their personal data takes place. Consequently, our privacy policy takes the GDPR into account. For more information regarding the GDPR please visit the Information Commissioner’s Office or your national information authority.

Creasis Limited is a company registered in England and Wales (company number 08833489). We are registered with the UK Data Protection Registrar, reference number ZA392959.


1. Introduction

1.1 In this policy, “we”, “us” and “our” refer to Creasis Ltd.

1.2 “Client”, “User”, “Visitor” refer to “you”, a customer of Creasis Ltd.

1.3 “Services” includes our websites, applications and other platforms such as our CMS.

1.2 This policy applies where we are acting as a “data controller” with respect to the personal data of our website visitors and service users; in other words, why we process personal data and by what means.

1.4 We use cookies on our website. Not all cookies are strictly necessary for the operation of our website, so we will explicitly ask you to consent to our use of cookies when you first visit our website or use our services.

2. Definitions

2.1 For a detailed breakdown of GDPR related terms please see the following ICO Guidance.

3. Data We Process

3.1 We may process certain types of personal data about you as follows:

  • Personal Data which may include your first name, last name, email address, telephone number or username.
  • Technical Data which may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
  • Usage Data which may include information about how you use our website, products and services. Consequently, we process Aggregated Data. However, this does not reveal your identity by itself, therefore, it is not personal data. For example, we review Usage Data to work out the percentage of website users whom use a specific feature of our site. We cannot track that data back to one identifiable natural person i.e. you.

3.2 We do not collect any Sensitive Data about you, neither do we collect any information about criminal convictions and offences.

4. How We Collect Data

4.1 Direct Communication: You may provide your personal data by filling in a contact form on one of our websites or by communicating with us by post, phone, email or otherwise.

4.2 Automated technologies or interactions: As you use our websites or services, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. Please see our Cookie Policy for further details.

4.3 Third parties: We may receive personal data about you from various third parties and public sources, these include:

  • Analytics providers such as Google. We use Google Analytics to measure and evaluate traffic on our websites and services. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Visitors’ activity on our websites and User’s activity on our services. For more information, see Google Analytics Privacy and Data Sharing.

5. Our Reasons for Processing Data

5.1 We will only use your personal data when legally permitted. The most common uses of your personal data are:

  • Where there is a contractual obligation between us.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights are not affected.
  • Where we need to comply with a legal or regulatory obligation.

5.2 There are 6 legal bases for processing personal data (as permitted by the GDPR). To explore these terms in more detail please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

5.3 We may process Personal Data because it allows us to communicate with you manage our relationship with you. For instance, if you complete a contact form on one of our websites, then you can reasonably expect a response from us.

5.4 We may process Technical Data because it allows us to safeguard our services and technology. This is to ensure that you can receive help should there be a technical problem. Additionally, we need to ensure that the users of our services are genuine and not fraudulent. The purpose of this is for the protection and security of our business and your personal data.

5.5 We may process Usage Data to understand and analyse usage trends and preferences, to improve our services and develop new features and functionalities. All data will be anonymised or aggregated therefore it is not personal data.

6. Disclosures of Your Data

6.1 We will never intentionally disclose your personal data to outside of our company without your prior consent, with the exception of the third parties listed in this Privacy Policy (see section 4.3).

6.2 We require all third parties to whom we transfer your data, to respect the security of your personal data and to treat it in accordance with the law and under our direct instruction.

7. International Transfers of Your Data

7.1 Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

7.2 Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of data protection.
We will only transfer your personal data to countries or services providers that adhere to good security practices when processing personal data. For instance, we may transfer data to a company based in the US, such as Google Analytics because they are part of the EU-US Privacy Shield, which requires them to provide a similar level of protection.

7.3 In the unlikely event that this is not the case, we will request your explicit consent or simply not transfer personal data at all. You will have the right to withdraw this consent at any time.

8. Data Retention

8.1 We will not keep your personal data for any longer than necessary.

8.2 We will retain your personal data as follows:

  • Personal Data will be retained for as long as necessary following acquisition, namely for as long as it is relevant to our interests and the client’s. This could be for the duration of a contract between us and the client.
  • Technical Data will be retained for a maximum period of 7 days following acquisition, in order for us to assist users of our services should they experience any technical issues, or ensure the continued availability of our services.
  • Usage Data will be retained for a maximum period of 36 months in accordance with our Google Analytics settings. This will allow us to analyse trends and improve our services.

9. Data Erasure

9.1 Data subjects have a right to request the erasure of their personal data, as long as the original legal basis for processing the data, permits the data subject to do so. (See Section 10).

9.2 For access, amendment and erasure enquiries please contact privacy@creasis-studios.com

9.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights) providing that your request is not repetitive or excessive.

9.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to those whom have no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

9.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex. In this case, we will notify you and keep you updated.

9.6 If you are not happy with any aspect of how we collect and use your data, please contact us.

Our full details are:

  • Full name of legal entity: Creasis Ltd.
  • Email address: contact@creasis-studios.com
  • Postal address: 7 Courtenay Park Road, Newton Abbot, Devon, England, TQ12 2HD.
  • Telephone number: +44 (0)1803 500470
  • Data Privacy Manager: Mr Nik Anstis
  • Data Privacy Manager’s email address: privacy@creasis-studios.com

9.7 Additionally, if you are not satisfied with our handling of your request, you have the right to complain to the Information Commissioner’s Office (ICO).

10. Your Rights

10.1 Under certain circumstances, you have rights under the GDPR in relation to your personal data. These include the right to. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at privacy@creasis-studios.com

10.3 Not all rights under the GDPR can be exercised; it is dependent on the lawful basis that was used to process the personal data in the first place. For more information see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

11. Cookies

11.1 We use cookies across our websites and services. For more information please see our Cookie Policy.

12. Data Security

12.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

12.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach, where we are legally required to do so.

13. Changes and Updates to this Policy

13.1 Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. We’ll ensure that it is accessible and indicate the date of the latest revision. For significant changes (and if we hold a current email address) we will notify you by email.


Thank you for taking the time to read our Privacy Policy.

Creasis. Your partner in ideas.