1. Introduction
Creavibe Digital ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage our digital marketing services or visit our website.
We comply with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable data protection laws.
2. Information We Collect
Information You Provide to Us
- Contact Information: Name, email address, phone number, company name, job title
- Business Information: Company details, website URL, social media accounts, industry information
- Payment Information: Billing address and payment details (card information is collected and processed securely by Revolut - we never store your full card details)
- Communications: Email correspondence, meeting notes, project briefs, feedback, and any information you provide during consultations
- Marketing Preferences: Communication preferences, areas of interest
Information We Collect Automatically
- Website Analytics: IP address, browser type, device information, pages visited, time spent on pages, referring website
- Performance Data: Campaign metrics, audience insights, conversion data (when managing your marketing accounts)
- Cookies and Tracking: See Section 9 for detailed information
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: Providing digital marketing services, content creation, campaign management, analytics, and strategy consulting as agreed in our service agreements
- Communication: Responding to inquiries, sending project updates, sharing reports, and maintaining client relationships
- Billing and Payments: Processing payments, sending invoices, and maintaining accurate financial records
- Legal Compliance: Meeting legal, tax, and regulatory requirements
- Service Improvement: Analyzing campaign performance and service quality to continuously improve our offerings
- Marketing (with consent): Sending newsletters, case studies, and relevant marketing content (you can opt out anytime)
- Security: Protecting against fraud, unauthorized access, and security threats
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on the following legal grounds:
| Processing Purpose |
Legal Basis |
| Providing contracted services |
Contract performance |
| Payment processing and invoicing |
Contract performance |
| Client communications and support |
Legitimate interest |
| Marketing communications |
Consent (opt-in) |
| Legal and tax compliance |
Legal obligation |
| Website analytics and improvements |
Legitimate interest |
5. Data Sharing and Third Parties
We may share your information with trusted third parties in the following circumstances:
Service Providers
- Payment Processor: Revolut Ltd (FCA-regulated) for secure payment processing - see Section 15 for details
- Email Service Providers: For client communications and newsletters
- Analytics Platforms: Google Analytics (with IP anonymization enabled)
- Marketing Platforms: Meta (Facebook/Instagram), Google Ads, LinkedIn, Twitter/X (when managing campaigns on your behalf)
- Cloud Storage: Secure cloud services for project files and data backup
- Project Management Tools: For collaboration and service delivery
Legal Requirements
We may disclose your information if required by law, court order, government request, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Enforce our terms of service
Important: We never sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Data Security
We implement comprehensive technical and organizational measures to protect your data:
- Encryption: SSL/TLS encryption for data transmission, encrypted storage for sensitive information
- Access Controls: Password-protected systems, multi-factor authentication, role-based access (need-to-know basis)
- Security Monitoring: Regular security assessments, vulnerability scanning, incident response procedures
- Secure Infrastructure: Reputable cloud providers with ISO 27001 certification
- Data Minimization: We only collect and retain necessary data
- Secure Deletion: Permanent deletion of data when no longer needed
- Employee Training: Regular data protection and security training for all team members
While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:
- Active Clients: Duration of service agreement plus 7 years (UK tax and legal requirements)
- Prospective Clients/Inquiries: 2 years from last contact (unless you request deletion sooner)
- Financial Records: 7 years (UK legal requirement for business records)
- Marketing Consent: Until consent is withdrawn or 3 years of inactivity
- Website Analytics: 26 months (Google Analytics default)
- Project Files: Retained as agreed in service contracts, then securely deleted
After retention periods expire, we securely delete or anonymize your data.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure (Right to be Forgotten): Request deletion of your data (subject to legal obligations)
- Right to Restriction of Processing: Limit how we use your data in certain circumstances
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)
To exercise any of these rights, please contact us at privacy@creavibe.pro. We will respond within 30 days.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your experience:
Types of Cookies We Use:
- Essential Cookies: Strictly necessary for website functionality (cannot be disabled)
- Analytics Cookies: Google Analytics to understand visitor behavior and improve our site
- Performance Cookies: Monitor site performance and identify technical issues
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. For more information, visit aboutcookies.org.
10. Client Data When Managing Your Accounts
When we manage your marketing accounts (social media, advertising platforms, analytics), we act as a data processor on your behalf. You remain the data controller.
In this capacity, we:
- Only access data necessary to provide agreed services
- Process data strictly according to your documented instructions
- Maintain strict confidentiality
- Implement appropriate security measures
- Return or delete your data upon request or contract termination
- Assist you in meeting your GDPR obligations
- Notify you of any data breaches without undue delay
A Data Processing Agreement (DPA) is available upon request for all clients.
11. International Data Transfers
Your data is primarily stored and processed within the United Kingdom. When we use third-party services (e.g., cloud hosting, marketing platforms) that may transfer data outside the UK/EU, we ensure:
- Transfers are to countries with adequate data protection (adequacy decisions)
- Standard Contractual Clauses (SCCs) are in place with service providers
- Appropriate safeguards protect your data
12. Children's Privacy
Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under 18 years of age. If we discover we have inadvertently collected data from a child, we will delete it immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in our data practices
- New legal requirements
- Service improvements
- Technological developments
Material changes will be communicated via:
- Email notification to registered users
- Prominent notice on our website
- Updated "Last Updated" date at the top of this policy
Continued use of our services after changes constitutes acceptance of the updated policy.
14. Payment Processing by Revolut
All payment transactions on our website are processed by Revolut Ltd, a payment institution authorized and regulated by the Financial Conduct Authority (FCA) in the United Kingdom.
What Data Revolut Processes
When you make a payment, Revolut collects and processes:
- Payment card details (card number, expiry date, CVV)
- Cardholder name and billing address
- Transaction amount and date
- Device and browser information for fraud prevention
- IP address for security and compliance
How We Share Data with Revolut
To process your payment, we share the following information with Revolut:
- Your name and email address
- Service/product description and amount
- Invoice or transaction reference number
Revolut's Data Protection
Revolut is PCI-DSS Level 1 compliant (the highest security standard for payment processors) and implements:
- Encryption: All payment data is encrypted during transmission and storage
- Tokenization: Card details are tokenized (replaced with secure tokens)
- 3D Secure: Additional authentication for card-not-present transactions
- Fraud Detection: Advanced machine learning fraud prevention systems
We Do NOT Store Your Card Details
Important Security Notice: Creavibe Digital never sees, handles, or stores your full payment card details. All card information is entered directly into Revolut's secure payment forms and processed exclusively by Revolut.
Payment Data Retention by Revolut
Revolut retains payment transaction data for:
- Transaction Records: 7 years (UK financial services regulation requirement)
- Card Details: Securely tokenized for recurring payments (if applicable)
- Fraud Prevention Data: As required by payment card schemes and regulations
Your Payment Rights
Under payment services regulations, you have rights to:
- Chargeback Rights: Dispute unauthorized or incorrect charges within 120 days
- Refund Rights: Request refunds according to our Refund Policy
- Data Access: Request details of payment transactions from Revolut
- Data Correction: Correct inaccurate billing information
Revolut's Privacy Policy
For detailed information about how Revolut processes your payment data, please review:
Payment Processing for Different Regions
Depending on your location, Revolut entities process payments as follows:
- UK/EEA Customers: Revolut Ltd (UK FCA-regulated)
- International Customers: Appropriate Revolut entity based on jurisdiction
Contact Revolut for Payment Issues
For payment-specific inquiries or disputes:
- Revolut Support: Available through the Revolut app or website
- Payment Disputes: Use Revolut's dispute resolution process
- Technical Issues: Contact Creavibe at contact@creavibe.pro and we'll coordinate with Revolut
15. Contact Information
Supervisory Authority
If you believe we have not handled your data properly, you have the right to lodge a complaint with the UK's data protection authority: