PRIVACY POLICY
LAST UPDATE: APRIL 10, 2024
This PRIVACY POLICY is the entire personal data protection policy (hereinafter “Privacy Policy”) for the product or service provided by Creaitiv Inc.
We appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this Privacy Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it.
Before accessing or using the application, please ensure that you have read and understood our Privacy Policy. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Services immediately.
If you have any queries about this Privacy Policy or data protection in general, please contact: privacy@crait.it .
GENERAL INFORMATION
This Privacy Policy was drawn up by Creaitiv Inc. a company registered at Delaware 651 N Broad St, Suite 201, Middletown, 19709, New Castle, USA (hereinafter “Creaitiv Inc.”, “Crait”, “we,” “us” or “our”) who is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share and protect data that identifies or is associated with you (“personal data”) in relation to our website (as well as any other media form, mobile application, web application, media channel, mobile website, linked, or otherwise connected thereto) including the services offered on such website (hereinafter collectively the “Platform” or “Site”), and your choices about the collection and use of your information.
This Privacy Policy will enter into force on the date stated above. If this document is updated, we will notify you of the revised versions through our regular channels. For more information regarding updates please see the section titled “Updates to the Privacy Policy” below.
Creaitiv Inc. is a company residing and operating in the State of Delaware in the United States of America, it is subject to any and all federal and state laws applicable to Delaware entities. Please note that this Privacy Policy was prepared in line with the applicable laws of the State of Delaware relating to data privacy. Recognizing the global nature of the Internet, throughout the Privacy Policy, reference has been made to other jurisdictions and regulations which may be applicable to some users. However, we hereby expressly state that any such reference was made for ease of understanding of users and those persons who choose to access the Site from other locations do so on their own initiative and does not mean or imply that Creaitiv Inc. is subject to the laws and regulations of said jurisdiction.
Hereinafter, any person who is registered to the Platform shall be referred to as “Member”. Any person who visits the Platform without registration shall be referred to as “User”. Creaitiv Inc. hereby acknowledges its Data Controller status in terms of Members and Users of the Platform.
Crait Platform uses artificial intelligence to provide Members with the ability to create unique, most relevant and most targeting marketing designs using prompts. Crait Platform also gives services to enterprises to use Crait Platform by their designers, marketing teams. This Privacy Policy applies to all the products and services provided on the Platform to Members and Users by Creaitiv Inc. as the Data Controller. However, this Policy is not applicable to any information collected offline or via channels other than the Platform.
Please note that this Privacy Policy has been prepared in line with Crait’s Terms and Conditions available at here and Creaitiv Inc. does not intend for the Platform to be used by persons who are prohibited from using the Platform as per its Terms and Conditions. In terms of the collection of personal data, we would like to stress that we do not knowingly solicit data from children under 13 years of age. As stated in our Terms and Conditions, by using the Platform, you represent that you are at least 13. For persons between the age of 13 and 18 who want to register to the Platform, we may require personal parental consent or confirmation for registration depending on your jurisdiction. If we learn that personal data from users who are under 18 years of age has been collected due to their misrepresentation during Membership, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@crait.it .
WHAT IS PERSONAL DATA?
“Personal Data” used throughout this Privacy Policy means in short personally identifiable information of Users and Members of the Platform that is collected through the Creaitiv Inc.’s web page and through the online by Creaitiv Inc. from User/Member and maintained by Creaitiv Inc. in an accessible form, and by definition may include personal identifiers such as a first and last name, a physical address, an e-mail address, a telephone number, a Social Security number, or any other identifier that permits the physical or online contacting of the User/Member, and any other information concerning the User/Member collected by Creaitiv Inc. from User/Member and maintained in personally identifiable form in combination with any identifier described in this paragraph.
This section is intended to provide you with a definition of personal data. Please see Section 4.2. titled “What Data Do We Use?” and Section 13 titled “Notice For California Residents; Categories of Personal Data Processed” and Section 8 titled “Creaitiv Inc As A Data Processor” for details regarding the data actually processed by Creaitiv Inc. as a Data Processor.
ON WHAT BASIS DO WE COLLECT OR USE PERSONAL DATA?
Data protection laws require that we meet certain conditions before we are allowed to use your personal data in the manner described in this Privacy Policy. To use your personal data, we will rely on one of the following conditions, depending on the activities we are carrying out:
You have given us consent;
Processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual.
Processing is necessary in order to enter into or perform a contract with you or your employer.
Processing is necessary for compliance with our legal obligations.
Processing is necessary for legal claims.
Processing is necessary for substantial public interest.
Crait provides services to the companies as well. Sometimes your Personal Data defined in this Policy may be shared by your employer. In that case we will inform you about this disclosure and we will assume that you consented that disclosure. Creaitiv, Inc. is a data processor in this kind of sharing the Personal Data.
Below you will find detailed information on the basis that we collect and use your personal data. If we look to use your personal data for any other purpose not covered in this Privacy Policy, we will let you know about any proposed new purposes before using your personal data in this way.
Consent
We ask that you provide affirmative and informed consent to the use of your personal data as described in this Privacy Policy when you access the Platform and participate in the Services. Please discontinue using the Services if you do not have such consent.
We do not collect personal data for the purpose of sale of such information in a way that specifically identifies the individual (i.e., we don’t sell Member information).
We may provide you with marketing information about our services or products where you have indicated your consent for us to do so (to the extent that we are required to collect consent under data protection laws). We may contact you by mail or email, phone and electronic notifications (where you have agreed to those methods of communication) to provide you with the information on your requested service or product. We may also provide you with information, special offers, research, promotions, and similar products and services. Where you have indicated your consent to us doing so, we may also pass your details to our group companies for marketing purposes. You may change your marketing preferences at any time from your account settings.
We will also provide you with access to, or transfer your personal data at your written request, provided that we aren’t legally restricted from doing so or otherwise prevented from doing it due to circumstances beyond our reasonable control. Please relate your request for access to or transfer of personal data to privacy@crait.it .
If we are relying solely on your consent to process your personal data, you may withdraw your consent to our processing of your personal data at any time; however, withdrawing consent may result in your inability to continue using some or all of the services in the Platform. Please note that the withdrawal of your previous consent will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
Legitimate Interest
Sometimes our collection and use of your personal data may not depend on your informed consent but our legitimate interests. It is in our legitimate interests to collect your personal data as it provides us with information that we need to provide our Services to you and to make our Platform available.
This requires us to carry out a balancing test of our interests in using your personal data (for example, in order to provide you with access to the Platform, against the interests you have as a person and the rights you have under Delaware Online Privacy and Protection Act and other applicable Data protection law (for example, to not have your personal data sold to third party marketing companies without your knowledge).
The outcome of this balancing test will determine whether we may use your personal data in the ways described in this Privacy Policy. We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.
Our legitimate interests are: managing our business and relationship with you or your company/organization; understanding and responding to inquiries and Member and User feedback; understanding how our Members and Users use the Platform; identifying what our Members and Users want and developing our relationship with you, your company or organization; improving our Platform and offerings; managing our supply chain; developing relationships with business partners; sharing data in connection with acquisitions and transfers of our business.
Contractual Performance
Please note that when you become a Member and User of the Platform you enter into a contractual relationship with Creaitiv Inc. via the Terms and Conditions which you accept by use of our Platform. This contractual relationship necessitates the processing, use and storage of your personal data for the purpose of fulfilling our contractual obligations and/or facilitating our contractual rights. Therefore, at this stage the contractual relationship itself becomes the legal basis of our processing of your personal data.
In short, we are permitted to hold and process some of your personal data because it is necessary to do so in order to provide you access to, and to enable you to make use of, the Platform. Without this personal data, we could not provide you with access to the Platform.
Legal Obligations and Legal Claims
We are permitted to process your personal data where it is necessary for compliance with our legal obligations. We are also permitted to process your personal data where it is necessary to establish, pursue or defend a legal claim.
We may disclose your personal data to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose personal data when we believe in good faith that such disclosure is required by and in accordance with the law.
Substantial Public Interest
We are permitted to process your personal data where it is necessary for reasons of substantial public interest, on the basis of data protection laws.
USE OF COLLECTED DATA
We use your personal data to help us provide and support (the Services on) our Platform. This section provides you with details of what personal data we use and why we use it.
What Data Do We Use?
We collect information directly from you and in some instances from third party service providers whom you authorize to share your information with Creaitiv Inc.
Depending on whether you are a User or Member, personal data collected from you will differ. As explained above, if you only visit the website https://www.crait.it/ without becoming a Member you are categorized as a User. The only personal data collected from User’s are explained in the Section titled “Cookie Policy” below.
Naturally, we collect more personal data from you when you sign up to the Platform as a Member. As a Member you provide more personal data including:
contact information such as your username (if you sign up using a third party service provider), your name (if you choose to provide it), email address, mobile phone number used for verification purposes;
user picture or “avatar” (in case it contains your personally identifiable information);
details of your correspondence with us;
technical information which we collect from you when you visit the website https://www.crait.it/ such as your Internet Protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform and traffic data, cookies data, web logs and other communication data and details of the resources that you access;
location data which you may choose to share with the Platform during your use in order to optimize and personalize the suggestions made by the Platform; and
any other information you provide to us in order to personalize and optimize your experience with the Platform which provides Members the ability to create unique, most relevant and most targeting marketing designs. These details are accessible on your profile page on the Platform and can be changed at any time based on your preferences. Therefore this category of information is processed solely based on your consent and such consent can be revoked at any time.
For more details on the personal data we process, please see Article 12 titled “Notice for California Residents; Categories of Personal Data Processed” below.
When you use your membership and account information with third party service providers, we will receive certain profile information about you from your service provider. The profile information we receive may vary depending on the provider concerned, but will often include your name, email address, and profile picture as well as other information you choose to make public on such service provider platforms. We will use the information we receive only for the purposes that are described in this Privacy Policy or that are otherwise made clear to you on our Platform. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy policies to understand how they collect, use and share your personal data, and how you can set your privacy preferences on their sites and apps. As of the entry into force of this Privacy Policy, our Platform offers you the ability to register and login using your Google account.
For registering as a Member on our platform, the provision of a user name and email (which may contain your first and/or last name,) or phone number in case you choose to sign up manual registration option. Alternatively, you may login using third party service providers as explained above. As of the entry into force of this Privacy Policy, our Platform does not require the provision of any other identifier information solely for membership purposes.
You are able to view and update much of the information collected about you through your account settings. Please note that if you sign in using a third-party service provider, we cannot allow you to change your email address information and username provided by the service provider. You shall be entitled to collect all of your personal data stored on the Platform upon request via the sections provided on the applications or via email to us at privacy@crait.it .
We automatically collect certain information when you visit, use or navigate the website https://www.crait.it/ This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Platform and other technical information which may lead to your identification. This information is primarily needed to maintain the security and operation of our Platform, and for our internal analytics and reporting purposes. Please refer to the section titled “Cookie Policy” and the sub-section titled “Service Providers Processing Data on Our Behalf” for more information on automatically collected personal data.
As a Member, please remember that if you use the Platform to share personal data of persons who are not Members themselves (e.g. photographs, documents containing personal data such as receipts, video, etc.), you represent that you have read and understood the Terms and Conditions and agree to be bound by the conditions thereto. In these instances, you further represent that the individuals to whom this data relates have been informed of and have consented to such use and disclosure.
When this product/service was designed, the possibility that it would be used to process special categories of personal data or data regarding criminal convictions and offenses was not taken into account. In fact, our Terms and Conditions specifically state that Members shall not use the Platform for any purpose or in any manner involving transmitting protected personal information using Creaitiv Inc. unless you have received prior written consent to such use from Creaitiv Inc.
Our Platform is intended for the use of persons above the age of 13 only. We do not knowingly collect personal information from children or minors without parental consent. If Creaitiv Inc. is made aware that a child has provided us with personal information without parental consent, we will endeavor to delete that information from our databases. If you have questions about personal information that may have been submitted by a child, please email us at privacy@crait.it .
Why Do We Use Your Data?
Service provision: we use the information to carry out and administer the Platform which enables us to provide suggestions and recommendations personalized to you.
Communication: The main reason for processing your personal information for communication purposes is sending emails, newsletters, and other messages to keep you informed of the Platform. You may opt out of receiving any, or all, of any communications which are of a non-primary function (e.g. marketing) from us by following the unsubscribe link. However, please note that we may use your email address to send you emails about legal and administrative issues related to your Member status (such as changes in Terms and Conditions or Privacy Policy, deletion or deactivation of your account, etc.) which we may be legally obliged to inform you about, which are not classified as marketing communications. We also use the personal data to deal with inquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns;
Platform monitoring: to check the Platform and our other technology services are being used appropriately and to optimize their functionality for the purpose of administering and improving our Services;
Platform optimization: improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
Managing suppliers: we use information to manage third-party suppliers who deliver services to us;
Statistics: monitor metrics such as total number of visitors, traffic, demographic patterns, and patterns in our test results (on an anonymized and aggregated basis) regarding the website https://www.crait.it/;
Development: develop and test new products and features.
If we plan to use your personal data in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled “Updates to the Privacy Policy”.
COOKIE POLICY
We use cookies on our website to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site and also allows us to improve the Site.
A cookie is a commonly used automated data collection tool. Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open, in order to make websites work, or work more efficiently, as well as to provide information to the owners of the Site.
We do not use persistent cookies since the website does not provide for a login feature. We use session cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by users and web traffic routing on the Site. Session cookies are deleted from your computer when you log off from the Site and then close your browser. We may also use advertising cookies which enables our advertising service providers to collect some data regarding your device in order to be able to determine your interests and provide targeted advertising services. Details of the cookies used on our website are set out in our cookie policy available at here Please be advised that our cookie policy is an integral part of this Privacy Policy with regard to our website.
You can set up your browser options, to stop your computer accepting cookies which require consent (such as social plug-in tracking cookies like those used for behavioral advertising, analytics or market research; third party cookies used for behavioral advertising) or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may be unable to access certain parts of our Site or to receive certain Services. Please note that some cookies are necessary for the Site to perform its functions and may not be stopped (such as cookies that allow the processing of web server requests over a pool of machines instead of just one, authentication cookies, etc.) if the Site is to be used; these are noted as “necessary cookies” in our cookie policy.
Your browser may feature a preference which alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal. Please note that our Site may not recognize or take action in response to DNT signals from your browser.
WHERE WE STORE YOUR DATA
Platform is hosted, stored and processed by Creaitiv Inc. leveraging data centers which are located in the USA Region. Processing of the information collected about you is only undertaken for the purposes described in this Privacy Policy.
For Members located in Europe, considering the fact that Creaitiv Inc. is a Delaware (US) corporation we would like to expressly state that the personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA'') or the UK. It may also be processed by staff operating outside the EEA or the UK who work for us or for one of our suppliers or partners. Such staff or subcontractors may be engaged in, among other things, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the USA, EEA or the UK.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred where the recipient is bound by contractual clauses requiring the confidentiality and protection of personal data.
Our Platform is accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Platform from outside the USA, EEA or the UK. This means that where you chose to post your data on our Platform, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA or the UK may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
DISCLOSURE OF YOUR PERSONAL DATA
We do not sell, lease, rent or give away the information collected about you without your permission. We only disclose your information as described below. If we disclose your information, we require those we share it with to comply with adequate privacy and confidentiality requirements, and security standards.
Disclosure to Affiliates: Creaitiv Inc. is a global business, headquartered in the United States. Your personal information collected by us in accordance with this Privacy Policy is used and shared by Creaitiv Inc. to our affiliate company based in Turkey (Crait Teknoloji Anonim Şirketi) for the purposes of providing the Platform, delivering our Services, managing your accounts, IT, support, billing, marketing, and communications.
We may disclose your personal data to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose personal data when we believe in good faith that such disclosure is required by and in accordance with the law. In certain instances, it may be necessary for Creaitiv Inc. to disclose the information that we’ve collected about you to government officials or otherwise as required by applicable law. No personal data will be disclosed to any law enforcement agency or governmental agency except in response to:
A subpoena, warrant or other process issued by a court of competent jurisdiction;
A legal process having the same consequence as a court-issued request for information, in that if Creaitiv Inc. were to refuse to provide such information, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honor such legal process; or
Where such disclosure is necessary for Creaitiv Inc. to enforce its legal rights pursuant to the laws of the jurisdiction from which such information was gathered.
We may also disclose your personal data, subject to appropriate confidentiality protections, in connection with a corporate reorganization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.
The Platform may contain links to third party websites. When you click on a link to any other website or location, you will go to another site, and another entity may collect personal or anonymous data from you. We have no control over, do not review, and cannot be responsible for these outside websites or their content. Please be aware that this Privacy Policy does not apply to these outside websites or content, or to any collection of your personal data after you click on links to such outside websites. We encourage you to read the privacy policies of every website you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.
Service Providers Processing Data on Our Behalf
We may use contractors and service providers to process the information collected about you on our behalf for the purposes described in this Privacy Policy. We contractually require service providers to keep information secure and confidential and we do not allow our data processors to disclose your information to others without our authorization, or to use it for their own purposes. However, if you have an independent relationship with these service providers their privacy statements will apply. Please also see Article 6 above for information on where we store your data as it may contain information on service providers.
Google Analytics (Google LLC.): This third-party service enables Creaitiv Inc. to monitor and analyze the Site traffic. Google Analytics is a web analysis service provided by Google LLC. Google utilizes the information collected to track and examine the use of the Site to prepare reports that may be used for optimization of the Site. Information collected for this purpose is cookies and usage data. Place of processing of Google LLC is the US. Please check the Google privacy policy at https://policies.google.com/privacy?hl=en for more information. Opt-out option is also available as a browser add-on at: https://support.google.com/analytics/answer/181881?hl=en
Google LLC.: As stated above, our Platform offers you the ability to register and login using your Google account. When you use your Google account to register and login to our Platform, we will receive certain profile information about you from this service provider. The profile information we receive will depend on the policies of the service provider, but at the date of the entry into force of this Privacy Policy includes at the minimum your email address, the name you have provided for the email address and your profile picture. Therefore, we recommend that you review the privacy policy of your service provider available at https://policies.google.com/privacy.
Sentry (Functional Software, Inc): Sentry (Functional Software, Inc): This third-party service enables Crait to check the correct functioning of the Platform and to detect errors. Sentry is a web analysis service provided by Functional Software, Inc. and is used to detect errors that may occur on the software codes with the data collected for monitoring and analyzing the use of the Platform. The data collected for this purpose are cookies and usage data. If you have any reservations about this, Therefore, we recommend that you review the privacy policy of your service provider available at https://sentry.io/privacy/
CREAITIV INC. AS A DATA PROCESSOR
As part of our services, we provide our entity customers to be able to create Member accounts for their employees and/or freelancers. In that case your Personal Data will be provided directly by the entity customer to us. Where the customer provides your personal information to us and makes decisions about the personal information that is being processed in the Platform, the entity customer is acting as a data controller and Creaitiv Inc. is acting as a data processor.
When our entity customers process Personal Data through our Platform, they are responsible for ensuring that they do so in compliance with the law, including providing their employers and freelancers with transparent notices. Our entity customers are also responsible for validating any integrations they enable through our Platform, as well as ensuring that their use of publicly available personal information complies with the terms of the personal data protection rules of the relevant jurisdiction.
Where Creaitiv Inc., is a service provider and data processor for our customers, our customer’s privacy policies, rather than this one, will be applicable to the personal information processed, and we direct individuals to review those policies if they have any questions around how their data is obtained or processed within the Platform.
RETENTION OF YOUR PERSONAL DATA
We will retain your personal data for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please note that even when the deadline for a Crait has ended, any Crait Member Content you may have shared with other Users or Members in the Crait would remain stored therein. You may access such Crait Member Content in the Crait.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal data preserved in automatically generated computer backup or archival copies generated in the ordinary course of our information technology systems procedures.
All retained personal data will remain subject to the terms of this Privacy Policy. Please note that if you request that your personal data be removed from our databases, it may not be possible to completely delete all of your personal data due to technological or legal constraints, though we will use reasonable efforts to do so.
No purpose in this notice will require us keeping your personal information for longer than twelve (12) months past the termination of the member’s account, unless as necessary to comply with our legal obligations, resolve disputes, prevent and detect fraud, and enforce our agreements.
SECURITY POLICY
The security of your personal data is important to us. We use commercially reasonable efforts to store and maintain your personal data in a secure environment. We also take technical, contractual, administrative, and physical security steps designed to protect any and all personal data you provide. We have implemented procedures designed to limit the dissemination of your personal data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you in this Privacy Policy.
Please note that you are also responsible for helping to protect the security of your personal data. For instance, never give out the credentials you use in connection with accessing the Platform, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services. We provide email verification upon membership sign up and enable sign in only through the use of your password.
We are not liable for disclosure of data due to errors in transmission, unauthorized access or acts by third parties, or omissions or acts beyond our reasonable control. Although we employ commercially reasonable measures of security, we also cannot guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards by persons or systems with malicious intent.
In the event we become aware of a security breach that could result in your personal data being disclosed in a manner that is not authorized under this Privacy Policy, we will notify you via email (or other communication channel you have provided to us) if we can and use other means (such as posting a notice on our Platform) to try to alert you as appropriate.
We have implemented the following security measures to protect its product or service:
The (database) servers can be accessed only via Creaitiv Inc.’s trusted network locations.
Procedures are in place to ensure only authorized personnel have access to the personal data. A non-disclosure and confidentiality agreement ensures this still applies when a member of staff leaves the company.
All mobile carriers (such as laptops, USB sticks and portable HDs) of Creaitiv Inc. are password protected.
Our web servers and database servers are firewall-protected.
All data within Creaitiv Inc. will be stored as securely as possible.
Encryption will be used when possible.
All data will be transmitted with the highest possible form of encryption that is supported.
We ask for confirmation mail while registering.
We prevent two different users from logging using the same browser.
We keep our content on AWS S3 subject to private access.
Only authorized people can see any details in any Creaitiv started by a Member.
We use PostgreSQL database and here we control all access with Row Level Security policies so that only the invitees of a Crait can see the details of it.
We have a rate limit definition for requests from the same IP.
We work together with external security service providers regularly to perform penetration tests to ensure our protection against unauthorized access.
We regularly revise the security measures outlined in this Privacy Policy to ensure that we are always fully prepared and up to date with regard to data protection.
MANAGING YOUR CRAIT MEMBER STATUS AND ACCOUNT
User name: Crait Members are required to assign themselves a user name that uniquely identifies you on Creaitiv Inc. Your username may contain personal data such as your real name, surname or other identifier. You can change your Crait user name at any time. However, please beware that if you change your username, your old username becomes available for anyone else to claim. Please note that references to your Member profile under the old user name may remain the same when you change your username for future use. Please note that when you login using your Google Account, the name you have used for your Google Account will be displayed in Creaitiv Inc. and cannot be changed via Creaitiv Inc. but is subject to Google’s options regarding any such changes.
Profile Picture: You have the option to upload a profile picture under the “Profile” tab on the Platform. Depending on the picture that you use, the profile picture may contain personal and/or sensitive personal data. Please be advised that your profile picture shall be visible to other Members of the Platform when they search you on the Platform.
Email address: Unless they are using third party service providers for sign up and login, Creaitiv Inc. Members are required to give an email address. Creaitiv Inc. sends email verification requests to this address to secure your personal data. You can change your email information only after you have verified the last email given.
Deleting Your Account: Deleting your account will stop all services you receive on the Platform, permanently delete all the data you have uploaded to the Platform, including any specific Crait content and profile information. However, please be aware that due to your interactions with other Members on the Platform, some information, like messages you sent to other Members, may still be visible after you delete your account. Once you delete your account, there is no going back. Please be certain. We will be sorry to lose you.
DATA LEAK PROTOCOL
In the unfortunate event that something does go wrong, Creaitiv Inc. will follow the following data breach protocol to ensure that data subjects are notified of incidents.
A relevant internal data breach procedure is in place. Creaitiv Inc. will set up a team in order to analyze the cause, the impact and the affected Members and Users. Depending on the outcome of this analysis, Members/Users will be notified as soon as possible. Members shall be notified within 24 hours of Creaitiv Inc.’s learning of the data leak if possible. If required by any applicable law, Creaitiv Inc. shall also notify any applicable Data Protection Authority about the leak.
Creaitiv Inc. will provide highly detailed information about:
The nature of the breach, including a description of the incident, the nature of the personal data or categories of affected data subjects, an estimate of the number of affected data subjects and databases that may be affected, as well as an indication of when the incident occurred;
Any measures already taken by Creaitiv Inc. in order to stop the breach;
Any measures to be taken by the affected data subjects (what can the affected data subjects themselves do, such as “keep an eye on your emails, change your passwords”, etc.);
Any measures to be taken by Creaitiv Inc. in order to prevent a future breach.
NOTICE FOR CALIFORNIA RESIDENTS; CATEGORIES OF PERSONAL DATA PROCESSED
Please note that this notice for residents of the State of California is provided for the ease of said persons; however, the other provisions of this Privacy Policy are equally valid and in force for residents of the State of California. Also, Members and Users accessing this Privacy Policy from other locations may find this section useful.
Please refer to Article 14 below for more information regarding your rights related to the personal information processed and how to pose questions or requests to us regarding your personal information.
The chart below includes details on personal data or “personal information” collected for customers. Within the last twelve (12) months, we may have collected the following categories of personal information from the sources identified below for the business and commercial purposes indicated, and disclosed, shared, or sold (as indicated) such categories of personal information with the specified categories of third parties:
Notice for EU Residents; GDPR Legal Basis for Processing Personal Data under GDPR
If you are a resident of one of the countries in the European Economic Area, the following provisions apply to you.
We may process Personal Data under the following conditions:
Consent: You have given Your consent for processing Personal Data for one or more specific purposes. If we are relying solely on your consent to process your personal data, you may withdraw your consent to our processing of your personal data at any time; however, withdrawing consent may result in your inability to continue using some or all of the services in the Site. Please note that the withdrawal of your previous consent will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof. This condition contains the performance of a contract between Creaitiv Inc. and your employer and your employer provide us your Personal Data upon that contract.
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company. Our legitimate interests are: managing our business and relationship with you or your company or organization; understanding and responding to inquiries and Member and User feedback; understanding how our Members and Users use the Platform; identifying what our Members and Users want and developing our relationship with you, your company or organization; improving our Platform and offerings; managing our supply chain; developing relationships with business partners; sharing data in connection with acquisitions and transfers of our business.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
In case your Personal Data is disclosed by your employer, we will inform you about this disclosure and we will assume that you consented to that disclosure, taking your consent before the disclosure is your employer’s responsibility as a Data Controller. Creaitiv, Inc. is a data processor in this kind of disclosing the Personal Data.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU, to:
Right to access: You have the right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
Right to request correction of the Personal Data: You have the right to have any incomplete or inaccurate information We hold about You corrected.
Right to object: This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object to where We are processing Your Personal Data for direct marketing purposes.
Right to erasure: You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means. You have the right to receive your Personal Data from us in a structured format and you have the right to (let) transmit such Personal Data to another controller. In that case we will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format.
Right to withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, we may not be able to provide You with access to certain specific functionalities of the Service.
Exercising of Your GDPR Data Protection Rights
You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, we will try our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.
Notice for Turkey Residents; KVKK Legal Basis for Processing Personal Data Under KVKK
If you are a resident of Turkey, the following provisions will also apply to you.
What Kind of Personal Information Do We Collect?
The only personal data collected from User’s are explained in the Section titled “Cookies” above.
Naturally, we collect more personal data from you when you sign up to the Platform as a Member. As a Member you more personal data including:
contact information such as your email address, first name, last name (in case your user name contains your name)
user picture or “avatar” (in case it contains your personally identifiable information);
details of your correspondence with us;
technical information, such as your Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, screen resolution, flash version, time zone setting, browser plug-in types and versions, operating system, platform and traffic data, cookies data, web logs and other communication data, and details of the resources that you access, as well as your sessions records, which we collect from you when you access the Platform; and
any other information you provide to us.
What Lawful Reasons Do We Have To Process Personal Data?
We collect and process your Personal Data one or more of the below-listed reasons:
Contract - We may process personal data to fulfill our contractual obligations with you and/or your employer.
Consent - We may rely on your freely given consent at the time you provide your personal data to us.
Legitimate interests - We may rely on legitimate interests based on our assessment that the processing is fair, reasonable and balanced.
Legal obligations and public interest - We may process personal data to fulfill legal obligations.
UPDATES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Entry Into Force" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes on the Platform or by directly sending you a notification through the Platform. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your personal data.
QUESTIONS AND REQUESTS ABOUT YOUR PERSONAL DATA ("CONSUMER REQUEST”)
As a Member or User of Creaitiv Inc. you may request the following from Creaitiv Inc. as Data Controller;
Access to your personal data.
Rectification or deletion of your personal data.
A restriction on the processing of your personal data.
Object to the processing of your personal data.
A transfer of your personal data (data portability) in a structured, machine readable and commonly used format.
Withdraw your consent to us processing your personal data, at any time.
Please note that withdrawing your consent is only effective provided that consent is the only basis for the processing of relevant personal data. Similarly, even if you request the deletion of any personal data, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You can make a request in relation to any of the above rights by writing to us at the contact address given at the end of this Privacy Policy. Only you, or someone legally authorized to act on your behalf, may make a consumer request related to your personal data. You may also make a consumer request on behalf of your minor child.
We will respond to such queries as soon as reasonably possible and deal with requests we receive from you, in accordance with the provisions of any applicable data protection law. Please note that you also have the right to appeal our responses to your consumer requests regarding this privacy policy. You can make your appeals to us using the same contact information below.
CONTACT US
You can contact us via post or email.
Via post:
CREAITIV INC.
Attn: Privacy
Delaware 651 N Broad St, Suite 201, Middletown, 19709, New Castle. USA
Via email:
privacy@crait.it with “Privacy” in the subject line
If your letter or email involves one of the requests listed above in the section titled “Questions and Requests About Your Personal Data”, we may ask you to verify your identity before fulfilling your request depending on the method of your request.