Data protection

Data protection information

Last updated: 29. 06. 2023

The protection of your personal data is very important to us, which is why we would like to list all the information about the processing and storage of your data when you visit our website and in our companies.

In order to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR).

Responsible body

Creavision Lab BV
Franz Schollaertastraat 3
3010 Kessel-Lo, Belgium
Further information can be found in the imprint.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted over the internet from your computer to our computer and vice versa using TLS encryption. TLS stands for “Transport Layer Security” and is an encryption protocol for data transmission on the internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

These are

IP address of the user,
Date and time of access,
Type of request,
Customer information such as type and version,
Operating system of the user (device, OS version of the device),
Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website

Personal data will not be transmitted to third parties. There is an order processing contract with the provider of this website, ALL-INKL.com – Neue Medien Münnich, based in Germany, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that ALL-INKL.com – Neue Medien Münnich processes the personal data of website visitors only in accordance with our instructions and in compliance with the GDPR.

The data collected is stored for 7 days in server log files that are automatically transmitted by the browser. The server log files are only stored for longer than 7 days in the event of attacks on the server infrastructure or other legal violations. This longer storage is based on the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the preservation of evidence.

2. INQUIRIES VIA E-MAIL AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your inquiry.

The legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to inquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfillment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

All personal data that you send to us with your inquiry will be deleted or anonymized by us no later than 2 years after the final reply to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries following our replies.

3. DISPATCH OF NEWSLETTERS

You can subscribe to our newsletter on our website. Our newsletters contain information about our offers or promotions. When you subscribe to the newsletter, we collect and store the data you enter in the input mask. You are only required to enter your e-mail address. All other details, such as first name and surname, are provided on a voluntary basis.

After submitting the registration form, you will receive an e-mail from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully subscribed to it. You will be informed of this by another e-mail. You also give us your consent to process your e-mail address and, if applicable, your other data. This ensures that no third party or unauthorized person registers for our newsletter (compliance with the double opt-in procedure). The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can stop receiving the newsletter at any time by clicking on the “Unsubscribe” link at the end of each newsletter. If you withdraw your consent, your data will be deleted immediately; we will store proof of withdrawal for a further three years so that we can comply with our accountability obligations under Art. 5 (2) GDPR. This storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for the confirmation email is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which lies in being able to prove that you have given your consent. The burden of proof for the controller is set out in Art. 5 (2) GDPR.

We do not pass on the data to third parties. The newsletter is sent by our processor All-Inkl, based in Germany.

4. SALE OF (DIGITAL) PRODUCTS

We sell digital products via an external store. By clicking on the product button or a similar link, you will be taken to the individually created sales page including checkout. You will then leave this website. The legal basis for data processing in the context of purchases via CopeCart GmbH is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b) GDPR. The entire sales process and contract processing is carried out by CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany.

5. USE OF WEB ANALYSIS TOOLS AND COOKIES

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone via the browser when you visit a website. This serves to recognize the website visitor. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

Cookies themselves do not contain any personal data about users, they are only used to uniquely identify what our customers find interesting and useful on our website. We also use so-called “web beacons” (small graphic images, also known as “pixel tags” or “clear GIFs”) on our website. They are used together with cookies to track general user behavior on the website.

The legal basis for the processing of personal data using cookies and other technologies is your consent in accordance with Art. 6 para. 1 lit. a) GDPR, which you give us via the so-called “consent banner” as soon as you visit our website for the first time.

We use cookies for the following purposes:

Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can adapt our website even better to the habits of our users.
Marketing: This allows us to show you advertising content tailored to you based on an analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).

The data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our so-called “Cookie Consent Tool” to set which cookie categories you would like to consent to when visiting our website.

Link to the cookie settings: [borlabs-cookie type=”btn-cookie-preference” title=”Cookie settings” element=”link” /]

Once cookies have been saved, you can delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.

Cookie list:

[borlabs-cookie type=”cookie-list” /]

As part of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialized service providers, in particular from the online marketing sector. These process your data on our behalf as processors, are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above-mentioned providers work for us as processors.

CONSENT MANAGEMENT VIA BORLABS

We use the cookie consent technology of Borlabs Cookies to obtain your consent under data protection law to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein (“Borlabs”), based in Germany.

Borlabs sets a technically necessary cookie to store your data protection consent. The following information is stored in the Borlabs cookie:

Cookie runtime
Cookie version
Domain and path of the website
Consents
UID (randomly generated ID which, according to Borlabs, is not personally identifiable)

Data is not transferred to Borlabs.

Borlabs is used to obtain the legally required consent for the use of cookies. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents (Art. 6 para. 1 lit. c) GDPR), to fulfill our accountability obligation pursuant to Art. 5 para. 2 GDPR.

MATOMO

We use “Matomo”(www.matomo.org), a web tracking service for analyzing the surfing behavior of users such as information on the use of the individual components of the website, with your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The data is not passed on to third parties, as we host Matomo on our own servers.

After you have given your consent, the “Matomo” software places cookies on your computer with which your browser can be recognized. By anonymizing the IP address, we take into account the user’s interest in the protection of personal data. The data is never used to personally identify the user of the website and is not merged with other data.

The following personal data may be stored by you:

the IP address of the user, shortened by the last two bytes (anonymized)
the subpage accessed and the time of access
the page from which the user reached our website (referrer)
which browser with which plugins, which operating system and which screen resolution is used
the time spent on the website
the pages that are accessed from the accessed subpage

USE OF GOOGLE ANALYTICS

This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of the use of the website by the user. The information acquired by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. The data processing is also essentially carried out by Google. Both Google and, under certain circumstances, the state authorities in the USA have access to this data. We have made the setting that your IP address will be anonymized. The IP address anonymization is carried out by Google, but within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices and all other data that Google has about you.

We do not store any user or event data.

You can see the cookies that are set in connection with Google Analytics in the list above.

You can revoke your consent at any time by making the appropriate settings directly via our banner. The user and event data will be deleted after 50 months.

FACEBOOK PIXEL

As part of the use of the so-called Facebook pixel, cookies are set on our website with your consent in accordance with Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR (see cookies with provider or name “Facebook”). In addition to us, Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook), is jointly responsible for the data processing associated with the pixel in accordance with Article 26 GDPR. Personal data is also processed in the USA. There is no adequacy decision for the USA.

The agreement on which the cooperation with Facebook is based can be found here. The pixel collects data about your use of our website and compares it with Facebook’s data in order to show you customized advertising from us on Facebook’s websites. Facebook also uses the data for its own advertising purposes and for third-party advertising purposes in accordance with the Facebook Data Policy. This also contains further information on how you can assert your data subject rights as described below with regard to your data processed by Facebook directly against Facebook.

COLLECTION AND PROCESSING OF PERSONAL DATA OF CUSTOMERS AND BUSINESS PARTNERS

1. fulfillment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)

The purposes of data processing arise from the implementation of pre-contractual measures that precede a contractually regulated business relationship and in the fulfillment of obligations arising from the contract concluded, such as a cooperation agreement in the context of product presentation via blogs. In this context, we process your first and last name and your address (street, zip code and town). We do not pass on your data to third parties. We delete your data as soon as it is no longer required for the fulfillment of (pre)contractual obligations.

2. for the fulfillment of legal obligations (Art. 6 para. 1 lit. c) GDPR)

The purposes of data processing also result from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations and data processing in the context of inquiries from authorities.

3. data processing to document compliance with the GDPR

Insofar as we process your data on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR, Art. 9 para. 2 lit. a) GDPR or Art. 49 para. 1 lit. a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to prove, within the framework of legal accountability, that you have consented to the data processing in question (Art. 5 para. 2 GDPR).

If you assert data subject rights against us under the GDPR, we will also process and store your data in order to be able to prove that we have complied with the legal obligations of the GDPR when processing and responding to your request as part of our accountability obligations pursuant to Art. 5 (2) GDPR. For this purpose, your request may be transmitted to our service provider for data protection law, SCALELINE LTD.

SALE OF PRODUCTS VIA OUR STORE ON ETSY

To sell our products, we use the Etsy platform of the provider Etsy Inc. Within the EU, Etsy Ireland UC, based in Dublin, Ireland, is the responsible company. Etsy is an e-commerce website or online marketplace for the purchase and sale of handmade products, vintage and artist supplies.

We expressly point out that in addition to the data processing by us, there is also Etsy itself. You can find further information on data protection from Etsy in Etsy’s privacy policy at etsy.com/en/legal/privacy/?ref=ftr

1. data processing when contacting us incl. complaint management

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your inquiry. This also applies to data processing in the context of complaints or other contact with us.

2. order processing incl. checkout

To process orders including payment via our Etsy store and to carry out (digital) shipping, we process your master data such as name, address and, if applicable, your e-mail address to fulfill our contract with you. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. In this context, your data will also be passed on to contracted transport companies.

Payment options: You can pay by instant bank transfer (“Sofort”), credit card (VISA, MasterCard, American Express, Diners Club), invoice (Klarna), PayPal or Google-Bay. You will be redirected to the website of the selected payment service provider. You can enter your payment details there and finalize the order. For this purpose, the specific payment amount is transmitted to the service provider used. Further information on the data processing carried out can be found in the information texts on the input screen/website of the service provider. There you will also find further contact information on the selected service provider. Payment processing takes place directly via the selected payment service provider. The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.

We store your data to fulfill our retention periods in accordance with Art. 6 para. 1 lit. c) GDPR.

The provision of your personal data is necessary for the conclusion of the contract. If you do not provide your data, it will not be possible to conclude a contract with you.

Further information on the rights of data subjects and your other rights under the GDPR can be found below.

Operation of social media presences

We maintain the following social media presences:
Instagram: https://www.instagram.com/creavision_lab/
Facebook: https://www.facebook.com/CreavisionLab/
Pinterest: https://www.pinterest.de/creavisionlab0080/
YouTube: https://www.youtube.com/@creavision.lab.tutorials

Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.): facebook.com/help/1561485474074139/?helpref=related

Data processing by us:

a. Maintaining the above-mentioned social media pages
The personal data entered on social media pages , such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content should this be necessary. If necessary, we share content on our site and contact you via the social media platform, for example via the messengers offered. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

In addition, we regularly place advertisements (“ads”) via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

b. Page Insights
The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called “Page Insights”). These Page Insights are created based on certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint controllership, a separate agreement must be concluded.

Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
Pinterest: https://business.pinterest.com/de/pinterest-advertising-services-agreement/united-states-of-america/
YouTube: https://business.safety.google/controllerterms/

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address.

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterization), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in accordance with data protection regulations. In many cases, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data it processes. The respective operator will inform you about the processing of personal data in its own privacy policy:

Facebook: www.facebook.com/help/568137493302217
Instagram: help.instagram.com/519522125107875
YouTube: www.policies.google.com/privacy?hl=de
Pinterest: https://policy.pinterest.com/de/privacy-policy

In the context of platform use, personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA and the United Kingdom. Certain third countries have been granted an adequacy decision by the European Commission. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can hardly influence the web tracking methods of the social media platform. For example, we cannot switch this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

Rights of data subjects

Your rights as a data subject

In accordance with Art. 15 (1) GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject’s interest in objecting.

If the data processing is based on consent pursuant to Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

You also have the right to lodge a complaint with a data protection supervisory authority. The complaint can be lodged in particular with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Contact details of the competent data protection authority in Belgium: contact@apd-gba.be

No automated decision-making

We do not carry out automated decision-making or profiling.

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your inquiries, for example.

This data protection information was created in cooperation with the consulting firm SCALELINE. The legal texts are subject to copyright.