; Creartistive
Privacy policy



Last Updated: 5 January 2024


This Privacy Policy (the "Policy") describes the data practices of Artwocal OÜ, a company registered in Estonia (hereinafter referred to as “Company” or "we). This Policy applies to our website, https://creartistive.com, and any associated services offered through the website (collectively referred to as the "Services").


By accessing or using our Services, you consent to the data practices described in this Policy. If you do not agree with the practices described herein, please do not use our Services.





Artwocal OÜ, registered in Estonia, is the data controller responsible for the processing of your personal information. As the data controller, we determine the purposes and means of processing your personal information. We are committed to ensuring that your data is processed in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).


If you have any questions or concerns regarding the processing of your personal information or wish to exercise your rights under this Privacy Policy, you can contact us using contact information provided in Section 15 of this document.





2.1.       User Account Information:

Examples: Username, login information, account preferences, profile picture, session data, activity logs, clickstream data, usage-related data.

2.2.       Contact Details:

Examples: Email address, phone number, residence address.

2.3.       Identity Data:

Examples: Name, surname, date of birth, government-issued or national ID number, details of identification documents.

2.4.       Legal and Regulatory Compliance Data:

Examples: Anti-Money Laundering (“AML”) data (i.e., information required to meet AML regulations), Know Your Customer (“KYC”) data (i.e., data necessary for KYC compliance), sanctions and watchlist screening data, risk assessment information, compliance documentation.

2.5.       Authentication and Identification Information:

Examples: Multi-Factor Authentication (“MFA”) data, biometrics (e.g., facial recognition data, fingerprint data, other biometric authentication data), identity verification documents, authentication logs, security questions and answers.

2.6.       Technical and Device Data:

Examples: Device information (e.g., type and identifiers), operating system information (e.g., type and version), browser information (e.g., type and version), network and connection data (e.g., IP address), geolocation data, technical logs and events, device settings and preferences, cookies and similar technologies information.

2.7.       Transaction Data:

Examples: Purchase details, payment details, billing information, order information, transaction history, order history, current balance, refund and cancellation information.

2.8.       Payment Information:

Examples: Bank account details, credit card information, payment transaction details, billing information, payment method preferences, payment history.

2.9.       Financial Information:

Examples: Bank account information, income information, current balance.

2.10.    On-Premises Video Surveillance Data:

Examples: Video footage, timestamps.

2.11.    Marketing and Advertising Data:

Examples: Preferences and interests, communication preferences, surveys and feedback, promotion participation, subscription information.

2.12.    Communication and User Support:

Examples: Email communication, telephone communication (records of incoming and outgoing calls with us, metadata), chat history, user support events, communication preferences.





3.1.       Direct Interaction with You:

Personal data, which we collect and process, is primarily obtained through direct interaction with you. This includes instances when you register for an account, engage with our website, utilize our Services, or communicate with us through various means such as email, phone, chat or online forms.

3.2.       Indirect Channels (Third-Party Sources):

Additionally, we may receive personal data indirectly from external sources, which are considered third-party channels. These sources may include:

a.           Service Providers and Partners: Data may be obtained from service providers and partners who collaborate with us in delivering our image generation services. This includes entities that assist in the operation of our platform and enhance the overall user experience.

b.          Competent State Institutions: In certain circumstances, we may receive information from competent state institutions as required by applicable laws and regulations.

c.           Other Relevant Entities: Data may be sourced from other relevant entities that contribute to the provision and improvement of our Services.


The collection and processing of personal data from these sources are governed by the principles outlined in this Privacy Policy. We are committed to ensuring that any data obtained, whether through direct interaction or third-party sources, is processed in accordance with applicable data protection laws, including the GDPR.





4.1.       Creating and Managing User Accounts:

Purpose: The creation and management of your user account.

Legal Basis: Contractual necessity.

4.2.       Verifying User Identity and Authentication:

Purpose: Verifying user identity and authenticating users.

Legal Basis: Legal obligation, legitimate interests.

4.3.       Provision of Requested Services:

Purpose: Providing the services requested by the user.

Legal Basis: Contractual necessity.

4.4.       Compliance with Legal and Regulatory Requirements:

Purpose: Ensuring compliance with applicable legal and regulatory requirements.

Legal Basis: Legal obligation, public task.

4.5.       Fulfilling and Managing Orders:

Purpose: Fulfilling and managing orders placed by users.

Legal Basis: Contractual necessity.

4.6.       Executing and Managing Transactions:

Purpose: Executing and managing transactions.

Legal Basis: Contractual necessity, legitimate interests.

4.7.       Communication and User Support:

Purpose: Communicating with users, providing user support, and furnishing services-related information.

Legal Basis: Contractual necessity, legitimate interests.

4.8.       Providing Marketing Information and Customized Content:

Purpose: Providing marketing information and delivering customized content.

Legal Basis: Consent, legitimate interests.

4.9.       Managing Risks and Business Decisions:

Purpose: Managing risks, including business risks, and making business-related decisions.

Legal Basis: Contractual necessity, legal obligations, legitimate interests.

4.10.    Preventing Fraud and Misuse of Services:

Purpose: Preventing fraud and misuse of our services.

Legal Basis: Legal obligation, legitimate interests.

4.11.    Ensuring Security of Information and Assets:

Purpose: Ensuring the security (physical and cyber) of our information and other assets.

Legal Basis: Contractual necessity, legal obligation, legitimate interests.

4.12.    Addressing Technical Issues and Troubleshooting:

Purpose: Addressing technical issues with our website and services, troubleshooting.

Legal Basis: Contractual necessity.

4.13.    Improving and Developing Services:

Purpose: Improving and developing our services.

Legal Basis: Legitimate interests.

4.14.    Addressing Claims and Resolving Disputes:

Purpose: Addressing claims and resolving disputes.

Legal Basis: Contractual necessity, legal obligation, legitimate interests.





5.1.       Service Providers and Partners:

Your personal data, when legally justified in specific instances, may be shared with service providers and partners who play a crucial role in the delivery of our Services. These entities collaborate with us to enhance the functionality and overall user experience of our platform.

5.2.       Competent State Institutions:

Additionally, your personal data may be shared, when legally justified, with competent state institutions. This includes regulatory bodies, law enforcement agencies, official registers, and other relevant authorities, as required by applicable laws and regulations.

5.3.       Other Recipients:

In certain cases, your personal data may be disclosed to other recipients based on your explicit instructions or when there is another legal basis for such disclosure.





While we endeavor to process your personal data within the European Union and European Economic Area (EU/EEA), there may be instances where it is necessary to transfer personal data outside these regions. In such cases, we are committed to ensuring strict adherence to all legal requirements governing the transfer of personal data outside the EU/EEA. Rest assured that any cross-border transfers will be conducted with the utmost consideration for applicable data protection laws, including the GDPR. We implement appropriate safeguards, such as standard contractual clauses, to ensure that your personal information remains confidential and secure during such transfers.



7.          RETENTION


We adhere to a comprehensive data retention policy designed to store personal data only for the duration necessary to achieve the purposes outlined in this Privacy Policy. The duration of retention mainly depends on the type of personal data and the specific purpose of processing. We ensure that personal data is not kept for longer than necessary for the fulfillment of its intended purposes. Certain categories of personal data may be subject to predefined retention periods as stipulated by relevant laws, including but not limited to Anti-Money Laundering (AML) regulations, tax requirements, accounting obligations, and other applicable statutes. In cases where specific laws do not prescribe a retention period, we establish appropriate retention periods guided by the principles of personal data protection outlined in the GDPR and other relevant data protection laws. At the end of the retention period, we ensure the secure disposal of personal data through either deletion or irreversible anonymization. This is done to safeguard your privacy and uphold the principles of data protection.



8.          YOUR RIGHTS


8.1.       Rights Under Applicable Data Protection Laws:

Under applicable personal data protection laws, including the GDPR, individuals whose personal data we process have several rights concerning their personal information. These rights are not absolute and may vary based on circumstances and the legal basis for processing the data.

8.2.       Outline of Data Subject Rights:

The summary of the aforementioned data subject rights is as follows:

(a)         Right to Access:

You have the right to request information about the personal data that we hold about you.

(b)        Right to Rectification:

You can request correction or completion of your data if you believe that the personal data we hold about you is inaccurate or incomplete.

(c)         Right to Erasure:

You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent, and there is no other legal basis for processing.

(d)        Right to Object:

You can object to certain types of data processing based on your specific circumstances.

(e)         Right to Restriction of Processing:

In certain circumstances, you may request the restriction of processing your personal data, allowing us to store it without further processing.

(f)          Right to Withdraw Consent:

You may withdraw your consent when processing is based on your consent. Please note that withdrawal of consent does not affect the lawfulness of processing before consent withdrawal.

(g)         Right to Data Portability:

You can request your personal data in a structured and machine-readable format and transmit it to another controller.

8.3.       Exercising Your Rights:

To exercise any of the rights mentioned above, please contact us as indicated in Section 15 of this document.

8.4.       Identity Verification:

Please note that we may request additional information to verify your identity when you exercise your rights. This is a security measure to prevent unauthorized access to personal data.





9.1.       Mandatory Provision and Implications of Non-Provision:

In certain scenarios, the provision of specific personal information is essential for accessing our services or fulfilling legal obligations. When it is mandatory to provide personal data, clear indications will be provided to inform you of this requirement. Failure to provide such obligatory information may result in our inability to deliver the requested services or fulfill your request.

9.2.       Optional Provision and Implications of Non-Provision:

Conversely, there are situations where providing personal data is optional and does not impact our ability to provide services to you. For example, you have the autonomy to decide whether to consent to receive promotional communications and allow us to process your personal data for such purposes. In these instances, you also retain the right to withdraw or modify your consent at any time.




10.1.    Automated Decision-Making and Enhancing Services:

We may employ automated decision-making processes and profiling to optimize our services, ensuring efficiency and a secure, personalized experience for users. These automated processes and profiling techniques are implemented with careful consideration for user privacy and in compliance with applicable data protection laws, including the GDPR. The key aspects are outlined below:

10.2.    Automated Decision-Making:

(a)         Fraud Prevention: Automated systems play a crucial role in identifying and preventing suspicious transactions, triggering measures such as transaction suspension or temporary account restrictions.

(b)        Recommendations: Algorithms analyze user interactions to offer personalized recommendations, contributing to an enriched overall user experience.

10.3.    Profiling:

(a)         Insights: Profiling enhances our understanding of user preferences, behaviors, and interests.

(b)        Personalized Content: Tailored content delivery based on profiling creates a more engaging and personalized user experience.





11.1.    Direct Communication and Amicable Resolution

We are dedicated to cultivating positive relationships with our users and customers, and we approach any concerns or disputes with a commitment to fairness and respect. Your satisfaction is of utmost importance to us, and we encourage you to initiate contact with us first if you have any questions or issues regarding the processing of your personal data.

11.2.    Legal Remedies and Complaints

In situations where direct communication and amicable resolution prove challenging, we recognize your right to explore legal remedies available under applicable personal data protection laws. This may include the option to lodge a complaint with the relevant data protection authority, depending on your jurisdiction. For instance, in Estonia, you can contact Estonian Data Protection Inspectorate (DPI). We value transparency and are committed to working collaboratively to ensure the protection of your privacy rights.





12.1.    Commitment to Security and Security Measures

Ensuring the security of the personal data we process is a fundamental commitment. We have instituted a comprehensive array of technical and organizational security measures designed to uphold the confidentiality, integrity, and availability of your information. These measures encompass, among others, robust data encryption, stringent access control, regular audits, and ongoing employee training. Our commitment extends to ensuring that our security controls are both sufficient and appropriate, taking into account potential risks.

12.2.    User Adherence to Security Practices

While we are dedicated to maintaining robust security measures, it is crucial to emphasize that the security of your personal information is a shared responsibility. We strongly encourage you to adopt sound information security practices, such as implementing strong and unique passwords, ensuring the security of your devices, avoiding the use of public Wi-Fi networks for sensitive activities, and remaining vigilant against phishing attempts or other cybersecurity threats. We encourage users to actively participate in maintaining the security of their personal information by adhering to best practices in information security.





Our services are designed for individuals aged 18 years and older. It is our policy to refrain from knowingly collecting or processing personal information from individuals under the age of 18. Individuals under the age of 18 are not permitted to use our services and should not provide their personal information to us.





We may update this Policy periodically. The date at the top indicates the latest revision. We encourage you to review this Policy regularly.





If you have any questions or concerns about this Privacy Policy, please contact us at info@creartistive.com

Company: Artwocal OÜ,

Registration number: 16744464,

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Rotermanni tn 6, 10111, Estonia.