Privacy Policy
Mireia Rosset makes this privacy policy available to you through the website www.creatistlab.com in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us. In case of introducing modifications in the future on it, we will notify you through the website or through other means so that you can know the new privacy conditions introduced.
In compliance with Regulation (EU) 2016/679, General Data Protection and Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, we inform you of the following:
Responsible for the Treatment
Name: Mireia Rosset Ponce
NIF: 46987096M
Address: Calle Carrer de Vallespir 61, bajos 2, 08014 Barcelona, Province of Barcelona, Spain.
Email: hello@creatistlab.com Website: www.creatistlab.com
For what purpose do we process your personal data?
Mireia Rosset collects and processes your personal information for the following general purposes related to managing the relationship we have with you:
– Management and contracting of the services offered by our company.
– Handling requests for information, suggestions, and complaints that you may submit to us.
– Keeping you informed about events, offers, products, and services that may be of interest to you through various communication channels, provided you have given your consent.
– Management of the commercial relationship maintained with our suppliers.
How do we collect your information?
We collect your personal information through various means, but you will always be informed at the time of collection through informative clauses regarding the data controller, the purpose and legal basis of the processing, the recipients of the data, the retention period of your information, as well as the ways in which you can exercise your rights related to data protection.
In general, the personal information we process is limited to:
– Contact form: To send information related to the inquiry made (name, surname, and email address). The legitimacy for this processing is obtained through the pre-contractual relationship of the parties.
– Subscription form: To send newsletters and commercial communications about promotions and/or advertising from the website (name and email address). The legitimacy for this processing is obtained through the consent of the data subject.
– Blog comment registration forms: To manage and publish comments, publicly, on the website (name and email address). The legitimacy for this processing is obtained through the consent of the data subject.
Mireia Rosset uses social media, which is another way to reach you. The information collected through the messages and communications she posts may contain personal information that is available online and accessible to the public. These social media platforms have their own privacy policies explaining how they use and share your information, so we recommend that you review them before using them to ensure you agree with how your information is collected, processed, and shared.
Furthermore, this website collects cookies, which you can review in the following link.
User’s responsibility
By providing us with your data through electronic channels, the user guarantees that they are over 14 years old and that the data provided to Mireia Rosset is true, accurate, complete, and up-to-date. In this regard, the user confirms that they are responsible for the accuracy of the communicated data and will keep this information appropriately updated to reflect their real situation. The user will be held responsible for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise as a result.
How long do we retain your information?
We will only keep your information for the period of time necessary to fulfill the purpose for which it was collected, to comply with legal obligations imposed on us, and to address any potential liabilities that may arise from the fulfillment of the purpose for which the data was collected.
If at any time we have collected your data to reach out to you as a potential user of our services or to respond to an information request made by you, such data will be retained for a maximum of 6 months from the date of collection. After this period, the data will be deleted if no contractual relationship has been formalized or if you request its deletion.
In any case, as a general rule, we will retain your personal information as long as there is a contractual relationship between us or until you exercise your right to erasure and/or limitation of processing. In such cases, the information will be blocked and not used beyond its retention period, while it may be necessary for the exercise or defense of claims or any potential liabilities that need to be addressed.
Whom do we disclose your data to?
In general, we do not share your personal information, except for those disclosures that we are required to make based on legal obligations.
However, if any data needs to be transferred to a third party, we would inform you beforehand and request your explicit consent for such transfer.
Entities involved in any phase of the data processing are obligated to maintain professional secrecy and to implement levels of protection, as well as technical and organizational measures, necessary to ensure the security of personal data.
While it is not considered a data disclosure, to provide you with the requested service, it is possible that third-party companies, acting as our service providers, may access your information to perform the services we have contracted them for. These processors access your data following our instructions and are not allowed to use it for any other purpose, maintaining strict confidentiality.
- Hostinger International Ltd. is a private limited company based in Cyprus, with its registered address at 61 Lordou Vironos st. 6023 Larnaca, Republic of Cyprus («Hostinger»). It offers web hosting, domain name registration, and related products and services. You can review the privacy policy and other legal aspects of the company at the following link: https://www.hostinger.com/privacy-policy
- Google LLC, with its registered address at 1600 Amphitheatre Parkway, 94043, Mountain View, California, United States, provides services such as measurement services, surveys, and email services. They have adopted standard contractual clauses for data processing approved by the European Commission, which can be reviewed at: https://cloud.google.com/security/gdpr/resource-center. You can find the privacy policy and other legal aspects of the company at the following link: https://www.google.com/policies/privacy/. The data controller for these services is Google Ireland Limited, with its registered address at Gordon House, Barrow Street, Dublin 4, Ireland.
- Mailerlite is used for automating commercial newsletters and sending advertising for products and/or services offered on the website to the data subject’s email address. It is located in Vilnius, Lithuania. For more information, please visit: https://www.mailerlite.com/privacy-policy.
- Calendly LLC, with its registered address at 1600 Amphitheatre Parkway, 94043, Mountain View, California, United States, provides scheduling and calendar services. You can find the privacy policy and other legal aspects of the company at the following link: https://calendly.com/pages/privacy. You can also review the compliance guarantees here: https://calendly.com/pages/security and https://calendly.com/pages/dpa.
- Zoom Video Communications, Inc., a tool used for video conferences, is located in the United States. For more information about their privacy policy, please visit: https://explore.zoom.us/privacy/.
Likewise, your personal information will be available to Public Administrations, Judges and Courts, for the attention of possible responsibilities arising from the treatment.
International data transfers
With our suppliers, we have agreed that, for the provision of the contracted service, they will use servers located in the EEA (European Economic Area). If, in the future, we need to use servers located outside the EU territory, appropriate measures will be taken, which will be included in this Privacy Policy.
What are your rights regarding the processing of your data and how can you exercise them?
Data protection regulations allow you to exercise the following rights concerning the processing of your data: the right of access, rectification, erasure, data portability, objection, and restriction of processing. You also have the right not to be subject to decisions based solely on automated processing, where applicable.
These rights are characterized as follows:
– The exercise of these rights is generally free, except in cases of manifestly unfounded or excessive requests (e.g., repetitive in nature), in which case Mireia Rosset may charge a proportional fee based on the administrative costs incurred or refuse to act.
– You can exercise these rights directly or through your legal or voluntary representative.
– We must respond to your request within one month, although, considering the complexity and number of requests, this period may be extended by an additional two months.
– We are obligated to provide you with information on the means to exercise these rights, which should be accessible, and we cannot deny you the right to exercise your request merely for choosing another method. If the request is submitted electronically, the information will be provided by electronic means whenever possible unless you request otherwise.
– If we do not comply with your request, you will be informed, no later than one month, of the reasons for our non-action and the possibility to file a complaint with a supervisory authority.
To facilitate the exercise of your rights, we provide you with the links to the request forms for each of these rights: [Include the relevant links to the request forms, if applicable].
Form exercise of the right of access
Form for exercising the right of rectification
Form to exercise the right of opposition
Form to exercise the right of deletion (right «to be forgotten»)
Form for exercising the right to limit processing
Form of exercises of the right to portability
Exercise form not to be subject to automated individual decisions
To exercise your rights, we provide the following means:
1. By submitting a written and signed request addressed to Mireia Rosset, Carrer de Vallespir 61, bajos 2, 08014 Barcelona, Province of Barcelona, Spain. Ref. Exercise of Data Protection Rights.
2. By sending a scanned and signed form to the email address hello@creatistlab.com with the subject «Exercise of Data Protection Rights.»
In both cases, you must verify your identity by attaching a photocopy or scanned copy of your ID card or equivalent document. This is necessary to ensure that we only respond to the data subject or their legal representative. If you are acting as a legal representative, you must provide a document proving your representation.
Furthermore, if you believe that your rights have not been fully satisfied, you have the right to file a complaint with the national supervisory authority. For this purpose, you can contact the Spanish Data Protection Agency at C/ Jorge Juan, 6 – 28001 Madrid.
How do we protect your information?
We are committed to safeguarding your personal information. We employ physical, organizational, and technological measures, which are reasonably reliable and effective, aimed at preserving the integrity and security of your data and ensuring your privacy.
Furthermore, all personnel with access to personal data have undergone training and are aware of their obligations regarding the processing of such data.
When we enter into contracts with our suppliers, we include clauses that require them to maintain confidentiality regarding the personal data they have accessed as part of the assignment. They are also required to implement the necessary technical and organizational security measures to ensure the permanent confidentiality, integrity, availability, and resilience of the systems and services used for processing personal data.
We regularly review and update these security measures to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed, and there is no system that is completely impenetrable. In the event that any information under our control is compromised due to a security breach, we will take appropriate measures to investigate the incident, notify the supervisory authority, and, if necessary, inform the affected users so they can take appropriate actions.