Privacy Policy – CreativState
Last updated: March 5, 2026
1. Introduction
CreativState ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and store your information in accordance with the EU General Data Protection Regulation (GDPR) and Croatian law.
2. Data We Collect
Based on our minimal data practices, we collect and process only the following personal data as strictly necessary:
Name and email address (e.g., for communication, waitlist sign-ups, or newsletters if you opt in)
Billing information (as required for invoicing, including OIB if applicable)
Notes from consulting calls and project work
Project files and related documentation needed for the service
Data collection is limited to what's essential for providing our services or your requested communications.
3. How We Use Your Data
We use your data solely for:
Providing and managing our services
Communicating with you about your sessions or projects
Creating and issuing invoices in line with legal obligations
Maintaining project and client history for up to 1 year after service to provide better continuity if you return
Sending you offers, updates, or newsletters (only if you have consented, such as via waitlist or newsletter sign-up)
4. Legal Basis for Processing
We process your personal data on the following legal grounds:
Performance of a contract (to deliver the agreed service)
Legal obligation (for invoicing and tax purposes)
Consent (for marketing communications like newsletters or waitlists)
In certain cases, we will ask for your explicit consent to process specific types of personal data (e.g., storage of sensitive notes or marketing use of project materials).
This consent will be documented via our "Consent to Processing of Personal Data" form and kept as part of your client record.
5. Data Storage and Security
Your data is stored securely using Notion and may later be stored locally on secure, open-source platforms.
Our website is hosted on Framer, which may also collect technical and analytics data through cookies. See Section 8 for more details.
We take appropriate security measures to prevent unauthorized access, alteration, or disclosure of your data.
6. Data Retention
We keep your data for up to 1 year after the completion of services, unless a longer retention period is required by law. After that, your data will be securely deleted.
7. Data Sharing
We do not sell or trade your personal data.
We may share it only when:
Required by law
Necessary for payment processing
Necessary for accounting or legal compliance
8. Cookies and Tracking
Our website is hosted on Framer, which may use cookies and similar technologies for:
Website performance and security
Analytics (to understand site usage)
Functionality (to improve your browsing experience)
You can manage or disable cookies in your browser settings. Please note that disabling cookies may affect site functionality.
9. International Data Transfers
Some of our service providers (including Notion and Framer) are based outside the European Economic Area (EEA), primarily in the United States.
Where data is transferred outside the EEA, we ensure it is protected through GDPR-approved safeguards, such as the EU-US Data Privacy Framework or Standard Contractual Clauses.
10. Your Rights
Under GDPR, you have the right to:
Access the personal data we hold about you
Request correction or deletion of your data
Withdraw consent where processing is based on consent
File a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP)
11. Data Breaches
In the event of a personal data breach, we will notify you and the relevant supervisory authority (AZOP) without undue delay if the breach is likely to result in a high risk to your rights and freedoms, in accordance with GDPR requirements.
12. Contact
If you have any questions about this Privacy Policy or your data, contact:
CreativState
Email: contact@creativstate.com