0725212559 | office@creative-bright.com
0

Privacy policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION

 

Creative & Bright S.R.L.
Last updated: August 14, 2025

 

  1. Introduction

This Policy explains how Creative & Bright S.R.L. (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the website www.creative-bright.com, when you purchase our products/services (including online/offline courses), or when you subscribe to our newsletter.
By providing your data, you confirm that you are at least 16 years old. If you are under 16, parental/legal guardian consent is required. We do not knowingly collect children’s data under the age of 16 without such consent.

 

  1. Controller and contact details
  • Name: Creative & Bright S.R.L.
  • Tax ID (CUI): RO30759194
  • Registered office: Str. Drumul Opalului, No. 1–43, Bloc Cocor, Staircase D, Ap. 6, Sector 1, Bucharest, Romania
  • Business address: Șos. Pipera 50A, Sector 2, Bucharest, Romania
  • Phone: +40 744 672 567
  • Email: office@creative-bright.com
  • Website: www.creative-bright.com

Supervisory authority: National Supervisory Authority for Personal Data Processing (ANSPDCP) – www.dataprotection.ro.
We have not appointed a Data Protection Officer (DPO), as we are not legally required to do so. For any privacy-related matter, please contact us using the details above.

 

  1. What data do we collect
  • Identity data: name, surname; position (if applicable); date of birth and/or gender (optional).
  • Contact data: email, phone number, billing and/or delivery address.
  • Financial data: IBAN for bank transfers; card details are processed by our payment processor—we do not store full card numbers.
  • Transaction data: products/services purchased, amounts, dates, and payment/order status.
  • Technical data: IP address, browser type/version, operating system, language settings, cookie identifiers, usage events.
  • Usage data: pages visited, products viewed, actions performed on the website.
  • Marketing/communication preferences: newsletter and contact channel preferences.
  • Recruitment data (if you send us your CV): the data contained in the CV and attached documents.

We do not collect special categories of data (“sensitive data”) or data relating to criminal convictions.

 

  1. How we collect data
  • Directly: order/contact forms, course/event registrations, account creation (if applicable), newsletter sign-up, CV submission.
  • Automatically: cookies and similar technologies (e.g., Google Analytics, Meta Pixel)—see our Cookie Policy for details.
  • Public sources: Trade Register/professional public profiles (strictly where necessary, e.g., for B2B invoicing).

 

  1. Purposes of processing
  1. Contract performance: processing orders and providing products/services (including courses), assistance, and support.
  2. Invoicing and payments: issuing tax documents, payment reconciliation.
  3. Delivery/Access: shipping physical products; sending links/materials for digital products/courses.
  4. Communications: order/course notices (confirmations, status, changes), responses to requests.
  5. Improvement & security: aggregated statistics, maintenance, fraud prevention/detection.
  6. Marketing: sending the newsletter only with your consent.
  7. Personalization: processing the elements required for product personalization (e.g., name/logo) at your request.
  8. Legal compliance: accounting/tax obligations; defending our rights before authorities/courts, where applicable.

 

  1. Personalised products—specific information
  • Personalised digital content (e.g., “Școala Emoțiilor” – personalised PDF): we may request the child’s name, age/date of birth (optional—for greetings), and the recipient’s email address (for delivery/gifting). This data is used solely for personalization and delivery and is deleted after delivery (unless the recipient is already a newsletter subscriber or an active customer).
  • Physical products with logos: graphic materials you provide are used strictly for production and deleted after completion, unless you agree to their reuse.
  • Gifts to third parties: the recipient’s email address is used strictly for delivery/personalization; we do not subscribe to the recipient to the newsletter without their consent.

 

  1. Legal bases for processing
  • Contract performanceArt. 6(1)(b) GDPR (orders, delivery, access to courses).
  • Legal obligationArt. 6(1)(c) GDPR (accounting/tax).
  • Legitimate interestsArt. 6(1)(f) GDPR (site security, fraud prevention, defense of rights).
  • ConsentArt. 6(1)(a) GDPR (newsletter, non-essential cookies, certain optional personalizations).

 

  1. Recipients/processors

We process data with partners (as processors or, where applicable, independent controllers) under confidentiality commitments and GDPR clauses, strictly as necessary:

  • Online payments: NETOPIA Payments (mobilPay) – payment processing (processor and/or independent controller for its anti-fraud obligations).
  • Courier: DPD Romania (and international partners, where applicable) – delivery of physical products.
  • Hosting & email: our hosting/email provider – operation of the website and mailboxes.
  • Analytics/advertising: Google (Analytics) and Meta (Facebook/Instagram)only with consent for statistical/marketing cookies.
  • Newsletter system (CRM): MiniCRM Zrt. (Hungary, EU) – used exclusively to send newsletters to subscribers (list management, sending marketing emails based on consent).

We may disclose data to public authorities, banks, auditors, or consultants only where there is a legal obligation or a clear legitimate interest (e.g., defending claims in court).

 

  1. International transfers

Processing generally takes place within the EEA. MiniCRM is established in Hungary (EU); NETOPIA in Romania (EU).
For some services (e.g., Google/Meta), certain technical data may be transferred outside the EEA. In such cases, we use Standard Contractual Clauses and, where appropriate, additional safeguards, in accordance with Art. 46 GDPR. We do not carry out transfers without appropriate safeguards.

 

  1. Data retention
  • Customers/orders: 5 years from the last transaction (tax requirements).
  • Newsletter: until consent is withdrawn or you unsubscribe.
  • Personalised products: personalization data are deleted after delivery, unless you agree to retention.
  • Recruitment: for the duration of the process and, if no employment follows, up to 6 months (or deletion on request).

 

  1. Data security

We apply appropriate technical and organizational measures (access controls, strong passwords, encryption in transit, backup, internal policies, staff training). Our processors (including MiniCRM/NETOPIA) apply appropriate security measures as well.
We maintain incident-response procedures and, where required, notify ANSPDCP and affected individuals within legal time limits.

 

  1. Automated decision-making and profiling

We do not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We may perform simple segmentation of subscribers, based on consent (e.g., stated interests), to send relevant content.

 

  1. Your rights (GDPR)
  • To be informed and to access the data we hold about you.
  • To rectify inaccurate/incomplete data.
  • To erasure (“right to be forgotten”), under the conditions of the law.
  • To restrict processing in certain situations.
  • To object to processing based on legitimate interests/direct marketing.
  • To data portability (for data processed by automated means, based on consent or contract).
  • To withdraw consent (without affecting the lawfulness of prior processing).
  • To lodge a complaint with ANSPDCP or to seek a judicial remedy.

Exercising your rights: email us at office@creative-bright.com or write to our business address (Șos. Pipera 50A, Sector 2, Bucharest, Romania).
Response time: within one month (extendable by up to two months in complex cases—you will be informed).

 

 

 

  1. Newsletter and commercial communications

We send newsletters only based on your explicit consent.
Newsletters are sent via MiniCRM (as our processor) exclusively to subscribers. You can unsubscribe at any time using the link in any email or by writing to office@creative-bright.com. We keep proof of consent (e.g., double opt-in, if enabled).
Note: transactional messages (order/course confirmations, invoices, support) are not marketing communications.

 

  1. Links to third parties

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please read their privacy policies.

 

  1. Cookies

Full details about the categories of cookies used, purposes, durations, and how to control preferences are provided in our Cookie Policy published on the site. Non-essential cookies (statistics/marketing) are used only with your consent via the cookie banner.

  1. Changes to this Policy

We may update this Policy from time to time. The current version and the date of last update appear at the beginning of the document. Changes apply from the date of publication.

 

  1. Contact

For questions or requests regarding data protection:
Email: office@creative-bright.com
Phone: +40 744 672 567
Postal address (business address): Șos. Pipera 50A, Sector 2, Bucharest, Romania

 

All rights reserved 2025 ,Creative & Bright Made by Twisted Design
Contact us!
Privacy Overview

This website uses cookies to provide you with the best user experience. Cookie information is stored in your browser and is used to recognize you when you return to our website and to help our team understand which sections of the website you find most interesting and useful.