top of page

Privacy and data protection policies

In compliance with current legislation, Kreaktivate (hereinafter also referred to as the Website) commits to implementing the necessary technical and organisational measures appropriate to the level of risk associated with the data collected.

Laws incorporated in this Privacy Policy

This Privacy Policy is adapted to current Spanish and European regulations on the protection of personal data online. Specifically, it complies with the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

  • Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).

  • Royal Decree 1720/2007 of 21 December, approving the Regulation implementing Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).

  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The data controller for personal data collected through Kreaktivate is: Juan Olea Carrillo, NIF: 26248523A (hereinafter, the Data Controller). Contact details are as follows:

  • Address: Prof. Michała Bobrzyńskiego 27/27 – 30-348 Kraków (Poland)

  • Phone: +34 663 539 953

  • Email: Hola@kreaktivate.com

Personal Data Register

In compliance with the GDPR and the LOPDGDD, we inform you that personal data collected by Kreaktivate through the forms on its pages will be incorporated and processed in our records in order to facilitate, expedite, and fulfil the commitments established between Kreaktivate and the User, or to maintain the relationship established through the forms completed by the User, or to respond to a request or query. In accordance with the GDPR and the LOPDGDD, and unless the exception set out in Article 30(5) of the GDPR applies, a record of processing activities is maintained specifying, by purpose, the processing activities carried out and all other circumstances required under the GDPR.

Principles applicable to the processing of personal data

The processing of the User's personal data is subject to the following principles set out in Article 5 of the GDPR and Article 4 et seq. of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency: The User's consent will always be obtained following full and transparent disclosure of the purposes for which personal data is collected.

  • Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.

  • Data minimisation: Only the personal data strictly necessary for the purposes for which it is processed will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Personal data will only be kept in a form that permits identification of the User for as long as necessary for the purposes of processing.

  • Integrity and confidentiality: Personal data will be processed in a manner that ensures its security and confidentiality.

  • Accountability: The Data Controller is responsible for ensuring compliance with all of the above principles.

Categories of personal data

The categories of data processed by Kreaktivate include both identifying data and special categories of personal data as defined in Article 9 of the GDPR. Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health, or data concerning a person's sex life or sexual orientation.

The processing of special categories of personal data will always require the User's explicit consent for one or more specific purposes.

Legal basis for the processing of personal data

The legal basis for the processing of personal data is consent. Kreaktivate commits to obtaining the User's express and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, withdrawal of consent will not affect the User's ability to use the Website.

Where the User must or may provide their data through forms to make enquiries, request information, or for reasons related to the Website's content, they will be informed if completing any particular field is mandatory because it is essential for the proper completion of the relevant operation.

Purposes for which personal data is processed

Personal data is collected and managed by Kreaktivate in order to facilitate, expedite, and fulfil the commitments established between the Website and the User, or to maintain the relationship established through the forms completed by the User, or to respond to a request or query.

Data may also be used for commercial personalisation, operational and statistical purposes, and activities that fall within Kreaktivate's core business, as well as for data extraction, data storage, and marketing studies to better tailor the content offered to the User and to improve the quality, performance, and navigation of the Website.

At the time personal data is collected, the User will be informed of the specific purpose or purposes for which it will be processed — that is, how the information collected will be used.

Personal data retention periods

Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: 24 months, or until the User requests its deletion.

At the time personal data is collected, the User will be informed of the period for which it will be retained or, where that is not possible, the criteria used to determine that period.

Recipients of personal data

The User's personal data will not be shared with third parties. In any case, at the time personal data is collected, the User will be informed of the recipients or categories of recipients of their personal data.

Personal data of minors

In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only individuals aged 14 or over may lawfully give their consent for the processing of their personal data by Kreaktivate. For users under the age of 14, parental or guardian consent is required, and processing will only be considered lawful to the extent that such consent has been granted. 

Confidentiality and security of personal data

Kreaktivate commits to implementing the necessary technical and organisational measures appropriate to the level of risk associated with the data collected, in order to ensure the security of personal data and prevent its accidental or unlawful destruction, loss, or alteration, or unauthorised disclosure or access.

The Website holds an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as all data exchanged between the server and the User is fully encrypted.

However, since Kreaktivate cannot guarantee the absolute security of the internet or the complete absence of hackers or other parties who may fraudulently access personal data, the Data Controller commits to notifying the User without undue delay should a personal data breach occur that is likely to result in a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach is understood as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Personal data will be treated as confidential by the Data Controller, who commits to informing and ensuring — by means of a legal or contractual obligation — that such confidentiality is respected by their employees, associates, and any person to whom the information is made accessible.

Rights arising from the processing of personal data

The User has the following rights with respect to Kreaktivate and may exercise them against the Data Controller, as recognised under the GDPR and Organic Law 3/2018:

  • Right of access: The right to obtain confirmation of whether Kreaktivate is processing their personal data and, if so, to obtain information about the specific data and the processing carried out or being carried out, including information on the origin of the data and the recipients of any communications made or planned.

  • Right to rectification: The right to have inaccurate personal data corrected or, where appropriate, incomplete data completed.

  • Right to erasure ("right to be forgotten"): The right to have personal data deleted — unless current legislation provides otherwise — where it is no longer necessary for the purposes for which it was collected; where the User has withdrawn consent and there is no other legal basis for processing; where the User objects and there is no overriding legitimate reason to continue; where the data has been unlawfully processed; where erasure is required by a legal obligation; or where the data was obtained in connection with the direct offer of information society services to a child under 14. In addition to erasing the data, the Data Controller must take reasonable steps to inform other controllers processing the data of the User's request for erasure of any links to, or copies of, that data.

  • Right to restriction of processing: The right to limit the processing of personal data where the User contests its accuracy; the processing is unlawful; the Data Controller no longer needs the data but the User requires it for the establishment, exercise, or defence of legal claims; or the User has objected to processing.

  • Right to data portability: Where processing is carried out by automated means, the right to receive personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller. Where technically feasible, the Data Controller will transmit the data directly to that other controller.

  • Right to object: The right to object to the processing of personal data by Kreaktivate, or to request that such processing cease.

  • Right not to be subject to automated individual decision-making, including profiling: The right not to be subject to a decision based solely on automated processing of personal data, including profiling, unless current legislation provides otherwise.

To exercise any of these rights, the User may submit a written request to the Data Controller referencing "GDPR – www.kreaktivate.com", including:

  • Full name and a copy of the User's national ID (DNI). Where representation is permitted, the representative must also be identified by the same means, along with proof of representation. A photocopy of the DNI may be replaced by any other legally valid proof of identity.

  • The request, with the specific grounds or information the User wishes to access.

  • Address for notification purposes.

  • Date and signature of the applicant.

  • Any document supporting the request.

This request and any supporting documents may be sent to:

  • Address: Prof. Michała Bobrzyńskiego 27/27 – 30-348 Kraków (Poland)

  • Phone: +34 663 539 953

  • Email: Hola@kreaktivate.com

Links to third-party websites

The Website may include hyperlinks or links to third-party web pages that are not operated by Kreaktivate. The owners of those websites have their own data protection policies and are solely responsible for their own files and privacy practices.

Complaints to the supervisory authority

If the User believes there is an issue or violation of applicable regulations regarding the processing of their personal data, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority — in particular, in the Member State of their habitual residence, place of work, or place of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agreed to the terms regarding the protection of personal data contained in this Privacy Policy, and must consent to the processing of their personal data, in order for the Data Controller to proceed in the manner, within the timeframes, and for the purposes set out herein. Use of the Website constitutes acceptance of this Privacy Policy.

Kreaktivate reserves the right to amend this Privacy Policy at its own discretion, or as required by legislative, case law, or regulatory changes from the Spanish Data Protection Agency. Users are advised to review this page periodically to stay informed of any updates.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights.

bottom of page