1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data includes all data with which you can be personally identified.
1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Createsome Community GmbH,
An der Dreikönigskirche 10,
01097 Dresden, Germany
Tel.: +49 15146231352
Email: hello@createsome.de
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2.1 When you use our website purely for informational purposes, i.e., when you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary to display the website to you:
Processing takes place in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser’s address bar.
Webflow
We use the system of the following provider to host our website and display the content:
Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, ensuring the protection of our visitors' data and prohibiting unauthorized disclosure to third parties.
For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
To make your visit to our website attractive and to enable the use of certain functions, we use cookies — small text files stored on your device. Some cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain longer on your device to save site settings (so-called “persistent cookies”). You can find the storage duration in your browser's cookie settings overview.
If personal data is also processed by individual cookies we use, this is done either in accordance with Art. 6 (1) (b) GDPR for the execution of the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly, effective design of the site visit.
You can set your browser to inform you about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected via a contact form can be seen from the form itself. This data is used exclusively to respond to your inquiry and for the technical administration associated with it.
The legal basis for processing is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact aims at concluding a contract, Art. 6 (1) (b) GDPR also applies. Your data will be deleted after final processing of your inquiry unless legal retention obligations prevent this.
6.1 Newsletter Subscription
When you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory information is your email address; other data is optional and used to personalize the greeting. We use a double opt-in procedure. After subscribing, you receive a confirmation email with a link which you must click to confirm your consent.
By clicking the confirmation link, you consent to the processing of your personal data under Art. 6 (1)(a) GDPR. We store your IP address and the date/time of subscription to prevent misuse. Your data is used exclusively for newsletter purposes. You may unsubscribe at any time via the link in the newsletter or by contacting us. After unsubscribing, your email is removed unless you have granted consent for other data uses or we reserve legally permitted further use, about which you’d be informed.
6.2 Klaviyo
Newsletter delivery is handled by Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA. On the basis of our legitimate interest (Art. 6 (1)(f) GDPR) in effective, user-friendly newsletter marketing, we share your registration data with Klaviyo to send emails on our behalf.
With your explicit consent (Art. 6 (1)(a) GDPR), Klaviyo also analyzes campaign success using tracking pixels (e.g., open rates and clicks) and device information. You can revoke this tracking consent at any time. We have a data processing agreement with Klaviyo, and they are certified under the EU-US Data Privacy Framework.
Google Analytics 4
We use Google Analytics 4 (GA4) from Google Ireland Ltd. GA4 places cookies that collect information, including a truncated IP address to prevent personal identification. Data is processed on Google’s servers—including possibly in the USA.
Google processes this data on our behalf to analyze website usage, generate reports, and provide related services. All GA4 data is retained for two months and is never merged with other Google data. Processing and cookies are only used with your explicit consent (Art. 6 (1)(a) GDPR), which you can revoke anytime through our consent tool.
Additional GA4 functions—used only if consented:
• Demographics: anonymized statistics on age, gender, interests.
• Google Signals: cross-device analytics for users with enabled personalized ads.
• UserIDs: cross-device tracking for logged-in users.
• Customer data uploads: hashed email/phone data may be shared with Google to enhance analytics and advertising matching.
Google is certified under the EU-US Data Privacy Framework.
Meta Pixel with Advanced Matching
We use the Meta Pixel service from Meta Platforms Ireland Ltd, with advanced matching for Facebook and Instagram ads. This captures events like purchases or registrations and may include hashed data (e.g., email address) to match these events with Meta user profiles.
This allows us to measure conversions, create Custom Audiences, and improve ad targeting. Data is only collected if you consent (Art. 6 (1)(a) GDPR), which you can withdraw at any time using the consent tool. Meta may process this data in the USA and is certified under the EU-US Data Privacy Framework.
9.1 Adobe Fonts (Typekit)
Our site uses Adobe Web Fonts via Adobe Systems Inc. to display consistent typography. Your browser requests font files from Adobe servers, sending browser information including your IP address. This request is only made with your consent (Art. 6 (1)(a) GDPR), which you may withdraw anytime via the consent tool. If your browser cannot load these fonts, a default system font is used.
9.2 Google reCAPTCHA
We use Google reCAPTCHA (Google Ireland Ltd.) to prevent spam and automated misuse. It collects information such as your IP address, browser and device data, and time of visit. Cookies may be stored only with your consent, or otherwise processed under our legitimate interest (Art. 6 (1)(f) GDPR). We also have a data processing agreement with Google, and data may be transferred to the USA under the EU-US Data Privacy Framework.
9.3 Job Applications via Email
Our site advertises current job openings, which you may apply to via email. All necessary personal data is required: name, contact details, qualifications, and if applicable, health information. Processing is under Art. 6 (1)(b) GDPR (or §26 (1) BDSG). If health-related data (e.g., disability status) is collected, it is processed under Art. 9 (2)(b) or (h) GDPR to comply with labor and social security laws.
If you are not selected or withdraw your application, your data (including all correspondence) is deleted within six months after notification, unless legal obligations require extended storage. If hired, data will be processed for employment under Art. 6 (1)(b) GDPR (§26 (1) BDSG in Germany).
Cookie-Consent Tool
We use a Cookie-Consent Tool to collect valid user consent for cookies and cookie-based applications. It displays an interactive interface where you can check consents for specific services. Only after your explicit consent are non-essential cookies and services loaded. The tool itself uses technically necessary cookies to remember your choices. Personal data (e.g., IP address) may be processed under our legitimate interest (Art. 6 (1)(f) GDPR) and legal obligations (Art. 6 (1)(c) GDPR).
We have data processing agreements with the tool provider to ensure visitor data is protected and not shared or misused.
11.1 Your Rights
Under applicable data protection laws, you have the following rights regarding your personal data:
11.2 Right to Object
If we process your personal data based on our legitimate interest, you may object at any time for reasons arising from your specific situation. If you do, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or if processing serves legal claims. You may also object to processing for direct marketing purposes at any time, resulting in the immediate cessation of such processing.
The storage period for personal data depends on legal requirements, processing purpose, and, where applicable, statutory retention periods (e.g., commercial or tax law).
Unless otherwise stated, personal data is routinely deleted when it is no longer necessary for the purposes for which it was collected or processed.