Cre8-iQ

Privacy Policy

Last updated 5th September 2025

Privacy Policy

Last updated: 5 September 2025

This privacy notice explains how Cre8iQ (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit https://www.cre8iq.com (the “Site”) or interact with us in other ways.

Controller: Cre8iQ (trading name). Until incorporation, the data controller is Julian Wood (United Kingdom). You can contact us at privacy@cre8iq.com.

1) What data we collect

  • Site usage & device data: IP address, general location (country/city), browser & device identifiers, pages viewed, referring URL, time on page, error logs.
  • Contact & enquiry data: name, email, phone, company, role, and the content of your message.
  • Marketing preferences: newsletter sign-ups, opt-in/opt-out status.
  • Client/account data (if you become a customer): billing contact details, proposals & contracts, support tickets, and related records.
  • Cookies & similar technologies: see Cookies below.

We do not intentionally collect special category data (e.g., health, biometric) or children’s data. Please do not submit these via our forms.

2) Why we use your data (lawful bases)

PurposeExamplesLawful basis
Run and secure the SiteLoad balancing, availability, fraud/abuse prevention, diagnosticsLegitimate interests (keep services secure and usable)
Analytics & improvementUnderstanding which pages are most useful; fixing UX issuesConsent for any non-essential cookies/identifiers (decline = no analytics cookies)
Respond to enquiriesContact forms, emails, demo requestsLegitimate interests or pre-contract steps at your request
Marketing (with consent)Newsletters, product updatesConsent (withdraw any time)
Contract delivery (if you become a client)Proposals, onboarding, support, invoicingContract
Legal & complianceRecord-keeping, exercising or defending legal claimsLegal obligation / Legitimate interests

Note on cookies/PECR: Where analytics or marketing tools use cookies/identifiers on your device, we will obtain consent before setting anything non-essential. “Strictly necessary” cookies (e.g., security, load-balancing) run without consent.

3) Where data comes from

  • Directly from you (forms, emails, calls, meetings).
  • Automatically from your device when you browse the Site (via cookies or server logs).
  • From service providers helping us operate the Site and manage communications.

4) Who we share data with (processors)

We use trusted service providers who process personal data on our instructions, under contract. They include the following categories (examples in parentheses):

  • Hosting & infrastructure (e.g., managed WordPress hosting, VPS providers).
  • Content management & plugins (WordPress core and selected plugins that support forms, security, caching, or anti-spam).
  • Analytics (e.g., privacy-friendly analytics or Google Analytics, only if you consent to analytics cookies).
  • Email & CRM (e.g., email service providers and newsletter tools).
  • CDN & performance (e.g., content delivery networks that optimise delivery).
  • Professional advisors (accountants, lawyers) where necessary.

We require confidentiality, security, and data-protection terms from all processors. We do not sell your personal data.

5) International transfers

Some providers may process data outside the UK. Where that happens, we use appropriate transfer mechanisms (such as the UK International Data Transfer Agreement, the UK Addendum to the EU SCCs, and transfer risk assessments where required).

6) How long we keep data

  • Enquiry data: 24 months after our last interaction.
  • Marketing data: until you unsubscribe or after 24 months of inactivity.
  • Analytics data: aligned to the analytics tool’s retention setting (typically 14–26 months).
  • Contracts/finance: kept per legal/accounting requirements (typically 6 years in the UK).

7) Your privacy rights

Under UK GDPR you can request to access your data, rectify inaccurate data, erase data, restrict or object to processing, and port your data. Where we rely on consent, you can withdraw consent at any time. To exercise rights, email privacy@cre8iq.com. We’ll respond within one month (or let you know if we need more time for complex requests).

You also have the right to complain to the UK Information Commissioner’s Office (ICO). We’d appreciate the chance to resolve your concerns first.

8) Cookies

  • Strictly necessary cookies (always on): required for core functions (security, load-balancing).
  • Analytics cookies (optional): help us improve the Site; set only with your consent.
  • Marketing cookies (if used): for measuring campaigns; set only with your consent.

You can change or withdraw consent anytime via our cookie banner or cookie settings. Your browser may also let you block cookies.

9) Security

We implement technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, least-privilege, and vendor due diligence. No method is 100% secure; we work to prevent unauthorised access and review controls periodically.

10) Third-party links

Our Site may link to third-party sites, plug-ins, or services. Those have their own privacy policies. Please review them before providing personal data.

11) Children

Our services target business users and general audiences. We do not knowingly collect data from children under 13. If you believe a child has provided data, contact us and we’ll delete it.

12) Automated decision-making

We do not conduct solely automated decisions with legal or similarly significant effects. If that changes, we’ll update this notice and explain the logic, consequences, and your rights.

13) Changes to this policy

We may update this policy from time to time. We’ll post the new version with a new “Last updated” date. Significant changes may be communicated via the Site or email where appropriate.

14) Contact us

Controller: Cre8iQ (trading name). Until incorporation, the data controller is Julian Wood (United Kingdom).