Privacy Notice
GENERAL
This Privacy Notice (hereinafter the "Notice") provides an overview of how Armitage Labs OU, registry code 16977866, with the address Telliskivi Street 57b/1, Tallinn 10412 Estonia (hereinafter referred to as "Creem", "we" or "us") processes the personal data of the following categories of data subjects as a data controller:
- merchants (hereinafter the "Merchant") who are natural persons and representatives of Merchants where the Merchant is a legal person, who offer products to Buyers via the service provided by us in accordance with Merchant Terms (hereinafter the "Merchant Terms");
- buyers (hereinafter the "Buyer") who are natural persons and representatives of Buyers where the Buyer is a legal person, who purchase Merchant's products via the service provided by us in accordance with Buyer Terms (hereinafter the "Buyer Terms");
- visitors of our website creem.io (hereinafter the "Website");
- visitors of our social media platforms;
- other persons whose personal data we process in the course of our normal business activities, including when they contact us (e.g. by telephone, email or other communication channels).
We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union's General Data Protection Regulation (2016/679) ("GDPR") and other data protection legislation.
In case of personal data protection related inquiries please contact us by writing to support@creem.io.
CATEGORIES AND SOURCES OF PERSONAL DATA
Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. We process the following categories of personal data, including its collection, use, storage, and transmission:
Merchant data: name, e-mail address, bank account details, payout data, product information, account verification documentation. Where the Merchant is a legal person, this also includes the representative's name and the connection to a legal person, such as legal person's name and registry code.
Sources of data: we receive the data directly from the Merchant upon registration and verification of an account on our service.
Buyer data: name, e-mail address, billing address, payment details, order details. Where the Buyer is a legal person, this also includes the representative's name and the connection to a legal person, such as legal person's name and registry code.
Sources of data: we receive the data directly from the Buyer when completing a transaction through the checkout functionality on the Website.
Account data: user credentials and password of the portal designated to Merchant or Buyer.
Sources of data: we receive the data directly from you upon registration and verification of an account on our service.
Communication data: name, e-mail address, date, time, contents of your message.
Sources of data: we receive the data directly from you when you communicate with us through e-mail, Website or other communication channels.
Marketing data: e-mail address.
Sources of data: we receive the data directly from you upon registration of an account on our service.
Social media data: name, ID, contact details, profile picture, gender, username, age, country, list of friends, list of followers, and any other information that you have agreed to share or that becomes available to us through your social media account.
Sources of data: we obtain personal data from you when you visit, follow, interact with, or otherwise engage with our social media channels.
Log data: data generated during visits to and use of the Website device's Internet Protocol (IP) address, your browser type and version, the webpages you visit on our Website and the time spent on each page, the time and date of your visit, your device's system activity and hardware settings.
Sources of data: we receive the data directly from you when you visit Website.
Device data: device type, operating system, unique device identifiers, device settings, browser type, hardware model, Internet service provider and/or mobile carrier, system configuration information and geo-location data.
Sources of data: we receive the data directly from you when you visit Website.
Website usage data: data generated during visits to and use of the Website (depending on the specific cookie, this data includes, among other things, various cookie identifiers, IP address, settings, attributes).
Sources of data: we receive the data directly from you when you visit Website.
LEGAL BASES AND PURPOSES OF PROCESSING PERSONAL DATA
We process your personal data for the following purposes and on the following legal grounds:
Consent
Your consent is required for the processing of personal data for the purposes outlined below. You have the right to withdraw your consent at any time by contacting us.
As far as cookies are concerned, you always have the right to withdraw your consent by changing your preferences on our Website. The withdrawal of consent does not affect the lawfulness of the processing of personal data prior to its withdrawal.
| Purpose of processing | Categories of personal data |
|---|---|
| For Website development and improvement purposes, we process data related to your recent visits to the Website for analytical purposes. | Website Usage Data |
| For marketing purposes, we collect and process data about your visits to the Website using cookies. | Website Usage Data |
Performance of the contract
The processing of personal data is necessary for the performance of a contract to which you are a party or to take steps prior to entering into a contract.
| Purpose of processing | Categories of personal data |
|---|---|
| Taking pre-contractual measures, including pre-contractual negotiations and concluding contracts | Merchant Data, Buyer Data, Account Data |
| Performance and management of contracts | Merchant Data, Buyer Data, Account Data |
| Termination of a contract and management of the termination process | Merchant Data, Buyer Data, Account Data |
Compliance with a legal obligation
We process your personal data in order to comply with a legal obligation.
| Purpose of processing | Categories of personal data |
|---|---|
| Organisation of accounting, including the storage of accounting documents | Merchant Data, Buyer Data |
| Compliance with legal or regulatory obligations or requests | All data categories |
Legitimate interests
For these purposes, we process your personal data based on legitimate interests. You have the right to request an explanation and to object if you believe that the processing adversely affects your rights.
| Purpose of processing | Categories of personal data |
|---|---|
| Pre-contractual measures and contract management with legal persons | Merchant Data, Buyer Data, Account Data |
| Creation and provision of analytics derived from Buyers' transactions to Merchants | Buyer Data (name, email, IP address) |
| Responding to your enquiries and requests | Communication Data |
| Sending information about service updates | Marketing Data |
| Implementing and managing access to the Website | Log Data, Device Data |
| Diagnosing and repairing problems with the Website | Log Data, Device Data |
| Managing and interacting with social media | Social Media Data |
| Storing information in backup systems | All data categories |
| Disclosure of data to service providers and professional advisers | All data categories |
| Establishing, exercising, or defending legal claims | All data categories |
Direct marketing
We process your personal data for direct marketing in accordance with applicable electronic communications laws.
| Purpose of processing | Categories of personal data |
|---|---|
| Sending newsletters and other marketing information | Marketing Data |
RECIPIENTS OF PERSONAL DATA AND DATA TRANSFERS
In certain cases, we may need to transfer your personal data to the following categories of recipients:
- Public authorities and law enforcement agencies
- Professional advisors (auditors, attorneys)
- Successors and/or potential acquirers
- Merchants
We may engage processors of personal data, including IT service providers, accounting service providers, and providers of work facilitation services.
For service providers located outside the EU/EEA, we use appropriate safeguards such as standard contractual clauses approved by the European Commission.
PERSONAL DATA RETENTION PERIOD
We retain your personal data as long as reasonably necessary. Specific retention periods:
- Contractual data: 3.5 years from the termination of the contract
- Accounting data: 7 years in accordance with the Estonian Accounting Act
RIGHTS OF THE DATA SUBJECT
You have the following rights:
- The right to access your personal data
- The right to request rectification
- Right to erasure of personal data ("right to be forgotten")
- The right to request restriction of processing
- The right to data portability
- The right to object to processing
- The right to withdraw consent at any time
- The right to contact the supervisory authority (Estonian Data Protection Inspectorate at info@aki.ee)
USE OF COOKIES AND SIMILAR TECHNOLOGIES
We use cookies with your prior consent (except essential technical cookies). You can withdraw consent by changing your preferences on our Website.
Strictly necessary cookies
These ensure the functionality of basic features of our Website. We have the right to use such cookies without your prior consent.
Analytics cookies
These allow us to collect information about your visits to improve functionality. We only use such cookies with your prior consent.
Marketing cookies
These show you relevant advertising. We only use such cookies with your prior consent.
CHANGES TO THIS NOTICE
This Notice may be amended from time to time. The most recent version will be published on this webpage.
Version: November 2025
Have questions about our privacy practices?
Contact Us