Privacy Policy (GDPR)

Effective date: 25 May 2018
Last updated: 28 October 2025

Creative&Deluxe (“we”, “our”, “us”) is committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Who We Are

Creative&Deluxe is a web hosting and IT services provider operating since 2012, offering a full range of hosting, domain, and cloud solutions.

Contact Information:
Creative&Deluxe
Email: support@creative-deluxe.com
Address: Burgas,Bulgaria 8000

For all GDPR inquiries, please contact our Data Protection Officer (DPO) at: info@creative-deluxe.com

2. What Data We Collect

We may collect and process the following categories of personal data:

• Account Information: name, email address, phone number, billing address.

• Payment Information: payment method details (processed securely via third-party gateways, we do not store full card data).

• Technical Data: IP addresses, server logs, login activities, browser type.

• Support Communications: messages via email, ticket system, or chat.

• Website Usage Data: cookies, analytics data (e.g., Google Analytics, Matomo, etc.).

3. Legal Basis for Processing

We process personal data on the following grounds:

• Contractual necessity: to provide hosting and related services (GDPR Art. 6(1)(b)).

• Legal obligation: for tax, accounting, and regulatory requirements (Art. 6(1)(c)).

• Legitimate interest: to improve services, ensure security, prevent fraud (Art. 6(1)(f)).

• Consent: for marketing communications and non-essential cookies (Art. 6(1)(a)).

4. How We Use Your Data

Your data may be used for:

• Creating and managing your hosting account.

• Processing payments and invoices.

• Providing customer support.

• Sending service updates and security notices.

• Preventing abuse, fraud, or illegal activity.

• Marketing emails (only with your explicit consent).

5. Data Storage & Security

• All data is stored on secure servers located in the EU.

• Backups are encrypted and stored in compliance with GDPR.

• Access to personal data is restricted to authorized personnel only.

• We use firewalls, DDoS protection, and monitoring to safeguard systems.

6. Data Retention

• Account data: kept as long as you are a customer.

• Billing data: retained for 10 years as required by accounting laws.

• Support tickets: retained for 3 years.

• Backups: rotated and securely deleted after [insert retention period].

7. Third-Party Disclosure

We may share data with:

• Payment providers (e.g., Stripe, PayPal, ePay).

• Domain registries & SSL providers (for processing your orders).

• IT infrastructure providers (data centers, backup services).

• Regulatory authorities when required by law.

We never sell your personal data to third parties.

8. Your GDPR Rights

You have the right to:

• Access your personal data.

• Correct inaccurate or incomplete data.

• Delete your data (“right to be forgotten”).

• Restrict or object to processing.

• Data portability: request a copy in machine-readable format.

• Withdraw consent at any time (for marketing/cookies).

• Lodge a complaint with your local Data Protection Authority.

To exercise your rights, contact us at: [Insert GDPR contact email].

9. Cookies & Tracking

Our website uses cookies to:

• Ensure functionality (login, cart, preferences).

• Improve performance and analytics.

• Personalize marketing (with consent).

You can manage cookies in your browser settings or via our cookie consent banner.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or services. Updates will be posted here with a revised “Last updated” date.