Privacy Policy – Now Creatives



EFFECTIVE DATE 20th May 2019

The (Website) is operated by Now Creatives LTD (Controller, we, us, Nowcreatives), a company incorporated under the laws of the United Kingdom under registration number 11418283, with registered office in the United Kingdom.

This PRIVACY POLICY applies to relationships between Nowcreatives and you (Data subject) and the information collected by Nowcreatives through the when you using Website. This PRIVACY POLICY explains what information Nowcreatives collects from you and how it is stored and protected. Please read this PRIVACY POLICY to get clear information regarding the processing of your personal data.


The Nowcreatives reserves the right to change this PRIVACY POLICY at any time in case of changes in the law, our data collection, and use process, the way in which our website and services work. We shall notify you about any changes in our PRIVACY POLICY


  • Definitions


The terms listed below have the meanings assigned to them in the Regulation (EU) 2016/679 General Data Protection Regulation:

    1. Personal identifiable data means any information relating to an identified or identifiable natural person (‘Data Subject’). In this definition identifiable natural person means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
    2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
    3. Controller means any natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by the European Union or the law of the UK.
    4. Data Subject is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular information representing personal data;


  • General provisions


    1. The Privacy policy of the Controller is based on the personal data protection requirements and principles adopted by virtue of Regulation (EU) 2016/679 General Data Protection Regulation of European Parliament Commission and Data Protection Act 2018 of United Kingdom Parliament, achieved royal assent on 23 May 2018.
    2. The Controller acknowledges the privacy of Data Subjects and makes efforts to protect them against any unlawful processing of Personal identifiable data.
    3. The Controller applies all necessary relevant technical and organizational measures to protect the Personal identifiable data of Data Subjects in accordance with the effective legislation.
    4. Although Controller will take diligent efforts to ensure safe storage and Processing of Personal identifiable data, Controller cannot guarantee it to be 100% secure and risk-free.


  1. Collecting and Processing of Personal Identifiable Data
    1. Types of Personal identifiable data collected:


contact data


identity data

a first name, maiden name, last name

communication data

messages Data Subject send to Controller, feedbacks and survey responses

technical data

internet protocol (IP) address, login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices Data subject use to access the website,

    1. Collection of Personal identifiable data:

direct interactions  

Data Subject may provide Personal identifiable data  when completing online forms, create an account, join the mailing list, or otherwise or correspond with Controller (by post or email)

automated technology

Controller automatically collects Personal identifiable data (technical and usage) when Data Subject interacts or browse Website by using cookies, server logs, and other similar technologies.

third parties

Controller  may receive Personal identifiable data from: (a)analytics providers based outside the EU (such as Google); (b) advertising networks (such as Twitter) based [inside the EU; and (c) search information providers (such as DuckDuckGo) based inside the EU; (d) our suppliers such as payment providers, delivery services, Website support and maintenance providers.

    1. The Controller, in its capacity as Controller of Personally identifiable data, processes it with an appropriate level of security. Such Processing includes protection against unauthorized or illegal Processing and against accidental loss, destruction or damage while applying suitable technical and/or organizational measures in compliance with the following principles:
  • lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness, fairness and transparency”);
  • data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“appropriateness in the Processing of Personal identifiable data and purpose limitation”);
  • adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (“data minimization”);
  • accurate and kept up to date;
  • limitation of the storage for periods not longer than necessary for the purposes for which they are processed (“storage limitation”);
  • Processed in a manner that ensures appropriate security of the Personal identifiable data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage;
  • Using appropriate technical or organizational measures (“integrity and confidentiality”).
    1. The Controller processes Personal identifiable data only if and to the extent, at least one of the conditions listed below shall apply:
  • Processing is required for the performance of an agreement with the Controller, to which the Data Subject is a party, or to undertake steps at the request of the Data Subject prior to the signing of an agreement with the Controller.
  • Processing is required for compliance with a legal obligation that applies to the Controller in its capacity as Controller of Personal identifiable data.
  • Data Subject has given consent for the Processing of Personal identifiable data for one or more specific purposes.
    1. Controller in its capacity as Controller does not collect or Process the Personal identifiable data which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, data concerning the health, sex life or sexual orientation of the natural person.


  1. Purpose of Personal identifiable data Processing

4.1 General purpose:


Type of data

Lawful basis

to provide services pursuant to Terms and Conditions

identity, contact, financial

to perform a contract with Data Subject;

as necessary for Controller’s legitimate interest.

to manage the relationship with Data Subject, notifying Data Subject about changes in this Privacy Policy

identity, contact

to perform a contract with Data Subject;

as necessary for Controller’s legitimate interest

as necessary to comply with a legal obligation

as necessary for legitimate interests in keeping records updated and analyzing how Data Subjects use Website.

to use data analytics to improve services, marketing, customer relationships and experiences


to keep our Website updated and relevant, to develop our business and to inform our marketing strategy

to make suggestions and recommendations to Data Subject about goods or services

identity, contact, technical

as necessary for our legitimate interests to develop our products/services and grow our business


  • Rights of Data Subject



    1. Right to information – Data Subject has a right to receive information about the Controller, as well as about the Processing of their Personal identifiable data.
    2. Right of access to own Personal identifiable data – Data Subject the right to receive from the Controller confirmation as to whether Personal identifiable data related to them are processed and if so, to be given access to the data and the following information:
  • purpose of the Processing;
  • Processed Personal identifiable data categories;
  • Personal identifiable data recipients or categories of recipients, if any;
  • the intention of the Controller to transmit Personal identifiable data to a third party;
  • Personal identifiable data storage period;
  • the existence of the right to correct Personal identifiable data, as well as the right to object against the Processing of Personal identifiable data;
  • the existence of automated decision making, including profiling (if any); information as to all rights that the Data Subject has;
    1. Right to rectification of Personal identifiable data (if data is not accurate) – the Data Subject has the right to request the Controller to rectify, without undue delay, any incorrect data pertaining to the Data Subject.
    2. Right to the erasure of Personal identifiable data (right “to be forgotten”) – the Data may request the Controller to erase Personal identifiable data if any of the conditions listed below exist:
  • Personal identifiable data are no longer needed for the purposes they have been collected for or processed otherwise;
  • Data Subject withdraws given consent, which data Processing is solely based on, and no other legal grounds for the Processing exist;
  • Data Subject objects against the Processing and no legal grounds for the Processing exist that prevail;
  • Personal identifiable data were processed unlawfully;
  • Personal identifiable data should be erased in order to comply with a legal obligation under the applicable European Union law or the laws of the United Kingdom;
  • The Personal identifiable data have been collected in relation to the offering of information society services to children and the holder of parental responsibilities for the child gave consent.
    1. Right to the limitation of Processing by the Controller or by the Personal identifiable data processor – specific conditions are required to be in place for that right to be exercised, namely:
  • The Data Subject disputes accuracy (up-to-date) nature of the data. In this case, the limitation of the Processing is over a period of time allowing the Controller to check the accuracy of the Personal identifiable data;
  • Processing is unlawful, but the Data Subject do not wish their Personal identifiable data to be erased, but rather require limitation of their use;
  • The Controller no longer needs such Personal identifiable data for Processing purposes, but the Data Subject requires them for establishing, exercising or defending legal claims;
  • The Data Subject has objected to the Processing while awaiting a check to be performed whether the Controller legal grounds prevail over the interests of the Data Subject.
    1. Right to transferability (data portability) of the Personal identifiable data between the various Controllers – the Data Subject has the right to receive Personal identifiable data pertaining to them, which they have provided to the Controller in a structured, widely user and machine-readable format. In addition, Data Subject has the right to transfer such data to another Controller without hindrance by the Controller, to which Personal identifiable data has been provided when Processing is based on consent or contractual obligation and is automated.
    2. Right to object against the Processing of Personal identifiable data – Data Subject has the right to object against Processing of their Personal identifiable data, unless the Controller is able to prove that compelling legitimate grounds for Processing exist that override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercising or defense of legal claims.
    3. Data Subject also has the right not to be subject to decision-based solely on automated Processing, including profiling, which ensures legal consequences for the Data Subject or significantly affects the Data Subject otherwise.
    4. Right to defense through judicial or administrative procedure if the Data Subject rights have been breached – if the Data Subject decide that their right has been violated, they may file a complaint with the relevant supervision authority – or to file a claim with the court to defend their rights.


  • Disclosure of Personal identifiable data


    1. Controller may disclose Personal identifiable data to the following categories of persons:

service providers

acting as processor or Controller based in the EEA but also around the world who provide – services and IT and system administration services.

We use for marketing purposes. Its privacy policy is available here

professional advisors

acting as a processor or joint Controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance, and accounting services

HM Revenue & Customs, regulators and other authorities

acting as a processor or joint Controllers based in the EEA who require reporting of Processing activities in certain circumstances

third parties  

third parties to whom we may choose to sell, transfer, or merge parts of business or assets.

    1. Controller will never disclose Personal identifiable data to persons to enable them to provide Data Subject with information regarding unrelated goods or services.
    2. The information Data Subject provides to Controller may be transferred to and stored on Controller’s servers, or servers of third-party providers. It may be necessary to transfer collected data from Data Subject to locations outside of the European Union for Processing and storing.


  1. Exercise the rights
    1. In exercising their right to access Data Subject has the right to request from the Controller at any time:
  • Confirmation as to whether data related is processed by the Controller, the purpose of the Processing, the data category, and recipients of such data or the categories of recipients’ data is disclosed to;
  • To send them a message in an understandable format, containing the Personal identifiable data of respective Data Subject to Processing and any information available as to the source of such data;
  • Information as to the logic of any automated Processing of Personally identifiable data pertaining to Data Subject, at least in the case of automated decisions under the provisions of the General Data Protection Regulation.
    1. Data Subject has the right to request at any time that the Controller:
  • erases, rectifies or blocks their Personal identifiable data Processing of which is not compliant with the requirements of the effective legislation;
  • notifies the third parties to which the Personal identifiable data have been disclosed as to any erasure, rectification or blocking, except when this proves to be impossible or would involve a disproportionate effort.
    1. Data Subject exercise their rights by filing a written request to the Controller, containing as a minimum the following information:
  • name, personal ID number, postal address, email address and other data allowing identification of the respective Data Subject;
  • description of the request;
  • Signature, date, correspondence address, and mobile telephone number.
    1. The filing of the request is free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
    2. Upon the filing of a request by an authorized person, the notarized power of attorney must be attached to the request.
    3. In case of death of the Data Subject, entitled heirs exercise the one’s rights. The certificate of heirs shall be attached to the request.
    4. The Controller shall review and pronounce on the request within 1 month as of its filing. This period may be extended by a further two months, if necessary, for example, if the request is particularly complex or Data Subject has made a number of requests. Data Subject shall be informed of any such extensions within 1 month of receipt of the request, stating the reasons for the delay.
    5. When you file a request by electronic means, the information is provided electronically, if possible, unless you have requested otherwise.
    6. We provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing – as a hard copy or electronically).
    7. Where data do not exist or their provision is forbidden by law, access to the requesting party to such data is refused.
    8. If the requesting party is not satisfied with the response received and/or believes that their rights related to Personally identifiable data protection were violated, they are entitled to exercise their right to defense.


  • Data retention


    1. We will store Personally identifiable data for as long as it is reasonably necessary for achieving the purposes set forth in this PRIVACY POLICY and Terms of Service, which includes (but is not limited to) the period during which Data Subject has an account. We will also retain and use Personally identifiable data as necessary to comply with legal obligations, resolve disputes, and enforce agreements.


  1. Age limitation
    1. Nowcreatives do not knowingly process personal data from persons under 18 years of age. If you learn that anyone younger than 18 has provided us with personal data, please contact us at


  1. Miscellaneous
    1. Anyone who using this website shall (1) comply with these PRIVACY POLICY; (2) immediately inform Nowcreatives on any illegal or unauthorized activity or a security breach (including any loss, theft, or unauthorized disclosure or use of a username, password); (3) keep indemnified Nowcreatives from all claims and liabilities arising out of any use of the Website, including any costs and expenses incurred; (4) not upload to the Website any file that contains or redirects to a virus, worm, Trojan horse, or other harmful technology or component that unlawfully accesses alternatively, downloads content or information stored within the Website or on the hardware of Nowcreatives, affiliate, or any third party; (5) decompile, interfere with, hack, reverse engineer, disassemble, modify, copy, or disrupt the functionality, integrity, features, or performance of the Website; (5) access the Website with intent and/or in order to create a comparable or similar Website or copy any features, graphics, ideas, or functions of the Website.
    2. All rights, copyrights, patents, trade secrets, trade dress, know-how, technical information, inventions, discoveries, improvements, ideas, concepts, discoveries, texts, images and other proprietary rights, and any derivative works thereof (including improvements) embodied in the Website belong solely and exclusively to Nowcreatives.
    3. “Nowcreatives” is a trademark of Nowcreatives company and may not be used, copied, or imitated, in whole or in part, without the express prior written approval of Nowcreatives. The look and feel of the Website (including all page headers, custom graphics, button icons, and scripts) form the trademarks, service marks and trade dress, belonging to Nowcreatives and may not be used, copied and/or imitated in whole or in part, without the express prior written approval of Nowcreatives. The use of any of the trademarks without Nowcreatives express written consent is strictly prohibited.
    4. If any provision of this PRIVACY POLICY is held to be unlawful, void, or for any reason is unenforceable, then that provision will be limited or eliminated from these PRIVACY POLICY to the minimum extent necessary and will not affect the validity and enforceability of any remaining provisions.
    5. This PRIVACY POLICY is governed by the English law, without regard to the choice or conflicts of law provisions of any jurisdiction. Any actions, disputes, causes of action or claims arising out of or in connection with this Agreement or the Platform shall be subject to the exclusive jurisdiction of the courts located in Herefordshire, United Kingdom.
    6. The Website may contain links to other websites and web addresses. Unless expressly stated, these sites are not under the control of Nowcreatives. We assume no responsibility for the content of such websites and disclaim any liability for any and all forms of loss or damage arising out of the use of them.  This PRIVACY POLICY applies only to our Website‚ not those external websites, services and web addresses that we link to. Those websites, services and web addresses have their own privacy policies. We are not responsible for these external websites and services and their privacy policies and practices, as well as their compliance with applicable data protection laws. In addition, if you linked to our Website from an external site, we cannot be responsible for the privacy policies and practices of the owners and operators of that external website and recommend that you check the privacy policy of that external website.


  1. Information for the Data Subject:

Contact details for the Controller

Name: Oliver Gilpin

Country: United Kingdom