privacy policy

Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws, as well as other applicable data protection provisions, is:

Creative Directors GmbH
Derbystraße 12
85276 Pfaffenhofen a. d. Ilm
Tel (Germany): 0800 850 5 888
Tel (International): 089 – 997429130
Email: info@creative-directors.com

Managing Directors: Sebastian Jaeger, Jasmin Schreiner

Data Protection Officer

As the company employs fewer than ten persons involved in the processing of personal data, no designated Data Protection Officer is appointed in accordance with Article 37 of the EU GDPR.

Security and Protection of Your Personal Data

We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we apply the highest available security measures and state‑of‑the‑art technology to ensure maximum protection of your personal data.
As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have implemented both technical and organizational measures to ensure that the data protection regulations are observed by us as well as by our external service providers.

Definitions

To ensure transparency, we define the following terms as used in this privacy policy:

  1. Personal Data: Any information relating to an identified or identifiable natural person (the “data subject”), such as a name, identification number, location data, online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  2. Processing: Any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
  3. Restriction of Processing: Marking stored personal data with the aim of limiting their processing in the future.
  4. Profiling: Any form of automated processing of personal data consisting of the use of such data to evaluate personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  5. Pseudonymization: The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without additional information that is kept separately and subject to technical and organizational measures.
  6. Filing System: Any structured collection of personal data which is accessible according to specific criteria, regardless of whether it is centralized, decentralized, or dispersed on a functional or geographical basis.
  7. Controller: A natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  8. Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  9. Recipient: A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not.
  10. Third Party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons under the direct authority of the controller or processor authorized to process personal data.
  11. Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data related to them.

Legitimacy of Processing

Processing of personal data is lawful only if there is a legal basis for it. The legal basis for processing may be, in particular, found in Article 6(1) of the GDPR:

  • If the data subject has given consent for the processing of personal data concerning them for one or more specific purposes, Article 6(1)(a) applies.
  • If processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures, Article 6(1)(b) applies.
  • If processing is necessary for compliance with a legal obligation to which the controller is subject, Article 6(1)(c) applies.
  • If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) applies.
  • If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, Article 6(1)(e) applies.
  • If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and these interests are not overridden by the data subject’s rights and freedoms, Article 6(1)(f) applies.

The legal basis for the processing of your personal data is determined by the specific processing activity.

Collection of Personal Data

1. When Visiting Our Website

When you visit our website for informational purposes only, we collect only the data transmitted automatically by your browser to our server. This includes:

  • IP address
  • Date and time of the request
  • Time zone difference from GMT
  • Requested URL (specific page)
  • Access status (HTTP status code)
  • Amount of data transferred
  • Referrer URL
  • Browser type and version
  • Operating system and its interface
  • Language and version of browser software

This data is stored in our system log files and is necessary for displaying our website and ensuring its stability and security. The legal basis is Article 6(1)(f) GDPR.

2. When Contacting Us or Using Our Services

If you contact us via email, through our contact form, or register for our services, we collect personal data such as:

  • Name, email address, telephone number, and billing details.
  • User behavior and navigation data (e.g., visited pages, search queries).

These data are used to process your inquiries, manage bookings, personalize your experience, and communicate with you. The legal basis for this processing is either your consent (Article 6(1)(a)) or is necessary for the performance of a contract (Article 6(1)(b)).

Use of Cookies

In addition to the above, cookies are used on our website. Cookies are small text files stored on your device by your browser. They help improve your browsing experience and enable the analysis of user behavior. We use both:

  • Transient Cookies: These are session cookies that are deleted automatically when you close your browser.
  • Persistent Cookies: These remain on your device for a specified period and can be removed at any time via your browser settings.

Please note: Disabling cookies may limit the functionality of our website.

External Services and Technical Tools

Our website employs various third‑party libraries, scripts, and services to provide enhanced functionality. Below is an overview of the key components used and their purposes:

  1. WebFont Loader
  2. Boe Library Form Handler
    • Purpose: Processes form submissions by cloning Webflow forms and routing data to our webhook endpoint at webhook.creative-directors.com.
    • Data: Form data, including any information you provide via our contact forms, is transmitted and logged (including IP address, date, and time).
  3. Finsweet Attributes CMSLoad
    • Purpose: Loads CMS data attributes from Webflow to enhance website functionality.
    • Data: No additional personal data is collected beyond what is inherent in the page content.
  4. Finsweet Cookie Consent
    • Purpose: Manages cookie consent in accordance with your settings.
    • Source: finsweet.com/cookie-consent
    • Data: Only cookie preferences are stored, without collecting personal data.
  5. js-cookie
    • Purpose: Simplifies cookie management in the browser.
    • Data: No personal data is processed directly by this library.
  6. Google Analytics (gtag.js)
    • Purpose: Implements tracking and analytics to help us understand how you use our website.
    • Data: May collect usage data such as user behavior and IP address (with IP anonymization enabled).
    • Legal Basis: Legitimate interest (Article 6(1)(f) GDPR), with options for consent-based tracking.
  7. GSAP (GreenSock Animation Platform)
    • Purpose: Provides advanced animations for interactive effects.
    • Data: Does not collect personal data.
  8. Model Viewer & three.js
    • Purpose: Renders and displays 3D models and animated graphics.
    • Data: These libraries are used solely for visual presentation and do not collect personal data.
  9. dat.gui
    • Purpose: Provides lightweight user controls for tuning animation or 3D scene parameters.
    • Data: No personal data is collected.
  10. jQuery
    • Purpose: Facilitates DOM manipulation and event handling.
    • Data: No personal data is collected by the library itself.
  11. Lightbox2
    • Purpose: Enhances image viewing experiences through responsive lightbox displays.
    • Data: No personal data is collected.
  12. Webflow Scripts
    • Purpose: Webflow’s built‑in scripts manage page structure and content, contributing to overall website functionality.
    • Data: Technical data is processed as needed for website operation.

Data Processors

We engage external service providers to support the operation of our website and the delivery of our services. We have concluded appropriate data processing agreements with these providers to ensure adequate protection of your personal data. Key data processors include:

  • Google LLC (for Google Analytics and Web Fonts)
    Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
    More information: Google Privacy & Terms
  • Webflow (for website building, hosting, and CMS services)
    More information:

Additional data processors may be involved in areas such as newsletter distribution, payment processing, and other services. These providers are contractually bound to adhere to data protection regulations.

Data Retention and Deletion

Personal data will be retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. When the purpose of storage no longer applies, or when legally permissible, your data will be deleted or blocked.

Rights of the Data Subject

You have the following rights regarding your personal data:

  1. Right of Withdrawal: If processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  2. Right to Confirmation: You can request confirmation as to whether we are processing your personal data.
  3. Right to Information: You have the right to obtain information about your personal data, including:
    • The purposes of processing.
    • The categories of personal data processed.
    • The recipients or categories of recipients of your data.
    • The envisaged period of storage or the criteria used to determine that period.
    • Your rights regarding rectification, erasure, or restriction of processing.
    • The right to lodge a complaint with a supervisory authority.
    • The existence of any automated decision-making, including profiling.
  4. Right to Rectification: You can request the immediate correction of inaccurate personal data concerning you.
  5. Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data without undue delay under certain conditions, such as when the data is no longer necessary for the purposes collected.
  6. Right to Restriction of Processing: You can request the restriction of processing if, for example, the accuracy of the personal data is contested.
  7. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transmitted directly to another controller.
  8. Right to Object: You may object to the processing of your personal data on grounds relating to your particular situation, especially regarding direct marketing, profiling, or processing based on legitimate interests.
  9. Right to an Effective Judicial Remedy: If you consider that your rights under the GDPR have been infringed, you have the right to seek an effective judicial remedy.
  10. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

Use of Google Analytics

Our website uses Google Analytics (via gtag.js) to analyze user interactions. Google Analytics uses cookies to collect data such as:

  • Usage statistics and user behavior,
  • IP addresses (with IP anonymization enabled),
  • Aggregated data for website performance analysis.

Data is stored on servers in the United States or within the EEA, and Google is bound by relevant data protection safeguards. For details on opting out of Google Analytics tracking, please refer to Google’s instructions at Google Analytics Opt-Out.
Legal Basis: Article 6(1)(f) GDPR (legitimate interest).

Use of Google Web Fonts

To ensure a uniform and attractive presentation of our website, we load web fonts via the Google WebFont Loader. When you visit our site, your browser retrieves the necessary fonts from Google’s servers. This may result in Google receiving your IP address.
Legal Basis: Legitimate interest pursuant to Article 6(1)(f) GDPR.

Further details on Google Web Fonts can be found in Google’s privacy policy: Google Privacy Policy.

Use of Social-Media Plugins

We use social-media plugins (e.g., Facebook, Twitter) with a two-click solution. This means that no personal data is transmitted to the providers until you explicitly activate the plugin. Once activated, the respective social media platform may collect and process data as described in their privacy policies.
For details on data collection and processing by these platforms, please consult their respective privacy policies.

Integration of Google Maps

Our website includes Google Maps to display interactive maps. By using Google Maps, Google receives data regarding your access to the relevant pages. If you are logged into Google, the data may be linked to your account.
For further information, please refer to Google’s privacy policy and the details provided within this document.

Contact Form and Email Communications

When you contact us via our contact form or email, the data you provide (such as name, email address, telephone number, and message) is transmitted to us and stored. Additionally, technical data (IP address, date, and time) is logged for security purposes.
Legal Basis: Processing is necessary for handling your inquiry (Article 6(1)(b) or (f) GDPR).

Job Applications

Job applications submitted via email are processed solely for the purpose of managing the recruitment process. Personal data transmitted with your application, including technical data (IP address, date, and time), is stored only as long as necessary.
Legal Basis: Processing is based on pre-contractual measures (Article 6(1)(b) GDPR) and our legitimate interest (Article 6(1)(f) GDPR) in maintaining a secure applicant system.

This updated privacy policy reflects our current practices and the technical environment of our website. Should you have any questions or concerns about our data processing practices, please contact us at info@creative-directors.com.

By clicking on "Accept All Cookies", you consent to the storage of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. For more information, please see our Privacy Policy.
PreferencesDenyAccept