Creatie Privacy Policy

Effective Date: November 11, 2024

Introduction

INTERACTIVE LINK PTE. LTD (hereinafter referred to as “ILP”, “we”, or “us”) respect your privacy and are committed to keeping your Personal Data and other data confidential and secure. When you visit and use Creatie (the “Product”) and other services provided by ILP, we will collect, process, and disclose your information in accordance with this Privacy Policy (the “Policy”). We collect information of our corporate/organizational users and their end-users, and individual users (hereinafter collectively referred to as “you”). The specific service carriers may include websites, PC software, mobile applications, etc. This Policy will help you understand how we collect, use and disclose your Personal Data and assist you in exercising the privacy rights available to you.

Before accepting this Policy, please read it carefully, especially the terms marked in bold. You should pay particular attention to these terms and confirm that you fully understand and agree to them before using the Product and other services. If you or your legal guardian do not agree with any part of this Policy, you should immediately cease using the Product and other services. If you are unable to accurately understand or agree to any part of this Policy, please do not access, use the Product, or any other services provided by ILP. Your confirmation by clicking through the website, actual use of the Product or other services provided by ILP shall be deemed to indicate that you have read and fully understood the contents of this Policy and agree to be bound by it.

If you have any questions, comments, or suggestions regarding the content of this Policy, you may contact us using the various means of contact provided within this Policy.

This Policy will help you understand:

1.   Scope of this Policy

2.   Definitions

3.   Processing of Personal Data

3.1   Roles of the Parties

3.2   Personal Data We Collect

3.3   How We Process Your Personal Data

3.4   Our Legal Bases and How We Process Your Personal Data

3.5   How We Share Your Personal Data

4.   Cookies and Similar Technologies

4.1   What Cookies Are

4.2   How We Use Cookies

4.3   Your Rights

4.4  Similar Technologies We Use

5.   Data Security and Retention

6.   Data Subject Rights

6.1   Access Your Personal Data

6.2   Rectify Your Personal Data

6.3   Delete Your Personal Data

6.4   Copy Your Personal Data

6.5   Withdraw Your Consent

6.6   Cancel Your Account

6.7   Restrict the Processing of Your Personal Data

6.8   Object to the Processing of Your Personal Data

6.9   Port Your Personal Data

6.10  Lodge A Complaint

6.11  Know In Advance that Our Products and Services are No Longer In Operation

6.12  Require Us to Explain the Personal Data Processing Rules

6.13  Responding to the Above Requests from Users

7.   Younger Users

8.   Our Global Operations and Data Transfers

9.   Privacy Policy Updates

10.  Contact Us

Appendix: Additional Terms for Applicable Privacy Law

PART A - ADDITIONAL TERMS FOR EEA, UK & SWITZERLAND DATA PROTECTION LEGISLATION

PART B - ADDITIONAL TERMS FOR US STATE PRIVACY LAWS

1. Scope of this Policy

When you agree to this Policy and start using any of our products and services, this Policy shall apply, regardless of whether the product and service has its own privacy policy, and regardless of whether you are a browsing user (visitor) or registered user. Please note that this Policy does not apply to the following situations:

• Information collected by third-party services (including any third-party websites) accessed through our products and/or services;

• Information collected by other companies or agencies that advertise in our products and/or services.

Please be aware that if you provide your Personal Data to a third party when browsing third-party websites or using third-party products and/or services, your information should be subject to the third party’s privacy statement or similar agreements. We do not assume any legal responsibility for any improper use or disclosure of information provided to third parties by you, regardless of whether you log in or browse the above websites, software, or use their products and/or services based on ILP’s links or referrals. We strongly recommend that you understand and confirm the privacy protection status of the third-party service providers before using their services.

2. Definitions

2.1   Personal Data: Any information related to identified or identifiable natural persons.

2.2   Applicable Privacy Law: as applicable to the processing of Personal Data contained within user information, any national, federal, European Union, state, provincial or other privacy, data security, or data protection law or regulation.

2.3   Subprocessor(s): an authorized third party engaged by Processor to process Controller Personal Data in order to provide parts of the Services and/or related technical support.

2.4   Anonymized Data: Information that cannot be attributed to a natural person by the use of additional information obtained through means that are reasonably likely to be used.

2.5   Product Services: Various functions that the Product can provide and realize for customers, including but not limited to data collection and analysis.

2.6   EU GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

2.7   The terms “data subject”, “processing”, “controller”, and “processor” as used in this Policy have the meanings given by Applicable Privacy Law or, absent any such meaning or law, by the EU GDPR.

3. Processing of Personal Data

3.1   Roles of the Parties

As a corporate/organizational user, if you use the Product and related services to process Personal Data, you acknowledge that ILP is processing Personal Data of end-users on your behalf (the “Processor”) and you determine the means and purposes of the processing (the “Controller”). You represent that you comply at all times with any Applicable Privacy Law, including but not limited to having a valid lawful basis for processing such data, such as obtaining prior consent from the end-users. In this case, the Creatie Data Processing Addendum shall apply where applicable.

3.2   Personal Data We Collect

We collect Personal Data in four ways: Information Provided by Your Organization, Information You Provide, Automatically Collected Information, and Information Collected from Other Sources. More details are provided below. We will take reasonable and practicable measures to avoid collecting irrelevant Personal Data. If you do not provide relevant information, you may not be able to register as our user or use and enjoy certain products and services we provide, or may not achieve the intended results of the relevant products and/or services.

In the course of providing services to you, we will collect, use, store, disclose, and protect your Personal Data in accordance with the terms of this Policy. Should there be a need to collect Personal Data beyond the scope of this Policy, we will provide you with a separate explanation regarding the scope and purpose of the information collection before collecting the necessary information to provide the corresponding services. If you choose not to provide the aforementioned information, it may affect your ability to use the related services.

You authorize us to process your Personal Data during the period you use our products and services. If you cancel your account, we will stop using and delete or anonymize your Personal Data within a reasonable period of time. However, to fulfill the purposes of resolving disputes, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and/or complying with applicable laws, some information will continue to be retained for a specific time until the legally prescribed period expires or the purpose of retaining the information is no longer necessary. Additionally, please note that since Anonymized Data cannot identify or be associated with you, it is not considered as Personal Data. Therefore, we do not need to obtain your authorization or consent for the storage period and processing of Anonymized Data, nor do we need to notify you.

3.2.1   Information Provided by Your Organization

• Profile Information: Your Personal Data can be provided by your enterprise/organization. When your enterprise/organization opens an account for you to use the products and/or services, it will provide certain Personal Data of you, including your account name, corporate email, department/organizational structure, position, etc. You acknowledge and confirm that the aforementioned information submitted by your enterprise/organization to us has been authorized by you.

3.2.2   Information You Provide

• Assisting You in Becoming Our User

We collect information that you provide when you create a Creatie account. When you create a Creatie account, you must provide us with an account name, your login password, and your mobile phone number or email address. The mobile phone number or email address you submit is used for registration, login, account binding, password retrieval, and receiving verification codes. It also serves as one of the designated contact methods for you to receive relevant business notifications (including new product launches, service changes). 

After you have completed the registration of your Creatie account, you can add additional information to your profile, including (1) other Personal Data such as your gender and place of employment; and (2) contact information including your address and/or contact number. Not providing such additional information will not affect your general use of Creatie services. The information of type (1) you provide will help us better understand your needs, so that we can introduce targeted products to you; the information of type (2) will assist us in promoting and advertising products to you in the aforementioned manner, mailing business notifications (including bills), or communicating with you for business purposes.

If you only need to use the browsing and searching services on the Creatie website, you do not need to register as our user or provide the aforementioned information.

• Providing Services to You: 

We may require you to provide real identify information for real-name authentication in accordance with relevant laws and regulations, and you should provide the relevant necessary information through your account. To facilitate your provision of such information, we offer real-name authentication based on your mobile phone number. You can also choose the appropriate method according to your identity attributes. You understand and agree that ILP has the right to review the information you provide for real-name authentication for its truthfulness, accuracy, and validity, either on its own or by delegating to a third party.

• Input: We collect the text instructions, keywords, and other content you input (collectively referred to as “Input”) when you use the Product Services that make use of artificial intelligence technology.

3.2.3   Automatically Collected Information

• Device information: According to the specific permissions you grant during software installation and use, we will receive and record information about the device you use (including hardware and software features information such as device model, operating system version, device settings, unique device identifiers) and location-related information of the device (including sensor information such as IP address, GPS location, Wi-Fi access points, Bluetooth and base stations that can provide relevant information). We may associate the above two types of information so that we can provide consistent services across different devices.

• Log information: When you use the services provided by our website or our client application, we will automatically collect detailed information about your use of our services as network logs, including your search query content, IP address, browser type, telecom operator, language used, access date and time, and records of webpages you visited.

• User account support information: Based on your use of Product Services, we will record and analyze information including user consultation records, fault reports, and troubleshooting processes (including call records or communications), in order to respond to your requests for help more promptly and to improve our services.

• Audio, video, and photo information: When you use specific features of our services (including voice search, scanning, photography), we will collect the aforementioned information after obtaining your specific permission. Refusing to provide this information will only prevent you from using the above features but will not affect your general use of other functions of our products and/or services. Additionally, you can always turn off related features in the settings for permission management on your mobile device.

• Location information: When you turn on the device positioning feature and use our location-based products and/or services, we collect location-related information about you including: the geographical location information collected through GPS or Wi-Fi, etc., when you use our products and/or services through a mobile device with location capabilities. You can stop our collection of your geographic location information at any time by turning off the location feature, but you may not be able to use related services or functions or achieve the intended results of the relevant services. After turning off the positioning feature, you can still obtain the corresponding location-based Creatie services by manually entering the geographic location.

• Payment-related information: To help you successfully complete the subscription, unsubscription, payment, and refund of paid services of the Product, and to provide you with continuous customer service, technical support and other services during the subscription period, we will require you to provide complete contact information and payment/refund account information.

• Crash data, performance data, and other diagnostic data: To ensure the security of our services and to better understand the operational performance of the Product, we may record information related to your use of the application, including frequency of use, crash data, overall usage, performance data, and other diagnostic data.

• Information collected by default through use of mobile applications: When you use the mobile application, it may be necessary to request certain device permissions to collect corresponding Personal Data and to provide you with the relevant business functions or services. Below are the business functions associated with permissions for both iOS and Android systems, the purpose of requesting these permissions, and whether you will be asked for permission beforehand. The interfaces and means to disable these permissions may vary on different devices such as those using the Android system; for specifics, please contact the device and system developers.

• iOS Permissions:

• Android Permissions:

3.2.4   Information Collected from Other Sources

Account information: 

• When you use the services of our affiliates or partners, they may share your account information with us with your authorization.

• If you use our services by logging in or connecting through other means, we will request your Personal Data from third parties. For Personal Data that we need but is not provided by third parties, we will still require you to provide it. If you refuse to provide it, you may not be able to properly use certain functions of our products and/or services normally. If you agree to provide it, you will authorize us to read the relevant information registered in your third party account (such as nickname, avatar, etc.)

We will confirm the legality of the source of Personal Data in accordance with the requirements of Applicable Privacy Law and the agreements with third parties. We will process your Personal Data obtained from third parties on the premise of compliance with Applicable Privacy Law.

3.3   How We Process Your Personal Data

3.3.1   We process your Personal Data for the following purposes:

• Provide necessary information: To provide services to you, we will send you necessary information, notifications or communicate with you on business matters, including but not limited to verification codes necessary to ensure service completion, push notifications necessary when using services, etc.

• Provide and improve better products and/or services: For data analysis so that we can provide you with better quality products and/or services, further understand how you access and use our products and/or services, and respond to your individualized needs, such as language settings, location settings, personalized help services and instructions, or respond to you and other users in other ways.

• Advertise and market to you: To present information tailored to your individual needs, we use your service usage information to create characteristic models and user profiles, to display and push information and potential commercial advertisements to you, including but not limited to news about our products, market activities, promotional offers, promotional information from third parties that we cooperate with, or other content that may interest you. Such information will be clearly marked as “customized”, and if you do not wish to receive commercial e-messages from us, you may unsubscribe by replying as instructed in the message or withdraw your consent using the unsubscribe method provided in the message.

• Design, develop, and promote new products and services: We may use Personal Data statistics as a basis to design, develop, and promote entirely new products and services; we will compile statistics on the use of our services and may share these statistics with the public or third parties, but these statistics will not contain any of your Personal Data.

• Enhance the security of our services: To improve the security of your use of the services we Personal Data and partners provide, ensure a safe operating environment and identify abnormal account status, protect the personal and property safety of you, other users or the public from infringement, better prevent security risks such as phishing sites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, etc., and to more accurately identify situations that violate laws, regulations or our relevant agreements and rules. 

We may process your account information, integrate device information, relevant network logs and information legally shared by our partners to assess the risks of your account and transactions, conduct identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis and handling measures in accordance with the Applicable Privacy Law.

• Maintain and enhance the safety and stability of the Product: Manage software certification or software upgrade.

• Collect feedbacks on the Product: To allow you to participate in surveys about our products and services or initiated through our products and services, whether to participate in the survey will be entirely your decision, and you can choose which information to provide on your own.

• Other: For security, legal investigations and other purposes, we may process your data for data aggregation, analysis, mining (including commercial use), but such information shall be Anonymized Data.

  3.3.2   If we process your Personal Data beyond the purposes stated at the time of collection, or process your Personal Data beyond the scope of direct or reasonable relevance, we will notify you again and obtain your explicit consent.

  3.3.3   To provide you with a better service experience, improve our products and/or services, or for other purposes you have agreed to, in compliance with Applicable Privacy Law, we may, with your explicit consent, process the information collected through one of our products and/or services in an aggregated or personalized manner for other products and/or services you use that we provide. For example, information collected while you use one of our products or services may be used to provide you with specific content or to show you information that is relevant to you, rather than universally pushed information, in another product or service you use.

  3.4   Our Legal Bases and How We Process Your Personal Data

  We may only process your Personal Data when we have a “legal basis” to do so. We use different legal bases depending on why we process your Personal Data (in other words, the “purpose” of our processing). These legal bases are consent, contractual necessity, legitimate interests (ours or those of another party), compliance with a legal obligation, performing a task in the public interest, and protection of vital interests.

  Here we explain the legal bases we rely on when we process your Personal Data.

  3.4.1   Your Consent

  We will process your Personal Data with your prior explicit consent. If you have given us your consent to process your Personal Data, we will only process it for the purposes specified in the Policy. You have the right to withdraw your consent, but your withdrawn consent does not affect the lawfulness of our processing of your Personal Data prior to your withdrawal. Please note that if our processing is based on your consent and you refuse or withdraw your consent, we may not be able to provide certain services relevant to such Personal Data.

  3.4.2   Contractual Necessity

  If you have the legal capacity to enter into an enforceable contract, we process the user information where it is necessary to conclude a contract with you or perform the contract you enter into when you register for, access, or use the Product and its services. This means we process your information to activate the Product and services purchased by you, provide software update notifications, and provide customer support, etc.

  3.4.3   Legitimate Interests

  We process your Personal Data where this is necessary to achieve legitimate interests - whether belonging to us, or a third party - provided these interests are not outweighed by your interests or fundamental rights and freedoms.

  Your rights: When we process your Personal Data on the basis that it is necessary to achieve legitimate interests of us or a third party, you have the right to object to, and seek restriction of, our usage.

  3.4.4   Compliance with a legal obligation

  We may process your Personal Data where it is necessary to comply with a legal obligation. This includes situations where we have obligations to take measures to ensure the safety of our users, or comply with a valid legal request such as an order or disclosure request from regulators, law enforcement agencies or courts.

  3.4.5   To perform a task in the public interest

  We may process your Personal Data where it is necessary to perform a task in the public interest, including undertaking research, preventing and detecting crime, safeguarding children and promoting public safety, security, and integrity as laid down by applicable law.

  Your rights: When we process your Personal Data on the basis that it is necessary for a task carried out in the public interest, you have the right to object to, and seek restriction of, our usage.

  3.5   How We Share Your Personal Data

  3.5.1   Principles

  Under normal circumstances, we will not share, transfer, or disclose your Personal Data with other organizations and individuals, except in the following situations: 

• With explicit consent: After obtaining your explicit consent, we may share your Personal Data with other parties based on the need to provide you with specific services. If the third party intends to process the information for purposes beyond the original scope of authorization and consent, they must obtain your consent again.

• Under legal conditions: We may share your Personal Data with others in accordance with legal and regulatory requirements (including with relations to national security or defense), litigation and arbitration resolutions, or requests made by administrative and judicial authorities in accordance with the law. In addition, we may share necessary Personal Data for the performance of statutory duties or statutory obligations.

• Emergencies: We may share your Personal Data when it is necessary to respond to public health emergencies, or to protect the life and health of natural persons and the safety of property in emergency situations.

• Public interests: We may share your Personal Data when it is necessary for news reporting and commentary activities such as public interest within a reasonable scope.

• Information already in the public arena: We may share Personal Data that you have made public on your own and Personal Data collected from legally publicly disclosed sources, such as legal news reports, government information disclosure, and other channels.

• Other circumstances stipulated by laws and regulations.

You fully understand and agree that sharing, transferring and publicly disclosing Anonymized Data, and ensuring that the data recipient cannot restore and re-identify the data subject, does not constitute external sharing, transfer and public disclosure of Personal Data. The storage and processing of such data does not require separate notification and your explicit consent.

3.5.2   Service Providers

• Cooperation with third-party software development kits (the “SDK[s]”) service providers: 

Our Creatie mobile products include SDK plugins provided by our authorized partners. These third-party SDKs may collect or process some of your Personal Data/device permissions (see the list below for details). We conduct strict security checks on the relevant SDKs and use technical measures to ensure that they process Personal Data in accordance with this Policy and any other relevant confidentiality and security measures. We will promptly inform you on this page about the latest situation of third-party SDKs that collect user information. There may be certain changes in the types of data being processed by third-party SDKs due to their version upgrades, policy adjustments, etc., and you can visit the pages of the third-party SDKs for more information.

• We may share Personal Data with third-party vendors who provide services or functions on our behalf, including service providers for: (i) the provision of Product Services; and (ii) the provision of information, products, and other services you have requested. In order to provide you with the features/services you have selected, we need to share the necessary Personal Data with the relevant third parties. Third-party services include storage services provided by Amazon Web Services, real-name authentication services provided by Google LLC, X Corp, and LinkedIn Corp., and artificial intelligence model services provided by Open AI L.L.C. and Anthropic, PBC. Certain cookies and similar technologies may be provided by third parties as well. Service providers have access to and may collect information only as needed to perform their functions and are not permitted to share or process the information for any other purpose.

• If you are the end-user of a corporate/organizational user, and your corporate/organizational user administrator opts to activate, manage, and use third-party products or services through our products, we may need to share with the third-party service provider the information necessary for you to activate, manage, and use such third-party products or services; otherwise, you will not be able to use the third-party services. When corporate/organizational user administrators activate third-party services, they must read, fully understand, and comply with the product features and privacy policies of the third-party services. Similarly, if you, as an individual user, choose to activate, manage, and use third-party products or services through our software, you agree that we share the necessary information with the third-party service provider; otherwise, you will not be able to use the third-party services. When you activate third-party services, you must read, fully understand, and comply with the product features and privacy policies of the third-party services.

3.5.3   Third Parties

With your consent, when you use your Creatie account to log in to third-party products or services, we will share your basic information (name, avatar) and other information you authorize with the aforementioned third parties. 

3.5.4   Affiliates and Authorized Partners

We may entrust trusted partners to provide services, and therefore, we may share some of your Personal Data with our partners to offer better customer service and optimize user experience. We will share your Personal Data only for lawful, legitimate, necessary, specific, and clear purposes, and only the Personal Data necessary to provide the services will be shared. Our partners do not have the right to use the shared Personal Data for any other purposes.

3.5.5   Transfer

In the event of a merger, acquisition or bankruptcy liquidation between ILP and other legal entities, or other situations involving mergers, acquisitions or bankruptcy liquidations, if Personal Data is transferred, we will require the new holder of your Personal Data to continue to be bound by this Policy, otherwise we will require the company, organization or individual to re-obtain your authorization and consent.

3.5.6   Information You Share with Others Actively

• You may use our website to report issues encountered while searching and provide evaluations, among other activities, to help other users enjoy more accurate information.

• You may use our sharing features to share your Personal Data with specific or unspecified social contacts (such as a variety of social platforms). Before sharing, please fully consider the credibility of the recipient of the information and we recommend that you review the privacy statements of the social networks or third-party service providers you use to understand how they handle your information, so you can make an informed decision.

3.5.7   Public Disclosure

We will publicly disclose your Personal Data only under the following circumstances:

• With your express consent or based on your active choice, we may publicly disclose your Personal Data.

• To protect the personal and property safety of Creatie users, affiliates, or the public from harm, we may disclose your Personal Data in accordance with applicable laws and regulations or the terms of the Creatie platform’s relevant agreements and rules.

• Legal Obligation and Rights: We may publicly disclose your Personal Data if required by law, legal processes, litigation, or mandatory requirements of government authorities.

3.5.8   Subprocessors

For corporate/organizational users, we use certain Subprocessors to assist us in providing Product Services to you. You can request an up-to-date list of the names of our Subprocessors via email to support@creatie.ai, the subject matter, nature, and duration of their processing activities with regard to Personal Data, their locations, and relevant data security information.

4. Cookies and Similar Technologies

4.1   What Cookies Are

In order to ensure the normal operation of the website, provide you with easier access experience, and recommend content that you may be interested in, we will store small data files called Cookies on your computer or mobile device. Cookies usually contain identifiers, site names, and some numbers and characters. ILP can only read the Cookies it provides.

4.2   How We Use Cookies

With the help of Cookies, data such as your preferences or purchases of paid services can be stored. When you visit again next time, we will display the information you need; or ILP can identify your referral site through Cookies so that ILP can track the effectiveness of its own advertisements.

4.3   Your Rights

We will not use Cookies for any purposes other than those described in this Policy. You can manage Cookies according to your own preferences, and you can also clear all Cookies saved on your computer or mobile device. Most web browsers have the functionality to block Cookies. However, if you do so, you will need to change user settings each time you visit our website. For details on how to change your browser settings, please visit the relevant settings page of the browser you use.

4.4   Similar Technologies We Use

In addition to Cookies, we may also use other similar technologies such as web beacons and pixel tags on the website. For example, the electronic mail we send to you may contain links to addresses to content on our website. If you click on this link, we will track this click to help us understand your product or service preferences so that we can take the initiative to improve the customer service experience. Web beacons are usually transparent images embedded in a website or email. With the help of pixel tags in emails, we can find out if an email has been opened. If you do not want your activities tracked in this way, you can unsubscribe from our mailing list at any time.

However, please make sure to check the email and the information within the links carefully. Due to current technological limitations, it is not possible to completely block malicious acts by hackers and other illegal actors; therefore, before clicking on any links, you must verify that the email sender is indeed ILP and not another team or individual, and click cautiously.

5. Data Security and Retention

5.1   ILP attaches great importance to the security of your information. We make efforts to take various reasonable physical, electronic and managerial security measures to protect Personal Data and prevent unauthorized access, public disclosure, use, modification, damage or loss of Personal Data. We use pseudonymisation and encryption technology to improve the security of Personal Data; we use trusted protection mechanisms to prevent malicious attacks on Personal Data; we deploy access control mechanisms to ensure that only authorized personnel can access Personal Data; and we organize security and privacy protection training courses to enhance employees’ awareness of the importance of protecting Personal Data.

5.2   We will take all reasonably practicable steps to avoid collecting irrelevant Personal Data. We will retain your Personal Data only for the duration necessary to fulfill the purposes outlined in this Policy, unless an extension is permitted by Applicable Privacy Law. Upon exceeding the aforementioned retention period for Personal Data, we will proceed to delete or anonymize your Personal Data.

5.3   Please understand that due to the limitation and rapid development of technology in the Internet industry and the possible existence of various malicious attack means, even if we do our best to strengthen security measures, it is impossible to always ensure security of information. Therefore, we strongly recommend that you take proactive measures to protect the security of your Personal Data, including but not limited to using complex passwords, changing passwords regularly, and not disclosing Personal Data such as your account password to others.

5.4   In the event of an unfortunate Personal Data security incident (leakage, loss, etc.), we will inform you in a timely manner in accordance with the Applicable Privacy Law: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can rely on to independently prevent and reduce risks, and the remedial measures. We will timely inform you of the relevant information of the incident by email, letter, telephone, push notification, etc. When it is difficult to inform the data subject one by one, we will take a reasonable and effective way to release the announcement. At the same time, we will also report the disposal of Personal Data security incidents in accordance with the requirements of the regulatory authorities.

5.5   Please be reminded that the Internet is not an absolutely safe environment, when you interact with other users through third-party social software embedded in our website, email and SMS about your geographical location, whereabouts or other information, we are not sure whether the third-party software is fully encrypted during information transmission. Pay attention to ensure the safety of your Personal Data.

5.6   In the event that the Product and services cease to operate, we will take reasonable steps to protect the security of your Personal Data, including timely cessation of any further collection of Personal Data; the notice of cessation of operation will be notified to the user in the form of one-by-one service or announcement; the Personal Data held will be deleted or anonymized.

5.7   We will store the collected users’ Personal Data in the territory of Singapore, specifically with Amazon Web Services. Amazon Web Services will assist us to provide you with data storage security services.

If you use the artificial intelligence feature of the Product Services, we will store the Input and the output generated in the territory of the United States and other regions including Singapore.

6. Data Subject Rights

You have rights and choices when it comes to your Personal Data. For individual users, we are responsible for responding to your request within the relevant periods provided by Applicable Privacy Law. For end-users of corporate/organizational users, please make your requests to relevant corporate/organizational users, and we shall be responsible for responding to corporate/organizational users’ requests within the relevant periods provided by Applicable Privacy Law.

6.1   Access Your Personal Data

You can access your Personal Data in the following ways:

• Account information: You can log in to the website or client application to query, manage, update, and delete the basic information and contact information submitted when using the service, and conduct account association or identity authentication.

• Usage information: You can consult the usage record information in our website, client applications, and other services, and you can also contact us to access such information through the means provided at the end of this Policy. Please note that in order to ensure the authenticity of your exercise of rights, we will provide you your Personal Data after verifying your identity, except as otherwise required by Applicable Privacy Law.

• Other information: If you encounter operational problems during this visit or need to obtain other Personal Data that cannot be obtained previously, you can contact us through the method provided at the end of this Policy, and we will provide it after verifying your identity, except as otherwise required by Applicable Privacy Law.

6.2   Rectify Your Personal Data

• If you need to change the real name authentication information of your Creatie account, you need to contact us through customer service, phone, email, etc., and we will assist you in the corresponding operation.

• Subject to the verification of your identity, and the correction does not affect the objectivity and accuracy of the information, you have the right to correct or update incorrect or incomplete information, you can do so yourself on our website or on the client applications; or in certain circumstances, in particular when the data is incorrect, submit your request for correction to us through the contact details provided at the end of this Policy, requesting that we correct or update your data, unless otherwise provided by Applicable Privacy Law. However, for security and identification reasons, you may not be able to modify some of the initial registration information submitted when you register.

6.3   Delete Your Personal Data

According to the Applicable Privacy Law, you can make a request to us through email to delete your Personal Data in the following circumstances:

• If the purpose of the processing has been achieved or is no longer necessary;

• If we stop providing products or services, or the retention period has expired;

• If you have withdrawn your consent;

• If we process your Personal Data in violation of laws, administrative regulations or agreements; and

• Other circumstances provided by Applicable Privacy Law.

When we respond to your request for deletion, we will also notify the entities that have obtained your Personal Data from us to delete it in a timely manner, unless otherwise required by law or regulation, or if these entities have your independent authorization.

When you delete your information from our services, we will delete your Personal Data or anonymize it within a reasonable period of time.

6.4   Copy Your Personal Data

If you need to copy your Personal Data, you can contact us through the method provided at the end of this Policy, and after verifying your identity, we will provide you with a copy of your Personal Data processed in the course of providing our services (such as basic information, identity information), except as otherwise provided by laws and regulations.

6.5   Withdraw Your Consent

If you want to change the authorized scope of the relevant functions (including location, address book, camera), you can modify your personal settings through your device, or do so in the relevant function settings interface of our products or services. If you encounter operational problems during this process, you can contact us by using the methods provided at the end of this Policy.

When you withdraw your authorization for us to collect relevant Personal Data, we will no longer collect the information, and we will no longer be able to provide you with the above-mentioned corresponding services. Your withdrawn consent does not affect the lawfulness of our processing of your Personal Data prior to your withdrawal.

6.6   Cancel Your Account

You know and understand that this Product is an enterprise product/service, and your account is dependent on the management of the enterprise. You can close/delete your account directly by contacting your company, or contact our customer service for you to provide the effective form of account cancellation (except as otherwise provided by laws and regulations), once you (or your company) cancel your account, you will not be able to use our services.

In order to protect the legitimate rights and interests of you or others, we will judge whether to support your cancellation request based on your use of the products provided by us. For example, if your paid service term is not expired, we will not immediately support your request, but will notify you about your remaining service term first.

Unless otherwise stipulated by laws and regulations, after the cancellation of your account, all information in your account will be emptied, and we will delete your Personal Data according to your request. If you are authorized to log in to our services through a third-party account (such as, Instagram, Facebook, etc.), you need to apply to the third party for cancellation of your account.

6.7   Restrict the Processing of Your Personal Data

You have the right to request the restriction of the processing of your information where (a) you are challenging the accuracy of the information, (b) the information has been unlawfully processed, but you are opposing the deletion of that information, (c) where you need the information to be retained for the pursuit or defense of a legal claim, or (d) you have objected to processing and you are awaiting the outcome of that objection request. You may contact us to exercise your right at support@creatie.ai.

6.8   Object to the Processing of Your Personal Data

You also have the right to object to the processing of your information in certain circumstances. This right applies when we are performing a task in the public interest, pursuing our legitimate interests or those of a third party, or when your data is processed for the purpose of facilitating scientific or historical research in certain circumstances. In submitting an objection request, please provide all relevant information, including the processing activity you are objecting to, why you want to object and how the processing activity affects you, and any additional information that you think will help us review your request. We will stop the particular processing if we don’t have compelling legitimate grounds to continue that processing or don’t need it for legal claims. You may contact us to exercise your right at support@creatie.ai.

6.9   Port Your Personal Data

You have the right to data portability in circumstances where we rely on contractual necessity or consent as our legal basis. This means that you have the right to receive your information in a structured, commonly used, and machine-readable format and to share it with a third party. You may contact us to exercise your right at support@creatie.ai.

6.10   Lodge A Complaint

You have the right to lodge a complaint with the competent supervisory authority about the way in which we process your Personal Data, or to bring an action before a court of competent jurisdiction. 

You may make a Personal Data rights request directly to us by emailing us at support@creatie.ai. As a general rule, we will process your request within one (1) month of receiving it. In the event of exceptional circumstances, we may delay our response to you, with an appropriate explanation, but this delay will not exceed one (1) month.

6.11   Know In Advance that Our Products and Services are No Longer In Operation

If some or all of our products and services are forced to stop operation due to special reasons, we will notify you fifteen (15) days in advance on the homepage or website of the products or services or send you an email or other appropriate means to reach you, and we will stop collecting your Personal Data. At the same time, the Personal Data held by us will be deleted or anonymized in accordance with the Applicable Privacy Law, unless otherwise stipulated by laws and regulations.

6.12   Require Us to Explain the Personal Data Processing Rules

In some business functions, we may make certain business decisions based on automated decision-making mechanisms including information systems, algorithms, etc., such as showing you personalized recommendations. If you believe that these decisions significantly affect your legitimate rights and interests, you have the right to ask us to explain the rules for processing your Personal Data, and we will provide you with adequate remedies accordingly.

6.13   Responding to the Above Requests from Users

For security purposes, users may be required to provide a written request or otherwise prove identity. We may ask users to verify their identities before processing the request.

For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost fee according to the situation. We may refuse requests that are unnecessarily repetitive, burdensome in practice (for example, the development of new systems or fundamental changes to existing practices), pose a risk to the legitimate interests of others, or are highly impractical (for example, involving information stored on backup tapes), and inform you of the reasons for refusal. However, please note that in the following circumstances, according to the requirements of laws and regulations, we will not be able to respond to your request for correction, deletion, cancellation of information, etc.:

• Directly related to national security and national defense security;

• Directly related to public safety, public health, and major public interests;

• Directly related to criminal investigation, prosecution, trial and execution of judgments;

• Where sufficient evidence suggest that you harbored ill intent or misused your rights;

• Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations;

• Involving trade secrets.

7. Younger Users

7.1   We provide products and services primarily for adults. Minors may not create their own user accounts without the consent of a parent or guardian. If you are a minor under the age of sixteen (16), we require that you ask your parent or guardian to read this Policy carefully and use our services or provide information to us only with the consent of your parent or guardian.

7.2   In cases where Personal Data of minors is collected with the consent of parents or guardians to use our products or services, we will only use, share, transfer or disclose this information as permitted by laws and regulations, with the express consent of parents or guardians or as necessary to protect minors.

7.3   If we discover that we have collected Personal Data from minors without prior verifiable parental consent, we will try to delete the data as soon as possible, and we will not be liable for any loss caused to you as a result of such deletion.

7.4   If at any time the guardian has reason to believe that we have collected Personal Data of minors without the consent of the guardian, please contact us through the contact information specified at the end of this Policy, and we will take measures to delete the relevant data as soon as possible.

8. Our Global Operations and Data Transfers

8.1   Personal Data collected and generated by our operations is stored within the territory of Singapore and United states, except in the following circumstances:

• Applicable Privacy Law have clear provisions regulating otherwise;

• Your express authorization has been obtained;

• You conduct online cross-border transactions or other personal initiatives.

8.2   In the above circumstances, we will ensure that your Personal Data is adequately protected in accordance with this Policy.

9. Privacy Policy Updates

9.1 As products and services are constantly updated and changed, this Policy may change in order to fully and timely inform you of the Personal Data processing rules.

9.2 We will not reduce your rights under this Policy without your explicit consent. We will post any changes we make to this Policy on a dedicated page.

9.3 For major changes, we will also provide more prominent notice (including for some services, we will notify you by way of publicity on the website or even provide you with pop-up prompts to explain the specific changes to the Policy), and we will reserve a reasonable period for you to consider whether to accept the changes before the changes take effect. If you continue to use our products and services after the new version of the Policy and User Agreement come into effect, it means that you have fully read and are willing to be bound by the updated Policy and User Agreement, and you can stop using our products and services if you do not agree to such changes.

9.4 Material changes referred to in this Policy include, but are not limited to:

• Significant changes in our service framework, such as the purpose of processing Personal Data, the types of Personal Data processed, the processing methods of Personal Data, etc.;

• Significant changes in our ownership structure, organizational structure, etc., such as business adjustment, bankruptcy merger and acquisition caused by the owner change;

• Significant changes in the primary recipients of Personal Data sharing, transfer, or public disclosure;

• Significant changes in your rights to participate in the processing of Personal Data and the ways in which they are exercised;

• When our department responsible for handling Personal Data security, contact methods or complaint channels changes;

• When the Data Protection Impact Assessment report indicates a high risk.

10. Contact Us

If users have any questions or comments regarding the content of this Policy, or regarding the practice and operation of this Policy, please contact us. You can send your questions to support@creatie.ai or to Privacy Protection Center, INTERACTIVE LINK PTE. LTD., 6 Shenton Way #37-03 Oue Downtown Singapore 068809. If you would like to contact our Data Protection Officer, you may contact us at the email and address above.

In general, we will respond to your request within one (1) month. In the event of exceptional circumstances, we may delay our response to you, with an appropriate explanation, but this delay will not exceed three (3) months.

If you are not satisfied with our response, especially if you believe that our Personal Data processing behavior has harmed your legitimate rights and interests, you can also seek a solution by filing a lawsuit with the court at the domicile or place of registration of INTERACTIVE LINK PTE. LTD.

Appendix: Additional Terms for Applicable Privacy Law

PART A - ADDITIONAL TERMS FOR EEA, UK & SWITZERLAND DATA PROTECTION LEGISLATION

Part A of this Appendix applies only to users located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland. In these regions, we comply with the provisions and requirements of the EU GDPR for the processing and protection of your Personal Data.

In the EEA, UK, and Switzerland, the General Terms (Section 1-10) of this Policy and this Appendix together constitute our notification of your Personal Data processing practices and govern our practices of Personal Data processing practices. The General Terms shall prevail over anything not mentioned in Part A of this Appendix, but in the event of a conflict between the contents of Part A of the Appendix and the General Terms, Part A of this Appendix shall prevail.

Data Transfers

In cases where the Personal Data is transferred outside of the EEA, UK, or Switzerland, we ensure that the following measures are taken for lawful transfers, for example:

(1) The recipient of the Personal Data is located in a country that has been granted an “adequacy” decision by the European Commission.

(2) The recipient has signed a “standard contractual clause” based on the European Commission’s determination, which requires the recipient to protect your Personal Data.

(3) In the absence of appropriate protection measures, we will obtain your explicit consent for the transfer of your Personal Data. At the same time, we will use adequate technology such as encryption or de-identification to protect your Personal Data.

PART B - ADDITIONAL TERMS FOR US STATE PRIVACY LAWS

Part B of this Appendix applies only to users located in the state of California, U.S. (“California”), except for Section 2.5, which applies to all United States residents. In this region, we comply with the provisions and requirements of the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively, the “CCPA & CPRA”) for the processing and protection of your Personal Data.

In California, the General Terms of this Policy and this Appendix together constitute our notification of your Personal Data processing practices and govern our practices of Personal Data processing practices. The General Terms shall prevail over anything not mentioned in Part B of this Appendix, but in the event of a conflict between the contents of Part B of the Appendix and the General Terms, Part B of this Appendix shall prevail.

1.   Sale and sharing of your Personal Data (within the last twelve (12) months)

In this section, we will inform you of the types of Personal Data we have sold or shared within the past twelve (12) months, the types of recipients of the Personal Data, and the purposes for which it was sold or shared. For purposes of CCPA & CPRA, “share”, “shared”, or “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data by the business to a third party for cross‐context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross‐context behavioral advertising for the benefit of a business in which no money is exchanged.

1.1   Sale of your Personal Data (within the last twelve (12) months)

We do not currently sell your Personal Data to any third parties. If we do sell your Personal Data in the future, we will inform you of this in advance through this Appendix and respect your right to restrict or refuse this.

Sharing of your Personal Data (within the last twelve (12) months)

Please see Section 3 of the General Terms of this Policy for the specifics.

In principle, we do not serve children (for the purposes of Part B this Appendix, a child is defined as a natural person under the age of sixteen (16)). However, please be aware that we do not have the ability to recognize age. Therefore, we are unable to determine whether the Personal Data we share contains Personal Data of children.

2.   Data Subject Rights

2.1   Be informed about what data is being collected, before collection

You have the right to know what Personal Data we collect about you, including the categories of Personal Data, the categories of sources from which Personal Data is collected, the business or commercial purposes for which Personal Data is collected, sold or shared, the categories of third parties to whom Personal Data is provided, and the specific fields of Personal Data we collect about consumers. See Section 3.2 and 3.3 of the General Terms of our Policy for how to exercise the right.

2.2   Access your Personal Data

You have the right to access your Personal Data. See Section 6.1 of the General Terms of our Policy for how to exercise the right.

2.3   Delete your Personal Data

You have the right to request us to delete your Personal Data. See Section 6.3 of the General Terms of our Policy for how to exercise the right.

However, we may choose not to respond to your request for deletion if any of the following occurs:

• To complete the transaction for which the Personal Data was collected, to fulfill the terms of a written warranty or product recall under federal law, to provide products or services requested by the user or reasonably expected by the user in the context of the ongoing business relationship between the business and the user, or to otherwise fulfill a contract between the business and the user;

• Helping to ensure the security and integrity of users’ Personal Data to the extent that the processing of such information is reasonably necessary and appropriate for such purposes;

• Debugging to identify and fix errors that impair existing intended functionality;

• Exercising the right to freedom of expression and safeguarding the ability of other users to exercise their own right to freedom of expression or other rights provided for by law;

• Complying with the California Electronic Communications Privacy Act, Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;

• Engaging in public or peer-reviewed scientific, historical, or statistical research that complies with or adheres to all other applicable ethical and privacy laws when the user has given prior consent and deletion of the information could result in an inability to complete or seriously impair the ability to complete;

• For internal-only uses that are reasonably consistent with the user’s expectations based on the user’s relationship with the business and are compatible with the environment in which the user provided the information.

2.4   Rectify your Personal Data

You have the right to request us to rectify the incorrect Personal Data collected by us. See Section 6.2 of the General Terms of our Policy for how to exercise the right.

2.5   Opt-out of selling or sharing your Personal Data

If you are a United States resident, you may opt out of the “sharing” of your Personal Data for the purpose of cross contextual advertising as these terms are defined under the California Consumer Privacy Act (“CCPA”) by contacting us at support@creatie.ai. We do not sell customer Personal Data.

2.6   Equal services

You have the right not to be treated in a discriminatory manner as a result of exercising your privacy rights under the CCPA, including:

• Refuse to provide you with products or services;

• Charge a different price or rate for products or services, including through the use of discounts or other favors or the imposition of penalties;

• Offer you products or services at a different level or quality of service;

• Implying that users will receive products or services at a different price or rate, or at a different level or quality of products or services;

• Other discriminatory measures.

Please understand, however, that the provision of various features of our products and services is subject to the processing of certain Personal Data. Where you choose to restrict our processing of certain Personal Data, you should understand that the functionality associated with it will not be available.

2.7   Status report on response to privacy rights

If you need information about our response to privacy rights, please contact us at support@creatie.ai.