Privacy Policy

Last updated: February 12, 2026

I. General Provisions

This Privacy Policy describes how personal data of Users is collected, processed, and stored in connection with the use of the website cre8eve.eu (hereinafter: the Website). The Website collects only personal data necessary for providing the services offered. Personal data collected through the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and the Polish Personal Data Protection Act of 10 May 2018.

II. Data Controller

The controller of personal data collected through the Website is CRE8EVE Sp. z o.o., address: Tulipanowa 4, 72-003 Dobra, Poland, KRS: 0001191917, Tax ID (NIP): 8522721583, REGON: 540174556, email address: info@cre8eve.eu (hereinafter: the Controller).

The Controller is not required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR. All matters related to the protection of personal data should be directed to: info@cre8eve.eu.

III. Purpose of Personal Data Collection and Legal Basis

Personal data is processed only for the following purposes with their legal basis:

Communication with the User (email contact, phone) – legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller in handling inquiries).
Performance of contracts for services provided by the Controller (consulting, mentoring, B2B services, VR) – legal basis: Art. 6(1)(b) GDPR (performance of a contract).
Security and maintenance of the Website (technical logs, IP, user-agent) – legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller in ensuring technical security).
Establishment and pursuit of legal claims or defense against them – legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller).
AI-assisted telephone communication – handling incoming phone calls via an AI voice assistant, including voice data processing and conversation content analysis – legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller in providing efficient customer service). The caller is informed at the beginning of each call that they are communicating with an AI system and may disconnect at any time.

Providing personal data is voluntary but necessary for contact and provision of services by the Controller.

IV. Types of Personal Data Processed

The Controller may process the following categories of personal data:

Contact data: first and last name, email address, telephone number
Business data: company name, Tax Identification Number (NIP), registered office address (for B2B cooperation)
Technical data: IP address, browser type (user-agent), date and time of visit, error information (server logs)
Voice and call data: voice recordings and voice data transmitted during telephone calls handled by the AI assistant, call metadata (caller's phone number, date and time of call, call duration), and conversation content processed by the AI system

V. Personal Data Retention Period

User personal data will be processed for the following periods:

Contact data (email, phone): until the matter is closed + the period required for defense against claims (up to 3 years in accordance with provisions on the limitation of claims related to business activities).
Contractual data (B2B cooperation): for the duration of the contract and the period of retention of accounting documentation required by law (up to 5 years from the end of the year in which the cooperation ended).
Technical logs (security): for a maximum period of 12 months.
Voice and call data (AI telephone service): call metadata is retained for up to 12 months. Voice data is processed in real time during the call and is not permanently stored by the Controller. Data processors (Twilio, ElevenLabs) may retain data in accordance with their respective data processing agreements and privacy policies.

VI. Disclosure of Personal Data

User personal data may be transferred only to the following recipients:

Railway Corporation (railway.app) – website hosting provider. Servers are located in the European Union region (EEA).
Google LLC (Google Workspace) – email service provider for handling correspondence at info@cre8eve.eu. Servers are located in the USA and EEA.
Twilio Inc. – telecommunications platform providing phone call routing for the AI telephone service. Call metadata and caller's phone number are processed. Twilio's infrastructure for the Controller's phone number is located in the EU region (Ireland, IE1). Twilio Inc. is based in the USA and applies Standard Contractual Clauses (SCC) and is covered by the EU-U.S. Data Privacy Framework.
Eleven Labs, Inc. (ElevenLabs) – AI voice processing platform providing conversational AI capabilities for the telephone service. Voice data and conversation content are processed. ElevenLabs is based in the USA and applies Standard Contractual Clauses (SCC) in accordance with Commission Implementing Decision (EU) 2021/914, as incorporated in its Data Processing Addendum (DPA). ElevenLabs is also covered by the EU-U.S. Data Privacy Framework. ElevenLabs has appointed a Data Protection Officer and maintains an EU entity: ElevenLabs Poland sp. z o.o. (Warsaw, KRS: 0000989620).
Law firms and accounting entities – in case of necessity to provide legal or accounting services (only within the EEA).

Transfers outside the European Economic Area (EEA): Personal data may be transferred outside the EEA (to the USA) in connection with the use of services provided by: (1) Google LLC (Google Workspace) for email services, (2) Twilio Inc. for telephone call routing, and (3) Eleven Labs, Inc. (ElevenLabs) for AI voice processing. All of these providers apply appropriate safeguards in the form of Standard Contractual Clauses (SCC) approved by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914, in accordance with Art. 46 GDPR. Additionally, all providers are covered by the EU-U.S. Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023), which ensures an adequate level of personal data protection pursuant to Art. 45 GDPR.

VII. User Rights

Website Users have the right to: access their personal data, rectify it, erase it, restrict processing, data portability, object to processing, and withdraw consent at any time (which does not affect the lawfulness of processing based on consent before its withdrawal). Requests to exercise any of the above rights should be sent to info@cre8eve.eu. The Controller will fulfill or refuse to fulfill the request without undue delay – within one month of receiving it at the latest. In particularly complex cases or when a large number of requests are received, this deadline may be extended by a further two months in accordance with Art. 12(3) GDPR. The Controller will inform the User of any such extension within one month of receipt of the request, together with the reasons for the delay. Users have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland) if they believe that the processing of their data violates their rights and freedoms under the GDPR.

VIII. Cookies

The Website uses only cookies necessary for the functioning of the site (e.g., storing user consent for cookies in localStorage). Detailed information about cookies can be found in a separate document available in the website footer ("Manage cookies").

Users can change their cookie settings at any time in their browser or use the cookie management panel available in the website footer.

The Website honors Global Privacy Control (GPC) signals. Since the Website uses only essential cookies and does not engage in tracking, analytics, or marketing activities, GPC signals are inherently respected.

IX. AI-Powered Telephone Service and Transparency

The Controller operates an AI-powered telephone service available at the phone number listed on the Website. This service uses artificial intelligence (Eleven Labs, Inc.) to conduct voice conversations with callers. In accordance with Art. 50 of Regulation (EU) 2024/1689 (EU AI Act), every caller is informed at the beginning of the conversation that they are interacting with an AI system, not a human being.

The AI telephone service is classified as a limited-risk AI system under the EU AI Act. It is subject to transparency obligations but does not require a full conformity assessment.

The AI system processes voice data in real time to understand the caller's inquiry and generate an appropriate voice response. The system does not make automated decisions that produce legal effects or similarly significantly affect the caller within the meaning of Art. 22 GDPR. The system does not engage in profiling.

The caller may disconnect the call at any time if they do not wish to interact with the AI system. During the conversation, the AI Assistant will provide information on how to contact a human representative. The caller may also contact the Controller via email at info@cre8eve.eu.

X. Security of Data

The Controller applies appropriate technical and organizational measures to ensure the security of processed personal data, in particular, protects data against unauthorized disclosure, loss, damage, or destruction.

XI. Final Provisions

The Controller reserves the right to make changes to this Privacy Policy, provided that User rights will not be restricted. Information about any changes will be indicated by an updated date at the beginning of the document.

In matters not regulated by this Privacy Policy, the provisions of the GDPR and Polish law shall apply.

This website uses only essential cookies that are necessary for the proper functioning of the service. We do not use cookies for marketing, advertising, or analytical purposes. We only store your decision regarding the acceptance of this notice (in the browser's localStorage).

Essential Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems.

Cookie Name	Purpose	Duration
cookiesAccepted	Stores your cookie consent preferences	Persistent (localStorage)
cookiesConsentId	Unique identifier for your consent decision	Persistent (localStorage)
cookiesConsentTimestamp	Date and time when consent was given	Persistent (localStorage)

Analytics Cookies

We currently do not use analytics cookies. The website does not use tools such as Google Analytics or other traffic tracking systems.

Marketing/Advertising Cookies

We currently do not use marketing or advertising cookies. The website does not work with external advertising partners.

Your Choices

Since we only use essential cookies, there is no need to manage additional categories. Essential cookies (cookiesAccepted in localStorage) cannot be disabled as they are required for the website to work properly. You can clear your browser data at any time to remove information about your decision.

Cookies are small text files that can be used by websites to make the user experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This website uses only essential cookies necessary for its proper functioning. We do not use third-party cookies, analytics cookies, or marketing cookies.

You can change or withdraw your consent at any time from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us, and how we process personal data in our Privacy Policy.

When contacting us regarding your consent, please provide your consent ID and date. You can find your consent ID in the cookie details tab or in your browser's localStorage under the key cookiesConsentId.