Effective date: 12th October 2023

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or purchase our products. We are committed to safeguarding your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

1. Who We Are
This website is operated by Creative Max Limited, registered in England and Wales.
Registered office: 5 Fourth Avenue, Halstead, Essex CO9 2SY
Email: sales@creativemax.com
We act as the Data Controller for the personal data collected via this website. Our Data Protection Register number is Z828671X

2. What Data We Collect
We may collect and process the following information:
- Identity and contact details (name, address, email, phone number)
- Order and payment information (processed securely via Stripe)
- Account details if you register with us
- Technical data such as IP address, browser type, and cookies
- Marketing preferences and communication history

3. How We Use Your Data
We use your information to:
- Process and fulfil orders and payments
- Provide customer service and respond to enquiries
- Improve our products, services, and website functionality
- Send marketing updates (only where you have consented)
- Comply with legal and regulatory requirements

4. Legal Basis for Processing
We process your data on the following lawful bases under the GDPR:
- Contractual necessity – to process your purchases and deliver goods
- Legitimate interests – to improve services and prevent fraud
- Legal obligation – to maintain records for tax and compliance
- Consent – for marketing communications

5. Payment Processing with Stripe
We use Stripe Payments UK Ltd as our third-party payment processor.
Stripe processes your payment information on our behalf in compliance with the UK and EU GDPR and PCI DSS security standards. Stripe may transfer data to the United States under approved international data transfer mechanisms (such as the EU-US Data Privacy Framework).
For more information, please review Stripe’s Privacy Policy: https://stripe.com/privacy

6. Cookies
Our website uses cookies and similar technologies to enhance functionality and analyse site usage.
You can control cookie settings via your browser or our on-site cookie banner. For full details, see our Cookie Policy.

7. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined above — typically for up to seven years for transaction records, or as required by law.

8. Data Security
We apply appropriate technical and organisational measures to protect personal data from loss, misuse, or unauthorised access, including SSL encryption, restricted access, and secure storage.

9. Data Sharing and Transfers
We do not sell personal data. We may share limited information with:
- Service providers such as Stripe, IT, and logistics partners
- Professional advisers (accountants, auditors, legal counsel)
- Regulators or authorities where legally required
When transferring data outside the UK or EEA, we ensure appropriate safeguards such as standard contractual clauses or adequacy decisions are in place.

10. Your Rights
Under the UK and EU GDPR you have the right to:
- Access, correct, or delete your data
- Withdraw consent at any time
- Restrict or object to processing
- Request data portability
- Lodge a complaint with the ICO (UK) or your local EU supervisory authority
Requests can be made by contacting us at sales@creativemax.com.

11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this website, and significant changes will be clearly notified.

12. Contact Us
If you have any questions about how we handle your data, please contact:
Data Protection Officer
Creative Max Limited
Email: sales@creativemax.com