Effective date: 9 September 2021
This Privacy Policy describes how your personal data is collected, used, and shared when you visit or use the website https://creativemilkshake.com (the “Site”) or use the related services (the “Services”) (collectively, “Creative Milkshake”). The Privacy Policy does not cover any third-party websites, applications, software, products or services that integrate with the Site or are linked to from the Site.
Owner of the Site
The Site is owned and operated by SPRITZ (HK) LIMITED having a registered business address at 45-51 Chatham Road South Kowloon, Hong Kong (“we,” “us,” and “our”). We act as a data controller with regard to the personal data processed through Creative Milkshake.
Personal data we collect and purposes for which we use it
Automatically collected information
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”. The majority of the Device Information is not considered to be personal data.
We collect the Device Information using the following technologies:
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
We use the Device Information for the following purposes:
To analyse what kind of users visit and use Creative Milkshake;
To examine the relevance, popularity, and engagement rate of the content available on the Site;
To conduct our marketing campaigns;
To investigate and help prevent security issues and abuse; and
To develop and provide additional features to the Site and new services.
In case your Device Information is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
Your Device Information may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Creative Milkshake, responding to lawful requests from public authorities or developing new products and services.
Personal data that you submit to us
We respect data minimisation principles. It means that we collect only a minimal amount of personal data that is necessary to ensure the proper provision of Creative Milkshake as described below. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. We do not use your personal data for any purposes that are different from the purposes for which it was provided. When processing personal data, we make sure that we do so by relying on one of the available legal bases. You can find more information about the legal bases below.
Book a call. When you book a call with us on the Site, we collect your name, email address, guest email addresses, phone number and any other information that you decide to provide us in your message. We use such information to schedule and make the call. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (to promote the Services). We store such data until the call ends.
Sign up. When you sign up on the Site, we collect your first name, last name, email address, VAT number, and password. Later, you can add your address. We use such information to register your account, provide you with the Services, contact you (if necessary) and maintain our business records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (to administer Creative Milkshake). We store such data until you delete your user account.
Newsletter. When you subscribe to our newsletter, we collect your email address. It is used to deliver you our newsletter. The legal basis on which we rely is ‘your consent.’ We keep your email address until you unsubscribe from our newsletter.
Inquiries. When you contact us by email or via chat, we collect your full name, email address, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (grow and promote Creative Milkshake) and ‘your consent’ (for optional personal data). We store such data until you stop communicating with us.
Purchase of the Services. When you purchase the Services through the Site, we collect your product name, product URL, information about your products and target audience, full name, billing address, phone number, and payment information (name on your card, card number, and expiration date). If you choose to pay by PayPal, we collect your PayPal details (name, address, and email address). We use such data to process your payment, provide you with the requested Services, contact you (if necessary), and keep our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., to administer our business and comply with the applicable laws). We retain such data for as long as necessary for accounting purposes.
Sensitive data
We do not collect or have access to any special categories of personal data from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation. Refusal to provide personal data If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Site, our Services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
Marketing communication and service notices
Newsletters
If we have your email address, we may, from time to time, send you information about our Services. You will receive our newsletters in the following instances:
If we receive your express (“opt-in”) consent to receive marketing messages; or
If you ask us to send you information about our Services by subscribing to our newsletter; or
If we decide to send you information closely related to the Services already used by you.
Opting-out from our newsletters
You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our emails or by contacting us directly.
Service-related notices
We send you important transactional emails, such as confirmation receipts, invoices, updates about the Services, technical notices, and other administrative updates. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.
Sharing your personal data
Our data processors
We share your personal data with third parties (our data processors) to help us use your personal data for its intended purposes, as described above. For example, we use:
Shopify located in Canada to power our online store. You can read more about how Shopify uses your personal data here: https://www.shopify.com/legal/privacy.
Google Analytics located in the US to help us understand how you use the Site. You can read more about how Google uses your personal data here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Klaviyo located in United States for email services. You can read more about their privacy practices here: https://www.klaviyo.com/legal/privacy-policy.
The disclosure of your personal data is limited to the situations when your personal data is required for the following purposes:
Ensuring the proper operation of the Site;
Ensuring the delivery of the Services ordered by you;
Providing you with the requested information;
Enforcing our rights, preventing fraud, and security purposes; or
If you provide your prior consent to such a disclosure.
Legal obligations
We may also share your personal data to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Successors
In case our company or the Site are sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy. We will notify you of any changes of the data controller.
International transfers
Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.
Behavioral advertising
If we have a legal basis to do so (e.g., your consent), we may provide you with targeted advertisements or marketing communications that we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt-out of targeted advertising by using the links below:
Facebook: https://www.facebook.com/settings/?tab=ads
Google: https://www.google.com/settings/ads/anonymous
Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Do not track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
Your rights
If you are a European resident, you have the right to access the personal data that we hold about you and to ask that your personal data be corrected, updated, deleted, or transferred to another processor. In more detail, you have the following rights:
You have the right to control how your personal data is processed by us by exercising the rights listed below (unless, in very limited cases, the applicable law provides otherwise):
Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
Right to rectification: you can rectify inaccurate personal data that we hold about you;
Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
Right to restriction: you can ask us to restrict the processing of your personal data;
Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
Right to object: you can ask us to stop processing your personal data;
Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
Right to complaint: you can submit your complaint regarding our processing of your personal data.
Exercising your rights
If you would like to exercise your rights, please contact us through the contact information below and explain your request in detail. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to correctly identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
Launching a complaint
If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Non-discrimination
We do not discriminate against you if you decide to exercise your rights. It means that we do not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality services.
Data retention
We store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its primary purposes and we do not have another legal basis for storing it, we securely delete your personal data from our systems.
In certain cases, we are required by law to store your personal data for a certain period of time (for example, for accounting or business records purposes). Thus, we may keep your personal data for the time period stipulated by the applicable law and securely delete it as soon as the required storage period expires.
Security measures
We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include:
Firewalls;
Anti-virus scanning;
Internal vulnerability scanning;
Anonymisation;
Access control;
Secured networks; and
Carefully selected data processors.
Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data that was caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
Minors
The Site is not intended for individuals under the age of 18.
Contact us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail at hello@creativemilkshake.com or by mail using the details provided below:
Spritz HK Limited
[Re: Privacy Compliance Officer]
45-51 Chatham Road South Kowloon, Hong Kong