Privacy Policy
Data Controller: CreativeIgniter is a trading name of Florin Pinta, sole trader, Tuam, Co. Galway, Ireland. Email: office@creativeigniter.com
1. Introduction
CreativeIgniter ("we", "our", or "us") operates the website creativeigniter.com — a platform for purchasing and downloading digital web templates and development resources. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
By using our website or purchasing our products, you acknowledge that you have read and understood this policy.
2. Data Controller
The data controller responsible for your personal data is:
Tuam, Co. Galway, Ireland
Email: office@creativeigniter.com
As we are a sole trader operating from Ireland, we are subject to Irish and EU data protection law. We are not currently required to register with the Data Protection Commission (DPC) but you may contact the DPC directly at www.dataprotection.ie.
3. Personal Data We Collect
We collect data in the following ways:
3.1 Data you provide directly
- Account registration: name, email address, password (stored as a bcrypt hash)
- Billing & shipping address: full postal address for order records
- Payment processing: payment details (card or PayPal) — these are processed entirely by our payment provider (Stripe / PayPal) and are never stored on our servers
- Contact form: name, email address, and message content
- Profile information: optional avatar, phone number, bio
3.2 Data collected automatically
- Log data: IP address, browser type, operating system, pages visited, date & time of visits, referring URL
- Session data: Laravel session identifiers stored in a server-side cookie
- Consent records: a record of which cookie and email consent choices you made, including timestamp and IP address
- Login logs: IP address, user agent, and timestamp of each login for security purposes
4. Legal Basis for Processing (GDPR Art. 6)
We only process personal data where we have a lawful basis to do so. The basis used for each processing activity is:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract (Art. 6(1)(b)) |
| Processing and fulfilling purchases | Contract (Art. 6(1)(b)) |
| Sending order confirmation & invoices | Contract (Art. 6(1)(b)) |
| Retaining transaction records for tax/accounting | Legal obligation (Art. 6(1)(c)) |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Essential cookies (session, CSRF) | Legitimate interests (Art. 6(1)(f)) |
| Analytics cookies | Consent (Art. 6(1)(a)) |
| Marketing emails & newsletter | Consent (Art. 6(1)(a)) |
| Responding to contact form enquiries | Legitimate interests (Art. 6(1)(f)) |
5. How We Use Your Data
- To create and manage your account
- To process and fulfil your orders and deliver digital downloads
- To send transactional emails (order confirmation, invoice, download link)
- To send marketing emails and newsletters — only with your consent
- To respond to your enquiries and provide customer support
- To detect and prevent fraud and unauthorised access
- To comply with our legal and tax obligations
- To improve our website and products (where analytics consent has been granted)
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
6. Cookies & Tracking Technologies
We use cookies — small text files stored in your browser. When you first visit our site, a cookie consent banner gives you control over non-essential categories. You can change your preferences at any time via the Cookie Settings button at the bottom of every page.
| Category | Examples | Can be disabled? |
|---|---|---|
| Essential | Session cookie (ci_session), CSRF token (XSRF-TOKEN), cookie consent record (ci_cookie_consent) |
No — required for the site to function |
| Analytics | Aggregate page-view counters — no personal identifiers sent to third parties | Yes — via Cookie Settings |
| Marketing & Personalisation | Promotional content preferences | Yes — via Cookie Settings |
Cookie consent choices are stored for up to 12 months. You may withdraw consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
7. Third-Party Services & Data Processors
We use the following third-party services which may process your personal data as data processors on our behalf:
| Processor | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Card payment processing | stripe.com/ie/privacy |
| PayPal | PayPal payment processing | paypal.com privacy policy |
| Hosting provider | Web hosting and server infrastructure | Subject to the host's data processing agreement |
| Transactional email provider | Sending order confirmation and account emails | Subject to the provider's data processing agreement |
We do not share your data with any other third parties except where required by law.
8. Data Retention
We retain personal data only for as long as necessary:
- Account data: retained while your account is active, then deleted within 30 days of an accepted account deletion request (except where a legal hold applies)
- Order and transaction records: retained for a minimum of 7 years in compliance with Irish Revenue Commissioners requirements
- Consent records: retained for 5 years from the date of the consent event (GDPR accountability obligation)
- Contact form submissions: retained for 12 months, then deleted
- Security / login logs: retained for 90 days
9. Your Rights Under GDPR
Under the GDPR (Articles 15–22), you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of all personal data we hold about you. Use the Download My Data feature in your Privacy & Data settings.
- Right to rectification (Art. 16): Correct inaccurate or incomplete personal data via your account settings.
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your account and personal data. Submit a deletion request from your Privacy & Data page. Note: data subject to a legal retention obligation (e.g. financial records) cannot be erased.
- Right to restriction of processing (Art. 18): Ask us to pause processing of your data while a dispute is resolved.
- Right to data portability (Art. 20): Download your personal data in a machine-readable JSON format via your account settings.
- Right to object (Art. 21): Object to processing based on legitimate interests; we will cease unless compelling grounds exist.
- Right to withdraw consent (Art. 7(3)): Withdraw any previously given consent at any time via your Privacy & Data page or the Cookie Settings button.
To exercise any right, email us at office@creativeigniter.com. We will respond within 30 days as required by law.
10. International Data Transfers
Some of our data processors (e.g. Stripe, PayPal) are headquartered in the United States. Any transfer of personal data outside the EEA is conducted under:
- An EU–US Standard Contractual Clauses (SCCs) arrangement, or
- An adequacy decision by the European Commission
Details of the safeguards applied by each processor are available in their respective privacy policies linked in Section 7.
11. Security of Data
We implement technical and organisational measures to protect your data, including:
- HTTPS / TLS encryption for all data in transit
- Passwords stored as bcrypt hashes — never in plain text
- CSRF protection on all forms
- IP-based login logging for security monitoring
- Access to production data restricted to authorised personnel only
No method of data transmission or storage is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the DPC as required by GDPR Article 33/34.
12. Children's Privacy
Our service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes, we will notify registered users by email. Your continued use of the website after the effective date constitutes your acknowledgement of the revised policy.
14. Contact & Complaints
If you have any questions about this Privacy Policy or wish to exercise your rights, contact us:
If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Web: www.dataprotection.ie