PRIVACY POLICY
Last updated: May 2026
CONTENTS
1. Important Information and Who We Are
2. Types of Personal Data We Collect
3. How Your Personal Data Is Collected
4. How We Use Your Personal Data
5. Disclosures of Your Personal Data
6. International Transfers
7. Data Security
8. Data Retention
9. Your Legal Rights
10. Contact Details
11. Complaints
12. Changes to This Privacy Policy
13. Third-Party Links
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
1. IMPORTANT INFORMATION AND WHO WE ARE
This privacy policy explains how CREO Acquisitions collects and uses your personal data through your use of creo-academy.com, including any data you provide when purchasing a product or service from us.
This website is intended for business owners and adults only. We do not knowingly collect data relating to children under the age of 18.
Controller
CREO Acquisitions is the data controller responsible for your personal data (referred to as "CREO Acquisitions", "we", "us" or "our" in this privacy policy).
If you have any questions about this privacy policy, including requests to exercise your legal rights (see section 9), please contact us using the details in section 10.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
2. TYPES OF PERSONAL DATA WE COLLECT
Personal data means any information about an individual from which that person can be identified. We collect, use, store and transfer the following kinds of personal data:
Identity Data: first name, last name, username or similar identifier.
Contact Data: email address, telephone number, and business address.
Financial DataL payment card details (processed and stored by Stripe, we do not hold your full card details directly).
Transaction Data: details about payments to and from you and details of services you have purchased.
Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data: your account credentials, purchases made by you, preferences, feedback and survey responses.
Usage Data: information about how you use our website and services.
Marketing and Communications Data, your preferences for receiving marketing from us and your communication preferences.
We also collect aggregated data (such as statistical or demographic data) which is not personal data as it does not directly or indirectly identify you. For example, we may aggregate usage data to understand how visitors interact with our website in order to improve it.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
3. HOW YOUR PERSONAL DATA IS COLLECTED
We collect data from and about you through the following methods:
Direct interactions: you may provide personal data by filling in forms on our website, purchasing our products or services, contacting us by email or phone, subscribing to our emails or content, or requesting information from us.
Automated technologies: as you interact with our website, we automatically collect Technical Data using cookies, server logs and similar technologies. Please see section 4 for more on cookies.
Third parties: we receive personal data from the following third parties:
- Meta (Facebook/Instagram): for advertising and analytics
- Google: for analytics
- Stripe: for payment processing and transaction data
- GoHighLevel (CRM): for managing client relationships and communications
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
4. HOW WE USE YOUR PERSONAL DATA
Legal Basis
UK law requires us to have a legal basis for collecting and using your personal data. We rely on the following:
Performance of a contract: where we need to perform the contract we have entered into with you (e.g. delivering a course or service you have purchased).
Legitimate interests: where it is necessary to conduct our business and pursue our legitimate interests, such as improving our services, running our advertising, and maintaining client relationships. We always consider and balance any potential impact on you before relying on this basis.
Legal obligation: where processing is necessary to comply with a legal obligation we are subject to.
Consent: where you have actively agreed to a specific use of your data, such as subscribing to receive marketing emails. You may withdraw consent at any time.
Purposes and Legal Bases
To register you as a new client
Data used: Identity, Contact
Legal basis: Performance of a contract
To process and deliver your purchase, manage payments, and recover money owed
Data used: Identity, Contact, Financial, Transaction
Legal basis: Performance of a contract; Legitimate interests (debt recovery)
To manage our relationship with you, including notifying you of changes to our terms or privacy policy
Data used: Identity, Contact, Profile
Legal basis: Performance of a contract; Legal obligation; Legitimate interests
To administer and protect our business and website (troubleshooting, data analysis, system maintenance, security)
Data used: Identity, Contact, Technical
Legal basis: Legitimate interests; Legal obligation
To deliver relevant website content and advertisements and measure their effectiveness
Data used: Identity, Contact, Profile, Usage, Marketing and Communications, Technical
Legal basis: Legitimate interests
To improve our website, services and client experiences using data analytics
Data used: Technical, Usage
Legal basis: Legitimate interests
To send you marketing communications and make recommendations about services of interest to you
Data used: Identity, Contact, Technical, Usage, Profile, Marketing and Communications
Legal basis: Consent
Cookies
We use cookies on this website including essential, analytics, and marketing cookies. The Meta Pixel is active on this website and is used to measure the effectiveness of our advertising and to enable retargeting.
When you first visit the site, you will be asked to consent to non-essential cookies. You can manage your preferences at any time through your browser settings. Note that declining cookies may affect your experience on the site.
Direct Marketing
You will receive marketing communications from us if you have purchased from us or requested information from us and have not opted out.
You can ask us to stop sending marketing communications at any time by clicking the unsubscribe link in any email or contacting us at [email protected]. Even if you opt out of marketing, you will still receive essential service and account-related communications.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following third parties where necessary:
- Stripe: payment processing and storing transaction data
- Meta (Facebook/Instagram): advertising and conversion tracking
- Google: analytics
- GoHighLevel: CRM and client communications
- Zapier: workflow automations connecting our software
- Skool.com: hosting community and product content
- Email service providers: for sending marketing and transactional emails
We may also share your data with third parties in the event of a business sale, merger, or acquisition. In such cases, the new owners may use your personal data in the same way as set out in this policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process it for specified purposes in accordance with our instructions.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
6. INTERNATIONAL TRANSFERS
Some of our third-party service providers are based outside the UK. Whenever we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, including transferring only to countries deemed by the UK to provide an adequate level of protection, or by putting in place appropriate contractual safeguards.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
7. DATA SECURITY
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. Access to your personal data is limited to those with a genuine business need.
We have procedures in place to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
8. DATA RETENTION
We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including to satisfy legal, tax, accounting or reporting requirements.
By law, we are required to keep basic client information (including Contact, Identity, Financial and Transaction Data) for six years after the end of the client relationship for tax purposes.
In some circumstances you can ask us to delete your data, see section 9 for details.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
9. YOUR LEGAL RIGHTS
Under UK data protection law, you have the following rights:
Right of access: request a copy of the personal data we hold about you.
Right to rectification: ask us to correct inaccurate or incomplete data we hold about you.
Right to erasure: ask us to delete your personal data where there is no good reason for us to continue processing it.
Right to object: object to our processing of your personal data where we rely on legitimate interests, or object at any time to processing for direct marketing purposes.
Right to data portability: request that we transfer your personal data to you or a third party in a structured, machine-readable format (applies to data processed by automated means under consent or contract).
Right to withdraw consent: where we rely on consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
Right to restrict processing: ask us to suspend processing of your personal data in certain circumstances.
No fee is usually required to exercise these rights. We will respond to all legitimate requests within one month. Where requests are complex or numerous, we may extend this period and will notify you accordingly.
To exercise any of these rights, contact us at: [email protected]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
10. CONTACT DETAILS
For any questions about this privacy policy or how we handle your personal data:
CREO Acquisitions
Email: [email protected]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
11. COMPLAINTS
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues.
Website: www.ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at [email protected].
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
12. CHANGES TO THIS PRIVACY POLICY
We keep this privacy policy under regular review and may update it from time to time. Any changes will be posted on this page with an updated date at the top. Please check back periodically.
It is important that the personal data we hold about you is accurate. Please keep us informed if your personal data changes during your relationship with us.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
13. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.