Privacy Policy

Note on language versions

This privacy policy is available in Spanish, Catalan, English and German. In the event of any discrepancy between versions, the Spanish version shall prevail as the official text.

1. General information

This Privacy Policy governs the processing of personal data collected through the website owned by 361 Creativity and Innovation S.L.U. (hereinafter, the Website).

At 361 Creativity and Innovation S.L.U. we are committed to protecting the privacy of users and their personal data in accordance with:

  • Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR)
  • Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD)
  • Law 34/2002 on information society services and electronic commerce (LSSI-CE)

2. Data controller

Controller: 361 Creativity and Innovation S.L.U.

Trading name: Create361

Tax ID: ESB16422453

Address: Calle del General Weyler, 128–130, 08912 Badalona, Barcelona, Spain

Email: hello@create361.io

Website: www.create361.io

3. Personal data we collect

Through the contact form:

  • Name
  • Phone (optional)
  • Email address
  • Information contained in messages sent

Through emails you may send us:

  • Email address
  • Information contained in messages sent

Through web browsing:

  • IP address
  • Browsing and website usage data

The data requested will be strictly necessary for the purposes stated.

4. Purpose of data processing

Personal data will be processed for the following purposes:

4.1 Handling enquiries

Managing information requests, enquiries or communications made through:

  • Contact forms
  • Email

4.2 Service provision

Managing professional or commercial relationships with:

  • Clients
  • Suppliers
  • Collaborators

4.3 Sending communications and newsletter

Sending communications related to:

  • Company activities and services
  • Blog content
  • Events, projects and initiatives

These communications will only be sent when:

  • The user has requested them
  • They have subscribed to the newsletter. The newsletter is technically managed through Substack (Substack Inc., USA), acting as a data processor. Upon subscribing, your name and email address will be processed on Substack’s servers.
  • Prior consent has been given

4.4 Website improvement

Analysing website usage in order to:

  • Improve the user experience
  • Optimise content and services
  • Ensure website security

4.5 Cookies

This website uses its own technical cookies, necessary for correct functioning and navigation, as well as third-party analytical cookies through Google Analytics, which allow us to analyse site usage anonymously in order to improve its performance and, above all, its content (especially the blog), adapting it as closely as possible to the interests of visitors.

Cookie consent management is handled by Complianz, a certified compliance plugin that automatically detects the visitor’s location and applies the corresponding conditions in accordance with the regulations in force in their region (GDPR in the EU, among others).

You may accept, reject or customise cookie usage through the preferences panel available on this site. You may also configure your browser to reject cookies, although this may affect the functioning of the site.

For more information, please consult our [Cookie Policy].

5. Legal basis for processing

The processing of personal data is based on:

  • The user’s consent
  • The performance of a contractual or pre-contractual relationship
  • Compliance with legal obligations
  • The legitimate interest of the controller

6. Data retention

Personal data will be retained:

  • For as long as necessary to fulfil the purpose for which it was collected
  • For as long as a relationship with the user exists
  • Until the user requests its deletion
  • For the periods required by applicable legislation

Subsequently, data will be deleted or anonymised, or permission will be sought again for its processing.

7. Data recipients

Personal data will not be shared with third parties, except:

  • Legal obligation
  • Service providers necessary for the operation of the website

For example:

  • Hosting providers
  • Newsletter services (Substack Inc.)
  • Web analytics platforms
  • Newsletter services

These providers act as data processors and comply with data protection regulations.

8. International data transfers

Where technological services located outside the European Economic Area are used, we will ensure:

  • The existence of adequate safeguards
  • Or the application of standard contractual clauses approved by the European Commission

Substack (newsletter): The newsletter platform used, Substack Inc. (USA), has certified its adherence to the EU-U.S. Data Privacy Framework (DPF), adopted by the European Commission on 10 July 2023 as an adequacy decision. This certification can be verified at: www.dataprivacyframework.gov. Additionally, Substack’s Publisher Agreement incorporates Standard Contractual Clauses (SCCs) approved by the European Commission as a supplementary safeguard. Further information at: substack.com/privacy

Create361 monitors the validity of the applicable safeguards and will update this policy should any relevant regulatory changes occur.

9. User rights

Users have the right to:

  • Access their data
  • Rectify incorrect data
  • Request the deletion of their data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

To exercise these rights:

Please send a request to:

Email: hello@create361.io

Indicating:

  • Full name
  • The right you wish to exercise
  • A copy of your identity document

We will respond to your request within a maximum of 1 month from receipt. This period may be extended by a further two months in cases of particular complexity, and you will be informed of this within the first month.

You may also lodge a complaint with:

Spanish Data Protection Agency (AEPD)

https://www.aepd.es

10. Data security

361 Creativity and Innovation S.L.U. adopts appropriate technical and organisational measures to ensure the security of personal data and prevent:

  • Unauthorised access
  • Loss of information
  • Alteration of data
  • Unlawful disclosur

11. Minors’ data

We do not collect personal data from individuals under 14 years of age. If we detect that a minor has provided their data, we will delete it immediately.

12. Links to external sites

The website may contain links to third-party websites. Upon accessing them, we recommend that users review their privacy policies, cookie policies and terms of use, as these are independent from those of Create361.

361 Creativity and Innovation S.L.U. accepts no responsibility for the privacy policies or content of such sites.

13. Changes to the privacy policy

361 Creativity and Innovation S.L.U. reserves the right to modify this Privacy Policy to adapt it to:

  • Legislative changes
  • Changes to services
  • Website improvements

The updated version will always be available on the Website.

14. Date of last update

30 March 2026

Logo Kit Digital Logo Ministerio Logo Next Generation UE Logo PRTR Logo Red ES