Privacy Policy

Last updated: 25 March 2026

Creatine Cyprus, operated by A.N Revs Hospitality Services Ltd, based in Limassol, Cyprus ("we", "us", "our"), is the controller of the personal data described on this page for creatine.cy. We use personal data to run the storefront, take and fulfil orders, process payments, arrange delivery, send transactional emails, and answer customer enquiries. Privacy and GDPR-rights requests can be sent to info@creatine.cy.

This policy reflects the current live setup of the store, including checkout through Viva Wallet, order storage in Turso, website hosting on Vercel, transactional email delivery through Resend, and optional analytics via Google Analytics 4 only after consent.

1. Data we collect

Depending on how you use the site, we may collect:

• Full name
• Email address
• Phone number
• Shipping address
• Billing address, if different from shipping
• Order details such as products, quantities, discounts, shipping cost, VAT portion, and total paid
• Order reference data such as order number, order status, Viva order code, and Viva transaction ID after payment
• Any notes you add at checkout or details you send through the contact form
• Abandoned-checkout recovery records when you enter checkout contact details, including your cart snapshot, reminder-consent choice, and the time the draft was last updated
• Contact-form metadata needed to protect the site, such as your IP address for rate limiting
• Analytics and consent data only if you accept analytics cookies

Payment data: card payments are processed on Viva Wallet's hosted checkout. We do not store your full card number, CVV, or other raw payment card details on our own servers.

2. How we use your data

• To create, validate, and fulfil your order
• To collect payment through Viva Wallet
• To send order confirmation, shipping, and support emails
• To hand delivery details to our courier partner
• To answer support requests, return requests, or contact-form enquiries
• To identify incomplete checkout attempts and, where you have clearly opted in, prepare a later reminder workflow
• To maintain tax, accounting, refund, and fraud-prevention records
• To rate-limit abusive contact-form traffic and help protect the site
• To measure site usage with Google Analytics 4, but only after you opt in

We do not sell your personal data or share it with third parties for their own marketing.

3. Legal basis under GDPR

• Contractual necessity: to process payment, fulfil and deliver your order, and send essential order updates
• Legal obligation: to keep tax, accounting, consumer-law, and compliance records
• Legitimate interests: to prevent fraud, secure the site, rate-limit abuse, handle operational customer support, and review incomplete checkout attempts internally
• Consent: for optional analytics cookies, the loading of Google Analytics 4, and any future reminder email about an incomplete checkout

If you give analytics consent, you can withdraw it later through the Cookie settings control on the site or by clearing creatine.cy site data in your browser and revisiting the site.

4. Who we share data with

The current storefront relies on these service providers:

• Viva Wallet (viva.com): payment processing and payment transaction metadata
• ACS Courier: shipment delivery and tracking using customer name, phone, and delivery address
• Resend: transactional emails such as order confirmations, shipping updates, and contact-form forwarding
• Turso: database storage for orders and related store operations
• Vercel: hosting and delivery of the website
• Google Analytics 4 and Vercel Analytics/Speed Insights: visit analytics and basic web vitals, but only if you explicitly accept analytics cookies

We only share the data each provider needs for its role. For example, ACS receives delivery details, while Viva Wallet handles payment processing on its own checkout environment.

5. Cookies, local storage, and analytics

We use browser storage for essential storefront features. Your cart is stored in your browser's localStorage so it keeps working between visits. We also store your cookie-consent choice in localStorage so the banner does not reappear on every page load.

Analytics: Google Analytics 4 and Vercel Analytics/Speed Insights only load after you accept analytics. If you decline, the storefront still works and those analytics scripts are not loaded. Use the Cookie settings button on the site to revisit that choice at any time.

6. Data retention

• Order and accounting records: kept for at least 6 years so we can meet tax, bookkeeping, refund, and compliance duties
• Customer support and contact-form messages: kept for as long as reasonably needed to resolve the request and maintain a support history
• Abandoned-checkout recovery records: kept only for as long as needed to review incomplete checkouts and operate any consented reminder flow, then deleted or anonymised when no longer needed
• Cookie-consent and cart data in your browser: kept until you clear local browser storage or overwrite it with a new choice
• Analytics data: retained according to the active Google Analytics 4 property settings and Google's own retention controls

Where we no longer need data for these purposes, we will delete it or stop using it in an identifiable form, unless the law requires us to keep it longer.

7. Your rights

Under GDPR, you can ask us to:

• Give you a copy of the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete data where we no longer have a legal reason to keep it
• Restrict or object to certain processing
• Provide your data in a portable format where applicable
• Withdraw consent for analytics processing at any time

To exercise these rights, email info@creatine.cy. Please include enough information for us to identify the relevant order or enquiry. We aim to respond within one month, unless GDPR allows an extension for a complex request.

8. Data security and transfers

We use HTTPS across the site and rely on established third-party infrastructure for payments, hosting, email, and data storage. Some providers may process data outside Cyprus as part of their infrastructure. Where that happens, we expect the provider to use its standard contractual and security safeguards, such as EU adequacy decisions or Standard Contractual Clauses where relevant. We will not intentionally transfer customer order data to a processor unless it has an appropriate transfer and security basis for its role.

9. Contact

For privacy questions or data requests, contact us at:
Email: info@creatine.cy
Support page: Help & Contact
Company: A.N Revs Hospitality Services Ltd
Location: Limassol, Cyprus

You also have the right to complain to the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus, Iasonos 1, 1082 Nicosia, Cyprus, or through dataprotection.gov.cy.