Privacy Policy

Let’s Crea8 (Giovanni Liebenberg t/a Let’s Crea8)

Last Updated: June 25, 2026

1. Introduction

Let’s Crea8 (“we”, “us”, or “our”) is a web design, graphic design, digital marketing, and e-commerce integration service provider based in South Africa. We respect your privacy and are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA), and where applicable, international data protection laws such as the EU/UK General Data Protection Regulation (GDPR / UK GDPR). This Privacy Notice applies to all data subjects whose personal information we process. A “data subject” includes, but is not limited to: clients and prospective clients; suppliers and vendors; service providers and contractors (including occasional subcontractors); job applicants; and any other individuals whose personal information we process in the course of our business operations. (This notice does not apply to our own employees/staff, who receive a separate internal staff privacy policy.) This Privacy Notice explains how we collect, use, store, share, and protect personal information when you interact with our website (crea8.co.za), contact us via forms, email, WhatsApp, phone, submit a job application, supply goods/services to us, or otherwise engage with our business. By providing your personal information to us, you acknowledge that you have read and understood this Notice.

2. International Clients and Data Protection Laws

We provide services to clients in South Africa and internationally, including the United Kingdom and the United States. While this Privacy Notice is primarily drafted to meet POPIA requirements, we aim to apply equivalent protections consistent with GDPR principles when processing personal data of individuals in the EU or UK. If you are located in a jurisdiction with specific data protection rights, please contact us so we can assist you appropriately.

3. Who We Are (Responsible Party)

Business Name: Giovanni Liebenberg t/a Let’s Crea8 Physical Address: 16 Park Street, Perlamoenbaai, Gansbaai, 7220, Western Cape, South Africa Information Officer: Giovanni Liebenberg (Founder & Owner) Information Regulator Registration Ref: 202606014489 Email: gio@crea8.co.za Phone: +27 83 300 0158 You can contact our Information Officer with any questions or requests regarding your personal information.

4. Personal Information We Collect

We collect the following categories of personal information / personal data:
  • Contact details: Name, email address, phone number, and physical/postal address.
  • Business details: Company name and VAT registration number.
  • Billing-related information: Details required to issue and send invoices and statements.
  • Technical / usage information: We may indirectly collect anonymous technical data (such as IP address, browser type, or device information) via Google Analytics and Google Search Console. Analytics data is anonymised and not used for identification purposes.
  • Cookies and tracking data: Managed through CookieYes on our WordPress website.
We do not collect special personal information (such as health, religious, biometric, or race data) or information about children under 18. Our services are aimed at business owners, executives, and general managers. For suppliers, contractors and job applicants we typically collect only basic contact and business details necessary for the relevant relationship (e.g. invoicing, project coordination or recruitment).

5. Lawful Bases for Processing

We only process your personal information on valid lawful bases, including: Consent – where you have given clear consent for a specific purpose; Contract – to perform our services or take steps at your request before entering into a contract; Legal obligation – where we are required by law to process your data; Legitimate interests – for our business purposes (e.g. website maintenance, responding to enquiries, improving our services), provided your rights do not override our interests.

6. How We Collect Your Information

We collect your personal information through: website contact / enquiry forms; email, WhatsApp, and phone correspondence; Google Analytics (anonymised, consent-based); and cookies (via CookieYes).

7. Purpose of Processing

We process your personal information only for the following specific purposes: to communicate with you about the web design, graphic design, digital marketing, or e-commerce services in which you have expressed interest; to provide our contracted services and manage client projects; to issue invoices, process billing, and maintain financial records; to respond to enquiries and provide customer support; and for legitimate business purposes such as website maintenance, analytics (anonymous), and record-keeping.

8. Voluntary or Mandatory Provision

Providing certain personal information (such as name, email, phone, and business details) is mandatory if you wish to receive a quote, engage our services, or receive billing documents. Without this information we may be unable to provide or invoice for our services. Other information is voluntary; choosing not to provide optional details may limit our ability to assist you fully.

9. Sharing Your Personal Information

We only share your personal information with third parties when strictly necessary and on a “need-to-know” basis. This includes service providers we use for day-to-day operations, including cloud storage and email (Google Workspace, iCloud, Microsoft OneDrive), invoicing and billing (Zoho Invoice), website security, backup and maintenance tools (Wordfence, WPvivid, ManageWP, Imagify), communication platforms (WhatsApp), website analytics (Google Analytics), and cookie consent management (CookieYes). Each provider has their own privacy policy and data protection commitments. We only share information with these providers to the extent necessary for our legitimate business operations. Occasional subcontractors may be used for social media management or additional graphic design work when we are overloaded with projects; in such cases only key project requirements are shared, and personal information is not disclosed unless absolutely necessary for the specific task. We have appropriate agreements in place to ensure they process any information securely and in line with POPIA (and GDPR principles where applicable).

10. Cross-Border Transfers

Some of our service providers (e.g. Google Workspace, iCloud, Microsoft OneDrive, Zoho) may store or process data outside South Africa, including in countries such as the United States. Where personal information is transferred internationally, we take reasonable steps to ensure appropriate safeguards are in place, such as secure, encrypted connections; service provider agreements that include appropriate safeguards (including Standard Contractual Clauses or equivalent mechanisms where required for GDPR compliance); and reliance on your consent or the necessity of the transfer to perform our contract with you.

11. Cookies and Tracking Technologies

We use cookies and similar technologies on our website, managed through CookieYes. A cookie consent banner is displayed to allow you to manage your preferences. Essential cookies are necessary for the website to function. Non-essential cookies are only used with your consent. You can manage or withdraw consent at any time through the banner or your browser settings.

12. Storage and Security

We store your personal information using secure tools including Mac software (Mail, Contacts), Google Workspace, Zoho Invoice, and WhatsApp (with disappearing messages set to 90 days where applicable). We take reasonable technical and organisational measures to protect your information, including Avast Premium Security on our devices, Apple Passwords for secure credential management, regular deletion of sensitive data where possible, and access controls and secure communication channels. While we strive to protect your information, no system is completely secure. We will notify you and the relevant supervisory authority of any security compromises as required by law.

13. Retention of Personal Information

We retain your personal information only as long as necessary for the purposes described above or as required by law. Our standard retention periods are: client project files — 5 years from project completion; billing and invoice records — 7 years (SARS legal requirement); enquiry and prospect data — 2 years from last contact; job applications — 6 months unless a position is offered; website analytics data — 14 months (Google Analytics default). You may request permanent deletion of your information at any time, subject to legal obligations such as billing records which we are required by law to retain.

14. Your Rights

You have the following rights regarding your personal information:
  • Right of access — request access to the personal information we hold about you.
  • Right to correction or deletion — request correction or deletion of inaccurate, irrelevant, or excessive information. Once your request has been actioned, we will notify you of the correction, deletion or destruction carried out.
  • Right to object — object to the processing of your personal information at any time, including for direct marketing purposes.
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent.
  • Right to data portability — request your data in a structured, commonly used format.
How to submit a request: you may submit any of the above requests free of charge through any of the following channels:
  • Email: gio@crea8.co.za (preferred channel for record-keeping purposes)
  • WhatsApp: +27 83 300 0158 (please follow up any WhatsApp request with an email confirmation to ensure it is properly recorded and actioned)
  • Post: 16 Park Street, Perlamoenbaai, Gansbaai, 7220, Western Cape, South Africa
We will respond to all requests within 30 days of receipt. You may also submit a request using our dedicated Personal Data page: Personal Data page

15. PAIA Manual

You may access our PAIA Manual here: PAIA Manual – Let’s Crea8

16. Complaints

If you are unhappy with how we have handled your personal information, please first contact our Information Officer. You also have the right to lodge a complaint with the Information Regulator (South Africa) or the relevant supervisory authority in your jurisdiction. Information Regulator (SA): inforeg@justice.gov.za | +27 10 023 5200

17. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the updated “Last Updated” date. We encourage you to review it periodically.

18. Contact Us

For any questions about this Privacy Policy or our data practices, please contact: Giovanni Liebenberg | Email: gio@crea8.co.za | Phone: +27 83 300 0158