My Creative Networks, as operated by Creative Business Network 

Privacy Policy

Updated version: July 2027

 

This Privacy Policy is edited by Fonden Creative Business Cup (“CBN”), as operator of My Creative Networks, a Foundation having its registered office at 7 Knabstrupvej, 2700-Bronshøj (Denmark) and registered with the Trade and Company Register of Denmark under the number 38445863 (hereafter, the “Data Controller”).

The Data Controller offers a platform, My Creative Networks (hereafter, the “Platform”, or “MCN”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). The Platform is available at the following url addresses: mycreativenetworks.commycreativenetworks.eumycreativenetworks.org.

The Data Controller uses a solution called “Hivebrite”, which enables the view, import and export of user lists and data, the view and management of content and events, the organization of emailing campaigns and opportunity research and sharing, direct messaging as well as the management of funds and contributions of any kind.

In this regard, the Data Controller collects and processes User’s personal data in accordance with the Privacy and Cookie policy.

The Data Controller is particularly aware and sensitive with regards to the respect of its Users privacy and personal data protection. The Data Controller commits to ensure the compliance of the processing it carries out as data controller in accordance with the Data Protection Law.

My Creative Networks being operated by CBN, a Denmark-based Foundation, it falls under the Data Protection Law, Act No. 502 of 23 May 2018, a supplementary national act to the EU regulation on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, EU Regulation n°2016/679 regarding data protection dated April 27, 2016 named General Data Protection Regulation or “GDPR”.

The Data Controller has put in place an appropriate privacy and cookie policy to be fully transparent on how the personal data of Users are processed within the use of the Platform and services provided.

This privacy policy is intended for the Users of the Platform of the Data Controller.

Data Responsible Entity:

Fonden Creative Business Cup

Knabstrupvej 7

2700 Bronshøj

CVR-nr: 38445863

[email protected]

 

Date of last update: 29/03/2024.

 

Article 1. COLLECTED PERSONAL DATA 

 

1.1 When subscribing on the Platform

When subscribing to the Platform, the User is informed that the following personal data is collected for the purpose of creating and maintaining a valid User account on the Platform:

Mandatory data

  • First name (at least one letter); 
  • Last name (at least one letter);
  • Email address;
  • City (includes the respective country for the designated City)
  • One (or more) cluster(s) (may be used to tailor your experience on MCN, such access rights to specific Platform features)
  • A one-liner description (free text)

The User is informed that the following personal data is collected for the purpose of enhancing a User details (all optional). By completing these, the User explicitly accepts that they will be stored on the Platform and may be made visible to other Platform Users based on User-viewer profile and/or membership level.

Optional data:

  • Birth date
  • Nationality(ies)
  • Resume or « CV » (file attachment)
  • Avatar (user-defined, can be a picture/image of user)
  • Description (free text)
  • Industries (can be multiple, includes focus areas and geography coverage)
  • Skills (multiple)
  • Secondary email
  • Mobile – Work
  • Landline – Work
  • Facebook profile (URL)
  • Instagram profile (URL)
  • Twitter profile (URL)
  • LinkedIn profile (URL)
  • Experience(s)
    • Job function
    • Industry(ies)
    • Start date
    • End date
  • Education(s)
    • Degree
    • Field of study
    • School name
  • Banking details (only if and when the user purchases a specific service/feature on MCN)
    • User’s bank identifier
    • User’s card(s) last four digits

Note : the full data is stored and subprocessed by Stripe – see Article 8 for Stripe privacy details

 

The User is informed that it is not possible to access the Platform without providing the mandatory data strictly necessary to create and maintain an account and authenticate the User on the Platform.

Access to user profile information by another User is only possible through the front-end and will depend on both the User-owner’s settings and membership level and the User-viewer’s membership level. In other words, if the User-owner has not agreed to make user profile information available, then even if the User-viewer has a membership level allowing access to this type of data, access will be denied.

 

1.2 During the use of the Platform

The User may validly publish, at its own initiative, any content on the Platform which shall be kept by MCN. The exact content available for publishing will depend on the User’s profile and membership level. The list of content categories listed below are listed for exhaustive illustration purposes and cannot be construed as an automatic and irrevocable access to the respective content publishing features:

(Note: the below features may have a custom front-end from one group to another) :

  • Live Feed, including original posts and/or comments thereto; 
  • News, including original posts and/or comments thereto;
  • Media, including original posts and/or comments thereto;
  • Forum, including original posts and/or comments thereto;
  • Events, including original posts and/or comments thereto;
  • Projects, including original posts and/or comments thereto;
  • Opportunities, including original posts and/or comments thereto;
  • Portfolios, including original posts and/or comments thereto.

 

The User is aware that when using the Platform, the User may decide to provide « sensitive data » within the meaning of Data Protection Law, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual orientation, etc. By providing such sensitive data, the User agrees to their processing by the Platform in the conditions set forth in this Privacy Policy. 

Via the My Settings / Privacy tab, the user has the possibility, at any time, to restrict, or un-restrict, the visibility of personal data:

  • By data type and by data element
  • By User relation (All, Favorites or Administration)
  • Within the People Directory, respectively the connected Groups/sub-communities

The User also has the possibility to restrict contact/notifications, also under My settings / Notifications tab.      

 

Article 2. THE PURPOSE OF THE DATA PROCESSING

The Data Controller and its subcontractors process personal data that are freely transferred by the User when accessing the services proposed by the Platform for the following purpose:

Purpose

Legal basis 

Creation and management of a user account;
  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Providing the User with all functionalities of the Platform, meaning: 

  • Sending invitations for events organized by Data Controller or other Users, if the User has accepted to receive such invitations;
  • Invite the User to events organized by the Platform
  • Invite and/or assign the User to groups setup and/or managed on the Platform by the Data Controller 

Management of data subjects’ rights according to the Personal Data Legislation.

Storage of User personal data. 

Management of financial transactions through the Platform, upon initiation of such transaction by the User.  

If and when applicable, as a result of the management of delinquencies and claims (such as a lawful investigation)

Management of prospection operations:

  • Sending email prospect campaigns in the name of MCN only 
  • Sending newsletters in the Name of Customer (the owner of a specific group on MCN) 

Making statistics in order: 

  • to improve the quality of the services proposed by the Platform;
  • improve the usage functionalities of the Platform; 

Making statistics regarding the effective use of the Platform; 

Making statistics regarding the different levels of activity on the Platform. 

 

Article 3. DATA RETENTION PERIOD

The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform. By subscription, it is understood both free and paid subscriptions.

Following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform shall be deleted after a period of 5 years maximum. This period may be shortened either at the request of the terminating User or by the Data Controller.

In addition, the Data Controller may from time to time, for example in order to better manage the data storage capacity of MCN, decide to unilaterally terminate the subscription of a dormant user account (the Dormant User), this being a User who has not performed any activity on MCN for prolonged period of time (minimum 365 consecutive calendar days).

 

Article 4. DATA TRANSFERS

The Users’ data are stored in the European Economic Area (EEA) by the Data Controller, and its trusted service providers. However, depending on the processing, the Users’ data may also be transferred in a country outside the EEA, to our trusted service providers.

When transferring data outside the EEA, the Data Controller ensures that the data are transferred in a secured manner and with respect to the Data Protection Law. When the country where the data are transferred does not have a protection comparable to that of the EU, the Data Controller uses “appropriate or suitable safeguards”. 

When the service providers to whom personal data are transferred, are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission.

Users can contact the DPO at the following address – see Article 6 below.

 

Article 5.   COMMITMENT OF THE DATA CONTROLLER

The Data Controller commits to process User’s personal data in compliance the Data Protection Law and undertake to, notably, respect the following principles:

  • Process User’s personal data lawfully, fairly, and in a transparent manner;
  • Only collect and process the Users’ data for the strict purpose as described under article 2 of the present privacy policy;
  • Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Under no circumstances is the Data Controller willingly providing access to any of the personal data for external commercial purposes. The personal data is meant for access to registered Users and, for some Platform features, for non-registered public viewing. Interaction with the data (understood to be commenting, sharing, “liking” or “tagging”) is only possible through the Platform by registered Users with a profile allowing for such interaction;
  • Do the best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date and take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
  • Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
  • Limit the access to the Users’ data to the persons duly authorized to this effect;
  • Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.

 

Article 6. EXERCISE OF THE USERS’ RIGHTS

The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability (where technically feasible), and to object.

When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

The User can exercise its rights by sending an email to the following address ([email protected] or[email protected]) or by land mail at the following address (Fonden Creative Business Cup, Knabstrupvej, 7, 2700-Bronshøj, Denmark) provided that the User justifies his/her identity.

In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent Danish supervisory authority (Datatilsynet).

For any additional information, you can review your rights on the websites of the competent authorities. The competent supervisory authorities are listed on the following website:

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

 

Article 7. COOKIES

The Data Controller informs the User that it does not make use of any cookies on MyCreativeNetworks.com. The only cookies in place are those setup by Hivebrite for the purpose of improving the User experience on the platform.

Hivebrite, as well as its subcontractors, uses a tracking technology on its terminal such as cookies whenever the User navigates on the Platform. Three types of cookies are placed:

  • Required cookie and trackers (always active)
  • _hivebrite_session. Purpose: To identify the User
  • cookie_consent_list_fo. Purpose: To record which cookies the User gives consent for
  • Stripe _stripe_mid. Purpose: For making online payments
  • Stripe _stripe_sid. Purpose: For making online payments
  • LinkedIn last_linkedin_sync. Purpose: For signing in with your LinkedIn account (if option activate by the Data Controller AND used by the User
  • Prisma Cloud pcc_bpc. Purpose: To run bot management and security filtering to protect our (Hivbrite) services
  • Launch Darkly (Tracker). Used to control the release of new features

 

  • Social network functional cookies (User optional)
  • Cookies and trackers that enable functionality linked to third party social network cookies platform. Deactivating thes cookies may result in some third party features not being available to the User, such as displaying Twitter and/or Facebook account feeds (where applicable)
  • Facebook fr. Purpose: Displaying Facebook feeds/posts in the Live Feed of the platform

 

  • Analytics cookies and trackers (User optional)
  • Cookies and trackers to gather analytics on user behavior on the platform in order to make improvements to the user experience. These cookies are used to know how users navigate on the website, where and when they intereact with the platform and its content.
  • Amplitude (Trackers) amp_242acf. For gathering analytics on platform usage

 

Important note: as per above, Hivebrite may use a cookie called “Amplitude”, to enable analytics of the User’s journey on the platform. This cookie involves a transfer of personal data to the United States of America. Hivebrite has signed Standard contractual clauses in order to comply with the requirements of the GDPR on personal data transfer, and will not use this cookie without gathering your consent first.

The User can at any time update/reset their consent via My Settings/Privacy – Reselect settings (very bottom of the User’s Privacy settings page under the User Profile page)

For more information about the processing carried out by Hivebrite as data controller, the User is invited to consult Hivebrite’s privacy policy

 

Article 8. RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA 

 

Only authorized persons working for the Data Controller, can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of User’s personal data.

 

The Data Controller also uses trusted service providers to carry out a set of operations on his behalf for hosting and payment services. The Data Controller can also use service providers in the tech industry, editors of specific tools integrated in the Platform for technical purposes.

     

The Data Controller only provides service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. The Data Controller does his best to ensure that all these trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability, and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing. 

 

The Data Controller may be required to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our terms of use/sale or any other conditions you have accepted; or to protect the rights, safety or property of Fonden Creative Business Cup, its customers or employees.

 

List of the main service providers:

 

Service Provider

Service

You can consult the privacy policy by clicking on the following link:

KIT UNITED

44 rue la Fayette 

75009 Paris

France

HIVEBRITE solution

 

 

 https://hivebrite.com/privacy-policy

 

Stripe

510 Townsend Street

San Francisco

CA 94103,

USA

Payment Service 

 

 https://stripe.com/fr/privacy

 

Google Cloud Platform

Gordon House, 4 Barrow St, 

Dublin, Ireland

Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups

https://cloud.google.com/security/privacy/

 

Amazon AWS

38 avenue John F. Kennedy, 

L-1855, Luxembourg

 

https://aws.amazon.com/compliance/gdpr-center/

Sentry

132 Hawthorne Street San Francisco, 

CA 94107

USA

Production and storage of error logs enabling our developers

to correct the code

https://sentry.io/privacy/

Sendgrid

375 Beale Street, Suite 300,

San Francisco, CA 94105

USA

Sending of emails from the Platform

https://api.sendgrid.com/privacy.html

Hivebrite, Inc.

16 Nassau St, 

New York, NY 10038,

USA

Customer support for the Platform

 https://hivebrite.com/privacy-policy

 

 

 

Article 9. Child Safety Standards Policy 

 

Child Safety Standards 

Any explicit content or child sexual abuse and exploitation (CSAE) is strongly prohibited on our application. 

Compliance with Child Safety laws & reporting 

Our app complies with applicable child safety laws and regulations. 

Our app ensures all content shared within the app is appropriate for a mixed audience, including children. User-generated content is moderated to prevent inappropriate material from being accessible.

Any CSAM (Child Safety Abuse Material) content will be automatically removed when flagged or reported through our moderation features or if we are directly contacted for this purpose. 

We will systematically take action to report confirmed CSAM content to the National Center for Missing and Exploited Children.
CSAM consists of any visual depiction, including but not limited to photos, videos and computer-generated imagery, involving the use of a minor engaging in sexually explicit conduct.

Child safety point of contact   

You can reach out to [email protected] if CSAM content is detected. 

Privacy and Data Protection

Our app is committed to protecting user data, especially for children under 13, in compliance with applicable regulations.

The privacy policy is displayed clearly and is accessible from the app settings and our website

All data is encrypted during transmission and stored securely.

Ads and Monetization

Our app does not include ads or monetized content. 

Transparency and Disclosures

Data safety: Detailed information is provided as per Google Play’s Data safety form.

Content ratings: IARC 3+, L, E, 3, 3, USK 0

Validation and updates 

Regular internal testing is conducted to ensure compliance with Google Play’s child safety standards, including functionality reviews and content audits.

Policies are reviewed quarterly or as required to align with updated child safety standards.