Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
No code website builder originating from Russia that lets users create landing pages, blogs and small online shops with drag and drop blocks and templates. Hosting and integrated analytics are operated by Creatium.
Creatium is a no code website builder originating from Russia. Users assemble landing pages, blogs and small online shops from drag and drop blocks and templates. Hosting, CDN and integrated analytics (typically Yandex Metrica) are operated by Creatium on Russian infrastructure.
Creatium hosts the website content, processes account and billing data of the site owner, and through its built in analytics captures IP addresses, page views, referrers and visitor identifiers. Integrated messengers, forms and CRM connectors may add further personal data flows.
Russia is not covered by an EU adequacy decision and, since February 2022, EU regulators flag it as a high risk destination. Standard Contractual Clauses must be accompanied by strong supplementary measures (encryption at rest with merchant held keys, pseudonymisation, organisational safeguards) or the EU operator should consider not transferring at all.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Non essential cookies, integrated analytics and messengers must be blocked until consent. For the international transfer, many EU authorities recommend an explicit notice and, in many cases, the consent derogation of Article 49(1)(a) GDPR (with all the conditions it implies: occasional, informed and explicit).
All personal data on a Creatium hosted site sits in Russia. EU customer obligations include a Transfer Impact Assessment, an evaluation of supplementary measures, a clear data subject notice and, often, an evaluation of EU alternatives. If sensitive categories or large volumes are involved, an EU based builder should be preferred.
Document the Russia transfer in your ROPA, sign the Creatium DPA (verify the SCCs version), implement encryption and access controls, run a DPIA, inform visitors clearly about hosting in Russia, gate analytics and messengers behind consent, restrict admin access, set short retention and seriously evaluate EU alternatives for any sensitive use case.
Websites using Creatium must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended because Creatium hosts sites in Russia, a third country with significant data protection risks since February 2022. The DPIA must cover the international transfer, fallback hosting, supplementary measures, integrated analytics, retention and the rights of EU data subjects.
Sample consent text
With your consent we use Creatium (Russia) to host this website and capture aggregated traffic data via its integrated analytics. Hosting in Russia involves a transfer outside the European Economic Area without an adequacy decision; we have implemented supplementary safeguards and you can object at any time.
Third-party domains contacted
creatium.iocreatium.rucdn.creatium.iomc.yandex.rumc.yandex.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| creatium_session | http | Session | Strictly necessary session cookie that keeps the site editor / visitor signed in. |
| creatium_csrf | http | Session | CSRF protection token used by the Creatium dashboard and forms. |
| creatium_locale | http | 1 year | Stores the language and country preference. |
| _ym_uid | http | 1 year | Yandex Metrica cookie used by the integrated analytics module to identify returning visitors; requires consent. |
| _ym_d | http | 1 year | Yandex Metrica cookie storing the date of the first visit; requires consent. |
Creatium collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Creatium sets strictly necessary cookies (creatium_session, creatium_csrf, creatium_locale) and, through its integrated Yandex Metrica analytics, cookies such as _ym_uid and _ym_d that require user consent.
Yes for the analytics and any optional messenger or chat integration. The transactional shop or login flows can rely on contract performance. For the underlying transfer to Russia, an explicit notice and often the consent derogation of Article 49(1)(a) GDPR are advisable.
Article 6(1)(b) GDPR (contract) for site editor and account, 6(1)(f) (legitimate interest) for security and platform stability, 6(1)(a) (consent) for the analytics and marketing integrations. Article 49(1)(a) or 49(1)(b) can act as derogation for the international transfer.
Yes. Creatium hosts in Russia, a third country without adequacy and currently considered high risk. Standard Contractual Clauses must be paired with strong supplementary measures and a Transfer Impact Assessment.
Yes, in practice. The combination of behavioural analytics, hosting in Russia and potential lack of effective enforcement makes a DPIA strongly advisable for any EU controller.
Sign the DPA, configure encryption and access controls, gate analytics and messengers behind consent, inform users that hosting is in Russia, document the SCC and TIA, run a DPIA, set short retention and review the integration regularly.
EU based website builders include Webflow (with EU hosting plans), Squarespace EU, Wix, Strikingly, Tilda (Latvia EU operations), Hostinger Builder, Carrd and Framer. EU based hosting is preferable when handling EU customer data.
List Creatium as a processor under hosting and analytics, declare the Yandex Metrica cookies, mention the transfer to Russia, link to the Creatium privacy policy, document the supplementary measures and refresh the policy whenever you enable a new integration.