Free Consultation

CREED FINANCIAL CRIMES COMPLIANCE FIRM COMPREHENSIVE COOKIE & TRACKING TECHNOLOGIES POLICY

Effective Date: 6/23/2025

1 | INTRODUCTION

Creed Financial Crimes Compliance Firm (“Creed,” “we,” “our,” or “us”) uses first-party and third-party cookies, pixel tags, software development kits (SDKs), local-storage objects, and similar technologies (collectively, “Cookies”) across creedfinancialcrimescompliancefirm.com, including all sub-domains, portals, e-learning systems, and email communications (the “Sites”). This Policy provides a detailed, technology-neutral explanation of what Cookies are, how we deploy them, why we do so, the legal bases that permit their use, and how you can manage or withdraw consent in accordance with:

  • EU & UK GDPR (incl. ePrivacy Directive / PECR)
  • Swiss nFADP
  • U.S. state laws (CPRA, VCDPA, CPA, CTDPA, UCPA, FDBR, TIPPA, TDPSA)
  • Canada PIPEDA & provincial statutes
  • Brazil LGPD
  • Australia Privacy Act & ACCC guides
  • Singapore PDPA
  • Any other applicable rules, industry codes, or regulatory guidance

2 | WHAT ARE COOKIES & SIMILAR TECHNOLOGIES?

3 | LEGAL GROUNDS FOR DEPLOYING COOKIES

4 | HOW WE CLASSIFY COOKIES

1. Strictly Necessary – Enable core features (e.g., session management, load balancing, CAPTCHA security).
2. Preferences (Functionality) – Remember choices (language, region, font size).
3. Performance & Analytics – Measure site usage to improve design (Google Analytics 4 with IP anonymization; HubSpot analytics).
4. Marketing & Targeting – Deliver interest-based ads, retargeting, social-media insights (LinkedIn Insight Tag, Meta Pixel).
5. Security & Fraud Prevention – Detect malicious behavior, enforce rate limiting (Cloudflare __cf_bm, Imperva ___utmvc).
6. Compliance & Consent Management – Record Cookie-banner choices (OneTrustOptanonConsent, internal cookie “cccf_privacy_pref”).
7. Experimental / A-B Testing – Optimize user experience (Google Optimize _gaexp).

5 | DETAILED COOKIE TABLE

1. Below is a non-exhaustive list of Cookies that may be set on our Sites. Exact inventory can fluctuate as we iterate services, add partners, or conduct seasonal campaigns. Current and historical logs are maintained for supervisory-authority inspection.
A full live inventory with hashing details and source code snippets is available upon written request to privacy@creedfinancialcrimesfirm.com.

6 | CONSENT MANAGEMENT & WITHDRAWAL

1. Banner Display – First visit triggers a banner compliant with IAB Europe TCF v2.2, CNIL “prior consent” guidelines, and UK ICO “granular opt-in” principles.
2. Granular ControlsUsers can Accept All, Reject All, or Customize per category. The banner records consent string inside cccf_privacy_pref.
3. Global Privacy Control (“GPC”) & Do-Not-Track – Creed automatically interprets browser GPC signals as an opt-out of Marketing & Targeting Cookies for U.S. users where legally required (CPRA § 1798.135).
4. Withdrawal – You may revisit the preferences center (link in footer), clear cookies via browser, or email privacy@creedfinancialcrimesfirm.com. Withdrawal does not affect processing prior to revocation.
5. Proof of Consent – Creed logs hashed IP, user agent, consent string, and timestamp on AWS KMS-encrypted servers for six (6) years per ICO guidance.

7 | BROWSER & DEVICE-LEVEL MANAGEMENT

Users can also install browser-extensions (uBlock Origin, Ghostery) or the Google Analytics opt-out add-on to further restrict tracking.

8 | EMAIL TRACKING PIXELS

Creed embeds a tracking pixel in certain HTML emails to understand open rates and optimize content. The pixel records:
  • Email address hash
  • Timestamp
  • IP address & geolocation (approximate)
  • Device type & client (Outlook, Gmail, iOS Mail)
If you prefer not to be tracked, please disable automatic image loading in your email client or unsubscribe via the link in each communication.

9 | CROSS-BORDER DATA TRANSFERS RELATED TO COOKIES

Third-party providers (Google, Meta, LinkedIn, HubSpot) may process Cookie-generated data on servers in the United States, EEA, UK, Canada, Singapore, or other jurisdictions. Where required, Creed relies on:
  • Standard Contractual Clauses (SCCs) (2021/914/EU) + UK Addendum
  • EU-U.S. / Swiss-U.S. Data Privacy Framework certifications (where provider self-certified)
  • Risk assessments&supplementary encryption measures

10 | RETENTION OF COOKIE-DERIVED DATA

  • Cookie lifetime (see table) defines how long the identifier remains on your device.
  • Server-side logs created by Cookies (IP, event metadata) are retained for 26 months for analytics; security logs for up to 5 years; marketing segmentation data for 13 months (CNIL standard). Aggregated, non-identifiable reports may be stored indefinitely.

11 | THIRD-PARTY RESPONSIBILITY & JOINT CONTROLLERSHIP

For certain marketing Cookies (LinkedIn Insight, Meta Pixel), Creed and the provider act as Joint Controllers for initial collection. Data is subsequently processed under each party’s independent privacy statement. You may exercise rights directly with Creed or the provider.

12 | NON-COOKIE TECHNOLOGIES & FUTURE TRACKING

  • Server-Side Tagging (SST) – We route some GA4 hits via our own subdomain to minimize client-side identifiers.
  • Privacy-Preserving Attribution – Creed is testing Google / IAB proposed APIs (Topics, Attribution Reporting) that reduce reliance on third-party cookies.
  • Device Fingerprinting – Strictly limited to fraud-prevention scenarios; not used for marketing without consent.
  • AI-Based Behavioral Analytics – Utilized only on anonymized or aggregated datasets.

13 | U.S. STATE “SALE” / “SHARE” DISCLOSURES

Under CPRA § 1798.140(ad) and similar statutes, cross-context behavioral advertising may constitute a “sale” or “share.” Creed:
  • Shares: Yes, for Marketing Cookies listed in Section 5.
  • Sells for monetary consideration: No.
  • Opt-Out Methods: Footer link “Do Not Sell or Share My Personal Information,” GPC signals, or banner settings.
  • Sensitive Personal Information: Creed does not process SPI via Cookies for advertising.

14 | UPDATES TO THIS COOKIE POLICY

We audit our Cookie inventory at least quarterly and whenever we launch significant new functions. Material changes trigger:
1. Updated “Effective Date” at top;
2. Banner re-display for fresh consent where required;
3. Archive of previous versions for accountability (available upon request).

15 | CONTACT & QUESTIONS

Data Protection Officer (DPO)
Creed Financial Crimes Compliance Firm
Email: info@creedfinancialcrimescompliancefirm.com
If you have concerns about our Cookie practices, you may also lodge a complaint with:
  • UK ICO (for UK users)
  • EU Supervisory Authority in your member state
  • U.S. State Attorney General (for CPRA or state-law issues)
  • Office of the Privacy Commissioner of Canada (PIPEDA)
  • ANPD (Brazil)
  • OAIC (Australia)
© 2026 Creed Financial Crimes Compliance Firm. All rights reserved.
Scroll to Top