Free Consultation

USER RIGHTS POLICY (GDPR / CCPA / GLOBAL DATA SUBJECT RIGHTS POLICY)

This User Rights Policy (“Policy”) explains how Creed Financial Crimes Compliance Firm, LLC (“Creed”, “we”, “us”, or “our”) protects and upholds your legal rights as a data subject. It also outlines your ability to access, correct, restrict, delete, and control the use of your personal data, pursuant to global privacy frameworks including:

  • General Data Protection Regulation (GDPR) – for users located in the European Union and European Economic Area
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) – for users residing in California
  • Maryland Personal Information Protection Act (PIPA) – for users in the state of Maryland
  • Applicable international standards, including Canadian PIPEDA, UK GDPR, and other national data protection laws

1. Scope of this Policy

This policy applies to all:

  • Visitors to our website (https://creedfinancialcrimescompliancefirm.com),
  • Prospective or current clients who engage with us directly,
  • Individuals whose personal data may be collected through forms, cookies, email correspondence, analytics tools, or third-party referrals.

2. Personal Data We Collect

We may collect, use, and store the following categories of personal data:

  • Contact Information: Name, phone number, email, organization
  • Professional Details: Job title, company name, areas of responsibility
  • Website Activity: IP address, browser type, device information, pages visited, referral sources
  • Client Engagement Data: Inquiry history, signed contracts, invoices, consultation summaries
  • Compliance Submissions: If applicable—IDs, KYC documentation, declarations, or uploaded files

All personal data is processed in accordance with our [Privacy Policy] and applicable data protection laws.

3. Your Legal Rights as a Data Subject

Depending on your jurisdiction, you may exercise the following rights:

3.1. Right to Access (GDPR Article 15, CCPA §1798.100)

You have the right to request a copy of the personal data we hold about you and understand:

  • Why we process your data,
  • Categories of personal data collected,
  • Third parties to whom your data may be disclosed,
  • Data retention periods,
  • Source of data (if not provided by you directly).

3.2. Right to Rectification / Correction (GDPR Article 16, CCPA §1798.106)

If your data is inaccurate or incomplete, you may request a correction or update to your information.

3.3. Right to Deletion / Erasure (“Right to Be Forgotten”) (GDPR Article 17, CCPA §1798.105)

You can request the deletion of your data under specific conditions, such as:

  • Data is no longer necessary,
  • Consent has been withdrawn,
  • Unlawful processing occurred.

Exceptions apply (e.g., data retained for regulatory or legal reasons).

3.4. Right to Restrict Processing (GDPR Article 18)

You may request that we suspend processing of your data if:

  • Its accuracy is contested,
  • The processing is unlawful, or
  • You object to processing pending verification.

3.5. Right to Object to Processing (GDPR Article 21, CCPA §1798.120)

You may object to processing based on legitimate interests, including profiling or direct marketing activities.

3.6. Right to Data Portability (GDPR Article 20)

You may request a copy of your data in a structured, commonly used, machine-readable format for transfer to another service provider.

3.7. Right to Withdraw Consent (GDPR Article 7)

If your data processing is based on consent, you can withdraw that consent at any time without affecting prior lawful processing.

3.8. Right to Opt-Out of Sale or Sharing of Personal Information (CCPA §1798.120)

For California residents: You have the right to instruct us not to sell or share your personal data with third parties.

Note: Creed does not sell personal data and does not use cross-context behavioral advertising.

3.9. Right to Limit Use of Sensitive Personal Information (CCPA §1798.121)

You may request that sensitive personal information (e.g., government IDs, financial account data) not be used beyond what’s necessary to provide requested services.

4. How to Exercise Your Rights

To submit a request related to any of the above rights, you may contact our Data Protection Officer (DPO) or Compliance Team at:

Email: info@creedfinancialcrimescompliancefirm.com
Subject Line: Data Rights Request – [Insert Right Requested]
Mailing Address: 13901 Carlene Drive Upper Marlboro, MD 20772

Please include:

  • Your full name and contact information,
  • Nature of the request (e.g., access, deletion),
  • Proof of identity (we may require additional verification to prevent fraud),
  • Relationship to Creed (e.g., website user, client, contractor)

We will respond within 30 calendar days (or within the statutory timeline applicable in your jurisdiction). If additional time is required, we will notify you within that period.

5. Verification and Identity Confirmation

To protect personal data from unauthorized access, we must verify your identity before fulfilling a request. Depending on the nature of your relationship with Creed and the sensitivity of the requested information, we may request:

  • Valid government-issued ID,
  • Recent utility bill or business verification (if applicable),
  • Confirmation via the email address on record.

6. Appeal Process (For U.S. State Residents)

If your request is denied or partially fulfilled, and you reside in a jurisdiction that grants an appeal right (e.g., Virginia, Colorado), you may file an appeal with our Privacy Office within 60 days of the decision.

Appeals can be submitted to:
Email: info@creedfinancialcrimescompliancefirm.com
Subject Line: Appeal – Data Rights Denial

We will respond to your appeal in writing within 45 days, as required by law.

7. Children’s Data

Creed does not knowingly collect or process personal data of individuals under the age of 16 without verified parental or guardian consent. If you believe a child’s data has been submitted to us without consent, please contact us immediately.

8. Non-Discrimination Statement (CCPA §1798.125)

Creed does not discriminate against any user for exercising their data rights. We will not:

  • Deny access to services,
  • Charge different rates or impose penalties,
  • Provide lower quality services as a result of a data rights request.

9. Policy Updates

This User Rights Policy may be updated as privacy laws evolve or as our data practices change. We encourage you to review this Policy periodically.

Effective Date: 6/23/2025
Last Reviewed: 6/23/2025

10. Regulatory Contacts and Complaints

If you believe your data rights have been violated, you may file a complaint with the applicable regulatory authority:

United States (Federal Trade Commission):

https://www.ftccomplaintassistant.gov

Maryland Attorney General – Consumer Protection Division:

https://www.marylandattorneygeneral.gov

European Union (for GDPR):

Your national data protection authority – https://edpb.europa.eu

Company

Our Services

Industries

  • Law Firms (Litigation & Corporate)
  • Financial Institutions
  • Healthcare & Life Science
  • Technology & Telecom
  • Government & Public Sector

Contact Us

Connect With Us

Facebook Instagram Linkedin
© 2025 Consulting Firm. All rights reserved.
  • Privacy Policy
  • Terms & Conditions
  • Cookie Policy

Company

Our Services

Policy

Industries

  • Law Firms (Litigation & Corporate)
  • Financial Institutions
  • Healthcare & Life Science
  • Technology & Telecom
  • Government & Public Sector

Contact Us

Connect With Us

Facebook Instagram Linkedin
© 2025 Consulting Firm. All rights reserved.
  • Privacy Policy
  • Terms & Conditions
  • Cookie Policy
Scroll to Top