1. Purpose and Scope
CreationUnited Co. ("CreationUnited", "we", "our", or "us") is committed to protecting personal information and respecting the privacy rights of individuals who interact with our websites, applications, platforms, services, research initiatives, publications, communications, and related digital properties.
This Data Protection & GDPR Policy explains how CreationUnited approaches privacy rights, data protection principles, international data transfers, and individual rights under applicable privacy laws.
This policy should be read together with our:
- Privacy Policy
- Cookie Policy
- Terms of Use
- Other applicable legal notices and policies
This document applies to all services, websites, applications, platforms, publications, research initiatives, hosted systems, communications platforms, and future services operated under the CreationUnited brand.
This policy applies to all Services as defined in our Terms of Use.
References to "CreationUnited," "CreationUnited Co.," "we," "our," or "us" may include affiliated entities, subsidiaries, contractors, representatives, future legal entities, and authorized operators acting on behalf of CreationUnited where applicable.
2. Our Approach to Data Protection
CreationUnited believes that privacy is an important component of trust.
We seek to design, operate, and maintain our services in a manner that respects the rights of individuals while balancing legitimate operational, contractual, security, legal, research, and business requirements.
Our privacy and data protection practices are informed by principles commonly reflected in:
- General Data Protection Regulation (GDPR)
- UK GDPR
- India's Digital Personal Data Protection Act (DPDP Act)
- Applicable privacy legislation in jurisdictions where we operate
- Recognized privacy and information security best practices
Nothing in this policy shall be interpreted as a representation that CreationUnited holds any certification, accreditation, regulatory approval, or formal compliance designation unless expressly stated.
3. Data Protection Principles
Where applicable, CreationUnited seeks to process personal information in accordance with the following principles:
Lawfulness, Fairness, and Transparency
We seek to process personal information lawfully, fairly, and transparently.
Purpose Limitation
Information is collected and used only for legitimate operational, contractual, research, legal, security, communication, and business purposes.
Data Minimization
We seek to limit the collection of information to what is reasonably necessary for the relevant purpose.
Accuracy
We take reasonable measures to maintain accurate and current information where practical.
Storage Limitation
Information is retained only for as long as reasonably necessary based on legal, operational, contractual, security, research, and business requirements.
Security and Integrity
We implement technical, administrative, and organizational safeguards intended to protect information against unauthorized access, disclosure, misuse, alteration, or destruction.
Accountability
We continually review and improve privacy, security, governance, and operational practices.
4. Lawful Bases for Processing
Depending on the nature of the Service and applicable law, CreationUnited may process information on one or more of the following legal grounds:
Consent
Where consent has been provided for a specific purpose.
Contractual Necessity
Where processing is required to provide a requested service, fulfill a contract, manage an account, process a subscription, or perform related obligations.
Legitimate Interests
Where processing supports legitimate operational, security, research, communication, product improvement, administrative, or business interests.
Legal Obligations
Where processing is necessary to comply with applicable laws, regulations, court orders, governmental requests, or legal obligations.
Protection of Rights and Safety
Where processing is necessary to protect individuals, systems, infrastructure, services, or the rights and interests of CreationUnited and others.
5. International Transfers of Information
CreationUnited operates internationally and utilizes infrastructure, systems, service providers, contractors, partners, and affiliated entities located in multiple jurisdictions.
As a result, personal information may be:
- Processed internationally
- Accessed internationally
- Stored internationally
- Backed up internationally
- Transferred internationally
Information may be processed in countries that have privacy laws different from those in your jurisdiction.
Where appropriate and required by applicable law, CreationUnited seeks to implement reasonable safeguards intended to protect personal information during international transfers.
6. Privacy and Data Subject Rights
Depending on your location and applicable law, you may have rights relating to your personal information.
These rights may include:
- Access rights
- Correction rights
- Deletion rights
- Restriction rights
- Portability rights
- Objection rights
- Consent withdrawal rights
- Complaint rights
Certain rights may be limited by applicable law, contractual obligations, security requirements, legal obligations, fraud prevention measures, intellectual property considerations, or other legitimate interests.
7. Right of Access
Individuals may request confirmation regarding whether CreationUnited processes personal information relating to them.
Where applicable and permitted by law, individuals may request access to information including:
- Categories of information processed
- Processing purposes
- Information sources
- Recipient categories
- Retention considerations
- Applicable rights
CreationUnited may limit or deny access where permitted or required by applicable law.
8. Right to Correction
Individuals may request correction of inaccurate, incomplete, outdated, or misleading information.
CreationUnited may require reasonable evidence supporting correction requests before making changes.
9. Right to Deletion
Individuals may request deletion of personal information where permitted by applicable law.
Deletion requests are subject to legitimate retention requirements, including but not limited to:
- Legal obligations
- Financial recordkeeping requirements
- Tax obligations
- Security investigations
- Fraud prevention
- Contractual obligations
- Dispute resolution
- Regulatory requirements
- Research preservation requirements
- Legitimate business purposes
Certain information may therefore be retained even after a deletion request has been submitted.
10. Right to Restrict Processing
Where permitted by applicable law, individuals may request that CreationUnited restrict certain processing activities.
Restriction requests may be evaluated based on:
- Applicable legal requirements
- Operational requirements
- Security considerations
- Contractual obligations
- Technical feasibility
Certain processing activities may continue where legally permitted or required.
11. Right to Data Portability
Where applicable, individuals may request a copy of certain personal information in a commonly used and technically feasible format.
Portability rights may be limited where:
- Information contains third-party rights
- Information is protected by law
- Information relates to security investigations
- Technical limitations exist
- Applicable law permits limitations
12. Right to Object
Individuals may have the right to object to certain forms of processing.
Objections may include:
- Marketing communications
- Certain legitimate-interest processing activities
- Certain research-related activities
- Certain profiling activities where applicable
CreationUnited will review requests and respond in accordance with applicable legal obligations.
13. Marketing Preferences
Individuals may opt out of marketing communications at any time.
Marketing communications may include:
- Newsletters
- Publications
- Product announcements
- Research updates
- Event information
- Promotional communications
Operational, security, transactional, legal, and account-related communications may continue where necessary.
14. Research, Academic, and Public Interest Activities
CreationUnited supports research, education, academic collaboration, public knowledge initiatives, accessibility efforts, and related activities.
Information associated with research activities may be:
- Aggregated
- Anonymized
- Pseudonymized
- Archived
- Retained
where legally permitted and appropriate for:
- Research purposes
- Educational purposes
- Statistical purposes
- Historical purposes
- Public-interest purposes
Additional notices, consent forms, agreements, ethics requirements, or participation terms may apply to specific research initiatives.
15. Special Categories of Information
Unless specifically requested and reasonably necessary for a legitimate purpose, individuals should avoid submitting sensitive personal information through our Services.
Examples may include:
- Health information
- Biometric information
- Government identification numbers
- Political opinions
- Religious beliefs
- Union membership information
- Criminal records
- Other sensitive information protected by law
Where sensitive information is submitted, CreationUnited may process such information only where legally permitted and reasonably necessary.
16. Identity Verification
To protect individuals and prevent unauthorized disclosures, CreationUnited may require reasonable identity verification before:
- Responding to requests
- Providing records
- Correcting information
- Processing deletion requests
- Exercising privacy rights
Requests may be delayed, limited, or denied where identity cannot be reasonably verified.
17. Data Retention Principles
Retention periods vary depending on:
- The nature of the information
- Applicable laws
- Operational requirements
- Security requirements
- Contractual obligations
- Research requirements
- Business needs
Information may be:
- Deleted
- Archived
- Aggregated
- Anonymized
- Pseudonymized
when no longer required for its original purpose.
CreationUnited does not guarantee fixed retention periods for every category of information.
18. Security Measures
CreationUnited maintains technical, administrative, and organizational safeguards designed to protect information against unauthorized access, disclosure, misuse, alteration, or destruction.
Security measures may include:
- Encryption in transit
- Access controls
- Authentication systems
- Security monitoring
- Infrastructure protections
- Backup procedures
- Vulnerability management
- Incident response procedures
No system can guarantee absolute security.
Users are responsible for maintaining appropriate security practices relating to their own accounts, devices, credentials, and communications.
19. Complaints and Supervisory Authorities
Individuals who believe their privacy rights have been violated may contact CreationUnited using the contact information provided in this policy.
Where applicable, individuals may also have the right to lodge complaints with relevant supervisory authorities, privacy regulators, data protection authorities, or similar governmental bodies in their jurisdiction.
Nothing in this policy limits rights available under applicable law.
20. Contact Information
For privacy, data protection, data subject rights, or related inquiries:
CreationUnited Co.
Privacy Officer: [email protected]
Data Protection Officer: [email protected]
CreationUnited may require reasonable verification before responding to certain requests.
Where GDPR or UK GDPR applies, CreationUnited aims to respond to valid requests within one month of receipt, subject to any lawful extension permitted for complex or numerous requests.
A Data Processing Agreement may be made available where required for controller-processor relationships.
21. Changes to This Policy
CreationUnited may modify, update, revise, replace, or supplement this policy from time to time.
Changes may occur due to:
- Legal developments
- Regulatory requirements
- Operational changes
- Service changes
- Security considerations
- Research activities
- Business developments
Updated versions become effective upon publication unless otherwise stated.
Continued use of the Services following publication constitutes acceptance of revised policies where permitted by applicable law.
By accessing or using CreationUnited Services, you acknowledge that you have read and understood this Data Protection & GDPR Policy and understand the rights and protections described herein.