Effective as of September 25, 2025
This Cookie Policy governs the placement, use, purpose, retention, and governance of cookies and equivalent tracking technologies deployed by Creo Networks Inc. (“Company”, “we”, “our”, or “us”) across all Company-controlled digital environments and partner integrations. This Policy is incorporated by reference into our Terms of Service and Privacy Policy and shall be interpreted in harmony with applicable data protection and consumer privacy laws, including, without limitation, the General Data Protection Regulation (GDPR), the ePrivacy Directive, and the California Consumer Privacy Act (CCPA/CPRA).
This Policy applies to all cookies and equivalent technologies set by the Company (first-party) and, where applicable, by authorized third parties (third-party) on Company websites, mobile and native applications, emails, and on partner properties where the Company’s technologies are deployed. It governs cookies, web beacons (tracking pixels), local and session storage, SDK identifiers, and equivalent client- or server-side mechanisms (collectively, “Cookies”).
“Cookies” — small data files or tokens placed on or read from a user’s device to store identifiers or state.
“Web Beacon” — a small transparent image, tracking pixel, or similar element that signals access or interaction to a remote server.
“Creo Analytics” — the Company’s proprietary analytics and marketing platform.
“Creo Pixel” — the Company’s proprietary Web Beacon and associated client/server code deployed as part of Creo Analytics to collect interaction, diagnostic and advertising-related information.
“System Cookies” — Cookies strictly necessary for the delivery, security and integrity of the Services.
“Analytics Cookies” — Cookies used to measure and analyze usage, performance, and product telemetry.
“Marketing Cookies” — Cookies used to enable advertising, audience segmentation, frequency management and campaign measurement.
Company’s use of Cookies is governed by the following principles: (a) legality and compliance with applicable law; (b) purpose limitation and data minimization; (c) transparency and user control; (d) security, access restriction and accountability; and (e) demonstrable consent where required.
System Cookies are indispensable to: authentication and session management; enforcement of account access controls; transaction integrity; security and fraud prevention; core rendering and accessibility features. The Company treats these Cookies as strictly necessary for the provision of services explicitly requested by the user; they are exempt from consent requirements to the extent permitted by applicable law. System Cookies may record minimal state and routing information and may persist for the duration of the active session, maintained until explicit user sign-out or account termination.
Analytics Cookies support measurement, product telemetry, usage diagnostics, A/B testing, funnel analysis, and system performance monitoring. Data elements typically collected via Analytics Cookies and Creo Pixel include: hashed or pseudonymous device identifiers, browser and OS characteristics, page and view URIs, timestamps, navigation paths, click and interaction events, aggregated session durations, referrer information and non-identifying diagnostic data. Analytics Cookies are deployed only with prior user consent where required by law. Aggregated and pseudonymized outputs derived from Analytics Cookies are used to optimize performance, inform product development, and support operational decision-making.
Marketing Cookies enable targeted communications and advertising within the Company’s ecosystem, measure campaign performance and attribution, perform audience segmentation, and support frequency capping and conversion measurement. Marketing Cookies may correlate interaction events with hashed identifiers, advertising campaign metadata, and device signals. Marketing Cookies are deployed only with explicit user consent where required. Marketing outputs are subject to strict access controls and used in accordance with the choices signalled by users.
Creo Analytics is delivered via client-side code (script tags, Web Beacons, SDKs) and optionally via server-side integrations. Creo Pixel is the Company’s Web Beacon and affiliated code that, when enabled, sets or reads Cookies and emits telemetry to the Company’s collection endpoints.
Depending on configuration and user actions, Creo Pixel may collect: device and browser metadata (user agent, language, screen dimensions), anonymized or pseudonymous identifiers (device IDs, hashed identifiers), IP address (for geolocation and security), page URLs and referrers, event and interaction payloads (clicks, views, conversions), campaign identifiers and ad metadata, and timestamped session context. Personally identifiable information (PII) is not collected through Creo Pixel unless a user is authenticated and explicitly associates PII with their account; if such association occurs, handling follows the Company’s Privacy Policy and applicable legal obligations.
Data collected via Creo Pixel is processed for analytics, performance optimization, fraud detection, and delivery and measurement of marketing within the Company’s ecosystem. Company applies pseudonymization, aggregation and minimization techniques; employs role-based access controls; transmits data over encrypted channels; and restricts persistence to the periods set forth in Section 7. Disclosure to processors or partners is limited to contractually authorized purposes and subject to data processing agreements and technical safeguards.
Third-party Cookies may be set by authorized partners that operate on or through the Services. Such third parties process data under their own governance and are subject to their own privacy and cookie policies. Where Company permits partner deployment of Creo Pixel or other Company technologies on partner properties, Company requires partners to (a) integrate Company consent signals; (b) honor user preferences before initializing non-essential processing; and (c) maintain contractual assurances of compliance, security and limited purpose processing.
At first interaction, Company presents a cookie consent interface that: identifies categories of Cookies; seeks affirmative, granular consent for Analytics and Marketing Cookies; offers clear acceptance and refusal options of equal prominence; and provides access to “Cookie Settings” for granular toggling.
Non-essential scripts, including Creo Pixel and other Analytics/Marketing functions, are not initialized or are executed in a constrained, non-identifying mode until valid consent is recorded. Where server-side or partner implementations are used, the Company and partners implement consent propagation mechanisms and consent-aware initialization flows to ensure compliance.
Company records and persists consent artefacts including user identifier (if any), consent timestamp, consent granularity (categories consented/denied), source site, consent interface version, and IP/timezone of consent. Consent records are retained for compliance and audit purposes for a period of up to thirty-six (36) months, unless a different period is required by law.
Users may withdraw or modify consent at any time via the “Cookie Settings” control or their account privacy settings. Withdrawal of consent will terminate future processing of non-essential Cookies; withdrawal does not retroactively invalidate processing conducted while consent was valid, though Company will cease subsequent processing and delete or restrict identifiers in accordance with user instructions and legal obligations.
System Cookies remain in place for the duration of the user session and are retained until the user explicitly signs out, closes the session, or terminates their account. Where persistent system tokens are required to maintain continuity of service for authenticated users, their use is strictly limited to authentication and security functions.
Persistent Analytics and Marketing Cookies are retained for a maximum period of twenty-four (24) months from placement, subject to periodic review and lawful justification. Aggregated, de-identified analytics outputs may be retained beyond this period where no personal data can be reconstructed and where retention serves legitimate analytic or archival purposes.
Operational logs, consent records and security event data are retained in accordance with Company data governance policies and applicable legal requirements; consent records are retained for up to thirty-six (36) months as stated in Section 7.3.
Subject to applicable law, users may exercise rights including: access, rectification, deletion (erasure), restriction, objection to processing, data portability, and withdrawal of consent. For California consumers, rights to opt-out of sale or sharing of personal information may be exercised via the Company’s designated opt-out mechanisms.
Users may exercise their rights by using the “Cookie Settings” control, account privacy settings, or by submitting a verified request via the Company’s designated privacy contact channels identified in Section 13. Company will respond to verified requests in accordance with applicable statutory timeframes.
Users may also manage Cookies using browser or device settings to block or delete Cookies. Company advises that disabling Cookies may degrade or prevent essential functionality of the Services.
Company implements administrative, technical, and organizational measures commensurate with the sensitivity of the processed data, including encryption in transit and at rest, strict access controls, security monitoring, regular vulnerability assessments, and privacy-by-design reviews and Data Protection Impact Assessments (DPIAs) where required.
Company does not knowingly target or collect personal information from children under applicable minimum ages without verifiable parental consent. If Company becomes aware that personal data of a child has been collected in violation of applicable law, Company will take steps to delete such data as required by law.
Where partners implement server-side collection or where Company’s server-to-server flows are used, partners must ensure consent is obtained and enforced consistent with this Policy. Server-side integrations must transmit consent assertions and respect user preferences prior to undertaking non-essential processing.
Blocking or deleting Cookies may limit the ability to authenticate, maintain preferences, analyze usage, and deliver relevant communications. Users who disable Analytics and Marketing Cookies will still retain access to System functionality but may receive less personalized experiences and, where applicable, less accurate measurement of advertising interactions.
Company requires all processors and partners that process data via Cookies or Creo Pixel to execute appropriate contractual safeguards, including data processing agreements that mandate security measures, purpose limitation, confidentiality and cooperation with Company’s compliance obligations.
Company may amend this Policy to reflect technological, operational, or regulatory changes. Material changes will be communicated through the Services or by other direct means where required. The Effective Date above indicates the date of the latest revision.
This Policy is administered in accordance with applicable laws. Where local law imposes additional or divergent obligations, those local requirements will prevail for users in the relevant jurisdiction to the extent required by law.
For enquiries, to exercise rights, or to lodge complaints concerning the Company’s Cookies practices, contact:
Legal Department,
Creo Networks Inc.
legal@creo-networks.com
If you remain unsatisfied after contacting Company, you may lodge a complaint with your local data protection authority or other competent regulator.