Privacy Policy
This Policy is effective as of August 1, 2019.
CREO cares about your privacy and the protection of your Personal Data. For this reason, CREO only Processes your Personal Data, as needed, to conduct legitimate business related to our products and services. Our Privacy Notice is intended to describe the Personal Data you provide us, how we Process and protect that information, and your rights with respect to your Personal Data. By using our websites or other CREO services, you agree to the practices described in this Privacy Notice. We reserve the right to amend this Privacy Notice periodically by posting an updated version to our website. At the top of this Privacy Notice, we will indicate a Policy Effective Date which corresponds to the date on which this Privacy Notice was last updated and posted to our website. An update will apply to any website use after the Effective Date. We encourage you to revisit this Privacy Notice from time to time for possible changes. Your use of our websites or services after an update constitutes your agreement to the update. In this Privacy Notice, the words “CREO,” “we,” “us,” and “our” refer to CREO and, as applicable, our affiliates and subsidiaries.
If at any time you have questions about our practices or any of your rights described below, you may reach us at privacy@creoconsulting.com. This inbox is actively monitored and managed by CREO staff trained in our policies as well as the Processing and handling of Personal Data. You may also call our Privacy Officer at 1-919-589-1212.
Information You Provide Us
We receive Personal Data from website visitors (“Data Subjects” or “you”) who submit Personal Data directly, such as when inquiring about our products or services; accessing our proprietary content; responding to a promotional offer, questionnaire, or survey; registering to use website features; registering for webinars and other events; or subscribing to a newsletter. That information typically includes name, title, address, telephone number, and e-mail address. In the event that Sensitive Personal Data is required, for example, in the case of job applicants, advanced consent will be obtained.
CREO may also record non-personal information about how Data Subjects access the website. This information may include information about the Data Subject’s device (i.e., the internet protocol (IP) address or the domain name server (DNS) associated with it), the websites the Data Subject visited immediately prior to and upon exiting CREO’s website, and the browser software the Data Subject is using to access CREO’s website. This information is used to administer CREO’s systems and website and to make improvements to and protect CREO’s website.
CREO may use cookies and other technologies on our website to enhance or improve the Data Subject’s experience, including customization of content. A cookie is usually text data that a website transfers to a Data Subject’s browser from a web server that is stored on the Data Subject’s device. Cookies are used to help CREO provide Data Subjects with information targeted to Data Subjects’ interests based upon prior browsing on CREO’s website. We may compile aggregate data about website traffic and website interactions in order to offer better website experiences and tools in the future. We may also use Processors to track this information on our behalf.
How We Use It
CREO believes in and supports Personal Data minimization. We limit Processing solely to those activities for which express Data Subject permission was given. CREO uses the Personal Data you provide as necessary to deliver our products or services, respond to requests, deliver personalized content and product offerings, or as required for legal compliance or other lawful purposes. CREO uses your Personal Data to communicate with you via e-mail, telephone, or text messages and may send marketing materials if you choose to opt-in to marketing campaigns from which you may also opt-out at any time. CREO takes commercially reasonable steps to ensure that Personal Data is reliable for its intended use and is accurate, complete, and current.
For your convenience, CREO’s website may contain links to other sites that operate independently of CREO and are not under CREO’s control. CREO is not responsible for the content, security, or privacy practices employed by other websites. Once you are on other websites, your information is subject to their privacy policies and not CREO’s. Therefore, once you navigate away from CREO’s website, we recommend that you review those websites’ privacy policies for information on how those other organizations may collect and Process your personal information and to learn more about your associated rights.
Information We Share
CREO may share information we collect from Data Subjects with Processors who help us perform services such as managing communications and administering our website. We permit our Processors to access Personal Data as needed to deliver services or comply with applicable laws and regulations. CREO enters into contracts with Processors prior to sharing Personal Data to obtain assurances that the Processors will safeguard Personal Data consistent with CREO obligations. In limited cases, we may share information with other parties if appropriate to respond to your request or inquiry. We will share Personal Data in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy. We also may share Personal Data if we have a good faith belief that doing so is necessary to comply with the law, respond to a legitimate request from law enforcement or other government body, to protect our interests or the health and safety of others, or to enforce our terms of use for CREO’s website, as applicable.
Our Use of Google
Google’s advertising requirements are summed up by Google’s Advertising Principles, which are put in place to provide a positive experience for users (see https://support.google.com/adwordspolicy/answer/1316548?hl=en).
CREO has not enabled Google AdSense on our website but we reserve the right to do so in the future.
We use Google Analytics to measure and evaluate access to and traffic on the public area of CREO’s website and create user navigation reports for CREO’s website administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. For more information, see Google Analytics Privacy and Data Sharing.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need-to-know basis to resolve technical issues, administer our website, and identify visitor preferences. In this case, the data will be in deidentified form. We do not use any of this information to identify visitors or users. It is within your rights to opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.
Your Choices, Access, Correction and Deletion
Our Processing of your Personal Data is usually based upon your consent, contract performance, our legitimate business interest, or compliance with law. You have the right to object to our processing of your Personal Data or to restrict our Processing of your Personal Data. In addition, if you have consented to the Processing of your Personal Data, you have the right to withdraw your consent at any time.
You may visit and browse CREO’s website without providing any Personal Data, and you can always choose not to provide CREO with the Personal Data we request. However, choosing not to provide us with certain information that we request may prevent you from accessing or using certain portions of CREO’s website.
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the services. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete any information about you that we have obtained from an integrated service, you may contact us by emailing us at privacy@creoconsulting.com or calling our Privacy Officer at 1-919-589-1212. If requests are unfounded, repetitive, or excessive, reasonable fees may apply. At your request, we will have any reference to you deleted or blocked in our database.
If you would like to manage cookies used by our website, the “help” section of the toolbar on most browsers will inform you of how to prevent your browser from accepting new cookies, how to have the browser notify you upon the receipt of a new cookie, or how to disable the use of cookies completely. However, if you configure your browser to decline cookies, certain features of CREO’s website may not function correctly, and you may be required to re-enter any user IDs and passwords more frequently. Some browsers incorporate a “Do Not Track” feature that, when turned on, signals to websites and online services that you do not want to be tracked. We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
CREO does permit third party behavioral tracking.
Security, Storage, and Retention
CREO takes commercially reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved and the nature of the Personal Data.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit as safe as possible.
Your Personal Data is contained behind secured networks located in the United States and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your Personal Data. Notwithstanding the security measures we have implemented, transmission of data over the Internet and electronic storage are never 100% secure. As such, CREO cannot and does not warrant the security of your Personal Data.
All transactions are processed through a gateway provider and are not stored or Processed on our servers.
E.U. GDPR (2016/679/EU) Compliance
For European Union (“EU”) clients, CREO complies with the EU General Data Protection Regulation (“GDPR”) as set forth by the EU regarding the collection, use, and retention of Personal Data from the EU member countries and Switzerland. CREO is considered a data Controller under the GDPR.
For individuals considered a Data Subject under the GDPR, you have the following rights:
- You have the right to withdraw consent to the Processing of your Personal Data at any time.
- You have the right to object to the Processing of your Personal Data if the processing is carried out on a legal basis other than consent.
- You have the right to learn if your Personal Data is being Processed by CREO, obtain disclosure regarding certain aspects of the Processing, and obtain a copy of the Personal Data undergoing Processing. We reserve the right to charge you a small but reasonable fee for this service, especially if requests are unfounded, repetitive, or excessive.
- You have the right to verify the accuracy of Your Personal Data and ask for it to be updated or corrected.
- You have the right, under certain circumstances, to restrict the Processing of your Personal Data. In this case, CREO will not Process your Personal Data for any purpose other than storing it.
- You have the right, under certain circumstances, to obtain the erasure of your Personal Data from CREO.
- You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another Controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on your consent, a contract of which you are a part, or pre-contractual obligations thereof.
- You have the right to bring a claim before your competent data protection authority (DPA).
Recourse, Enforcement, and Liability
CREO commits to prompt resolution of complaints about our collection or use of your Personal Data. CREO will respond to issues and complaints within 30 days of receipt. CREO encourages interested persons to raise any concerns about the collection, use, or Processing of Personal Data using the contact information provided herein. In the event of a privacy-related issue or complaint, CREO will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Fair Information Practice Principles.
To contact CREO for privacy-related issues, please use one of the contact methods below:
- Email CREO at privacy@creoconsulting.com
- Call CREO’s Privacy Officer at +1-919-589-1212
California Online Privacy Protection Act
The California Online Privacy Protection Act (“CalOPPA”) is the first state law in the nation to require commercial websites and online services to post a privacy policy (see http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf).
With respect to California residents and CalOPPA:
- Data Subjects can visit CREO’s Site anonymously.
- We link to this Privacy Notice from our home page.
- Our Privacy Policy link includes the word “Privacy,” and is easily found.
- Data Subjects are notified of Privacy Notice changes on this page by reference to Effective Date at the beginning.
- Data Subjects are able to change or access their Personal Data by emailing us or calling us, at no charge.
In addition, consistent with the State of California recommendation, this Privacy Notice addresses the scope of the policy, data collection elements, do not track settings, data use and sharing with third parties, individual choice and access, security safeguards, the effective date, and accountability in compliance with CalOPPA requirements.
Under California’s “Shine the Light” law, California residents who provide personal information (as defined in CA Civil Code § 1798.83) to CREO to obtain products or services for personal, family, or household use are entitled to annually request and obtain information about their personal information we shared with other businesses for marketing purposes.
Children’s Privacy
CREO’s website is not intended for children under 16 years old. As such, we do not knowingly Process Personal Data from anyone under 16 years of age and anyone under 16 years of age should not submit any Personal Data to CREO.
Controlling the Assault of Non-Soliciated Pornography and Marketing Act of 2003
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) Act of 2003 is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- Send you additional information related to your product and/or service.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
In accordance with CAN-SPAM, we:
- Do not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or Site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you may follow the instructions at the bottom of each email or those contained in this Privacy Notice.
Canadian Anti-Spam Legislation
CREO operates compliantly with Canadian Anti-Spam Legislation (“CASL”). In accordance with such, we do not send anyone with a Canadian email address unauthorized Commercial Electronic Messages (“CEM”) unless they have opted-in to receive CEM. CEM is defined as, “any electronic message that encourages participation in a commercial activity.” CREO also understands that an electronic message sent to request consent is considered CEM under CASL and does not engage in this activity. Data Subjects who have opted in have the right to unsubscribe at any time.
Definitions
For the purposes of the Privacy Notice, the following definitions shall apply:
“Processor” means any third party Processing Personal Data on behalf of, and under the instruction of, the Controller.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Subject” (see Personal Data).
“European Union” or “EU”, for the purposes of this Policy, means all countries within the European Economic Area (EEA).
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) received by CREO and recorded in any form; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data does not include information that has been deidentified or that is publicly available, or that has not been combined with non-public Personal Data.
“Process,” “Processes,” “Processing,” or “Processed” means any operation or set of operations that is performed upon Personal Data, whether by automated means or not, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.
“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life. In addition, CREO will treat as sensitive any Personal Data received from a third party where that third party treats and identifies the information as sensitive via a Controller or Processor contract with CREO.