| Effective date | June 17, 2026 |
| Owner | Security Owner / Compliance Owner |
| Applies to | Public website, product surfaces, and related tracking technologies operated by The Computer Work Company, Inc. |
| Related policy | Privacy Notice: https://thecomputerworkcompany.com/privacy |
| Support contact | support@thecomputerworkcompany.com |
1. Purpose
1.1 This Cookie Policy and Consent Management Notice describes how The Computer Work Company, Inc. uses cookies, local storage, pixels, software development kits, session replay, analytics tools, and similar technologies (collectively, "Tracking Technologies") on its public website and product surfaces.
1.2 This Notice is intended to align cookie and tracking practices with the Company Privacy Notice, applicable privacy law, customer commitments, vendor requirements, and Vanta/SOC 2 evidence expectations.
2. Scope
2.1 This Notice applies to public website pages, account and product pages, documentation pages, and other Company-operated surfaces where Tracking Technologies may be used.
2.2 This Notice does not replace the Company Privacy Notice. If this Notice and the Privacy Notice conflict, the Privacy Notice controls unless the Company approves a more specific cookie or consent disclosure.
3. Tracking Technology Categories
3.1 Strictly necessary technologies are used to provide the website or product, maintain security, remember essential settings, route traffic, prevent abuse, authenticate users, or preserve session integrity. These technologies may be used without opt-in consent where permitted by applicable law.
3.2 Analytics and performance technologies may help the Company understand usage, diagnose errors, measure reliability, evaluate product performance, and improve user-facing services. These technologies must be disclosed and controlled through consent or preference mechanisms where required by applicable law.
3.3 Functional technologies may remember non-essential preferences or support optional product features. These technologies must be disclosed and controlled through consent or preference mechanisms where required by applicable law.
3.4 Marketing or advertising technologies may be used only if approved by the Company and disclosed through the Privacy Notice and any applicable cookie banner, preference center, or opt-out mechanism.
4. Consent and Preference Management
4.1 Where required by applicable law, the Company must present a cookie banner, modal, or equivalent notice before setting or reading non-essential Tracking Technologies.
4.2 The consent interface must provide users with clear information about Tracking Technology categories and must offer a way to accept, reject, or manage non-essential categories with equal or comparable visibility where required by applicable law.
4.3 The Company must provide a persistent method to revisit cookie preferences, such as a footer link, privacy choices link, account setting, or cookie settings control, where required by applicable law or Company policy.
4.4 The Company must not condition access to the public website or core service functionality on acceptance of non-essential Tracking Technologies unless approved by counsel and permitted by applicable law.
5. Consent Records and Evidence
5.1 The Company should maintain evidence of the consent-management implementation, including screenshots of the banner and preference center, configuration exports, vendor settings, implementation notes, and periodic review records.
5.2 For Vanta or auditor evidence, the Company should capture current screenshots showing the visible banner or preference center, the available user choices, and the date or context of the review.
5.3 If a consent manager is not yet implemented for an applicable surface, the Company should track the gap as a remediation item and avoid representing current-state screenshots as passing consent-manager evidence.
6. Vendors and Configuration
6.1 Approved Tracking Technologies may include infrastructure, security, analytics, telemetry, diagnostic, and session-recording providers listed in the Company vendor register, subprocessor materials, or privacy documentation.
6.2 Vendor configuration must be reviewed before implementation to confirm appropriate data categories, retention settings, masking/redaction settings, consent mode or consent gating, and transfer/subprocessor disclosures.
6.3 Analytics or replay tools must be configured to avoid collecting sensitive content, credentials, payment data, regulated data, or unnecessary personal data, except where expressly approved and legally permitted.
7. User Rights and Choices
7.1 Users may exercise privacy rights and submit privacy or cookie-related requests through the methods identified in the Privacy Notice or by contacting support@thecomputerworkcompany.com.
7.2 The Company must route cookie, tracking, or privacy-choice requests to the responsible privacy, security, compliance, or support owner for timely review and response.
8. Review and Change Management
8.1 The Company must review this Notice and related implementation evidence at least annually or when material changes occur to the website, product, Tracking Technologies, vendors, privacy law, or Company privacy commitments.
8.2 Material changes to Tracking Technologies, consent flows, or public disclosures should be reviewed through the Company change-management, privacy, vendor, or compliance process before production release where practicable.
9. Approval
9.1 This Notice is approved as the Company cookie and consent-management policy baseline as of June 17, 2026.
9.2 Approval evidence may be maintained through written approval, electronic approval, policy register entry, Vanta policy approval record, or other compliance evidence repository.
| Approved by | The Computer Work Company, Inc., acting through its authorized policy owner |
| Approval date | June 17, 2026 |
| Approval evidence | Written or electronic approval record maintained in the compliance evidence repository. |