This Policy details our commitment to protecting the privacy of individuals who visit our Websites (defined below) (“Website Visitors”), who register to use the products and services which we market for subscription (available at www.cookieinformation.com (the “Service(s)”, or who attend or register to attend sponsored events or other events at which the Cookie Information Group participates (“Attendees”). For the purposes of this Policy, the term, “Websites”, shall refer collectively to www.cookieinformation.com as well as the other websites that the Cookie Information Group operates and that link to this Policy.
2. Scope Of This Policy
This Policy does not apply – Third party websites:
Our Websites may contain links to other websites. The information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
3. Information That You Provide To Us
Account and Registration Information data:
We ask for and may collect personal information about you such as your name, address, phone number, email address and credit card information, as well as certain related information like your company name and website names, when you register for an account to access or utilize one or more of our Services (an “Account”). We also ask for and collect personal information such as an email address and a name from any individual that you authorize to log into and utilize our Services in connection with Your Account.
If you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. A third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
We refer to any information described above as “Account Information” for the purposes of this Policy. By voluntarily providing us with Account Information, you represent that you are the owner of such personal information or otherwise have the requisite consent to provide it to us.
We ask for and may collect personal information such as your name, address, phone number and email address from you when you submit web forms on our Websites or as you use interactive features of the Websites, including but not limited to: Requesting customer support or otherwise communicating with us.
We ask for and may collect personal information such as your name, address, phone number and email address when you register for or attend a sponsored event or other events at which any member of the Cookie Information Group participates.
We collect what you enter directly in our Cookie Information Platform after you log in, such as. domain names on the websites where you implement the Service, as well as the configuration of content and appearance.
When you use our Services, we automatically collect information on the type of device you use, and operating system version.
We collect data generated by website visitors ("End Users") browsing your website(s) using the Service. When an End User sends consent from your websites, the following data is automatically logged to Cookie Information:
- Date and time of consent
- User Agent of the End User's Browser
- The URL from which the consent was sent
- A technically necessary anonymous, random and encrypted key value
- The end user's consent state, which serves as proof of consent
The key and consent mode are also stored in the End User's browser in the first-party cookie "CookieInformationConsent" so that the site can automatically read and respect End User's consent on all subsequent page queries and future End User Sessions for up to 12 months. The key is used as proof of consent and as an option to confirm that the consent mode saved in the End User's browser is unchanged from the original consent sent to Cookie Information.
Cross Domain Consent
If you enable the "Cross Domain Consent" feature to enable consent to across multiple domains using a single End User Statement, the Service also stores:
- One third party cookie named “CookieInformationConsent_encodedclientid” with the same content as the 1. Party cookie described "CookieInformationConsent" in encoded format, set from the domain cookieinformation.com.
- One third party cookie named “CookieInformationConfig” with the following data in encoded format:
- Internal id to identify the consent solution configuration
- The domains included in the consent solutions configuration
4. Information That We Collect From You on our Websites
Services may be used on our Websites or in email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our Websites, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. We use Piwik Pro when collecting analytics information to help us improve our websites and services. This information includes internet protocol (IP) addresses as well as browser and device type, URLs of referring/exit pages, operating system (Android, IOS etc), date/time stamp, information you search for and language preferences.
5. How We Use Information That We Collect
Legal basis for processing (EU visitors only):
If you are a visitor from the European Union, our legal basis for collecting and using the personal information described above will normally be to perform a contract with you (e.g. to provide you with our Services). In some cases, the processing is in our legitimate interests and will not be overridden by your data protection interests or fundamental rights and freedoms.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” section below.
Cookie Information meets the requirements of the Children's Online Privacy Protection Act as well as the GDPR. We will not deliberately collect information from anyone under 13 years. Our website, products and services are all aimed at people who are at least 13 years of age or older.
6. Sharing Of Information Collected
Third-Party Service Providers:
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of our Websites, application development, backup, storage, payment processing, analytics and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights:
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms and Conditions, or as otherwise required by law.
Cookie Information Group Sharing:
We may share information, including personal information, with any member of the Cookie Information Group, and they will use that information only for the purposes already described in this Policy.
7. Data Retention
Where Cookie Information is the data controller of personal information (for example, personal information relating to Website Visitors, Attendees and individuals who register to use our Services), then we retain the personal information we collect where we have an ongoing legitimate business need to do so (for example, to provide you with our Services, to enable your participation in an event, and to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.
The personal data that we process are hosted in data centers located in countries in the European Union.
Account and registration data is saved for tax purposes for up to five full fiscal years after you cancel your Service Account.
Configuration data and system-generated data will be deleted immediately after you cancel the Service Account.
Service data is deleted continuously after 5 years after registration and immediately when you cancel the Service Account.
8. Data Security
Cookie Information implements adequate technical, organizational and physical precautions to maintain the protection of personal data against accidental or illegal destruction or unintended loss, change, unauthorized use, unauthorized change, disclosure or access, and against any other illegal forms of treatment.
Our Service utilizes a cloud environment to ensure high availability. No personal data is permanently stored outside our cloud platforms. In this way, the physical security of Cookie Information’s subcontractors is maintained. The following subcontractors used are:
- Microsoft Trusted Cloud, Holland
- E-conomic, Copenhagen, Denmark
- Zendesk, USA (privacy-shield certified) and data hosted in the European Economic Area (EEA)
- Sendgrid, USA (privacy-shield certified)
The main supplier Microsoft has adopted the International Cloud Confidentiality Practice, ISO / IEC 27018. (read more here https://azure.microsoft.com/en-us/overview/trusted-cloud/) The data processor E-conomic International A / S is certified in "International Standards on Assurance Engagements 3000" (ISAE 3000). Zendesk computing environments are routinely audited with standards, certifications and accreditations including ISO 27001:2013, ISO 27018:2014, and SOC 2 Type II. Sendgrid follows a global standard for data privacy and security and has SSAE 16 (SOC 2 Type II) certification and PCI-DSS compliance.
Cookie Information monitors the maintenance of these standards and audits by subcontractors and sub-processors to ensure that data protection requirements are met.
In order to ensure secure data transmission, all data transits are encrypted to match them to best practice in the protection of confidentiality and data integrity. E.g. all provided credit card information is transmitted through Secure Socket Layer (SSL) technology and then encrypted into the database of our payment gateway provider so that they are only available to those authorized to access such systems and are required to keep the information confidential.
For data in transit, the Service uses industry standard transport protocols between devices and Microsoft data centers and within the data centers itself.
All personnel are subject to full confidentiality, and all subcontractors and subdivisers require that they sign a confidentiality agreement, unless full confidentiality is already part of the main agreement between the parties.
Any device used to access private information is logged in our Azure Active Directory, Microsoft's cloud-based identity and access control service. If there are personal data temporarily stored on a device, the memory on this device must also be highly encrypted.
In the event that your data is compromised, Cookie Information will inform you and the competent supervisory authorities within 72 hours by email with information about the extent of the violation, the affected data, all impacts on the Service.
9. How To Exercise Your Data Protection Rights
You have certain choices available to you when it comes to your personal information. Below is a summary of those choices, how to exercise them and any limitations.
Accessing and updating or deleting your information:
Our Services give Subscribers the ability to access, update and delete certain personal information from within the Service. For example, you can access your account and make updates to your personal information e.g. email address. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Deactivating your account:
If you no longer wish to use our Services, you may as Subscriber be able to deactivate their account. First, please contact Cookie Information with your request.
Opt-out of communications:
Other data protection rights:
You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. Contact details for data protection authorities in the European Economic Area are available here: https://edpb.europa.eu/about-edpb/board/members_en
10. Business Transactions
We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge. If we do, we will inform them of the requirement to handle your personal information in accordance with this Policy.
11. Changes To This Policy
This Policy may be updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices.
If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on the Websites prior to the change becoming effective. If we are required by law to do so, we will seek your consent prior to those material changes becoming effective.
If you do not accept any changes made to this Policy, please discontinue use of the Websites and the Services.
12. Contact Us
Att.: Data protection manager