Privacy Policy

Privacy Policy

Cookietrust Privacy Policy

Effective Date: [Insert Date]

At Cookietrust.io (“we”, “us”, or “our”), we are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy outlines how we collect, use, and safeguard your personal information when you interact with our website or services. Please read it carefully to understand our practices and your rights.

By accessing cookietrust.io (the “Website”) or using our consent management platform and related services (collectively, the “Services”), you acknowledge and accept the terms described in this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to personal data that Cookietrust.io collects and processes as a data controller when you use our Website or Services.

Note: This policy does not apply to any personal data you entrust to us for processing on your behalf as part of our Services. In those cases, we act as your data processor, and our obligations are governed by a separate Data Processing Agreement (DPA).

2. Who Is the Data Controller?

For the purposes of applicable data protection legislation—including the UK GDPR, EU GDPR, and national laws implementing these regulations—Cookietrust.io, a service of [Your Company Legal Name & Address], is the data controller for any personal data collected via our Website or directly through your use of our Services.

3. Legal Basis for Processing Personal Data

We will only process your personal data when a valid legal basis under data protection law applies. These include:

  • Performance of a contract: Where processing is necessary to deliver our services to you or respond to your requests.

  • Legitimate interests: Where it is necessary for our business operations and those interests are not overridden by your rights and freedoms (e.g. to improve our website, communicate updates, or secure our systems).

  • Compliance with a legal obligation: When we are required to process your data by law.

  • Consent: In cases where none of the above apply, we will ask for your explicit consent before processing your data. This includes instances where our partners may collect consent on our behalf.

 

4. Personal Data We Collect

We may collect and process various types of personal data when you visit our Website or use our Services. “Personal data” refers to any information that can identify an individual, either directly or indirectly. It does not include anonymized data where the identity has been removed.

Below is a breakdown of the categories of personal data we may collect:

● Identity Data

Information that helps us identify you, such as your first name, last name, and, if applicable, maiden name.

● Contact Data

Details required to communicate with you or provide services, including your email address, billing address, company name, and website URL.

● Financial Data

Includes payment and billing information such as your VAT number and payment card details.

● Transaction Data

Records of transactions including details of payments made by or to you, and information about products or services you have purchased from us.

● Technical Data

Information about the devices and technology you use to access our Website or Services, such as:

  • IP address

  • Browser type and version

  • Login data

  • Time zone and location

  • Operating system and platform

  • Device identifiers and browser plug-ins

● Profile Data

Includes data associated with your account and interactions with our Services, such as your:

  • Username and password

  • Purchase history

  • Preferences, interests, and survey responses

  • Support interactions and feedback

● Usage Data

Insights into how you interact with our Website and Services, such as:

  • Page views and navigation paths (including date/time)

  • Search history and product views

  • Session duration, scroll behavior, and click patterns

  • Interaction methods and exit pages

  • Phone numbers used to contact support

● Marketing and Communication Data

Your preferences regarding marketing communications from us and our partners, and your choices about how we contact you.

5. Aggregated Data

We may also generate and use aggregated statistical or demographic data (e.g., analyzing usage trends across user groups). Aggregated Data is not considered personal data under the law because it cannot be used to identify you directly or indirectly.

For example, we might aggregate usage data to determine how many users access a specific feature.

However, if we combine Aggregated Data with personal data in a way that makes it possible to identify you, we treat the resulting data as personal and protect it in accordance with this Privacy Policy.

6. Special Category Data

We do not collect or process sensitive personal data (also known as Special Category Data) such as:

  • Racial or ethnic origin

  • Political opinions or religious beliefs

  • Health or genetic information

  • Biometric data

  • Sexual orientation or behavior

  • Trade union membership

7. If You Choose Not to Provide Personal Data

In certain cases, we are required by law or by the terms of a contract to collect personal data from you. If you do not provide the requested information, we may be unable to fulfill our contractual obligations or deliver the products or services you have requested.

For example, if you fail to provide required billing information, we may not be able to process your subscription. If this situation arises, we will notify you at the time and explain any potential impact.

8. How We Collect Personal Data

We gather personal data through a combination of direct interactions and automated technologies. The methods we use include:

● Direct Interactions

You may provide personal data directly to us when you:

  • Register to use our Website or Services

  • Subscribe to our newsletter or marketing updates

  • Create an account or make a purchase

  • Submit an inquiry or support request

  • Participate in surveys, webinars, or promotions

  • Attend events or provide feedback

  • Report a technical issue

The types of data you may provide in these interactions include Identity, Contact, Financial, and Transaction Data.

● Purchases and Registrations

When you make a purchase, register for a webinar, or sign up for a paid service, we may require additional personal data such as your billing information, payment details, and transaction history.

● Community Participation

If you choose to engage with any online community spaces or forums we provide, we may collect Identity, Contact, Profile, and Technical Data to facilitate your participation.

● Automated Technologies

When you interact with our Website, Services, or emails, we may automatically collect certain types of information using tools such as:

  • Cookies

  • Server logs

  • Web beacons and pixels

  • Browser and device fingerprinting

This data may include:

  • Technical Data (e.g. IP address, browser type)

  • Usage Data (e.g. interaction patterns, session duration)

  • Location Data (e.g. approximate geographic location)

We may also receive technical data about you if you visit other websites that use our cookies or tracking technologies.

For further details, please refer to our Cookie Policy.

9. Personal Data We Receive from Third Parties

We collaborate with a range of trusted third-party service providers and business partners who may share personal data with us in accordance with their privacy policies and applicable data protection laws. These third parties include providers of technical infrastructure, analytics, payment processing, communication tools, and customer relationship platforms.

Depending on the nature of the service, we may receive the following types of personal data:

  • Technical Data
    From analytics and search providers (e.g. Google, Hotjar), advertising networks, and performance monitoring tools.

  • Contact, Transaction and Financial Data
    From payment and delivery service providers (e.g. Stripe) that assist in billing, processing payments, and fulfilling orders.

  • Identity and Contact Data
    From customer support and communication service platforms (e.g. Zendesk), used for managing customer queries and service tickets.

  • Email Communications and Contact Data
    From email service providers (e.g. Sendgrid, Sendinblue, GetResponse, Google), used for transactional and marketing email communications.

  • Business Contact and Financial Data
    From customer relationship management (CRM) systems, which maintain records of interactions, invoices, and communications with our clients.

  • Contact and Financial Data
    From cloud-based accounting systems, which store information related to invoicing, such as names and email addresses of recipients.

For more information about our current sub-processors, you may request our detailed Sub-Processors List by contacting us directly.

10. Personal Data We Collect from Public Sources

In addition to the data we receive directly from you or from third-party providers, we may also collect personal data from publicly available sources. This data helps us verify your details, enhance the accuracy of our records, and tailor our services and communications more effectively.

We use this information for purposes including lead generation, audience targeting, event promotion, profiling, and compliance verification.

Types of data we may collect from public sources include:

  • Identity and Contact Data
    From public business directories and government registers (e.g. Companies House).

  • Identity, Contact, and Profile Data
    From publicly accessible social media platforms and profiles (e.g. LinkedIn, Facebook, Twitter), where you have made information available for public viewing.

11. Cookies

We use cookies and similar tracking technologies on our website and within our services to distinguish you from other users. This enables us to deliver a more personalized and efficient browsing experience, improve the functionality of our website, and enhance the overall quality of our services.

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They serve various purposes, including ensuring the website functions properly, enhancing user experience, and providing analytical data to website owners. Cookies may be either session cookies or persistent cookies.

  • Session Cookies
    These are temporary cookies that remain active only while your browser is open. They help us recognize your activity during a single session and are deleted once the browser is closed. Session cookies are used to support features such as navigation, access to secure areas, and usage analysis during your visit.

  • Persistent Cookies
    These cookies remain on your device even after your browser is closed and are used to remember your preferences or actions across multiple sessions. For example, we use persistent cookies to store login credentials so you don’t need to re-enter them on each visit.

Why We Use Cookies

Cookies help us:

  • Maintain and secure your session when using our Services.

  • Recognize returning users and remember preferences.

  • Analyze how our website and services are used, enabling us to improve performance and usability.

  • Monitor traffic patterns and user interactions for internal analytics.

Managing Cookies

You can manage or disable cookies at any time by adjusting your browser settings. Please note that restricting cookies may impact your experience and limit certain functionalities of the Site or Services.

For more information about the specific cookies we use, please refer to our dedicated Cookies Policy (link to be provided).

To learn more about cookies and how to manage or delete them, you can visit:

If you wish to opt out of tracking via Google Analytics, you can do so here: Google Analytics Opt-out Tool

12. Do Not Track

We respect and support Do Not Track (DNT) browser settings.

Do Not Track is a privacy preference you can enable in your web browser to signal to websites that you do not want your browsing behavior to be tracked. You can manage your DNT preferences in your browser’s “Settings” or “Preferences” section.

While we currently respond to Do Not Track signals, please note that not all third-party services recognize or respond to DNT settings. For more information on managing tracking technologies, please refer to our Cookies Policy.

13. How We Use Your Personal Data

We use your personal data only when permitted by law. Most commonly, we will use your personal data in the following circumstances:

  • To perform a contract with you.

  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

  • Based on your consent (where required).

Below is a summary of the purposes for which we use your data and the corresponding legal basis:

Purpose / Activity Types of Data Lawful Basis for Processing
Register you as a new customer Identity, Contact Performance of a contract
Process and deliver orders, manage payments and recover debts Identity, Contact, Financial, Transaction, Marketing and Communications (a) Performance of a contract
(b) Legitimate interest (recover debts)
Manage our relationship with you (e.g., notify you of changes, request feedback) Identity, Contact, Profile, Marketing and Communications (a) Performance of a contract
(b) Legal obligation
(c) Legitimate interest (record keeping, customer insight)
(d) Consent
Enable participation in contests, promotions or surveys Identity, Contact, Profile, Usage, Marketing and Communications (a) Performance of a contract
(b) Legitimate interest (service development, business growth)
Administer and protect our business and website Identity, Contact, Technical (a) Legitimate interest (IT administration, fraud prevention, restructuring)
(b) Legal obligation
Deliver relevant content and advertising, measure ad effectiveness Identity, Contact, Profile, Usage, Marketing and Communications, Technical Legitimate interest (improve products/services, develop business, optimize marketing)
Use data analytics to improve services, website and marketing Technical, Usage Legitimate interest (website optimization, customer insights, marketing strategy)
Suggest products or services that may be of interest to you Identity, Contact, Technical, Usage, Profile, Marketing and Communications Legitimate interest (business development, customer engagement)

We do not sell or rent your personal data to third parties.

We will use your personal data only for the purposes for which it was originally collected, unless we reasonably determine that we need to use it for another compatible purpose. If you wish to understand how the new purpose is compatible with the original, please contact us.

Please note: In some cases, we may process your data without your knowledge or consent, where required or permitted by law.

14. Disclosure of Your Personal Data

We may share your personal data with carefully selected third parties, only where necessary and in accordance with applicable data protection laws. These third parties are typically listed in our Sub-Processors List, which is available upon request. The categories of recipients include:

14.1. Third Parties We Share Personal Data With

We may share your data with:

  • Affiliated Companies: Any member of our corporate group, including subsidiaries, parent entities, or affiliates, as defined under section 1159 of the UK Companies Act 2006.

  • Service Providers and Contractors: Including IT support, hosting services, CRM systems, payment processors, email communication providers, backup and disaster recovery providers, analytics platforms, research and marketing partners, and customer support providers. These entities process your data on our behalf and in accordance with our instructions.

  • Professional Advisors: Such as legal, financial, audit, insurance, or consultancy firms who provide professional services necessary for the operation of our business.

  • Regulatory Authorities: Government bodies, tax authorities, regulators, or other law enforcement bodies that require disclosure by law or as part of our compliance obligations.

  • Advertising and Marketing Networks: We may share aggregated and/or pseudonymised data with advertising partners (e.g., Google Ads) to serve relevant ads, improve campaign targeting, and avoid showing ads to existing customers. This may include metrics like demographic information or behavioral patterns (e.g., number of users who clicked an ad). You can learn more about how Google Ads handles such information by visiting this page.

  • Analytics Providers: Such as Google Analytics and similar platforms, to help us improve the performance and functionality of our Site and Services.

  • Credit Reference Agencies: Where required for assessing creditworthiness prior to entering into a contractual agreement.

14.2. Situations Where We May Disclose Personal Data

We may disclose personal data to third parties in the following scenarios:

  • Business Transfers: In the context of a merger, acquisition, sale of business or assets, or similar transaction. In such cases, your personal data may be disclosed to prospective buyers or successors.

  • Legal Obligations: Where required to comply with legal duties, enforce our terms, or protect our legal rights, property, users, or others. This may include sharing information with law enforcement or fraud prevention bodies.

  • Publicly Shared Insights: We may share aggregated, anonymised data (which does not identify individuals) to highlight usage trends or benchmarks, either publicly or with business partners.

We take great care to ensure that any third parties receiving personal data are bound by strict confidentiality and data processing agreements, consistent with GDPR requirements and our commitment to your privacy.

15. Data Security

We are committed to safeguarding your personal data. To that end, we implement appropriate technical and organisational measures designed to prevent unauthorised access, accidental loss, misuse, or disclosure of your personal information.

For example:

  • All personal data you provide is stored on secure, access-controlled servers.

  • Payment and credit card data is encrypted using SSL (Secure Socket Layer) technology during transmission.

  • Access to personal data is limited to employees, contractors, and authorised third parties who require it to perform their duties. These individuals are bound by confidentiality obligations and process data only under our instructions.

If you are provided with (or choose) a password to access specific parts of our Site or Services, it is your responsibility to keep this password confidential. We recommend that you do not share it with anyone.

We have internal protocols in place to respond to any personal data breach. Where legally required, we will notify you and relevant data protection authorities promptly.

Please note that while we take appropriate steps to secure your data, the transmission of information via the internet is not completely secure. Any data transmitted to our Site or Services is done at your own risk. Once we receive your data, we apply strict security controls to prevent unauthorised access.

16. Links to Third-Party Websites

Our Site and Services may contain links to external websites operated by partners, advertisers, affiliates, or other third parties. Please be aware that these websites have their own privacy policies and practices. We do not accept any responsibility or liability for their content or data protection policies.

We encourage you to review the privacy policies of any third-party sites before providing them with your personal information.

17. Your Data Protection Rights

You have a range of rights under applicable data protection laws (including the GDPR), which you may exercise free of charge. These include:

  • Access – Request access to your personal data held by us.

  • Rectification – Request correction of inaccurate or incomplete data.

  • Erasure – Request deletion of your data where there is no legal basis for us to continue processing it.

  • Restriction – Request a limitation on how we process your personal data.

  • Objection – Object to our processing of your data where we rely on a legitimate interest.

  • Data Portability – Request transfer of your data in a machine-readable format to you or a third party.

  • Withdraw Consent – Where we rely on your consent to process personal data, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us using the details provided at the end of this Privacy Policy. We will respond within 30 days, or inform you if more time is needed in complex cases.

Please note:

  • We may request proof of identity before processing your request, as a security measure.

  • If your request is manifestly unfounded, repetitive, or excessive, we reserve the right to charge a reasonable fee or decline to act on it.

18. Marketing

We may use your Identity, Contact, Technical, Usage, and Profile Data to develop a better understanding of your preferences and interests. This helps us determine which products, services, and offers may be most relevant to you—this activity is referred to as marketing.

Promotional Communications

We may send you marketing emails in the following circumstances:

  • If you have opted in to receive marketing communications when registering on our Site.

  • If you have previously purchased or enquired about our products or services and have not opted out of receiving such communications.

Third-Party Marketing

We will only share your personal data with third parties for marketing purposes if we have obtained your explicit, opt-in consent.

Managing Your Preferences

You may opt out of receiving marketing emails from us at any time by clicking the “unsubscribe” link included in our communications. Once you unsubscribe, we will no longer send you marketing emails.

Please note: Even if you opt out of marketing emails, you will continue to receive essential service-related communications, including billing notices, customer support messages, and operational updates. Push notifications regarding promotions or events may also be sent from time to time, which can be disabled through your device settings.

19. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting obligations. We may also retain your personal data for longer where:

  • You have made a complaint;

  • We believe there is a likelihood of legal proceedings relating to our relationship with you;

  • It is necessary to meet law enforcement requests or enforce our legal rights;

  • You have requested to be excluded from future communications (e.g., unsubscribe requests).

When determining appropriate retention periods, we consider:

  • The volume, nature, and sensitivity of the data;

  • The potential risk of harm from unauthorised use or disclosure;

  • The purposes for which we process the data;

  • Whether those purposes could reasonably be achieved by other means;

  • Applicable legal requirements.

We will generally retain your personal data for as long as:

  • You maintain an active account with us;

  • You have access to our Site or Services;

  • Any relevant contractual obligations continue to apply.

Once your account is closed, we typically delete personal data unless a longer retention period is justified. We may retain anonymised or aggregated information after account closure for analytical or research purposes. This data cannot be used to identify you and may be retained indefinitely.

Please Note: If you delete your account or remove data from your profile, any information you previously shared with others (e.g., via messages or collaborative tools) may still be visible to them. We do not control copies made by others or how long third-party services (e.g., search engines) retain cached content.

20. Complaints

If you have any concerns or complaints regarding the way we handle your personal data, we encourage you to contact us directly using the contact details provided at the end of this Privacy Policy. We take all privacy-related complaints seriously and will investigate your concern promptly and in accordance with applicable data protection laws.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

For individuals in the United Kingdom, the supervisory authority is:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
ico.org.uk

EU Representative

In accordance with Article 27 of the EU General Data Protection Regulation (GDPR), we have appointed IT Governance Europe Limited as our EU Representative. If you wish to exercise any of your data protection rights under the GDPR or have any questions relating to privacy or the handling of your personal data, you may contact our representative using the following details:

Email: [email protected]
Postal Address:
EU Representative
IT Governance Europe
Third Floor, The Boyne Tower
Bull Ring, Lagavooren
Drogheda, Co. Louth
A92 F682, Ireland

Please include the name of our company (Cookietrust.io) in all correspondence to ensure your request is processed correctly.

21. Age of Users

Our Site and Services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately using the contact details provided below. We will take appropriate steps to investigate and, if necessary, delete such information from our records.

22. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any updates or changes will be posted on this page, and where appropriate, we will notify you by email.