Privacy Policy

1. PURPOSE AND SCOPE

Objectis, UAB (also referred to as we, us or the Company), company registration number 304037472, having its registered office at Laisves str. 60, LT-05120 Vilnius, Lithuania, acts as the data controller and is committed to protecting and respecting your privacy.

Therefore, in this Privacy Policy (the Policy), we explain what kind of personal data we collect and for what purposes, when providing you with our products and/or services (the Services), when you visit our website, and/or when you otherwise make contact with us.

In any case, all personal data collected by us are processed in accordance with the EU General Data Protection Regulation No. 2016/679 (the EU GDPR) when processing activities relate to the European Union, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 when processing activities relate to the United Kingdom, as well as other applicable legal acts.

For any questions regarding this Policy or any requests regarding the processing of your personal data, please contact us at dpo@cookie-script.com.

2. WHAT INFORMATION ABOUT YOU WE COLLECT, FOR WHAT PURPOSES, ON WHAT LEGAL BASES, AND HOW LONG WE KEEP IT.

We have set out below, in a table format, a description of how and why we use your personal data – i.e., we listed the personal data or categories of personal data used for specific purposes and indicated which legal basis we rely on to do so.

 

Purpose

Legal basis

 Data collected

Retention period

To answer your inquiry (when you use the contact form)

Consent (GDPR Art. 6(1)(a))

Name and email address provided in the contact form

2 years

To identify you as a contracting party, enable secure login, and provide the CookieScript Service

Performance of a contract (GDPR Art. 6(1)(b))

Email address (Account data)

90 days after account closure

To issue valid invoices, process payments, and handle subscriptions

Performance of a contract / Legal obligation (GDPR Art. 6(1)(b), (1)(c))

Full name, email, contact address, business name and activity, PayPal or Stripe transaction ID (credit card data not stored)

5-10 years per applicable tax law

To provide and operate CookieScript Items (Cookie Banner configuration)

Performance of a contract (GDPR Art. 6(1)(b))

Website domain name, pop-up content and settings entered by the user

30 days after account closure

To contact you regarding services, updates, or account matters

Contract performance (GDPR Art. 6(1)b))

Name, email, message content

Until closure of account

To comply with accounting, tax, or legal requirements

Legal obligation (GDPR Art. 6(1)(c))

Membership and billing data

3 years after account closure

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data. We will only retain your personal data for a longer period when:

  1. it is necessary for the Company to be able to defend itself against existing or threatened claims or to exercise its rights, or for the proper resolution of dispute, complaint or claim;
  2. there is a suspicion of illegal activity;
  3. it is required by applicable laws.

3. PROCESSING OF CHILDREN DATA

Our Services are not intended for children under 16 (or the lower age of digital consent, between 13 and 16, that applies in your EEA/UK jurisdiction). CookieScript is not designed to process children’s personal data and we will delete such data if we become aware of it.

4. HOW WE PROCESS END USER DATA

The Service processes End-User data only where a subscription to the CookieScript website is enabled. In such cases, the Service can automatically log the following data about End Users:

a)      an anonymous and random key (the “Key”);

b)      end User’s choice (accept or reject);

c)      anonymized End User’s IP address (last digits after “.” are set to 0);

d)      date and time of End User’s agreement/rejection;

e)      the page where consent was given/revoked;

f)       end User’s browser agent.

The Key, together with the Consent state, is stored in the End User’s browser as a First-party cookie called “CookieScriptConsent” in JSON encrypted form. This information is later used by the Service to remember the End User’s choice. The key can be found in the Cookie Consent Banner > About cookies tab. The Key can also be used as proof of the End User’s consent. The Key is not considered personal data.

5. HOW WE COLLECT YOUR PERSONAL DATA

We collect information you provide directly to us when you:

  1. fill out the inquiry form on our website;
  2. register for an account on our website;
  3. subscribe to paid services or provide billing details for invoicing;
  4. create or edit a CookieScript item.

We may also receive your personal data from third parties. In particular:

  1. we may receive personal data from a third party which is connected to you or is dealing with us, for example, business partners, sub–contractors, service providers, merchants, etc.;
  2. we may collect personal data from our payment processors in case the personal data is received while executing payment operations;
  3. we may receive personal data from other entities that we collaborate with.

 6. HOW WE SHARE YOUR PERSONAL DATA

We may disclose your personal data to the recipients of the following categories:

  1. public authorities, institutions, organisations, courts and other third parties, but only upon request and only when required by applicable laws, or in cases and under procedures provided for by applicable laws, e.g. for the purposes to secure and/or defend Company’s legitimate interests;
  2. third parties providing services to the Company including providers of infrastructure, user identification, payment processing, and customer support services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;
  3. third parties for the purpose of performance of the contract concluded with you;
  4. third parties, when the Company intends to enter into a business sale transaction and/or to perform legal and/or financial due diligence of the Company prior to such transaction,

For transparency purposes, we maintain a public Third-Party Service Providers List, which identifies the third-party providers engaged by us in connection with the provision, support, maintenance, analytics, payment processing, marketing and related operation of the CookieScript service. Depending on the relevant processing activity, such providers may act either as our processors (or sub-processors) or as independent data controllers under their own privacy terms. The current list is available here: https://cookie-script.com/legal/third-party-service-provider-list.

7. NTERNATIONAL DATA TRANSFERS

In case your personal data is transferred outside the European Economic Area (EEA) or UK, we will take necessary steps to ensure that your data is treated securely and in accordance with this Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the personal data. This can be done in a number of different ways, for example:

  1. the third country to which we send the personal data, a territory or one or more specified sectors within that third country, or the international organisation is approved by the European Commission (if data transfer is from the United Kingdom – UK government) as having an adequate level of protection;
  2. the recipient has signed or contains in its terms of service (service agreement) the standard contractual clauses (SCC) adopted by the European Commission (for more information, please see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en). Where the transfer of your personal data is from United Kingdom – International Data Transfer Agreement or the UK Addendum to the EU SCCs;
  3. special permission has been obtained from a supervisory authority.

We may transfer personal data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR or on the basis of derogations.

8. YOUR RIGHTS

  1. The right to be informed. You have the right to be provided with a clear, transparent and easily understandable information about how we process your personal data.
  2. The right to access. You have the right to request from us the copy of your personal data. Where your requests are excessive, in particular if they are a repetitive, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information.
  3. The right to rectification. You have the right to request us to correct or update your personal data at any time, in particular if your personal data is incomplete or incorrect.
  4. The right to data portability. When a legal basis for data processing is consent or contract, you have the right to request that we transfer your data that we have collected to another organisation, or directly to you, under certain conditions.
  5. The right to be forgotten. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request.
  6. The right to restrict processing. You have the right to restrict the processing of your personal data in certain situations (e.g., when you want us to investigate whether that data is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).
  7. The right to object to processing. Under certain circumstances you have the right to object to certain types of processing (e.g., to receive our marketing communications).
  8. The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a competent supervisory authority, if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. Our data processing is supervised by the State Data Protection Inspectorate of the Republic of Lithuania (address: L. Sapiegos st. 17, LT-10312 Vilnius, phone No.: +370 5 271 2804 / 279 1445, e-mail address: ada@ada.lt, for more information, visit https://vdai.lrv.lt/en/).

If you are located in the United Kingdom, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, phone No.: +44 303 123 1113, for more information visit https://ico.org.uk).

  1. Right to withdraw your consent. If personal data is processed on the basis of your consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing of your data before the withdrawal.

If you would like to exercise any of these rights, please contact us via e-mail: support@cookie-script.com.

Your request shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The aforementioned term may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.

We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects' rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

9. HOW WE PROTECT YOUR PERSONAL DATA

Please note that, although no system of technology is completely secure, we have implemented security measures to minimize the risk of unauthorised access to or improper use of your Personal Information.

We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.

10. COOKIE POLICY

If you access our information or Services through our website, you should be aware that we use cookies.

Cookies are small text files placed on your device when you visit a website. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser. There are few types of cookies:

strictly necessary cookies. Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

Targeting cookies. Targeting cookies are used to identify visitors between different websites, e.g. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites. Legal basis: Consent (GDPR Art. 6(1)(a)).

performance cookies. performance cookies are used to see how visitors use the website, e.g. analytics cookies. Those cookies cannot be used to directly identify a certain visitor. Legal basis: Consent (GDPR Art. 6(1)(a)).

Some cookies are set by third parties that provide services on our site (for example: Google, Meta, Stripe, Customerly and infrastructure providers). These third parties may process data collected via their cookies under their own terms and privacy notices. If data is subject to international transfer to third countries, safeguards in clause 7 of this Policy apply.

Strictly necessary cookies:

Name

Provider / Domain

Expiration

Description

_GRECAPTCHA

Google LLC

.google.com

5 months 4 weeks

Cookie used by ReCaptcha functionality to allow anti-bot validation in different forms.

tapfiliate_ref_click

Cookie-Script.com

1 month 3 weeks

This cookie is used to identify affiliate that visitor used to access the website.

darkPromo

.Cookie-Script.com

3 days

Remembers selection for the promo banner on top of the page.

__stripe_sid

Stripe Inc.

.Cookie-Script.com

30 minutes

This cookie used by Stripe payment processor

__stripe_mid

Stripe Inc.

.Cookie-Script.com

1 year

This cookie used by Stripe payment processor

customerly_jwt

Customerly

.cookie-script.com

1 year

Cookie is set by Customerly to remember user conversation in support system.

AWSALBCORS

Amazon.com Inc.

pictures.customerly.io

1 week

For continued stickiness support with CORS use cases after the Chromium update, we are creating additional stickiness cookies for each of these duration-based stickiness features named AWSALBCORS (ALB).

CookieScriptConsent

CookieScript

cookie-script.com

1 month

This cookie is used by Cookie-Script.com service to remember visitor Cookie Consent preferences. It is necessary for Cookie-Script.com Cookie Banner to work properly.

Performance:

Name

Provider / Domain

Expiration

Description

_ga

Google LLC

.cookie-script.com

1 year 1 month

This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.

_ga_6HZSPS6QTR

.cookie-script.com

1 year 1 month

This cookie is used by Google Analytics to persist session state.

Targeting:

Name

Provider / Domain

Expiration

Description

YSC

Google LLC

.youtube.com

Session

This cookie is set by YouTube to track views of embedded videos.

VISITOR_INFO1

_LIVE

Google LLC

.youtube.com

5 months 4 weeks

This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites;it can also determine whether the website visitor is using the new or old version of the Youtube interface.

_fbp

Meta Platform Inc.

.cookie-script.com

2 months 4 weeks

Used by Meta to deliver a series of advertisement products such as real time bidding from third party advertisers

_gcl_au

Google LLC

.cookie-script.com

2 months 4 weeks

Used by Google AdSense for experimenting with advertisement efficiency across websites using their services

IDE

Google LLC

.doubleclick.net

1 year

This cookie is set by Doubleclick and carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.

test_cookie

Google LLC

.doubleclick.net

15 minutes

This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.

Unclassified:

Name

Provider / Domain

Expiration

Description

[abcdef

0123456789]{32}

cookie-script.com

11 months 4 weeks

 

m

Stripe

m.stripe.com

1 year 1 month

 

_gcl_aw

Google

.cookie-script.com

2 months 4 weeks

 

gclid_info

.cookie-script.com

4 weeks 2 days

 

You can change your consent to cookie usage in the cookie banner.

You may delete previously set cookies manually or configure the browser settings to delete cookies at a set interval.

11. LINKS TO OTHER WEBSITES

Our website may contain links to other websites which are not operated by the Company. When you decide to click on these links and be led to such websites, we recommend familiarising yourself with their privacy policies or notices, cookie policies and/or other documents. The Company assumes no responsibility for the content, policies or practices of such third-party websites or services.

12. CHANGES TO THIS POLICY

We regularly review this Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our website.

Please review this Policy from time to time to stay updated regarding any changes.

13. CONTACT US

You may contact us by writing an e-mail to support@cookie-script.com or post by address Objectis, UAB, Laisvės st. 60, LT-05120 Vilnius, Lithuania.

14. OUR DATA PROTECTION OFFICER (DPO)

You may contact our DPO regarding all issues relating to the Company’s processing of your personal data and the exercise of your data protection rights by sending an e-mail to the address: dpo@cookie-script.com.