1. Identity of CookieScript
Laisves st. 60
Company registration number: 304037472
2. What information do we collect?
You may visit our site anonymously although cookies are used to identify your session.
2.1. Contact form data
If you choose to use the inquiry form on our website, basic contact details are collected such as the email and name of the contact person
2.2. Account data
When you register for an account, we collect and store your e-mail address.
2.3. Membership data
In order to issue an invoice for paid services, we also need to collect additional contact details about you or your business, such as full name, email, contact address, business name, and business activity. We do not collect or store your credit card information. All payments are collected using PayPal or Stripe payment processing systems, therefore we also store PayPal or Stripe transaction ID.
2.4. CookieScript item data
2.5. End User data
End-User data can be collected only if you have a proper subscription to the CookieScript website. If enabled, Service can automatically log the following data about End Users:
- An anonymous and random key (the “Key”);
- End User’s choice (accept or reject);
- Anonymized End User’s IP address (last digits after “.” are set to 0);
- Date and time of End User’s agreement/rejection;
- The page where consent was given/revoked;
- End User’s browser agent.
The Key together with the Consent state are saved in the End User’s browser as a first-party cookie called “CookieScriptConsent” in JSON encrypted form. This information is later used by the Service to remember the End User’s choice. The key can be found in the Cookie Consent Banner > About cookies tab. The Key can also be used as proof of the End User’s consent. The Key is not considered personally identifiable information.
2.6. Automatically generated data
The service automatically generates statistical data (if enabled in settings for CookieScript Item) which is the number of clicks on each button of the Pop-up and Cookie Category preferences. This data is aggregated (clicks per day) and cannot be used to identify a particular End User.
3. What do we use your information for?
Any of the information we collect may be used for one or more of the following purposes:
- To answer your inquiry;
- To contact you regarding our services;
- To identify you as a contracting party;
- To enable CookieScript to issue valid invoices and to process transactions;
- To enable secure login for you in the Service;
- To enable automated subscription handling;
- To provide you with automatically generated information on the End User clicks on the Pop-up buttons.
4. Legal basis
4.1. EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If you are a resident of the EEA, you have the following data protection rights:
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing email@example.com. Additionally, you can delete your account information by clicking the "Delete profile" button in your account > Profile section.
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing firstname.lastname@example.org.
- Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
4.2. Children’s Online Privacy Protection Act Compliance
CookieScript is in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
5. How do we protect your information?
CookieScript does not store any personally identifiable information about you online or using cloud storage unless those organizations comply with GDPR. DigitalOcean, LLC and Amazon Web Services, Inc. and Hetzner Online GmbH are such organizations.
All data is protected by password access. We do not request or keep financial information such as your bank account details. All personnel and subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
CookieScript will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured, and used.
CookieScript uses different internal and external monitoring tools to ensure high system performance and availability.
5.4. Personal Data breach notification
In the event that your data is compromised, CookieScript will notify you and the ICO within 72 hours by email with information about the extent of the breach, affected data, any impact on the Service, and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed in connection with the provision of the service.
- Strictly necessary cookies. Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
- Targeting cookies. Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
- Performance cookies. Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
You can change your consent to cookie usage below.
7. Do we disclose any information to outside parties?
CookieScript does not sell, trade, or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
7.1. Subcontractors/trusted third parties
The subcontractors of CookieScript are:
- DigitalOcean, LLC
- Amazon Web Services, Inc.
- Hetzner Online GmbH
- PayPal Pte. Ltd.
- Stripe Payments Europe Ltd.
Both companies have implemented all necessary standards to comply with GDPR.
7.2. Legally required disclosure
CookieScript will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from CookieScript, we strive to limit the disclosure. CookieScript will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, CookieScript will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
8. Third-party services
You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.
9. Where do we store the information?
No stored data will be transferred, backed up, and/or recovered by CookieScript outside of the European Union. CookieScript also requires its subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield.
9.1. Personal data location
All data and databases are stored on CookieScript’s vendor, DigitalOcean, LLC in Amsterdam. Databases and files are continuously backed up to enable restoration to any point in time within a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.
10. Data access
If you are a registered user, you may access information associated with your Account by logging into our Services.
You may at any time obtain confirmation from CookieScript as to whether or not personal data concerning you is being processed.
On your Account Page, you can at any time export a data copy, which you may transmit to another controller of the data.
11. Request for rectification, restriction, or erasure of the personal data
You may at any time obtain rectification of inaccurate personal data about you.
11.2. Restriction of processing personal data
You may at any time request CookieScript to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling CookieScript to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if CookieScript no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and CookieScript shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
You can also remove your account data yourself on the Account Page. If you have any Membership data associated with your account, it will not be removed automatically when deleting Account data by you.
12. Data retention
12.1. Data retention policy
Membership data will due to tax regulations be retained for up to three fiscal years from the cancellation of your Service account.
End-User Data and Account data will be erased immediately when you delete profile in the Service account settings or request your data to be deleted.
12.2. Data retention for compliance with legal requirements
You cannot require CookieScript to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.
13. Your consent
By using our Service, you consent to the Terms of Service.
You may at any time lodge a complaint with a supervisory authority regarding CookieScript’s collection and processing of your personal data with the State Data Protection Inspectorate https://www.ada.lt