1. Identity of Cookie-Script
Žalgirio st. 88
Company registration number: 304037472
2. What information do we collect?
You may visit our site anonymously although cookies are used to identify your session.
2.1. Contact form data
If you choose to use the enquiry form on our website, basic contact details are collected such as the email and name of the contact person
2.2. Account data
When you register for an account, we collect and store your e-mail address.
2.3. Membership data
In order to issue an invoice for paid services, we also need to collect additional contact details about you or your business, such as full name, email, contact address, business name and business activity. We do not collect or store your credit card information. All payments are collected using PayPal, therefore we also store PayPal transaction ID.
2.4. Cookie-Script item data
2.5. End User data
End User data can be collected only if you have proper subscription on Cookie-Script website. If enabled, Service can automatically log the following data about End Users:
- An anonymous and random key (the “Key”);
- End User’s choice (accept or reject);
- Anonymized End User’s IP address (last digits after “.” are set to 0);
- Date and time of End User’s agreement/rejection;
- Page where consent was given/revoked;
- End User’s browser agent.
The Key together with Consent state are saved in End User’s browser as first-party cookie called “CookieScriptConsent” in JSON encrypted form. This information is later used by the Service to remember End User’s choice. The Key can also be used as a proof of End User’s consent.
2.6. Automatically generated data
The service automatically generates statistical data (if enabled in settings for Cookie-Script Item) which is number of clicks on each button of the Pop-up. This data is aggregated (clicks per day) and cannot be used to identify particular End User.
3. What do we use your information for?
Any of the information we collect may be used for one or more of the following purposes:
- To answer your enquiry;
- To contact you regarding our services;
- To identify you as a contracting party;
- To enable Cookie-Script to issue valid invoices and to process transactions;
- To enable secure login for you in the Service;
- To enable automated subscription handling;
- To provide you with automatically generated information on the End User clicks on the Pop-up buttons.
4. Legal basis
4.1. EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If you are a resident of the EEA, you have the following data protection rights:
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
4.2. Children’s Online Privacy Protection Act Compliance
Cookie-Script is in compliance with the requirements of GDPR 2018. We will not intentionally collect any information from anyone under 13 years of age. Our website and services are directed at people who are at least 13 years old or older.
5. How do we protect your information?
Cookie-Script does not store any personal identifiable information about you online or using cloud storage unless those organizations comply with GDPR. DigitalOcean, LLC and Amazon Web Services, Inc. are two such organizations.
All data is protected by password access. We do not request or keep financial information such as your bank account details. All personnel and subcontractors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
Cookie-Script will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
Cookie-Script uses different internal and external monitoring tools to ensure hight system performance and availability.
5.4. Personal Data breach notification
In the event that your data is compromised, Cookie-Script will notify you and the ICO within 72 hours by email with information about the extent of the breach, affected data, any impact on the Service and our action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the service.
Cookie-Script may place a "cookie" in the browser files of your computer. This cookie does not collect information that personally identifies you as an individual (other than your Internet protocol address), but merely allows us to recognize your repeated visits to cookie-script.com. We use our cookie collected information to make your visit more enjoyable. Cookies are also used to remember your session and keep you logged into your account. If you want to disable cookies, there is a simple procedure in most Internet browsers that allows you to turn off or delete cookies, but please remember that cookies may be required to allow you to use certain features of Cookie-Script.
6.1. Measuring Website Usage
Google Analytics is in use to collect information about how visitors use this site. This provides us with important information that can enable the site to work better. We do not link this information to your name or address.
7. Do we disclose any information to outside parties?
Cookie-Script does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
7.1. Subcontractors/trusted third parties
The subcontractors of Cookie-Script are:
- DigitalOcean, LLC
- Amazon Web Services, Inc.
- PayPal Pte. Ltd.
Both companies have implemented all necessary standards to comply with GDPR.
7.2. Legally required disclosure
Cookie-Script will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Cookie-Script, we strive to limit the disclosure. Cookie-Script will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Cookie-Script will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
8. Third party services
You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.
9. Where do we store the information?
No stored data will be transferred, backed up and/or recovered by Cookie-Script outside of the European Union. Cookie-Script also requires its subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield.
9.1. Personal data location
All data and databases are stored on Cookie-Script’s vendor, DigitalOcean, LLC in Amsterdam. Databases and files are continuously backed up to enable restore to any point in time within a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.
10. Data access
If you are a registered user, you may access information associated with your Account by logging into our Services.
You may at any time obtain confirmation from Cookie-Script as to whether or not personal data concerning you is being processed.
In your Account Page you can at any time export a data copy, which you may transmit to another controller of the data.
11. Request for rectification, restriction or erasure of the personal data
You may at any time obtain rectification of inaccurate personal data about you.
11.2. Restriction of processing personal data
You may at any time request Cookie-Script to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling Cookie-Script to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if Cookie-Script no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and Cookie-Script shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
You can also remove your account data yourself on Account Page. If you have any Membership data associated with your account, it will not be removed automatically when deleting Account data by you.
12. Data retention
12.1. Data retention policy
Membership data will due to tax regulations be retained for up to five seven fiscal years from your cancellation of your Service account.
End User Data and Account data will be erased immediately when you cancel the Service account.
12.2. Data retention for compliance with legal requirements
You cannot require Cookie-Script to change any of the default retention periods, except for the reasons linked to compliance with specific laws and regulations.
13. Your consent
You may at any time lodge a complaint with a supervisory authority regarding Cookie-Script’s collection and processing of your personal data with State Data Protection Inspectorate https://www.ada.lt