Close Menu

GDPR Consent Policy

1. Introduction

This Consent Policy explains how we collect, use, and manage your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (nFADP). It applies to all users in the European Economic Area (EEA), the United Kingdom, and Switzerland.

By interacting with our website, services, or advertisements, you acknowledge that your personal data may be processed as described in this policy.

2. Who We Are (Data Controller)

We are the data controller responsible for your personal data. If you have questions about how we handle your data, you may contact our Data Protection Officer (DPO) at:

Data Protection Officer Email: dpo@[yourcompany].com Address: [Your Company Name], [Street Address], [City, Country]

3. What is Consent Under GDPR?

Under Article 7 of the GDPR, consent must be:

  • Freely given — you must have a genuine choice and not be penalised for refusing.
  • Specific — given for a clearly defined purpose.
  • Informed — you must know what you are consenting to before agreeing.
  • Unambiguous — consent must be indicated by a clear affirmative action (e.g. ticking a box). Pre-ticked boxes are not valid.
  • Withdrawable — you may withdraw consent at any time, as easily as it was given.

We do not rely on consent where another lawful basis under Article 6 applies (such as legitimate interest or contractual necessity). We will always make clear which legal basis we rely on for each processing activity.

4. Consent Management Platform (CMP)

We use a certified Consent Management Platform (CMP) registered with IAB Europe’s Transparency and Consent Framework (TCF) to manage your consent preferences. Our CMP:

  • Presents a clear and accessible consent banner upon your first visit.
  • Records your consent choices with a timestamp and version reference.
  • Passes a valid TC String (Transparency and Consent String) to all advertising and data partners.
  • Allows you to review and update your preferences at any time via our Privacy Preferences Centre.

If you are visiting from the EEA, UK, or Switzerland, no personalised advertising will be served to you without a valid TC String reflecting your consent.

5. What We Collect and Why

We may request your consent for the following categories of data processing:

Purpose Data Collected Legal Basis
Personalised advertising Device ID, IP address, browsing behaviour, ad interaction data Consent (Art. 6(1)(a))
Analytics & performance measurement Page views, session duration, click data Consent or Legitimate Interest
Functional cookies Session tokens, language preferences Legitimate Interest or Consent
Third-party integrations Data shared with advertising partners Consent (Art. 6(1)(a))
Email marketing Name, email address Consent (Art. 6(1)(a))

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

Strictly Necessary Cookies These are essential for the website to function and cannot be disabled. No consent is required.

Analytics Cookies These help us understand how users interact with our site. We use this data in aggregate form to improve our services.

Advertising Cookies These are used to deliver personalised advertisements based on your interests. They are only activated when you have provided explicit consent.

Third-Party Cookies Some cookies are placed by third-party partners (e.g. Google, Meta, programmatic advertising networks). A full list of our third-party partners and their privacy policies is available in our Cookie Declaration.

You may manage your cookie preferences at any time by clicking “Privacy Preferences” in the footer of our website.

7. How We Record and Store Consent

When you provide or withdraw consent, we record:

  • Date and time of the consent event
  • Version of the consent notice displayed
  • Your specific choices (accepted/rejected per purpose and vendor)
  • The TC String generated by the CMP
  • Your IP address (stored in truncated form)

Consent records are retained for a minimum of 3 years from the date they were given, in compliance with GDPR accountability requirements under Article 5(2).

8. Withdrawing Consent

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To withdraw consent, you may:

  • Click “Privacy Preferences” or “Manage Consent” in the footer of our website.
  • Email our DPO at dpo@[yourcompany].com
  • Contact us by post at the address listed in Section 2.

Upon withdrawal, we will cease processing your data for the purposes to which you had consented, and we will notify relevant third-party partners of your withdrawal within a commercially reasonable timeframe.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access (Art. 15) — Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16) — Ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Art. 17) — Request deletion of your data (“right to be forgotten”).
  • Right to Restrict Processing (Art. 18) — Ask us to limit how we use your data.
  • Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21) — Object to processing based on legitimate interest or for direct marketing.
  • Right not to be subject to automated decision-making (Art. 22) — Including profiling that produces legal or significant effects.

To exercise any of these rights, contact us at dpo@[yourcompany].com. We will respond within 30 days.

10. Children’s Data

Our services are not directed at individuals under the age of 16 (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete that data.

11. International Data Transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by the European Commission
  • Binding Corporate Rules (BCRs) where applicable

12. Third-Party Partners and Vendors

We work with advertising technology partners who may process your personal data when you consent to personalised advertising. A complete and up-to-date list of our third-party vendors, along with their stated purposes and privacy policies, is available in our Vendor List accessible through the Privacy Preferences Centre.

We require all vendors to comply with the IAB TCF and applicable data protection laws.

13. Changes to This Policy

We may update this Consent Policy from time to time to reflect changes in law, technology, or our practices. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this document.
  • Display a new consent notice to users affected by the changes.
  • Re-request consent where required by law.

Continued use of our services after notice of changes constitutes acceptance of those changes to the extent permitted by law.

14. Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local supervisory authority:

  • EU: Your national Data Protection Authority (DPA)
  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch

15. Contact Us

For all data protection enquiries:

Data Protection Officer Email: dpo@[yourcompany].com Post: [Company Name], [Address], [City, Postcode, Country]