Priority of documents: If anything in this Cookie policy appears inconsistent with our Privacy policy, the Privacy policy prevails in respect of personal data rights and controller obligations, and this Cookie policy prevails in respect of the specific technologies and consent mechanics described here.
1. What are cookies and similar technologies?
Cookies are small text files placed on your device when you visit a site. Similar technologies include pixel tags, local storage (such as localStorage), session storage, and software development kits (SDKs) where applicable. In this policy, “cookies” includes those similar technologies unless we specify otherwise.
Cookies may be session cookies (deleted when you close the browser) or persistent cookies (remaining for a defined period or until deleted).
2. Legal basis and consent (UK PECR and UK GDPR)
Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended (“PECR”), read with UK GDPR where personal data is involved, we distinguish:
- Strictly necessary cookies (or equivalent storage) that are essential to provide a service you have requested, or for transmission of a communication, or for security - these do not require consent in the UK in the same way as optional analytics or advertising technologies;
- Optional technologies, including analytics and marketing or advertising cookies, which we deploy only where we have obtained your consent through the cookie banner (or equivalent control) unless another lawful basis clearly applies in a specific context.
When you first visit our public pages, we present a cookie banner. Reject non-essential refuses optional analytics and marketing technologies. Accept all enables both categories we describe below. You may reopen and change your choice at any time via Cookie settings in the footer. Changing from “Accept all” to a more restrictive choice may require a page refresh to ensure third-party tags stop as far as technically practicable.
3. Categories of cookies and storage we use
3.1 Strictly necessary
Required for core functionality or security - for example HTTP-only session and CSRF protection on our staff-only administrative workspace, and basic delivery and integrity of the Website. These are not used for cross-site behavioural advertising.
3.2 Preferences (first-party)
We store some choices in localStorage (which may not appear as a traditional cookie file), including language and theme where the user interface offers them. We also store your cookie consent record (including version number and timestamp) so we do not repeatedly interrupt your browsing. That record is evidence of your choice on that browser and device.
3.3 Analytics (optional - Google Analytics 4)
If you opt in, we may load Google’s measurement tag, which may set cookies such as _ga and related identifiers. Purposes include understanding traffic volumes, navigation paths, engagement, and (where configured) conversion-related events. Cookie names and lifetimes are described in Google’s technical documentation and may change when Google updates its products.
3.4 Marketing and advertising (optional - Google Ads)
If you opt in to marketing cookies, we may load Google Ads tags that can set or read cookies for purposes such as conversion measurement, remarketing, frequency capping, and audience building. Google may combine signals with other data it holds in accordance with Google’s policies. You can manage ad personalisation for Google at adssettings.google.com.
4. Illustrative list of identifiers (non-exhaustive)
Exact names, domains, and lifetimes may change when we or our vendors update configuration. Examples include:
- od_legal_consent (localStorage) - records your cookie choices and policy version;
- Language and theme keys (localStorage) - UI preferences;
- Admin session and CSRF (HTTP cookies, staff only) - secure workspace;
- _ga, _gid (Google, if analytics enabled) - measurement;
- IDE, test_cookie, _gcl_* (Google, if Ads enabled) - advertising and conversion measurement.
This list is illustrative only and does not form an undertaking that only these identifiers will ever be used.
5. Third-party resources loaded regardless of optional consent
Independently of analytics and ads consent, the Website may load resources such as Google Fonts and Tailwind CSS from content delivery networks. Those requests may disclose your IP address and basic technical data to the relevant provider. We minimise third-party dependencies where reasonably practicable.
6. Browser controls and “Do Not Track”
You may block or delete cookies and site data through your browser settings. Blocking strictly necessary cookies may impair functionality (including sign-in to protected areas).
Some browsers transmit a “Do Not Track” or similar signal. There is no uniform legal or industry-standard response to such signals in the UK. We rely on our cookie banner and settings for optional technologies rather than on automated DNT interpretation alone.
7. Your choices (summary)
- Use Cookie settings in the footer to change consent;
- Use browser controls to delete cookies and site data;
- Use Google’s tools linked in section 3.4 and in our Privacy policy.
8. Updates and material changes
We will update this policy when we add vendors, change tagging, or when regulators publish new guidance. A change that materially affects optional processing may require a new consent version flag, which may cause the banner to reappear for visitors who had previously accepted an older version.
9. Severability
If any provision of this policy is held to be invalid or unenforceable, the remaining provisions remain in full force and effect to the extent permitted by law.
10. Global Privacy Control and similar browser signals
Some browsers or extensions send optional signals (for example Global Privacy Control) that express a preference about sale or sharing of personal data in other jurisdictions. In the UK, our primary mechanism for lawful use of non-essential cookies and similar technologies remains the cookie banner and Cookie settings control described in this policy and in our Privacy policy. Where technically feasible and consistent with PECR and UK GDPR, we may treat such signals as an additional input when deciding whether to load optional tags, but a signal alone does not replace our consent record where consent is required.
11. Consent records, versions, and supporting logs
Your cookie choice is stored in first-party storage on your device (see section 3.2) with a version identifier so we can demonstrate what was presented and accepted or rejected. We may also retain minimal server-side security and application logs (for example timestamps and IP-derived data) for a limited period where necessary to investigate abuse or disputes. We do not use session replay or screen-recording vendors on the public Website unless we introduce them in a future update and obtain appropriate consent or lawful basis.
Contact: hello@olliditton.com