Cookie Policy
Learn how we use cookies to protect your data and improve your experience on our website.
Last updated: 27 October 2025
Table of Contents
This Cookie Policy explains how BOSIT (“BOSIT”, “we”, “us”, “our”) uses cookies and similar technologies on https://bosit.co.uk (the “Website”). It should be read together with our Privacy Policy.
Scope & laws
We comply with the UK GDPR, the EU GDPR (where applicable), and the UK PECR/EU ePrivacy rules. We also honour browser privacy signals such as Global Privacy Control (GPC).
1. What are cookies and similar technologies?
Cookies are small text files placed on your device by your browser.
Local/Session Storage store key–value pairs in your browser.
Pixels/Tags/SDKs are code snippets used for measurement, security, support, or advertising.
Device signals (e.g., GPC) communicate your privacy preferences.
We use these technologies only as described below and, where required, only after your consent.
2. Who sets cookies?
First-party cookies — set by BOSIT (e.g., security, login, consent).
Third-party cookies — set by trusted providers we use for analytics, performance, support, live chat or advertising. These are blocked by default until you consent (except those strictly necessary).
3. Legal bases & consent
Strictly necessary cookies: legitimate interests and/or contract (no consent required).
All other categories (Preferences, Analytics, Performance/A-B, Marketing/Ads, Support): consent.
On your first visit, we display a consent banner with Accept all / Reject all / Customize. You can change your choices anytime via Cookie Settings in the footer.
We store your choices in a first-party cookie (e.g., cookie_consent) for 6–12 months or until you change them. Material changes may trigger a new prompt.
GPC. When your browser sends a GPC signal, we treat it as an opt-out for all non-essential categories.
4. Cookie categories we use
Only Strictly Necessary cookies are set without consent.
- Strictly Necessary (Essential) — security (e.g., CSRF), authentication, load balancing, basic site features. If disabled: the site may not function.
- Preferences — remember choices such as language, region, and theme.
- Analytics — understand usage, improve performance, detect anomalies (configured to avoid sensitive data).
- Performance & A/B Testing — measure speed, stability, experiments.
- Marketing & Advertising — campaign measurement and, where permitted, audience building / retargeting.
- Customer Support/Communications (if enabled) — live chat (e.g. tawk.to), product tours, help widgets.
5. Security & implementation safeguards
- Server cookies use Secure, appropriate SameSite (Lax/Strict), and HttpOnly (where applicable).
- We prefer the __Host- / __Secure- prefixes where supported.
- We do not store sensitive data in cookies.
- Third-party tags (inclusiv pentru live chat) are blocked by default and loaded only after consent.
- Access to cookie data is restricted and audited.
6. Detailed cookie information
The exact inventory may change (based on your choices, region, and product updates). A live list is available in Cookie Settings. Examples:
A) Strictly Necessary (no consent)
| Name | Provider | Purpose | Retention | Attributes |
|---|---|---|---|---|
| __Host-session | BOSIT | Session/auth state | Session | Secure; HttpOnly; SameSite=Lax |
| csrf_token | BOSIT | CSRF protection | 2 hours | Secure; SameSite=Strict |
| cookie_consent | BOSIT | Stores your cookie choices | 6–12 months | Secure; SameSite=Lax |
| lb_route | BOSIT | Load balancing | Session | Secure; SameSite=Lax |
B) Preferences (consent)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| locale / lang | BOSIT | Language selection | 1 year |
| theme | BOSIT | Light/dark mode | 1 year |
C) Analytics (consent)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| _ga, _ga_*, _gid | Google Analytics 4 | Usage analytics with IP anonymization; Consent Mode | 1 day – 2 years |
| clck / clsk | Microsoft Clarity (if enabled) | UX heatmaps/session insights | up to 1 year |
D) Performance & A/B Testing (consent)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| optimizelyEndUserId / abtastySession | Optimizely / AB Tasty (if enabled) | Experiment variants & metrics | Session – 13 months |
E) Marketing & Advertising (consent)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| _gcl_au | Google Ads | Campaign attribution | 90 days |
| _fbp | Meta | Campaign measurement/retargeting | 90 days |
| IDE, test_cookie | Google/DoubleClick | Ad delivery & reporting | up to 1 year |
F) Customer Support (consent)
| Name | Provider | Purpose | Retention |
|---|---|---|---|
| TawkConnectionTime, tawk_* | tawk.to | Live chat widget, keeping chat session and visitor status between page loads | Session – up to 12 months (depending on cookie) |
| intercom-id-* | Intercom (if enabled) | Persist chat session | up to 9 months |
| zendesk-* | Zendesk (if enabled) | Support widget | Session – 1 year |
Where a provider processes data outside the UK/EEA, we use appropriate safeguards (e.g., SCCs, UK IDTA/Addendum). See our Privacy Policy for details.
7. Google Analytics & Consent Mode
If you allow Analytics, we may use Google Analytics 4 with Consent Mode (v2) so that, when consent is denied, tags adapt by using cookieless pings and do not set analytics/ads cookies. We enable IP anonymisation, limit data retention, and disable advertising features unless you also consent to Marketing.
8. Managing your preferences
Use the Cookie Banner on first visit or the Cookie Settings link in our footer at any time.
Options: Accept all, Reject all, or Customize per category.
You can also control cookies via your browser settings (Chrome, Edge, Safari, Firefox). Blocking some cookies may impact functionality (e.g., login, remembered settings, media embeds).
9. Children’s data
Our Website is not directed to children under 16. We do not knowingly place non-essential cookies in relation to children.
10. International transfers
Some providers may process data outside the UK/EEA. We implement safeguards such as Standard Contractual Clauses and the UK IDTA/Addendum, vendor assessments, and technical/organisational measures. Details are available in our Privacy Policy or upon request.
11. Changes to this Cookie Policy
We may update this Policy to reflect changes in technologies, providers, law, or our services. When materially changed, we will update the “Last updated” date and, where required, request consent again.
12. Contact us (data controller)
BOSIT
Email: contact@bosit.co.uk
If you have questions about this Cookie Policy, your choices, or wish to request details of safeguards for international transfers, please contact us.
Appendix — Compliance & UX implementation (informative)
We use a Consent Management Platform (CMP) that:
- shows an Accept all / Reject all / Customize banner;
- blocks all non-essential tags by default and loads them only after consent;
- stores a first-party cookie_consent record with version and timestamp;
- honours GPC and allows you to withdraw consent at any time.
Cookie Settings (footer) offers per-category toggles: Necessary (always on/disabled), Preferences, Analytics, Performance & A/B, Marketing/Ads, Support.
For embeds (YouTube/Maps/etc.), we show a placeholder when consent is missing, with an option to allow and load.
We log non-PII consent events (shown/accepted/rejected/updated) for audit purposes.
We review vendors at least annually and keep the cookie inventory up to date.