Cookie Policy - YOPESO
Last updated: 16.03.2026
This Cookie Policy explains how and why cookies and similar technologies are used on this website, how they relate to the processing of personal data, and how users can exercise control over such technologies. It is drafted for publication and for regulatory inspection under applicable EU data protection and ePrivacy rules. This Cookie Policy should be read together with our Privacy Policy, which provides broader information on how we process personal data, including data collected via cookies and marketing automation tools.
1. Introduction and scope
This Cookie Policy applies to all visitors and users of this website and covers cookies and similar technologies deployed through the website, including technologies operated by third‑party service providers acting on our behalf. The purpose of this Cookie Policy is to:
- explain what cookies are and how they function from a legal and technical perspective;
- describe the categories of cookies used on this website and their purposes;
- explain the legal basis for the use of each category of cookies;
- clarify how consent is obtained, managed, and withdrawn;
- explain how cookie-related data is retained, shared, and protected.
This Cookie Policy applies regardless of whether the user accesses the website via desktop, mobile device, or other internet‑enabled equipment.
2. Legal and technical definition of cookies and similar technologies
Cookies are small text files stored on a user’s device (computer, smartphone, tablet) by a website or by a third party whose services are used by that website. Cookies allow the website to recognize the user’s device and store or retrieve information about the user’s interactions with the website. From a technical perspective, cookies may be classified as:
- Session cookies, which are deleted automatically when the user closes the browser; and
- Persistent cookies, which remain stored on the device for a predefined period or until deleted by the user.
From a legal perspective, information stored in or accessed via cookies may constitute personal data where it relates to an identified or identifiable natural person, including online identifiers (such as cookie IDs or device identifiers), particularly where such identifiers can be linked to other data or used to single out a user. In addition to cookies, similar technologies (such as pixels, tags, or scripts) may be used to achieve comparable purposes. For simplicity, all such technologies are referred to as “cookies” in this Policy.
3. Legal basis and consent logic
Under EU ePrivacy rules, the storage of information on a user’s device or access to information already stored on that device is permitted only if (i) the cookie is strictly necessary for the provision of a service explicitly requested by the user, or (ii) the user has provided prior, informed, and explicit consent. Accordingly, this website distinguishes between:
- Strictly necessary cookies, which do not require consent; and
- Non‑essential cookies (including statistics (analytics) cookies and marketing/profiling cookies), which are used only after explicit consent has been obtained.
Non‑essential cookies are blocked by default and are not placed on the user’s device, nor are related scripts executed, until the user has actively expressed consent via the cookie banner or preference settings.For the avoidance of doubt, continuing to browse the website, scrolling, or closing the cookie banner does not constitute valid consent for non‑essential cookies. Users may withdraw their consent at any time via the “Cookie Settings” link available on the website. Withdrawal of consent takes effect prospectively and does not affect the lawfulness of processing carried out prior to withdrawal.
4. Categories of cookies used on this website
4.1 Strictly necessary cookies Strictly necessary cookies are essential for the operation and security of the website. They enable core functionalities such as page navigation, secure access, and session management. Without these cookies, the website cannot function properly. These cookies are placed based on the necessity to provide a secure and functional website and do not require user consent. The impact on users is limited to enabling the basic operation of the website and does not involve tracking for marketing purposes.
4.2 Preferences cookies
Preferences cookies allow the website to remember information that changes the way the website behaves or looks (for example, preferred language). Where used, these cookies are applied to improve usability and user experience. Preferences cookies are used only where necessary for the user’s selected settings.
4.3 Statistics (analytics) cookies Statistics (analytics) cookies are used to collect information about how users interact with the website, such as pages visited and usage patterns. The purpose of these cookies is to understand website usage, identify technical issues, and improve website performance and usability. On this website, statistics (analytics) cookies are provided by Google Analytics 4 (GA4). These cookies use online identifiers and event data for aggregated reporting; they do not serve marketing or advertising purposes. Statistics (analytics) cookies are used only after the user has provided explicit consent. The legal basis is consent under GDPR in conjunction with applicable ePrivacy rules.
4.4 Marketing and profiling cookies Marketing and profiling cookies are used to understand and evaluate user interactions with the website for marketing‑related purposes, including attribution, lead generation, communication optimization, and profiling through engagement scoring/grading. These cookies have a more significant impact on user privacy, as they involve tracking user behaviour across sessions and, in certain cases, linking such behaviour to an identified individual. Accordingly, marketing and profiling cookies are used exclusively on the basis of explicit consent.
5. Marketing and profiling via Salesforce Marketing Cloud Account Engagement (Pardot)
This website uses Salesforce Marketing Cloud Account Engagement (Pardot) as a marketing automation and attribution tool. From a functional perspective, this technology enables us to:
- record website interactions such as page visits, link clicks, and downloads;
- recognize returning visitors through pseudonymous identifiers;
- analyze engagement with specific content or campaigns;
- associate website activity with an identified individual once that individual submits a form or clicks a tracked email link; and
- track email engagement events (such as opens, clicks, and bounces) where email tracking is enabled.
The tracking logic follows a two‑stage model: (i) anonymous tracking where website interactions are linked to a pseudonymous identifier stored in cookies, and (ii) identified attribution where previously collected interaction data is associated with a specific individual after identification. From a data protection perspective, this processing qualifies as profiling because it involves automated processing of personal data to evaluate aspects relating to a person’s behaviour and engagement (including scoring and grading). The business purpose is limited to marketing attribution, performance measurement, and communication management. It is not used to produce legal or similarly significant effects for users. The legal basis for this processing is explicit consent under GDPR and applicable ePrivacy rules.
6. Cookie table
The tables below list cookies used on this website. The exact set of cookies may vary depending on the pages visited and the user’s consent choices. The Cookiebot “Cookie Declaration” on the website provides the current scan-based list of detected cookies and durations.
6.1 Strictly necessary cookies
- Cookie name: CookieConsent |
Provider: Cookiebot / this website |
Duration: Up to 12 months |
Purpose: Stores the user’s cookie consent preferences for this website. |
Category: Strictly necessary
-
Cookie name: PHPSESSID |
Provider: This website |
Duration: Session |
Purpose: Maintains the user session and basic website functionality. |
Category: Strictly necessary
-
Cookie name: _cfuvid |
Provider: Cloudflare (if used) |
Duration: Session |
Purpose: Security/bot management and service protection (set by Cloudflare where used). |
Category: Strictly necessary
6.2 Preferences cookies
- Cookie name: (none detected in latest scan) |
Provider: — |
Duration: — |
Purpose: Preferences cookies are used only where applicable for user-selected settings. |
Category: Preferences
6.3 Statistics (analytics) cookies – used only with consent
- Cookie name: _ga |
Provider: Google Analytics 4 / this website |
Duration: Configured to 14 months |
Purpose: Distinguishes users via an online identifier for analytics purposes. |
Category: Statistics (analytics)
-
Cookie name: ga* |
Provider: Google Analytics 4 / this website |
Duration: Configured to 14 months |
Purpose: Stores and counts page views / session-related analytics information. |
Category: Statistics (analytics)
6.4 Marketing and profiling cookies – Pardot – used only with consent
- Cookie name: pardot |
Provider: Salesforce Account Engagement (Pardot) / tracker subdomain |
Duration: Session |
Purpose: Maintains session state during form interactions. |
Category: Marketing / profiling
-
Cookie name: visitor_id |
Provider: Salesforce Account Engagement (Pardot) |
Duration: Up to 12 months |
Purpose: Unique visitor ID to recognize returning browsers and link interactions across sessions. |
Category: Marketing / profiling
-
Cookie name: lpv |
Provider: Salesforce Account Engagement (Pardot) |
Duration: 30 minutes |
Purpose: Prevents tracking multiple page views on a single asset over a 30‑minute session window. |
Category: Marketing / profiling
-
Cookie name: pi_opt_in |
Provider: Salesforce Account Engagement (Pardot) |
Duration: Up to 13 months |
Purpose: Stores consent preference status (true/false) for Pardot tracking. |
Category: Marketing / profiling
7. Data retention and minimization
Cookie-related data is retained only for as long as necessary to fulfil the purposes for which it was collected. A distinction is made between browser‑side cookies, which expire automatically based on their configured duration, and server‑side data, which is stored within our marketing and analytics systems. Retention periods are set based on the nature of the data, the intensity of the processing, and proportionality in relation to the stated purpose. Anonymous visitor activity is retained for a limited period, while data associated with identified individuals is retained in line with the applicable sales or communication cycle and reviewed periodically to ensure continued necessity. Consent records (Cookiebot consent logs) are retained for up to 12 months due to CMP platform limitations. Where required for compliance evidence, consent information may be exported and retained in a restricted internal archive for a defined period consistent with audit/defence needs.
8. Roles and responsibilities
For the processing activities described in this Cookie Policy:
- Yopeso acts as Data Controller, determining the purposes and means of processing.
- Salesforce acts as Data Processor for Account Engagement (Pardot), providing marketing automation services under a data processing agreement.
- Cookiebot (CMP provider) acts as a service provider for consent management and consent logging for the website.
The use of service providers does not affect Yopeso’s accountability under data protection law.
9. International data transfers and access
Salesforce Account Engagement services are operated on defined infrastructure environments, including server instances located within the European Economic Area. Based on the information available for this implementation, support access does not occur from outside the EEA. If the processing model changes in the future (for example, non‑EEA access or new sub‑processors), appropriate safeguards will be applied in accordance with GDPR requirements, and this Cookie Policy will be updated accordingly.
10. User rights and contact details
Users have the right to obtain information on whether and how we use cookies and similar technologies and, where cookie-related identifiers qualify as personal data, to exercise the data subject rights available under applicable data protection law. In particular, you may withdraw your consent for Statistics (analytics) and Marketing/profiling cookies at any time (with effect for the future) via the “Cookie Settings” link on the website. Depending on the circumstances and the nature of the processing, you may also request access to personal data derived from cookie-based identifiers, rectification, erasure, restriction of processing, and, where applicable, data portability or to object to certain processing. Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. You can also delete cookies through your browser settings; however, this will not automatically remove server-side data already collected where processing was lawfully performed (for example, analytics records or marketing attribution data), and such data must be addressed via a dedicated request to us.
Requests regarding the use of cookies or related data protection matters may be addressed to:
- Anamaria Aursulesei –
office@dpsolutions.ro-
privacy@yopeso.com 
