Cookie Policy

Effective date: 19 March 2026 · Controller: Dhorxellvorx, Centralplan 15, 111 20 Stockholm, Sweden · Contact: help@dhorxellvorx.world

This Cookie Policy explains how cookies and similar technologies are used on dhorxellvorx.world when you browse information about GreenVascura, submit forms, or interact with embedded content. It complements our Privacy Policy and should be read together with our Terms of Service.

1. Legal framework

We comply with Directive 2002/58/EC as revised by Directive 2009/136/EC (ePrivacy) as transposed into Swedish law through the Electronic Communications Act (2022:482) and related regulations, together with GDPR definitions of personal data where identifiers relate to an identifiable individual. Non-essential storage or access on your device requires informed consent unless a narrow exemption applies.

2. What are cookies and similar technologies?

Cookies are small text files placed on your device when you visit a site. Similar technologies include local storage, session storage, pixels, tags, scripts that read device characteristics, and software development kits in apps. This Policy uses “cookies” to refer to the whole class unless a distinction is necessary.

3. How consent is collected and withdrawn

On your first visit, a banner presents three paths: Accept all, Reject (non-essential off), and Cookie settings, which opens a panel with toggles. Strictly necessary cookies remain active because they are required for core operations. Analytics and marketing cookies activate only after affirmative action consistent with your choice. You may reopen settings by clearing stored consent in the browser and reloading, or by contacting us to reset server-side flags if we maintain any. Withdrawing consent does not affect the lawfulness of earlier processing. Browser controls can also delete or block cookies; blocking may degrade checkout or form features.

4. Cookie categories we use

4.1 Strictly necessary

These cookies are essential for security, load balancing, consent storage, fraud prevention tokens, and remembering session steps during checkout. They do not require consent under ePrivacy implementations that recognise strict necessity, but we still disclose them transparently.

• Consent state token: stores a JSON preference object in localStorage key tdde_cookie_prefs_v1 to remember analytics/marketing choices; duration persistent until cleared; data minimised to boolean flags.
• Session identifier: server-side session cookie if enabled for authenticated staff areas only; not used for public visitors unless a customer account exists.
• Security cookies: anti-CSRF tokens bound to forms; session-length or short-lived.

4.2 Analytics (optional)

If enabled, analytics cookies help us understand aggregate traffic, referral sources, scroll depth, and error rates. We configure IP anonymisation where the provider supports it and avoid creating cross-site profiles beyond measurement of our own domains. Typical vendors might include privacy-oriented or mainstream analytics platforms; the exact provider list is updated in the table below when integrations go live.

• Example analytics ID: pseudonymous cookie lasting up to thirteen months; processed under consent (Art. 6(1)(a) GDPR) and joint legitimate interest assessments for first-party metrics where permissible.

4.3 Marketing (optional)

If enabled, marketing cookies may build audiences for remarketing, attribute conversions, or sequence messages across platforms. We limit data shared to hashed identifiers where possible and honour ad platform opt-outs in addition to our site preferences.

• Remarketing pixel: third-party cookie or local storage entry with lifetime defined by the partner, commonly up to ninety days unless refreshed.

5. Detailed cookie table (illustrative; update when vendors change)

The following table summarises typical cookies. Names may vary slightly by deployment version.

• tdde_session — Strictly necessary — HTTP cookie — Session — Maintains server session continuity for checkout.
• tdde_csrf — Strictly necessary — HTTP cookie — 12 hours — Protects forms from cross-site request forgery.
• tdde_cookie_prefs_v1 — Strictly necessary — localStorage — Until cleared — Stores consent selections.
• _tdde_ga — Analytics — HTTP cookie — 13 months — Distinguishes users for aggregated statistics (only if analytics toggle on).
• _tdde_ads — Marketing — HTTP cookie — 90 days — Attributes campaign performance (only if marketing toggle on).

6. Local storage and pixels

Beyond cookies, we may store minimal state in localStorage or sessionStorage for performance or offline error logging. Pixels are tiny images or scripts that notify a server when loaded; they are disclosed here as marketing or analytics tools when used.

7. Data recipients

Cookie data may be accessible to our hosting provider, analytics subcontractors, and advertising partners acting as processors or independent controllers depending on the tool. Transfers outside the EU/EEA rely on SCCs or adequacy decisions as outlined in the Privacy Policy.

8. Retention

Retention aligns with each cookie’s purpose: session cookies expire when you close the browser (unless persistent with explicit max-age), analytics cookies expire within thirteen months of last use, marketing cookies expire within ninety days unless renewed by a new interaction subject to valid consent.

9. Your rights

GDPR rights such as access, erasure, or objection may apply where cookie data is personal data. Contact help@dhorxellvorx.world. You may also use industry tools like the EDAA consumer choice platform for certain third-party ads.

10. Interaction with browser controls

Major browsers let you delete cookies on exit, block third-party cookies, or alert you before storage. Some features may fail if strictly necessary cookies are blocked; contact us if you need assistance completing a purchase without optional storage.

11. Consent records

We retain evidence of consent decisions, including timestamps and banner version identifiers, aligned with accountability duties under GDPR Article 5(2). Records are kept for the limitation period relevant to regulatory investigations plus a prudential margin.

12. First-party versus third-party cookies

First-party cookies are set by our domain and are often essential for sessions. Third-party cookies belong to another domain embedded in our pages, frequently analytics or ads. Our banner treats optional third-party cookies under the same consent rules as equivalent first-party marketing tools.

13. Session replay or heatmaps

If we deploy session replay technologies, they will be disclosed here with purpose, lawful basis, and retention, and activated only after appropriate consent where required. Aggregated heatmaps without personal identifiers may operate under legitimate interest after balancing tests.

14. Social media plugins

Embedded social buttons may set cookies when loaded. We use click-to-activate patterns where feasible to prevent passive tracking before interaction. Provider policies govern additional processing.

15. Security of cookie data

Cookie values that act as session tokens are generated with sufficient entropy, transmitted only over HTTPS, and invalidated on logout or timeout. HttpOnly and Secure flags are applied server-side where supported.

16. Research and aggregate statistics

We may derive aggregate metrics that no longer identify individuals; such datasets fall outside personal data scope and may be retained for historical performance analysis.

17. Accessibility of preference tools

Cookie settings controls are designed for keyboard navigation and screen reader labels. If you encounter barriers, email us so we can remediate promptly.

18. Changes

We update this Policy when we add tools, change vendors, or respond to regulatory guidance. The effective date at the top will change accordingly.