Cookie policy

1. Purpose and Scope

This Cookie Policy (“Policy”) explains how REtelligent Pty Ltd and its subsidiary REtelligent EU SRL (collectively, “REtelligent”, “we”, “us”, or “our”) use cookies and similar tracking technologies on our public website at https://www.retelligent.co/ and, where applicable, on the REtelligent Sync maintenance portal at https://app.retelligent.co (the “Platform”).

This Policy forms part of, and should be read together with, our Privacy Policy. Capitalised terms not defined here have the meaning given in the Privacy Policy.

This Policy is issued jointly by both Group entities. Where a provision applies only to one jurisdiction, the applicable entity and regulation are stated.

2. Controller Identification

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Romanian Law no. 506/2004 implementing the ePrivacy Directive, REtelligent EU SRL is the data controller in respect of cookies set when you access the website from the European Economic Area (“EEA”), the United Kingdom, or Switzerland. For the purposes of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”), REtelligent Pty Ltd is the APP entity responsible for cookies set when you access the website from Australia. Routing is determined on a best-efforts basis by the visitor’s IP-geolocated region; where determination is not possible, the stricter EU/GDPR standard applies by default.

3. What Are Cookies and Similar Technologies?

A “cookie” is a small text file placed on your device (computer, tablet, or mobile phone) when you visit a website. Cookies allow a website to recognise a device and store information about a visit or a user. In this Policy, “cookies” also refers to analogous technologies that read or write information on your terminal equipment, including:

•       Pixel tags and web beacons (small, typically transparent, image tags embedded in pages or emails).

•       Local storage and session storage within the browser (HTML5 Web Storage API).

•       Software Development Kit (SDK) identifiers embedded in mobile applications.

•       Server-side fingerprinting signals (to the extent they read information from your device).

Under Romanian Law 506/2004 and Article 5(3) of the ePrivacy Directive, any storage of, or access to, information on a user’s terminal equipment (whether or not the information is personal data) is subject to the rules set out in Section 4 below.

4. Legal Basis and Consent Framework

4.1 EU / EEA / UK Visitors

For visitors routed to the EU controller (REtelligent EU SRL), we distinguish between:

•       Strictly necessary cookies - placed without consent pursuant to Article 5(3) of the ePrivacy Directive, because they are strictly necessary for the provision of a service expressly requested by the user (e.g., session management, security, CSRF protection, consent record storage).

•       All other cookies (analytics, functional, marketing) - placed only after we obtain your prior, freely given, specific, informed, and unambiguous consent (GDPR Arts. 4(11) and 7, ePrivacy Art. 5(3), EDPB Guidelines 05/2020 on consent).

Consent is collected via our Consent Management Platform (“CMP” - [INSERT CMP VENDOR, e.g., Cookiebot / OneTrust / Iubenda]). The CMP:

•       Presents a neutrally designed banner with “Accept all”, “Reject all”, and granular category controls rendered on the first layer (no dark patterns, no pre-ticked boxes).

•       Blocks non-necessary cookies until consent is recorded.

•       Logs consent records in a tamper-evident audit trail (consent version, timestamp, IP-hash, categories accepted/rejected) retained for no less than the lesser of the consent lifetime or 5 years, to evidence compliance under GDPR Art. 7(1).

•       Allows withdrawal of consent at any time via a persistent “Cookie Settings” control accessible from the website footer.

•       Honours browser-level Global Privacy Control (“GPC”) signals where available, treating GPC as a valid objection for marketing cookies.

Consent expires automatically 6 months after the date it was recorded, after which the banner is re-presented to obtain fresh consent.

4.2 Australian Visitors

The Australian Privacy Act 1988 (Cth) does not specifically regulate the placement of cookies. However, where cookies collect information that, alone or in combination with other information held by us, can reasonably identify an individual, the information constitutes “personal information” under section 6(1) of the Privacy Act and the APPs apply.

In that case:

•       APP 1 (Open and transparent management): This Policy and our Privacy Policy describe our handling of such information.

•       APP 3 (Collection): We only collect personal information via cookies where reasonably necessary for one or more of our functions or activities.

•       APP 5 (Notification of collection): Our website notifies visitors at or before collection via the cookie banner and this Policy.

•       APP 6 (Use or disclosure): We only use cookie-derived personal information for the purposes set out in Sections 5-8 of this Policy.

•       APP 8 (Cross-border disclosure): Where cookies cause personal information to be disclosed to overseas third parties (including Group entities in Romania), we comply with APP 8 and, where applicable, take reasonable steps to ensure the recipient does not breach the APPs.

We do not presently sell personal information derived from cookies.

4.3 Other Jurisdictions

Where you access the website from a jurisdiction whose rules are stricter than those described in Section 4.2 (for example, the United Kingdom under the PECR, or certain US states with comprehensive privacy statutes), we will apply the stricter standard to cookies placed on your device.

5. Categories of Cookies We Use

Technical note: The tables below enumerate the categories of cookies we use and representative cookies in each category. Cookie names in square brackets [ ] are placeholders pending a full technical audit of the live site. A CMP-generated scan must be run and reconciled with this Policy at least quarterly (see Section 10).

5.1 Strictly Necessary Cookies

These cookies are essential for the Platform and website to function and cannot be disabled. They are set in response to actions you take that amount to a request for service (e.g., logging in, submitting a form, setting cookie preferences).

5.2 Analytics and Performance Cookies

These cookies help us measure how visitors interact with the website so we can improve performance, content, and user experience. For EU/EEA visitors, these cookies are placed only with your prior consent. For Australian visitors, you may opt out via our CMP or your browser settings.

5.3 Functional Cookies

These cookies enable enhanced functionality and personalisation, such as live-chat widgets and language or theme preferences. They are set only with your prior consent for EU/EEA visitors.

5.4 Marketing and Advertising Cookies

These cookies are set by advertising partners to build a profile of your interests, show you relevant adverts on other sites, and measure the effectiveness of our campaigns. They are set only with your prior, explicit consent for EU/EEA visitors. REtelligent currently maintains a minimal marketing cookie footprint consistent with its B2B commercial profile.

6. Third-Party Cookies and Data Transfers

Third-party cookies listed in Sections 5.2-5.4 are set by entities other than REtelligent. We do not control these cookies; their use is governed by the third parties’ own privacy and cookie policies. We review our third-party vendors periodically and maintain our current vendor list in our Sub-processor List and Register of Processing Activities (Article 30 GDPR).

Representative third-party policies:

•       Google Analytics / Google Ads - https://policies.google.com/privacy

•       Hotjar - https://www.hotjar.com/legal/policies/privacy/

•       Intercom - https://www.intercom.com/legal/privacy

•       Segment (Twilio) - https://segment.com/legal/privacy/

•       Meta Platforms Ireland Ltd. - https://www.facebook.com/privacy/policy/

•       LinkedIn Ireland Unlimited Company - https://www.linkedin.com/legal/privacy-policy

•       Cloudflare, Inc. - https://www.cloudflare.com/privacypolicy/

Where third-party cookies result in transfers of personal data outside the EEA, we rely on the transfer mechanisms set out in Chapter V GDPR (Articles 44-49), including European Commission adequacy decisions, the EU-US Data Privacy Framework (where the recipient is self-certified), or the 2021 Standard Contractual Clauses, supplemented by a Transfer Impact Assessment where required. Copies of our transfer documentation are available on request from privacy@retelligent.co.

For Australian visitors, cross-border disclosures arising from third-party cookies are handled in accordance with APP 8; a list of likely recipient countries is maintained in our Privacy Policy.

7. Google Analytics 4 - Privacy Configuration

We use Google Analytics 4 (“GA4”) to understand website traffic and usage patterns. GA4 is configured with the following privacy-protective settings:

•       IP anonymisation: GA4 does not log full IP addresses; addresses are truncated before storage.

•       Data retention: [14 months] (the minimum option in GA4).

•       Google Signals and advertising personalisation features: disabled by default; enabled only for visitors who opt in via the marketing consent category.

•       Data Processing Amendment: Google’s Measurement Controller-to-Controller Data Protection Terms and SCCs have been accepted at the REtelligent EU SRL account level.

•       Consent Mode v2: Deployed in the recommended (basic or advanced) mode, so that if consent is declined, no analytics data is sent and only cookieless pings are used for aggregate, non-identifying measurement.

You may additionally opt out of Google Analytics across all websites by installing Google’s Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout.

8. How to Manage Your Cookie Preferences

8.1 Cookie Settings

You can review and change your cookie preferences at any time by clicking the “Cookie Settings” link in the footer of our website. Withdrawing consent is as easy as giving it, and will not affect the lawfulness of processing carried out before withdrawal (GDPR Art. 7(3)).

8.2 Browser Controls

Most browsers allow you to view, delete, and block cookies via their settings:

•       Chrome - Settings > Privacy and security > Third-party cookies

•       Firefox - Settings > Privacy & Security > Cookies and Site Data

•       Safari - Preferences > Privacy > Manage Website Data

•       Edge - Settings > Cookies and site permissions

Blocking or deleting cookies may affect website and Platform functionality. Strictly necessary cookies cannot be disabled without impairing core functionality.

8.3 Do Not Track and Global Privacy Control

Our website honours browser-level Global Privacy Control (“GPC”) signals where technically detectable: receipt of a GPC signal is treated as an objection to marketing cookies and the corresponding category is disabled for the session. There is no industry consensus on the meaning of the legacy “Do Not Track” (DNT) header and our website does not currently respond to DNT signals; please use our CMP or GPC instead.

8.4 Mobile Device Controls

On iOS and Android, you may reset your advertising identifier or opt out of personalised advertising via the device’s settings menu (“Tracking” on iOS; “Ads” on Android). These controls operate independently of the CMP on our website.

9. Duration of Cookies

Cookies fall into two categories by duration:

•       Session cookies - deleted automatically when you close your browser. Used primarily for session management, security, and load balancing.

•       Persistent cookies - remain on your device for a specified period (or until you delete them). Used for analytics, preferences, and consent recording.

Specific durations are listed in the tables in Section 5 above. We review retention periods against the purpose limitation and storage limitation principles (GDPR Arts. 5(1)(b) and 5(1)(e)) at least annually.

10. Governance, Audit, and Review

We operate the following governance controls to ensure ongoing compliance:

•       Quarterly cookie scans against the live site, with scan outputs reconciled against this Policy and the CMP configuration.

•       Consent records retained for at least 5 years in the CMP and regularly sampled to confirm banner behaviour.

•       Any material change to cookies, categories, or vendors triggers a CMP re-consent event and a change log entry in this Policy.

•       Periodic review by the Data Protection function against EDPB Guidelines 2/2023 on Article 5(3) of the ePrivacy Directive and OAIC guidance on web tracking.

11. Changes to this Cookie Policy

We may update this Policy from time to time to reflect operational, technical, or legal changes. The “Last Updated” date at the top of this Policy reflects the date of the most recent change. Material changes (new categories, new vendors, new purposes, or changes affecting consent) will be notified to users via the CMP and, where appropriate, by email to registered Platform users. Previous versions are retained in our document management system and are available on request.

12. Your Rights and How to Contact Us

You have rights in relation to the personal data processed through cookies, including the right to access, rectify, erase, restrict, object to, and (where applicable) port that data. These rights are explained in our Privacy Policy. To exercise any right, or for any question about our use of cookies, please use our Privacy Request Form (available at https://www.retelligent.co/privacy-request) or contact:

•       Email: privacy@retelligent.co

•       Postal (AU): The Privacy Officer, REtelligent Pty Ltd, Unit 2, 8A Judith Street, Carnegie VIC 3163, Australia

•       Postal (EU): Data Protection Officer, REtelligent EU SRL, [INSERT Romanian address]

You also have the right to lodge a complaint with a supervisory authority:

•       EU/EEA: Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), Bd. General Gheorghe Magheru 28-30, sector 1, 010336 Bucharest - https://www.dataprotection.ro/

•       Australia: Office of the Australian Information Commissioner (OAIC), GPO Box 5218, Sydney NSW 2001 - https://www.oaic.gov.au/

•       You may alternatively lodge a complaint with the supervisory authority in your EU Member State of habitual residence or place of alleged infringement.