Legal document
Cookie Policy.
Last updated
1. What cookies are
Cookies are small text files that websites place on users’ devices (computers, smartphones, tablets) during browsing, in order to store information useful for the operation of the site, to offer a better browsing experience, or for statistical and marketing purposes. Technologies similar to cookies (such as localStorage, sessionStorage, tracking pixels, fingerprinting) are treated, for the purposes of this policy, in a manner equivalent to traditional cookies, in compliance with the Guidelines of the Italian Data Protection Authority (Garante) on cookies and other tracking tools (Order No. 231/2021 of 10 June 2021).
Pursuant to Article 122 of Italian Legislative Decree 196/2003 (Personal Data Protection Code), as amended by Italian Legislative Decree 101/2018:
- technical cookies strictly necessary for the operation of the site may be installed without the prior consent of the user, subject to the obligation to provide information;
- profiling cookies, third-party analytics cookies, marketing cookies and tracking cookies require the prior consent of the user, freely given, specific, informed and unambiguous, before they are loaded.
For first-party analytics cookies with anonymised identifiers and without profiling functionality, the Garante has recognised a processing treatment comparable to technical cookies (Order No. 231/2021, paragraph 4.3): in such cases consent is not necessary, without prejudice to the obligation to provide information.
2. Cookies used by this site
The metalogopedia.it website adopts a privacy-first approach: it uses only cookies that are strictly necessary for the operation of the site and relies on a server-side analytics tool (Counterscale) that does not install identifying cookies on the user’s device. The full details are set out below.
2.1 Necessary cookies (technical)
These are the cookies that are essential to ensure the correct operation of the site. Legal basis: Article 122 of Italian Legislative Decree 196/2003 (technical cookies), for which prior consent is not required.
| Cookie / key | Duration | Purpose |
|---|---|---|
cookie-consent | 12 months | Stores the user’s choice on the consent banner (cookie preferences). |
lang-preference | 12 months | Stores the user’s preferred language (Italian or English). |
cf-clearance (Cloudflare) | session / 30 days | Cloudflare security cookie for anti-bot and anti-DDoS protection of the site infrastructure. |
__cf_bm (Cloudflare) | 30 minutes | Cloudflare security cookie for detecting anomalous activity and for bot mitigation. |
The Cloudflare security cookies are third-party technical cookies strictly necessary for the protection of the site infrastructure and are installed by the Cloudflare CDN on behalf of the Data Controller. They are not used for profiling purposes, nor are they shared with third parties other than Cloudflare in its role as Data Processor.
2.2 Analytics cookies
The site does not use analytics cookies.
The site relies on Counterscale, a server-side analytics tool running on Cloudflare Workers that collects exclusively aggregated and anonymous browsing data (pages visited, country, device type, traffic source), without installing identifying cookies on the user’s device and without reconstructing individual browsing profiles.
This tool qualifies as processing comparable to technical cookies pursuant to Garante Order No. 231/2021, paragraph 4.3, so the prior consent of the user is not required. The processing is based on the legitimate interest of the Data Controller (Article 6(1)(f) GDPR) in understanding the aggregate use of the site for the purpose of improving the service.
In line with Garante Order No. 317/2025 concerning Google Analytics 4, the Data Controller has chosen not to use Google Analytics or similar tools that involve the transfer of data outside the European Union or the reconstruction of individual browsing profiles.
2.3 Marketing and profiling cookies
The site does not use marketing or profiling cookies.
No tracking pixels from Facebook (Meta Pixel), TikTok, Google Ads, LinkedIn Insight Tag or similar tools are installed. Any future changes will be communicated through an update of this cookie policy and, where required by the regulations, through the pre-consent banner.
2.4 Cookies and health-related data
The site does not use cookies or similar technologies to track users’ health-related data. Any health information provided by the user as part of the contact form is processed offline, as described in the “Special categories of data” section of the Privacy Policy, and is never associated with online tracking identifiers.
2.5 Cookies and minors
Pursuant to Article 8 GDPR and Article 2-quinquies of Italian Legislative Decree 196/2003, consent to the processing of personal data (including consent given through non-technical cookies) is valid if given by a minor who has reached 14 years of age. For younger minors, consent must be given by the holder of parental responsibility.
Since the site does not use profiling or marketing cookies, the risk of processing minors’ personal data through tracking technologies is minimised. The holder of parental responsibility is nevertheless invited to supervise minors’ browsing online and, where necessary, to configure the user’s browser to block non-technical cookies generally.
3. Managing cookie preferences
The user may manage their cookie preferences through the following means:
- Consent banner, displayed on first access to the site, which allows the user to accept cookies, to reject cookies that are not strictly necessary, or to customise preferences granularly by category;
- “Cookie preferences” button, persistently available in the footer of every page of the site, which reopens the preference management panel. By clicking this button, the user may withdraw at any time the consent previously given, with effect for the future;
- Browser settings, accessible from the menu of the browser in use (Chrome, Firefox, Safari, Edge, Opera), which allow cookies to be blocked generally or selectively.
In compliance with Garante Order No. 231/2021 (paragraph 4.4 “Granularity and parity of choices”), the site adopts a strategy of button symmetry: the button to accept cookies has the same visual prominence as the button to reject them, avoiding any interface pattern (dark pattern) intended to induce the user to give consent without a conscious assessment.
In keeping with the principle laid down in Article 7(3) GDPR (“it shall be as easy to withdraw as to give consent”), the withdrawal of consent through the “Cookie preferences” button takes immediate effect and does not result in any deterioration of the service for functionalities not strictly linked to cookies.
In keeping with Garante Order No. 467/2024 concerning tracking walls, the site does not adopt “pay-or-OK” models: the rejection of cookies that are not strictly necessary does not in any way prejudice access to the informational and commercial content of the site.
3.1 Electronic record of consents
In order to comply with the accountability obligation set out in Article 5(2) GDPR and in keeping with Garante Order No. 231/2021, every choice expressed by the user on the consent banner is recorded in an internal logging system hosted on the Cloudflare D1 infrastructure (serverless SQLite database located in Western Europe).
In keeping with the principle of data minimisation (Article 5(1)(c) GDPR), the electronic record does not contain personal identifying data of the user. In particular, the following are recorded:
- a random anonymous identifier (UUID) generated on the browser side and rotated with each session, with no link to any personal or cross-device information;
- the IP address truncated at the third octet for IPv4 (example:
192.168.1.0) or at the third group for IPv6, sufficient to determine the geographical region but not to identify the individual user; - the country code of origin of the request (ISO 3166-1 alpha-2);
- a truncated SHA-256 hash of the browser’s User-Agent string, for anti-fingerprinting purposes;
- the consent choices expressed (analytics category, marketing category);
- the action taken (acceptance, rejection, customisation, withdrawal) and the version of the cookie policy active at the time;
- the UTC timestamp of the record.
The record does not make it possible to trace the identity of the user or to profile them. Its sole purpose is to demonstrate, in the event of a possible inspection by the Italian Data Protection Authority (Garante), that every consent-based processing operation was actually preceded by an expression of will that was freely given, specific, informed and unambiguous (Article 4(11) GDPR).
The record data is retained for a period of five years from the date of the record, in keeping with the limitation periods applicable to administrative sanctions and with the Garante’s guidelines on accountability. At the end of the retention period, the records are deleted through an automatic procedure.
The user may at any time request the deletion of their consent record by writing to info@metalogopedia.it and indicating the anonymous identifier assigned to them (which can be viewed through the browser’s developer tools, sessionStorage section, key mary-anon-id).
4. Third-party cookies
The site uses, as Data Processors pursuant to Article 28 GDPR, the following providers, which may install technical cookies for security purposes or for the delivery of the service:
| Provider | Purpose | Cookie type | Information notice |
|---|---|---|---|
| Cloudflare, Inc. | CDN, DNS, anti-DDoS and anti-bot protection | Technical security cookies (cf-clearance, __cf_bm) | Cloudflare Cookie Policy |
| Cloudflare Turnstile | Anti-spam protection of the contact form | No tracking cookies (privacy-friendly alternative to reCAPTCHA) | Turnstile Privacy Addendum |
The Cloudflare security cookies are technical cookies, installed for the purpose of protecting the site infrastructure, and do not require the prior consent of the user pursuant to Article 122 of Italian Legislative Decree 196/2003.
The site does not use third-party cookies for statistical analysis purposes involving the transfer of data outside the EU, for profiling, or for marketing.
5. Rights of the data subject
Pursuant to Articles 15 to 22 GDPR, the user may exercise their personal data protection rights at any time (access, rectification, erasure, restriction, portability, objection, not being subject to automated decisions). The details are set out in the dedicated section of the Privacy Policy.
In particular, pursuant to Article 7(3) GDPR, the user may withdraw at any time the consent given for the installation of cookies that are not strictly necessary. Withdrawal may be carried out through the “Cookie preferences” button available in the footer, or by writing to info@metalogopedia.it. Withdrawal takes effect for the future and does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
The right, recognised by Article 77 GDPR, to lodge a complaint with the Italian Data Protection Authority (Garante) in cases of breach of the Regulation remains unaffected.
6. Updates to the cookie policy
This cookie policy may be updated periodically to reflect regulatory changes (in particular new orders of the Italian Data Protection Authority (Garante)), technical developments of the site, or changes to the sub-processors. Users are invited to consult this page regularly and, in particular, the date of last amendment indicated at the top and at the bottom of the document.
Significant changes will be communicated through a visible notice in the consent banner upon the first access following the update, so that the user may once again express their preferences in an informed manner.
For any questions about the cookies used by this site, write to me at info@metalogopedia.it.
Document last amended: 2026-05-27.