Cookie Policy
1. About this Cookie Policy
This Cookie Policy explains how CodeTiburon uses cookies and similar technologies on https://codetiburon.com and any subdomain or landing page operated by us (the "Site"). It complements our Privacy Policy and our Terms and Conditions of Use.
The Site is operated by CODETIBURON, SAS, registered office at Immeuble Le Mercure C, 485 rue Marcelin Berthelot, 13290 Aix-en-Provence, France, SIREN 981 543 861, RCS Aix-en-Provence (the "Company", "we", "us"). For any question, please contact [email protected].
Our use of cookies is governed by Regulation (EU) 2016/679 (the "GDPR"), Article 82 of the French Data Protection Act of 6 January 1978 as amended (transposing Article 5(3) of Directive 2002/58/EC, the "ePrivacy Directive"), and the recommendations of the French data-protection authority (CNIL).
2. What are cookies and similar technologies?
A cookie is a small text file stored on your device (computer, tablet or smartphone) when you visit a website. Cookies allow the website or a third party to recognise your browser and to remember information about your visit, such as your preferences or your interactions with the Site.
In this policy, "cookies" also covers similar technologies that store or read information on your device for the same purposes, such as local storage, pixels, tags and software development kits (SDKs).
3. Categories and consent
We classify cookies into three categories. Essential cookies are deposited as soon as you reach the Site. Analytics and marketing cookies are deposited only after you have given your free, specific, informed and unambiguous consent through our cookie banner. You can change your choices at any time using the "Cookie preferences" link in the footer of the Site.
3.1 Essential cookies
Required for the Site to operate (session security, recording of your cookie choices, security of the Get a Quote form, and bot protection via Cloudflare). They are always active and cannot be disabled through the banner. They do not require consent under Article 82 of the French Data Protection Act.
3.2 Analytics cookies
Help us measure traffic and usage patterns so we can improve the experience. Analytics cookies are only deposited if you accept them in the cookie banner. Refusing analytics cookies does not affect your access to the Site.
3.3 Marketing cookies
Enable remarketing and conversion-tracking pixels so we can offer relevant content and measure campaign performance. Marketing cookies are only deposited if you accept them in the cookie banner. Refusing marketing cookies does not affect your access to the Site.
4. Detailed cookie inventory
The tables below list the cookies we use, including those set by our service providers acting as processors or, in some cases, as joint or independent controllers (see Section 6).
4.1 Essential cookies
| Provider | Cookies | Duration | Purpose |
|---|---|---|---|
| CodeTiburon (CMP) | codetiburon_consent |
6 months | Stores your cookie choices and the date of consent so we do not ask again on every visit. |
| Cloudflare | __cf_bm |
30 minutes | Cloudflare Bot Fight Mode — distinguishes humans from automated traffic. Set on every visit while the Site is proxied through Cloudflare. |
| Cloudflare | cf_clearance |
Up to 1 year | Set only when a visitor has solved a Cloudflare security challenge; remembers the result so the challenge is not repeated. |
| HubSpot Forms | __hs_initial_opt_in |
7 days | Records whether the cookie banner has been shown when a HubSpot form is embedded. |
| CodeTiburon | session_id |
Session | Maintains your session and protects the Get a Quote form against CSRF attacks. |
4.2 Analytics cookies
| Provider | Cookies | Duration | Purpose |
|---|---|---|---|
| Google Analytics 4 | _ga |
13 months | Distinguishes unique users in order to generate anonymous usage statistics. |
| Google Analytics 4 | _ga_<container-id> |
13 months | Stores session state for the GA4 property associated with the Site. |
| Google Analytics (legacy) | _gid |
24 hours | Distinguishes users on a daily basis; set only where legacy Universal Analytics tags remain. |
| Google Analytics (legacy) | _gat |
1 minute | Throttles the request rate to Google Analytics; set only where legacy Universal Analytics tags remain. |
4.3 Marketing cookies
| Provider | Cookies | Duration | Purpose |
|---|---|---|---|
| Google Ads (remarketing) | _gcl_au |
3 months | Conversion linker — used to attribute conversions to clicks on Google ads. |
| Google Ads (remarketing) | _gcl_aw, _gcl_dc, _gcl_gb |
3 months | Stores click identifiers (gclid, gclsrc) so that conversions on the Site can be attributed to the originating Google ad. |
| Google Ads / DoubleClick | IDE |
13 months | Set on the doubleclick.net domain by Google to build audience lists for remarketing and to measure ad performance. |
| Google Ads / DoubleClick | test_cookie |
15 minutes | Used by Google to check whether your browser supports cookies before setting marketing cookies. |
NID |
6 months | Set on the google.com domain to record advertising preferences and to serve personalised ads. | |
| LinkedIn Insight Tag | li_fat_id, li_giant |
6 months | Measures conversions from CodeTiburon marketing campaigns and enables LinkedIn audience matching. |
| Meta Pixel | _fbp, _fbc |
3 months | Tracks conversions for Meta (Facebook, Instagram) advertising campaigns and supports retargeting. |
This inventory is updated when we add or remove a service. The list of cookies actually deposited during your visit always reflects the choices you have made in the cookie banner.
5. Google Consent Mode v2
Our Site is configured with Google Consent Mode v2. This means that, until you make a choice, Google's tags (such as Google Analytics 4 and Google advertising tags) load in "consent-denied" state: they do not read or write identifiers and they do not store advertising or analytics data on your device.
Your choice in the cookie banner is forwarded to Google through the following consent signals:
| Category | Consent Mode v2 signals | Default state |
|---|---|---|
| Essential | security_storage, functionality_storage |
Granted (always) |
| Analytics | analytics_storage |
Denied until you accept |
| Marketing | ad_storage, ad_user_data, ad_personalization, personalization_storage |
Denied until you accept |
If you refuse analytics or marketing cookies, no analytics or marketing identifiers are written to your device. Google may receive cookieless, aggregated pings used solely to model conversions and audience size; these pings do not allow Google or CodeTiburon to identify you. If you accept, the corresponding signals move to "granted" and full measurement is enabled.
6. Who sets cookies and on what role
- CodeTiburon is the controller for cookies set in its own name (consent record, session).
- Cloudflare, Inc. (with EU establishment Cloudflare Germany GmbH) provides content delivery, caching and security for public pages of the Site. Cloudflare acts as our processor and the cookies in Section 4.1 are technical cookies necessary for that service.
- HubSpot, Inc. acts as our processor for the Get a Quote form. Some of the essential cookies in Section 4.1 also serve to secure HubSpot form embeds.
- Google Ireland Limited acts as our processor for Google Analytics 4 in the configuration we use (IP truncation, no advertising features unless you accept marketing cookies).
- Google Ireland Limited and Google LLC are joint controllers with CodeTiburon for Google Ads remarketing and conversion measurement, in accordance with the European Economic Area-specific Google Ads Data Processing Terms and Google's Controller Addendum.
- LinkedIn Ireland Unlimited Company and CodeTiburon are joint controllers for the LinkedIn Insight Tag in respect of the collection and disclosure to LinkedIn of personal data, in accordance with LinkedIn's joint-controller addendum.
- Meta Platforms Ireland Limited and CodeTiburon are joint controllers for the Meta Pixel in respect of the collection and disclosure of event data, in accordance with Meta's Controller Addendum.
7. International transfers
Some recipients listed above (notably Cloudflare, Inc., Google LLC, LinkedIn Corporation and Meta Platforms, Inc.) are established in or transfer data to the United States. Where transfers take place, they are framed by appropriate safeguards under Chapter V GDPR, including the European Commission's adequacy decision under the EU-U.S. Data Privacy Framework (where the recipient is certified) and the European Commission's Standard Contractual Clauses combined with supplementary technical and organisational measures where necessary. A copy of the relevant safeguards can be obtained by writing to [email protected].
8. How to manage your preferences
You can manage your cookie preferences at any time:
- Cookie banner. When you first visit the Site you can accept all, refuse all, or choose specific categories. Your choice is stored for six (6) months in line with CNIL guidance; we will re-prompt you when it expires or when we add a new purpose.
- Cookie preferences link. A "Cookie preferences" link in the footer of every page re-opens the banner so you can change your choices or withdraw consent.
- Browser settings. Most browsers allow you to block or delete cookies (see the help pages for Chrome, Firefox, Safari, Edge and Opera). Blocking essential cookies through your browser may prevent parts of the Site from functioning.
- Service-level opt-outs. You may also opt out directly at the source: Google Analytics — https://tools.google.com/dlpage/gaoptout; Google Ads personalisation — https://adssettings.google.com; LinkedIn Ads — https://www.linkedin.com/psettings/guest-controls; Meta — https://www.facebook.com/settings?tab=ads.
- Global signals. Where supported, we honour the Global Privacy Control (GPC) signal as a request to refuse non-essential cookies.
9. Retention
Consent records and analytics cookies are kept for no longer than thirteen (13) months, in line with CNIL guidance. Marketing cookies are kept for the durations indicated in Section 4. We will ask you to renew your choices when these periods expire or when we materially change the purposes or providers.
10. Your rights
In addition to the consent mechanism above, you have, with respect to personal data processed via cookies, the rights described in Section 10 of our Privacy Policy — including the rights of access, rectification, erasure, restriction, objection and portability, the right to withdraw consent, and the right to lodge a complaint with the CNIL (www.cnil.fr) or your local supervisory authority. To exercise these rights, please contact [email protected].
11. Changes to this Cookie Policy
We may update this Cookie Policy from time to time, for example when we add or remove a service. The date of the latest update is indicated at the top of the document. For material changes we will use reasonable efforts to provide prior notice (for example through the cookie banner) and, where required, will collect a new consent.
12. Contact us
For any question relating to this Cookie Policy or your cookie choices, please contact CODETIBURON SAS at [email protected] or by post at the registered office indicated in Section 1.
