Basic guidance on the use of cookies

1. Preliminary points

Bearing in mind the constant changes in this field, we make the following recommendations in order to comply with the most recent guidelines and opinions from the competent authorities, in particular A Guide on the Use of Cookies (You can consult the AEPD’s Guide on the Use of Cookies at https://www.aepd.es/sites/default/files/2020-07/guia-cookies.pdf (last accessed on 17/09/2020)) published by the Spanish Data Protection Agency (AEPD).

All the guidance and recommendations included in this document revolve around two main issues: the data subject’s right to information and the need to obtain consent prior to the collection of information. This is because the digital footprint left by a user when browsing a website belongs to the user, and not the website; therefore, the user must be appropriately informed about the collection and use of this information.

1.1. Right to information

Users have the right to know what data is going to be collected, who will process it and how it will be used. The Spanish Data Protection Agency (AEPD) has set out guidelines indicating when users should be informed and the minimum information that should be offered in relation to information gathered via cookies or similar devices.

1.2. Consent

When the data gathered is not the minimum data required for the website to work, the user must provide their consent. Article 22.2 of the Law on Information Society Services (Law 34/2002 on Information Society Services and E-Commerce) establishes that cookies may only be installed without prior consent when their information makes it possible to transfer a communication via an electronic communications network or, insofar as is strictly necessary, to provide an information society service that has been expressly requested by the user. The GT29 in ruling 4/2012 established that consent would not be necessary for “user access” cookies; user identification or authentication cookies (session cookies only); user security cookies; multimedia player session cookies; load balancing session cookies; and user interface personalisation cookies.

Consent must be obtained by means of an affirmative action by the user; the company is required to demonstrate that consent has been gathered correctly, therefore, saving the records generated is recommended. Forms that imply tacit consent as the user continues to browse will not be considered valid under any circumstances.

In Guidelines 05/2020 on consent under Regulation 2016/679, the European Data Protection Board declared that, in order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called “cookie walls”).

With this in mind, whenever consent is necessary, we recommend the use of a double-layer system that makes it possible to correctly obtain informed consent: a first layer consisting of a notice, banner, pop-up or similar that indicates cookies are being used and that contains a link to the second layer in the settings panel and the cookies policy.

Bear in mind that the website cannot install cookies without the user’s consent; this means that the website must be technically capable of blocking the installation of cookies before users provide their consent.

1.3. Current state of BLUEPHAGE cookies

At BLUEPHAGE S.L. (also referred to as Bluephage), we have been informed that the cookies used on the website containing its platform and on its app are preferential cookies.

Specifically, the following cookies are used on the web platform:

lang

Detects the preferred language of the browser and configures the language on the website, if possible

BP.userProfile

Stores the user data needed for the platform to work (all user data).

BP.config

Stores the static settings of the platform, such as the configuration of colours, translations, sample parameters, etc.

BP.refreshToken

Token to refresh the main page and maintain the session started on the platform

BP.token

Authentication token to perform tasks on the platform

The cookies used for the app are as follows:

lang

Stores the language selected by the user, for it to be stored in the user settings in the database

file_manager

Allows the storage of different data on the phone. Ranging from user credentials to app data

2. First layer: banner on the homepage

BLUEPHAGE does not have any cookies on the web platform or the app that require that consent is provided. Therefore, all cookies indicated can be installed as soon as the user accesses the platform or app. This means that the platform does not need to feature an informative banner on the homepage or in the app requiring consent; to comply with the data protection regulations, it will be sufficient for the cookies policy to be available for consultation throughout the browsing experience.

3. Cookies policy

Pursuant to the data protection and privacy regulations, including the recommendations of most data protection authorities, all cookies policies must provide information about at least the following aspects:

A general explanation stating what a cookie is and how it works.
The types of cookies used on the website.
Explain the purposes of the cookies installed in clearly understandable language.
Indicate who is responsible for the cookies.
Indicate the expiry period of the cookies.
State whether profiles are created or international data transfers are carried out.
Indicate how the user can accept, reject or delete cookies.
Indicate how the user can exercise their data protection rights.

3.1. The app’s cookies policy

Below, you will find the cookies policy proposed for the BLUEPHAGE S.L. app

BLUEPHAGE S.L. uses different cookies as part of the browsing experience on its platform. To find out all the details concerning our cookies policy, consult the sections below:

1. What is a cookie?

2. What types of cookies exist?

3. What cookies do we use?

4. How can I uninstall the cookies?

5. How can you exercise your rights?

BLUEPHAGE S.L. reserves the right to change this Cookies Policy to adapt it to future legislation and/or applicable case law, in addition to the future uses of the personal data of the app user. Users will be informed in advance about any changes to this policy. Therefore, we recommend that the user reads the Cookies Policy each time they access the app.

If you have any queries about this cookies policy, do not hesitate to get in contact via email at info@bluephage.com

Nombre	Hostname	Path	Expiración
bluephage_session (Session Cookie)	https://app.bluephage.com	/	120 minutos
El servidor utiliza una cookie para identificar las sesiones de los usuarios. Sin esta cookie, el sitio web no funciona.
XSRF-TOKEN	https://app.bluephage.com	/	1 día
Asegura la navegación segura del visitante previniendo la falsificación de petición en sitios cruzados (CSRF). Esta cookie es esencial para la seguridad de la web y del visitante.
laravel_eu_cookie_consent	https://app.bluephage.com	/	120 minutos
Almacena el estado de consentimiento de cookies del usuario para el dominio actual.

Nombre	Hostname	Path	Expiración
lang	https://app.bluephage.com	/	1 Año
Cookie para identificar el idioma del usuario. Sin esta cookie el idioma se establece siempre al idioma del sistema.

Nombre	Hostname	Path	Expiración
_ga	www.googletagmanager.com	/	2 años
Registra una identificación única que se utiliza para generar datos estadísticos acerca de cómo utiliza el visitante el sitio web.
_ga_#	www.googletagmanager.com	/	2 años
Recopila datos sobre el número de veces que un usuario ha visitado el sitio web además de las fechas de la primera visita y de la más reciente. Utilizada por Google Analytics.
_hjAbsoluteSessionInProgress	script.hotjar.com	/	1 día
Esta cookie se utiliza para contar las veces que un sitio web ha sido visitado por diferentes visitantes. Esto se consigue asignando un ID aleatorio al visitante, para evitar el registro doble del visitante.
_hjFirstSeen	script.hotjar.com	/	1 día
Esta cookie se utiliza para determinar si el visitante ha visitado el sitio web con anterioridad o si se trata de un nuevo visitante.
_hjIncludedInSessionSample_#	script.hotjar.com	/	1 día
Recopila estadísticas sobre las visitas del usuario al sitio web, como el número de visitas, el tiempo medio pasado en el sitio web y qué páginas se han leído.
_hjRecordingEnabled	hotjar.com	Session	HTML Local Storage
Recoge datos relacionados con la navegación y el comportamiento del usuario - Esto se usa para recopilar informes estadísticos y mapas térmicos para el propietario de la web.
_hjRecordingLastActivity	hotjar.com	Session	HTML Local Storage
Establece un identificador para la sesión. Esto permite a la web obtener datos del comportamiento del visitante con propósitos estadísticos.
_hjSession_#	script.hotjar.com	/	1 día
Recopila estadísticas sobre las visitas del usuario al sitio web, como el número de visitas, el tiempo medio pasado en el sitio web y qué páginas se han leído.
_hjSessionUser_#	script.hotjar.com	/	1 año
Recopila estadísticas sobre las visitas del usuario al sitio web, como el número de visitas, el tiempo medio pasado en el sitio web y qué páginas se han leído.
_hjTLDTest	script.hotjar.com	/	Session
Registra datos estadísticos del comportamiento del visitante en la web. Esto se utiliza para análisis internos por el operador de la web.
hjActiveViewportIds	hotjar.com	Persistent	HTML Local Storage
Esta cookie tiene una cadena de ID en la sesión en curso. Contiene datos no personales sobre las subpáginas a las que accede el visitante. Esta información sirve para mejorar la experiencia del visitante.
hjViewportId	hotjar.com	Session	HTML Local Storage
Guarda el tamaño de pantalla del usuario para ajustar el tamaño de las imágenes del sitio web.

Nombre	Hostname	Path	Expiración
fbp	connect.facebook.net	/	3 meses
Utilizada por Facebook para proporcionar una serie de productos publicitarios como pujas en tiempo real de terceros anunciantes.
ads/ga-audiences	www.googletagmanager.com	/	Session
Utilizada por Google AdWords para reconectar con visitantes que tienen posibilidades de convertirse en clientes, se basa en el comportamiento online del cliente a través de las webs.

Política de cookies