Transparency about
every cookie we use —
and the ones we don't.
This Cookie Policy explains what cookies are, which ones Giroteam Software Studio uses on giroteam.com, what they do, how long they last, who else has access to the data they collect, and exactly how you can accept, reject or revoke consent at any time — in accordance with Spanish Law 34/2002 (LSSI-CE), Regulation (EU) 2016/679 (GDPR) and the Spanish Data Protection Agency (AEPD) Guide on the use of cookies.
A cookie is a small
file —
and a legal artefact.
A cookie is a small text file that a website stores on the device you use to browse (computer, tablet or mobile). Cookies allow a site to remember your visit, your preferences, your authentication state and how you arrived — across pages and across return visits.
Under Spanish and European law, the term cookie also covers any similar technology that stores information on, or retrieves information from, your terminal device: pixels, local storage, session storage, IndexedDB, browser fingerprints, SDK identifiers and equivalent tracking mechanisms. The same rules apply to all of them.
Cookies are not, on their own, harmful. They cannot read your hard drive, install software, or transmit viruses. What they can do is identify your browser between visits — which is why their use is regulated.
We ask for consent because
Spanish law requires it.
Article 22.2 of the LSSI-CE requires informed, freely given and specific consent before any non-essential cookie is stored on or read from your device.
Informed
You receive clear information about who sets the cookie, what it does, how long it stays, and where the data is processed — before you decide.
Freely given
You can accept all, accept only some, or reject all non-essential cookies with the same number of clicks. Rejecting does not block access to the site.
Specific
Consent is granted by purpose (analytics, preferences, marketing). Granting one purpose does not imply granting any other.
Revocable
You can withdraw your consent at any time, just as easily as you granted it, through the preferences panel or your browser settings.
Reminder — Strictly necessary (technical) cookies do not require consent under article 22.2 LSSI-CE, but you are still informed about them in this document.
Classified by ownership,
duration and purpose.
Who sets the cookie
Set by giroteam.com directly. We are the data controller.
Set by external providers (analytics, embedded video, ad networks). They act as independent data controllers or processors.
How long they last
Deleted automatically when you close your browser. Used to maintain state during a single visit.
Remain on your device for a defined period (from a few minutes to a maximum of 24 months, per AEPD criteria) until they expire or you delete them.
What they are for
Essential cookies make the site work. Non-essential cookies enable analytics, personalisation or marketing — and require consent.
Technical, preferences, analytics/measurement, behavioural advertising — each managed independently.
Technical cookies
Strictly necessary cookies enable navigation, session maintenance, security, load balancing, language preferences, accessibility settings and the storage of your cookie consent itself. Without them, the site cannot function correctly.
Preference cookies
Preference cookies remember the choices you make — language, region, layout, accepted notices — so you don't have to set them again on your next visit. They make the site feel familiar but are not essential to its operation.
Analytics & measurement cookies
Analytics cookies let us understand which pages are visited, how visitors arrive, and where the experience breaks. The data is aggregated and used to improve the site. We use IP anonymisation where the provider supports it.
Behavioural advertising cookies
Behavioural advertising cookies build a profile of your interests across sites and serve advertising that matches it. They include retargeting pixels and social network cookies. We only set them when you have given explicit consent.
The cookies we actually set, and the providers that set them.
Below is the current inventory of cookies used on giroteam.com. It is updated whenever we add, remove or change a provider. Provider names, retention periods and purposes reflect the latest declarations from each vendor.
First-party cookies (set by Giroteam)
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
session_id |
Giroteam | Maintains your authenticated session and CSRF state during the visit. | Technical | Session |
XSRF-TOKEN |
Giroteam | Cross-site request forgery (CSRF) protection for form submissions. | Technical | Session |
cookie_consent |
Giroteam | Stores your cookie consent choices so the banner is not shown again. | Technical | 12 months |
locale |
Giroteam | Remembers your selected language (EN / ES / DE). | Preferences | 12 months |
Third-party cookies
The cookies below are set by external providers. Each provider acts as an independent data controller for the data collected through its cookies, and its own privacy notice applies.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_ga |
Google Ireland Ltd. | Distinguishes unique users for Google Analytics 4 measurement. | Analytics | Up to 24 months |
_ga_* |
Google Ireland Ltd. | Persists session state for the Google Analytics 4 property. | Analytics | Up to 24 months |
_gid |
Google Ireland Ltd. | Distinguishes users over a 24-hour window for legacy GA properties. | Analytics | 24 hours |
_fbp |
Meta Platforms Ireland Ltd. | Meta Pixel — measures conversions and enables retargeting on Facebook / Instagram. | Marketing | Up to 90 days |
li_sugr / bcookie |
LinkedIn Ireland U.C. | Insight Tag — measures LinkedIn campaign performance and enables retargeting. | Marketing | Up to 12 months |
VISITOR_INFO1_LIVE |
Google Ireland Ltd. (YouTube) | Set by embedded YouTube videos to estimate bandwidth and serve video. | Marketing | Up to 6 months |
__cf_bm |
Cloudflare, Inc. | Bot mitigation and DDoS protection by Cloudflare; no profiling. | Technical | 30 minutes |
If your consent settings have not authorised analytics or marketing cookies, the corresponding third-party scripts are not loaded, and the cookies listed in those categories are not set. This inventory therefore reflects the maximum scope of what may be present, not what is necessarily active in your session.
Some cookie data
leaves the EU.
Some of the third-party providers listed above are established outside the European Economic Area, mainly in the United States. Where this happens, the activation of their cookies entails an international transfer of personal data subject to chapter V of the GDPR.
We rely on the safeguards offered by each provider, which include one or more of the following mechanisms:
Transfer safeguards in place
- Adequacy decision of the European Commission (for example, the EU–US Data Privacy Framework, where applicable).
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organisational measures.
- Binding Corporate Rules (BCRs) within the provider's corporate group, where applicable.
You can request a copy of the safeguards applicable to each transfer by contacting us at privacy@giroteam.com. Withdrawing consent to the corresponding cookie category stops the transfer for future visits.
Accept, reject or revoke — at any time, in two clicks.
You decide which cookie categories to authorise. Your choices can be reviewed and changed whenever you want, with the same ease as the original decision.
Open the preferences panel
The preferences panel lets you grant or revoke consent by category — technical, preferences, analytics and marketing — without affecting your access to the site. Your last decision is stored for 12 months.
Block or delete cookies in your browser
You can also configure your browser directly to block or delete cookies for any site. Each browser has its own settings; the official documentation is linked below.
Google Chrome
Settings → Privacy and security → Cookies and other site data → choose your blocking or deletion options.
Official help article →Mozilla Firefox
Settings → Privacy & Security → Cookies and Site Data → manage stored data and exceptions.
Official help article →Apple Safari
Preferences → Privacy → Cookies and website data → block all, or manage by website.
Official help article →Microsoft Edge
Settings → Cookies and site permissions → Manage and delete cookies and site data.
Official help article →Opera
Settings → Advanced → Privacy & security → Cookies and other site data.
Official help article →iOS & Android
On mobile, cookie controls live in the privacy section of each browser app. The advertising identifier (IDFA / GAID) can additionally be reset or disabled in your device's privacy settings.
device-level controls availableThird-party opt-out tools
Each major third-party provider also offers its own opt-out interface, which works regardless of the consent you have given on giroteam.com.
Google Analytics
Browser add-on that prevents Google Analytics from collecting data across all sites.
Google Ads
Manage personalised ads, interest categories and the Google ad network.
Meta / Facebook
Ad preferences for Facebook, Instagram and Meta Audience Network.
Disable LinkedIn retargeting and interest-based advertising.
Your Online Choices (EDAA)
European industry opt-out for behavioural advertising across hundreds of networks.
NAI Opt-out
Network Advertising Initiative opt-out for US-based ad networks.
Heads up — Blocking all cookies (including technical ones) may degrade the site experience: features like form submissions, language selection and login will stop working correctly. Blocking only non-essential cookies has no functional impact on giroteam.com.
Eight rights —
guaranteed by the GDPR.
As a data subject, you have the following rights at any time, free of charge, regarding the personal data processed through cookies.
Access
Know what personal data we process about you, why, and to whom we communicate it.
Rectification
Have inaccurate or incomplete data corrected without undue delay.
Erasure
Request deletion of your data, including the right to be forgotten, where the legal grounds apply.
Objection
Object to processing based on legitimate interests, including profiling for direct marketing purposes.
Restriction
Limit processing of your data in specific circumstances foreseen by the GDPR.
Portability
Receive your data in a structured, commonly used and machine-readable format.
Withdraw consent
Revoke previously granted consent at any time, without affecting the lawfulness of prior processing.
Lodge a complaint
File a claim with the Spanish Data Protection Agency (AEPD) if you believe your rights have been infringed.
You may lodge a complaint with the Spanish Data Protection Agency (AEPD) — C/ Jorge Juan, 6 · 28001 Madrid — or through its electronic registry at www.aepd.es.
We keep the data only
for as long as it's useful.
How long the data stays
Cookie-derived data is kept for the duration declared in the inventory above and, in any case, no longer than 24 months from the last interaction, in line with the AEPD's criterion. After that, consent is requested again.
How we protect it
All traffic is served over HTTPS / TLS 1.3. Cookies with sensitive purposes use the Secure, HttpOnly and SameSite=Lax attributes by default. Access to backend logs is restricted to authorised personnel under confidentiality agreements.
How updates work
We may update this Cookie Policy to reflect changes in legislation, technology or our own services. Substantial changes will trigger a new consent request the next time you visit, and the version history is preserved internally.
Questions people
actually ask us.
Can I use giroteam.com without accepting any cookie?
+
Yes. Technical cookies are the only ones strictly necessary, and they do not require your consent under article 22.2 LSSI-CE. Rejecting analytics and marketing cookies does not block any content on the site.
What happens if I close the banner without choosing?
+
Closing the banner without an explicit decision is treated as a rejection of all non-essential cookies. No analytics, preferences or marketing cookies will be set until you make an explicit choice in the preferences panel.
How can I withdraw my consent later?
+
Open the preferences panel from the link in the website footer or from the dedicated button in section 6 of this policy. You can also clear the cookie_consent cookie in your browser, which will cause the banner to appear again.
Are cookies personal data?
+
Cookies themselves are storage mechanisms. The data they collect — IP address, device identifier, browsing patterns — is considered personal data under the GDPR when it allows you to be directly or indirectly identified, which is why this policy applies.
Do you sell cookie data to third parties?
+
No. We do not sell, rent or trade cookie-derived data. Third-party providers receive data only for the specific purpose declared for each cookie (for example, measurement or advertising), under their own terms.
What about Do Not Track or Global Privacy Control signals?
+
When your browser sends a Global Privacy Control (GPC) signal, we treat it as a withdrawal of consent for non-essential cookies for the corresponding session, in line with current AEPD criteria. Do Not Track headers are also respected where technically reliable.
Questions about a cookie,
a provider, or your rights?
Write to our privacy team at any time. We respond in English, Spanish or German, normally within one working day, and always before the legal deadline of one month for GDPR requests.