Cookie Policy

Klikk’s Cookie Policy, written in the English language, aims to provide you with all the information you need to make the right choices about how you want us to track your activity across our website. It can be read in conjunction with our Privacy Notice which contains more details on how and what personal data we process when you interact with Klikk in person, over the phone, in writing or digitally. Should you have any further questions, please do not hesitate to contact us.

What are Cookies?

Cookies are small files that websites store on your device to remember information about you, like keeping you logged in or remembering your preferences whilst allowing us to understand how you use our site.

Type of Cookies We Use

Necessary Cookies (Always on)

These are essential for the website to work properly. They keep you logged in, protect against misuse and save your cookie preferences. You cannot turn these off, as the website needs them to function safely. Necessary cookies are processed on the basis of legitimate interest (to have an operational website) and contractual necessity (to fulfil online sales). The following cookies are necessary:

For Authentication / Login Functionality:

Cookie	Purpose	Data Stored	Contains Personal Data?
klikk_session	Maintains the user's authenticated session and browsing state. Contains an encrypted session token that identifies the user to the server after login.	Encrypted session payload — contains session ID, authentication state, and server-side session reference	Yes (indirectly — links to user account server-side)

Security:

Cookie	Purpose	Data Stored	Contains Personal Data?
XSRF-TOKEN	Protects against Cross-Site Request Forgery (CSRF) attacks. The token is read by JavaScript and sent with form submissions/AJAX requests to verify the request originated from the legitimate site.	Encrypted token string for CSRF validation	No
__cf_bm	Cloudflare Bot Management — distinguishes legitimate human traffic from automated bots. Set on both .klikk.com.mt and .digitaloceanspaces.com (where static assets are hosted).	Encrypted Cloudflare bot score token including timestamp and visitor classification	No (no user identifiers)

Consent Management:

Cookie	Purpose	Data Stored	Contains Personal Data?
klikk_<year> _ preferences	Stores the user's granular consent choices as a JSON object (e.g., {"necessary":true,"analytics":true,"marketing":true}).	JSON object with consent choices: {"necessary":true, "analytics":true/false, "marketing":true/false}	No
klikk_<year> (e.g., klikk_2026)	Stores a simple "accepted" flag indicating the user has interacted with the current year's consent banner. The cookie name is dynamically generated from the app name + current year. Legacy cookies from prior years (e.g., klikk_2025) may persist until they naturally expire.	Simple string value: "accepted"	No

Analytics and Performance Tracking Cookies (Optional and Non-essential)

These help us see how people use our website so we can make improvements. You can turn these on or off and we rely on your consent to process such cookies. The cookies we use in this category are:

Cookie	Purpose	Data Stored	Contains Personal Data?
_ga	Google Analytics 4 — assigns a unique client ID to distinguish individual users across sessions. Used to compile aggregate analytics on site traffic and user behaviour.	Client ID in format GA1.1.<unique_id>.<timestamp> — a pseudonymous identifier	Yes (pseudonymous identifier under GDPR)
_ga_86GQVFM99D	GA4 container-specific cookie tied to the site's Measurement ID. Maintains session state and tracks session-level engagement metrics.	Client ID in format GA1.1.<unique_id>.<timestamp> — a pseudonymous identifier	Yes (pseudonymous identifier under GDPR)

Marketing Cookies (Optional and Non-essential)

These allow us and advertising partners to show you relevant ads on other websites (like Facebook and Google) based on what you’ve looked at on our site. You can turn these on or off and we rely on your consent to process such cookies.

Cookie	Purpose	Data Stored?	Contains Personal Data?
_fbp	Meta (Facebook) Pixel — identifies the browser for ad measurement, targeting, and conversion attribution. Used to deliver and measure the effectiveness of ads shown on Meta platforms.	Meta browser ID in format fb.2.<timestamp>.<unique_id>	Yes (pseudonymous tracking identifier)
_gcl_au	Google Ads Conversion Linker — stores a unique click identifier used to attribute website conversions (e.g., purchases) back to specific Google Ads campaigns.	Google Ads conversion linker value with timestamps and click attribution data	Yes (pseudonymous tracking identifier)
datr (third-party, .facebook.com)	Meta browser identifier — used for security, site integrity, and ad personalisation across Meta's platforms.	Encrypted Meta browser identifier	Yes (device/browser fingerprint)
sb (third-party, .facebook.com)	Meta browser session cookie — supports login and security functions for Meta integrations.	Encrypted Meta session browser value	Yes (session identifier)
ar_debug (third-party, .doubleclick.net)	Google Ads Attribution Reporting API debug cookie.	Debug/diagnostic attribution flags and metadata (for example debug status and timestamps) used by Google Ads Attribution Reporting.	Typically no direct identifiers, but may still be treated as online identifier metadata depending on context.
id (third-party, .doubleclick.net)	DoubleClick ad tracking cookie (observed value: "OPT_OUT" in testing).	DoubleClick browser identifier or opt-out state (for example OPT_OUT), plus ad interaction/attribution metadata such as timestamps	Yes (pseudonymous identifier) when it stores an ad ID; if value is only OPT_OUT, it functions as an opt-out status signal

Who Else Uses Cookies?

We work with companies like Google, Facebook and Cloudflare. They may set cookies on your device to help with ads, analytics and security. Each has their own privacy notice and cookies policy which you can access via the following links:

Google Privacy Notice: https://policies.google.com/privacy?hl=en-US

Google Cookies Policy: https://policies.google.com/technologies/cookies?hl=en-US

Facebook Privacy Notice: https://www.facebook.com/privacy/policy/

Facebook Cookies Policy: https://www.facebook.com/privacy/policies/cookies/

Cloudflare Privacy Notice: https://www.cloudflare.com/privacypolicy/

Cloudflare Cookies Policy: https://www.cloudflare.com/cookie-policy/

Keeping Your Data Safe:

We protect your information through:

Encrypted connections – All data between you and our site is scrambled and secure using HTTPS encryption

Security tools – We use Cloudflare protection to prevent bots and attackers from accessing our site

Limited data – Some analytics and marketing cookies use pseudonymous identifiers rather than directly identifying details such as your name or address. Depending on the provider and your settings, these identifiers may still be linked with other information.

Security of necessary cookies – We apply standard protections such as Secure, HttpOnly, and SameSite where appropriate to help reduce unauthorized access and misuse. No cookie-based mechanism is completely risk-free.

How Long Do Cookies Stay?

Most cookies last between a few hours and thirteen (13) months, depending on their purpose. They don’t automatically disappear when you close your browser.

Cookie	Duration	Cleared on Browser Close?
XSRF-TOKEN	2 hours	No — time-based expiry
klikk_session	2 hours	No — time-based expiry
__cf_bm	1 hour	No — time-based expiry
cookie_preferences	~1 year	No
klikk_2026	~1 year	No
klikk_2025	~1 year (legacy)	No
_ga	13 months (393 days, as configured in GA4)	No
_ga_86GQVFM99D	13 months	No
_gcl_au	3 months	No
_fbp	3 months	No
datr	~2 years (set by Meta)	No
sb	~2 years (set by Meta)	No
ar_debug	~3 months	No
id	~1 month	No

Your Rights and Choices:

When you first visit, you’ll see a cookie banner where you can:

Accept everything; OR

Reject all non-essential cookies; OR

Pick and choose which types you want

Non-essential cookies are blocked until your consent is given. We maintain records of your consent including timestamps, choices made, and policy version date.

You can change your mind and your consent anytime using the cookie settings link at the bottom of the page. We will also ask you to renew your consent on an annual basis. Your previous consent is valid for twelve (12) months from the date given.

When you turn off non-essential analytics or marketing cookies, we stop setting those cookies and stop collecting new data through them from that point forward.

You acknowledge, however, that data may have been collected through non-essential cookies prior to your withdrawal. In the case of:

First-party cookies on our domain: We attempt to delete optional cookies we can control from your browser when you reject or update your settings.

Third-party cookies/data (for example Google, Meta): We cannot directly delete cookies stored on third-party domains from our own website. Data already received by those providers is handled under their own retention and deletion policies. You are therefore advised to read through their applicable policies in the links provided in the previous section “Who else uses Cookies?”.

You can also delete cookies through your browser settings.

Keeping Your Data Safe

We use encryption to protect data sent between you and our website. We also use security tools to block unwanted automated access.

Questions?

If you want to know more about how we use cookies or have any concerns, please get in touch with us at [email protected]. We may update this policy from time to time. We’ll let you know about important changes.