Cookiebot is a Consent Management Platform that can be used to manage consent or refusal to the services used on the website.
What is Cookiebot?
Cookiebot is a consent management platform that allows you to manage user consent. You are legally obligated (Art. 7 para. 1 GDPR) to prove that the user has consented to the processing of his personal data. Also, the user must be able to revoke his consent at any time (Art. 7 para. 3 GDPR). The CMP is therefore the central tool for managing your data protection.
Welche Daten werden verarbeitet?
If your website processes personal data in any way, it is your responsibility to show in detail by whom, for what, how and for how long the data is processed. To meet these requirements, you will most likely not be able to avoid using a CMP. But this is not a problem at all, because you will not want to miss the advantage a CMP provides!
When you use Cookiebot’s CMP, the following data is collected:
- Opt-in- and Opt-out-Data
- Referrer URL
- User Agent
- User settings
- Consent ID
- Time of consent
- Consent type
In our service knowledge base you will find comprehensive information on individual services – clearly arranged and digital!
Expert knowledge and pro tips on top 😉
Legal foundation for the processing
The basis for the processing of the data results from the GDPR in combination with the TTDSG, whereby the GDPR takes precedence should there ever be a collision.
When is there a requirement for consent?
The processing of personal data is only permitted if at least one of the letters of Art. 6 (1) GDPR is fulfilled. The two important letters are the following:
- Die betroffene Person hat ihre Einwilligung erteilt (lit. a)
- The processing is necessary to protect your legitimate interest (lit. f)
According to Art. 25 (1) TTDSG, consent is required if cookies are set that are not technically absolutely necessary.
It should be noted that this means not only the well-known small text files and pixels, but all technologies that allow to find out, link or infer a user, a user agent or device.
Thus, all information elements that enable the identification of a person are subject to consent.
The requirements for exemption from consent
To ensure consent-free use, the following conditions would need to be met:
- Conclusion of a processing contract with the processor
- Processing of personal data exclusively in Europe
- The processor does not use the obtained data for its own purposes
- The processor does not link or enrich the data across different websites
- Possibility of opting out or revoking as well as detailed information about the collection of personal data in the privacy statement
- IP anonymization (“Privacy by Default”)
- Automatic opt-out for Do-Not-Track settings in the browser
- Proof of points 1-8 carried out by the website operator
Why is Cookiebot not subject to consent?
- It is not a US provider
- Personal data are processed, but you can refer to Art. 6 para. 1 lit. c GDPR
- The local storage is accessed, but you can refer to Art. 25 para. 2 no. 2 TTDSG
Conclusion on the privacy-compliant use of Cookiebot
The CMP is intended to make your work easier in terms of data protection, so it is only right that the service does not require any extra consent. Just make sure that you do not choose a US provider, that would make things unnecessarily complicated.
If you use Cookiebot, it only needs to be listed as an essential service, which is the case by default, so you don’t need to worry about that.
Then feel free to call us. We will help you with questions about our product and features or generally about all data protection topics: