Cookie Policy

1. Introduction

This cookie policy describes how Whistlesblow (trade name of True Solutions S.r.l.) uses cookies and similar technologies on its website. This policy is provided in accordance with Article 13 of Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC (ePrivacy Directive), as amended by Directive 2009/136/EC. We use Cookiebot to manage user consent regarding the use of cookies.

2. What are cookies

Cookies are small text files that are stored on the user's device (computer, tablet, smartphone) when visiting a website. Cookies allow the site to remember the user's actions and preferences for a certain period of time, so that it is not necessary to re-enter them every time you return to the site or navigate from one page to another. Cookies can be "session" cookies (temporary, deleted when the browser is closed) or "persistent" cookies (remain stored until their expiration or manual deletion). In addition to cookies, we also use similar technologies such as tracking pixels, web beacons and local storage.

3. Types of cookies used

Our website uses different categories of cookies, each with specific purposes:

3.1 Essential technical cookies

These cookies are strictly necessary for the website to function and cannot be disabled. They are generally set only in response to actions taken by the user that amount to a request for services, such as setting privacy preferences, logging in or filling out forms. Legal basis: legitimate interest of the controller (Art. 6(1)(f) GDPR) and performance of contractual obligations.

• Laravel session cookies (laravel_session, XSRF-TOKEN): necessary to maintain the user session and ensure CSRF request security. Duration: session (deleted when browser is closed)
• Authentication cookies: used to keep the user authenticated during navigation. Duration: session or until logout
• Cookiebot consent cookies (CookieConsent): stores user preferences regarding cookies. Duration: 12 months
• Security cookies: protect against CSRF attacks and ensure communication integrity. Duration: session

These cookies do not store personal information and do not require user consent.

3.2 Statistical and analytics cookies

These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously. Legal basis: user consent (Art. 6(1)(a) GDPR).

• Google Analytics (GA4): web analytics service provided by Google Ireland Limited. Collects anonymous statistical data on site usage (pages visited, time spent, traffic sources). Cookies used: _ga (duration: 2 years), _ga_* (duration: 2 years), _gid (duration: 24 hours). Privacy Policy: https://policies.google.com/privacy. This site uses Google Analytics with anonymized IP address.
• Hotjar: user behavior analytics service provided by Hotjar Ltd. Collects data on how users interact with the site (mouse movements, clicks, scroll). Cookies used: _hjid (duration: 365 days), _hjIncludedInPageviewSample (duration: session). Privacy Policy: https://www.hotjar.com/legal/policies/privacy/. Hotjar is configured to automatically obscure all areas with personal data.
• Mixpanel: event analytics platform provided by Mixpanel Inc. Tracks specific user events to analyze behavior and improve the service. Cookies used: mp_* (duration: 13 months). Privacy Policy: https://mixpanel.com/legal/privacy-policy/

3.3 Marketing and advertising cookies

These cookies are used to track visitors across websites with the intent of displaying relevant and engaging advertisements. Legal basis: user consent (Art. 6(1)(a) GDPR).

• Facebook Pixel: tracking tool provided by Meta Platforms Ireland Limited. Tracks conversions and allows showing targeted advertisements to users who have visited the site. Cookies used: _fbp (duration: 90 days), fr (duration: 90 days). Privacy Policy: https://www.facebook.com/privacy/explanation
• Bing UET (Universal Event Tracking): conversion tracking service provided by Microsoft Corporation. Tracks user actions to optimize advertising campaigns on Bing. Cookies used: _uetsid (duration: 1 day), _uetvid (duration: 13 months). Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
• Google Ads Conversion Tracking: tracks conversions for advertising campaigns on Google. Cookies used: conversion_* (duration: variable). Privacy Policy: https://policies.google.com/privacy

3.4 Functionality cookies

These cookies allow the website to provide enhanced functionality and personalization. They may be set by us or by third-party service providers whose functionality we have added to our pages. Legal basis: user consent or legitimate interest (Art. 6(1)(a) or (f) GDPR).

• Tidio: online chat service provided by Tidio LLC. Allows users to communicate with customer support. Cookies used: tidio_state_* (duration: session). Privacy Policy: https://www.tidio.com/privacy-policy/
• Language preference cookies: stores the user's preferred language. Duration: 12 months
• TriplePixel: security and fraud prevention service provided by Config Security. Cookies used: TriplePixel (duration: variable). Privacy Policy: https://config-security.com/privacy

4. Third-party cookies

Some cookies are set by third-party services that appear on our pages. We do not have direct control over these cookies. For more information on how these third parties use cookies, please consult their respective privacy policies:

• Google Analytics: web analytics service provided by Google Ireland Limited. Purpose: web traffic analysis, usage statistics, user behavior. Data transfer: may involve transfer of data to the United States. Privacy Policy: https://policies.google.com/privacy. Opt-out: https://tools.google.com/dlpage/gaoptout
• Facebook Pixel: tracking tool provided by Meta Platforms Ireland Limited. Purpose: conversion tracking, remarketing, targeted advertising. Data transfer: may involve transfer of data to the United States. Privacy Policy: https://www.facebook.com/privacy/explanation. Opt-out: through Facebook settings
• Hotjar: user behavior analytics service provided by Hotjar Ltd. Purpose: user behavior analysis, heatmaps, session recordings. Data transfer: data processed in the EU. Privacy Policy: https://www.hotjar.com/legal/policies/privacy/. Opt-out: https://www.hotjar.com/legal/compliance/opt-out
• Mixpanel: event analytics platform provided by Mixpanel Inc. Purpose: event tracking, user behavior analysis. Data transfer: may involve transfer of data to the United States. Privacy Policy: https://mixpanel.com/legal/privacy-policy/. Opt-out: through Mixpanel settings

5. Consent Management via Cookiebot

We use Cookiebot, a service provided by Cybot A/S, to manage user consent regarding the use of cookies. Cookiebot allows users to: (a) view detailed information on cookies used; (b) choose which categories of cookies to accept (essential, statistical, marketing, functionality); (c) modify or revoke consent at any time; (d) view the current consent status. Consent is stored in a cookie (CookieConsent) for a period of 12 months. Cookiebot retains documentary evidence of consent for 12 months for GDPR accountability purposes. Cookiebot Privacy Policy: https://www.cookiebot.com/en/privacy-policy/

6. Cookie Management and Disabling

Users can manage cookie preferences in several ways:

• Via the Cookiebot consent banner: on first visit to the site, a banner is displayed that allows accepting or rejecting different categories of cookies. You can modify preferences at any time by clicking on the Cookiebot icon located at the bottom left of the page
• Via browser settings: most browsers allow managing cookie preferences through privacy settings. You can block all cookies, accept only first-party cookies, or delete already stored cookies
• Via opt-out links provided by third-party services: each third-party service provides tools to disable tracking (see "Third-party cookies" section)

6.1 Browser Settings

To manage cookies through browser settings, follow these instructions:

• Chrome: Chrome: Settings > Privacy and security > Cookies and other site data > Manage cookies and site data
• Firefox: Firefox: Options > Privacy & Security > Cookies and Site Data > Manage Data
• Safari: Safari: Preferences > Privacy > Manage Website Data
• Edge: Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data

7. Cookie Duration

Cookies used on our site have different durations: (a) Session cookies: are automatically deleted when the browser is closed; (b) Persistent cookies: remain stored for variable periods, from a few days up to 2 years, depending on the purpose and service. The specific duration of each cookie is indicated in the "Types of cookies used" section of this policy. Users can delete cookies at any time through browser settings.

8. Legal Basis of Processing

Processing of data through cookies is based on different legal bases depending on the cookie category: (a) Essential technical cookies: legitimate interest of the controller (Art. 6(1)(f) GDPR) and performance of contractual obligations (Art. 6(1)(b) GDPR); (b) Statistical and analytics cookies: user consent (Art. 6(1)(a) GDPR); (c) Marketing cookies: user consent (Art. 6(1)(a) GDPR); (d) Functionality cookies: user consent or legitimate interest (Art. 6(1)(a) or (f) GDPR). Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent given before withdrawal.

9. Data Transfer

Some third-party services used on our website may involve the transfer of personal data to third countries, in particular to the United States. Such transfers take place in compliance with applicable legislation and, when necessary, on the basis of appropriate safeguard mechanisms (such as standard contractual clauses approved by the European Commission or adherence to recognized certification frameworks). For more information on data transfers made by each service, please consult the respective privacy policies indicated in the "Third-party cookies" section.

10. User Rights

In accordance with GDPR, users have the right to: (a) be informed about the use of cookies (right satisfied through this policy); (b) access their personal data; (c) object to processing of data for marketing purposes; (d) withdraw consent at any time; (e) request erasure of data; (f) lodge a complaint with the competent supervisory authority (e.g., the Data Protection Authority in your country). To exercise these rights or for any questions about cookies, you can contact the Controller using the contacts indicated in the "Contact" section.

11. Consent and Consequences of Refusal

Consent to the use of non-essential cookies is optional and can be withdrawn at any time. Refusal or withdrawal of consent for non-essential cookies does not prevent access to the website, but may limit some functionality or personalization. Essential technical cookies do not require user consent as they are necessary for the website to function. Consent to non-essential cookies is recorded only through a positive action by the user via the Cookiebot banner.

12. Contact

For any questions, requests or reports relating to the use of cookies and this policy, you can contact the Controller: