INTERNAL MANUAL OF POLICIES AND PROCEDURES IN THE MATTER OF PROTECTION OF PERSONAL DATA OMEGA TURISMO S.A.S

AGENCIA DE VIAJES Y TURISMO OMEGA EVENTOS S.A.S., hereinafter referred to as “the Company”, declares that it acts as an intermediary between the users and the entities or persons in charge of providing the services of air or land transport, accommodation, food, or any other service contracted through the Internet site of this travel agency. In this sense, the Company undertakes to comply with the intermediation services mentioned, with the exceptions specified in these general conditions and is not responsible for the non-compliance of such entities in the execution of their obligations, nor for unforeseen events caused by strikes, weather conditions, delays, earthquakes, quarantines. As well as for material, personal or moral damages that the passenger may suffer due to loss, damage or theft of luggage, or due to accidents, illnesses or deaths. The user will have to complain directly to the companies that provided the unfulfilled service, in which process the Company will help the user as soon as possible. The present “General Conditions” are governed by the rules of civil commercial law and other applicable laws.

This website as a travel agency is subject to the liability regime established by law 300/96, D.R. 1075/97 and other regulatory decrees.

Presentation

In the first place, it should be noted that the preparation and proposal of this document responds to the need to comply with the provision set forth in paragraph k) of Article 17 of Law 1581 of 2012, which regulates the duties that correspond to those responsible for the processing of personal data, including the adoption of policies and procedures to ensure adequate compliance with the law and especially for the handling of queries and complaints.

It is important to specify that in paragraphs (d) and (e) of article 3 of Law 1581 of 2012, express mention is made of the data processor and the data controller, respectively. Thus, the data controller is the natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data, while the data processor is the natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the data controller.

Now, current technologies allow companies to efficiently manage, exploit and store the personal information they use to meet their corporate and business objectives, such as in their recruitment and hiring processes, or processes related to service and attention to customers, users, suppliers, shareholders and executives, among others. The fundamental right to habeas data aims precisely to guarantee citizens the power of decision and control they have over the information that concerns them, specifically over the use and destination given to their personal data.

In this sense, the right to the protection of personal data gives the holder a range of powers to maintain control over his personal information.

These options range from the right to know who holds the personal data, the uses to which they are being subjected, to the determination of who has the possibility of consulting them.

The law even gives them the power to oppose such possession and use.

Law 1581 of 2012 develops a series of guarantees and instruments designed to guarantee the validity of this fundamental right.

In this context, the purpose of these policies is to cover these guarantees and instruments, taking into account our condition as data controllers, in particular in the light of the provisions of Article 17(k) of the aforementioned law.

These policies make it possible to implement important organizational changes to bring the procedures for collecting and processing personal data into line with the provisions of the Law.

The policies include the basic aspects of normative nature, contains independent annexes with models, documents and schemes of procedures that allow to obtain the authorization for the processing of personal data according to our particular needs.

1. General principles and postulates

OMEGA TURISMO S.A.S. guarantees the protection of rights such as Habeas Data, privacy, intimacy, good name, image and institutional autonomy. For this purpose, all its actions will be governed by principles of good faith, legality, self-determination regarding informatics, freedom and transparency.

Whoever, in the exercise of any activity, including commercial and labor activities, whether permanent or occasional, may supply any type of information or personal data to the Company, and in which the latter acts as the person in charge of the processing or the person responsible for the processing, will be able to know it, update it and rectify it.

2. Legal framework

1. Political Constitution of Colombia, article 15.
2. Law 1266 of 2008
3. Law 1581 of 2012
4. Regulatory Decrees 1727 of 2009 and 2952 of 2010, and Regulatory Decree No. 1377 of 201

3. Definitions

In accordance with current legislation on the matter, the following definitions are established. They will be applied and implemented accepting the interpretation criteria that guarantee a systematic and integral application, and in accordance with technological advances, technological neutrality; and the other principles and postulates that govern the fundamental rights that encompass the right to habeas data and the protection of personal data.

a)  Authorization: Prior, express and informed consent of the holder to carry out the Processing of personal data.

(b) Database: Organized set of personal data that is the object of Processing.

c) Personal data: Any information linked to or that may be associated with one or more specific or determinable natural persons.

d) Person in charge of the data processing: Natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the person in charge of the processing.

e) Data controller: A natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.

f) Holder: Natural person whose personal data are subject to processing.

g) Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion thereof.

4. Specific principles

The principles set out below constitute the general parameters that will be respected by OMEGA TURISMO S.A.S. in the processes of collection, use, processing, storage and exchange of personal data:

a) Principle of legality: In the use, capture, collection and processing of personal data, the current and applicable provisions governing the processing of personal data and other related fundamental rights shall be applied.

b) Principle of freedom: The use, capture, collection and processing of personal data may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal, statutory, or judicial mandate releasing the consent.

c) Principle of purpose: The use, capture, collection and processing of personal data to which OMEGA TURISMO S.A.S. has access and which are gathered and collected by OMEGA TURISMO S.A.S., will be subordinate to and serve a legitimate purpose, which must be informed to the respective owner of the personal data.

d) Principle of truthfulness or quality: Information subject to use, capture, collection and processing of personal data must be truthful, complete, accurate, up to date, verifiable and comprehensible. Processing of partial, incomplete, fractioned or misleading data is prohibited.

e) Principle of transparency: In the use, capture, collection and processing of personal data, the Holder’s right to obtain from OMEGA TURISMO S.A.S., at any time and without restrictions, information about the existence of any type of information or personal data of interest or ownership must be guaranteed.

f) Principle of access and restricted circulation: Personal data, except public information, may not be available on the Internet or other ways of divulgation or mass communication, unless access is technically controllable to provide restricted knowledge only to the Owners or authorized third parties.

g) Principle of security: Personal data and information used, captured, collected and subject to processing by OMEGA TURISMO S.A.S. shall be protected to the extent that the technical resources and minimum standards allow, through the adoption of technological protection measures, protocols, and all types of administrative measures that are necessary to provide security to electronic records and repositories, avoiding their tampering, modification, loss, consultation and, in general, against any unauthorized use or access.

h) Principle of confidentiality: Each and every one of the persons who administer, manage, update or have access to information of any type found in databases or data banks, commit themselves to keep and maintain in a strictly confidential manner, and not disclose to third parties, all personal, commercial, accounting, technical, commercial or any other type of information provided in the execution and exercise of their duties. All persons who currently work or will work in the administration and management of databases, must sign an additional document or amendment to their employment contract for ensuring such commitment. This obligation persists and is maintained even after the end of their connection with any of the tasks included in the Processing.

5. Sensitive data:

Sensitive data are data that affect the privacy of the owner or the misuse of which may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of trade unions, social organizations, or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties. As well as data relating to health, sex life and biometrics, including still or moving image capture, fingerprints, photographs, iris, voice recognition, facial or palm recognition, etc.

5.1 Processing of sensitive data:

Sensitive data may be used and processed when:

a) The Holder has given his explicit authorization to such processing, except in cases where the law does not require the granting of such authorization.

b) The Processing is necessary to safeguard the vital interest of the holder and he is physically or legally handicapped. In these events, the legal representatives must grant their authorization.

c) The Processing is carried out in the course of legitimate activities and with the due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or syndical, as long as they refer exclusively to its members or to persons who maintain regular contacts due to its purpose. In these events, the data may not be provided to third parties without the authorization of the owner.

d) The Processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.

e) The Processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Owners shall be adopted.

5.2 Authorization of the holder:

Without prejudice to the exceptions provided for in the law, prior, express and informed authorization of the holder is required in the Processing, which must be obtained by any means that may be the subject of subsequent consultation and verification.

5.3 Cases in which authorization is not required:

The Holder’s authorization shall not be required in the case of:

a) Information required by a public or administrative entity in the exercise of its legal functions or by court order.

b) Data of a public nature.

c) Cases of medical or sanitary urgency

d) Processing of information authorized by law for historical, statistical or scientific purposes.

e) Data related to the Civil Registry of persons.

6. Rights of children and adolescents

Processing shall ensure respect for the prevailing rights of minors.

The processing of personal data of minors is prohibited, except for data of a public nature.

It is the responsibility of the State and educational institutions of all kinds to provide information and to train legal representatives and guardians on the possible risks faced by minors with regard to the improper processing of their personal data, and to provide knowledge about the responsible and safe use by children and adolescents of their personal data, their right to privacy and the protection of their personal information and that of others.

7. OMEGA TURISMO's obligations as responsible for the processing of personal data.

OMEGA TURISMO, when acting as responsible for the Processing of personal data, shall comply with the following duties:

a)    Guarantee to the Holder, at all times, the full and effective exercise of the right of Habeas Data.

b)    Request and keep a copy of the respective authorization granted by the holder.

c)   Duly inform the owner about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

d)   Keep the information under the necessary security conditions to prevent its tampering, loss, consultation, use or unauthorized or fraudulent access.

e)     Guarantee that the information provided to the data processing manager is truthful, complete, exact, updated, verifiable and understandable.

f) To update the information, communicating in a timely manner to the person in charge of the Data Processing all the novelties with respect to the data previously supplied to him/her and to adopt any other necessary measures so that the information supplied to him/her is kept updated.

g) To rectify the information when it is incorrect and to communicate the appropriate information to the person in charge of the Data Processing.

h) Provide the person in charge of the Data Processing, as the case may be, only data whose Processing has been previously authorized.

i) Demand from the person in charge of the Processing, at all times, respect for the conditions of security and privacy of the information of the Holder.

j)  Process queries and complaints made.

k) To inform the person in charge of the Treatment when certain information is in dispute on the part of the Holder, once the claim has been presented and the respective procedure has not finished.

l)  Inform at the request of the Holder about the use given to their data.

m) Inform the data protection authority when security codes are violated and there are risks in the administration of the information of the Holders.

8. National Registry of Databases.

OMEGA TURISMO S.A.S. reserves, in the events contemplated in the law and in its statutes and internal regulations, the right to maintain and catalogue certain information contained in its databases or data banks as confidential, in accordance with the rules in force, its statutes and regulations, all of the foregoing and in accordance with the fundamental and constitutional right to education, to academic freedom, and principally to autonomy.

OMEGA TURISMO S.A.S. shall proceed, in accordance with the regulations in force and the regulations issued for this purpose by the National Government, to register its databases with the Registro Nacional de Bases de Datos (RNBD), which shall be managed by the Superintendencia de Industria y Comercio. The RNBD is the public directory of the databases subject to Data Processing that operate in the country and that will be freely consulted by citizens, in accordance with the regulations issued for that purpose by the National Government.

9. Authorizations and Consent

The collection, storage, use, circulation or deletion of personal data by OMEGA TURISMO S.A.S. requires the free, prior, express and informed consent of the Owner thereof.

9.1 Means and manifestations for granting the authorization.

The authorization may consist of a physical document, electronic, message, Internet, web sites, in any other format that allows to guarantee its later consultation, or by means of a suitable technical or technological mechanism that allows to manifest or to obtain the consent via click or double click, by means of which it can be concluded in an unequivocal way that, if a conduct of the Holder had not been obtained, the data would never have been captured and stored in the database. The authorization shall be generated by OMEGA TURISMO S.A.S and shall be made available to the Holder prior to and prior to the Processing of his/her personal data.

(See Annex No. 1 model of authorization for the collection and processing of personal data).

9.2 Proof of authorization.

OMEGA TURISMO S.A.S. shall use the mechanisms it currently has and shall implement and adopt the necessary actions to maintain suitable technical or technological records or mechanisms of when and how it obtained authorization from the holders of personal data for the Processing thereof. To comply with the foregoing, physical files or electronic repositories may be established directly or through third parties contracted for this purpose.

10. Privacy Notice.

The Privacy Notice is the physical document, electronic or in any other format known or to be known, which is made available to the Holder for the processing of personal data. By means of this document, the Holder is informed of the information relating to the existence of the information treatment policies that will be applicable to him/her, the way to access them and the characteristics of the treatment that is intended to be given to the personal data.

(See Annex No. 2 Model Privacy Notice)

10.1 Reach and Content of the Privacy Notice.

The Privacy Notice shall, as a minimum, contain the following information:

a)   The identity, address and contact details of the person responsible for the Processing.

b)  The type of processing to which the data will be submitted and the purpose of the same.

c)  The general mechanisms provided by the data controller so that the Owner knows the information Processing policy and the substantial changes that may occur therein. In all cases, it must be informed to the Owner how to access or consult the information processing policy.

11. Prerogatives and other rights of the Owners of the information.

In attention and in consonance with the provisions of the regulations in force and applicable to the protection of personal data, the Owner of personal data has the following rights:

a)   Access, be informed of, rectify and update their personal data at OMEGA TURISMO S.A.S., in its capacity as data controller.

b)   By any valid means, request proof of the authorization granted to OMEGA TURISMO S.A.S., in its capacity as data processor.

c)    To receive information from OMEGA TURISMO S.A.S., upon request, regarding the use they have made of your personal data.

d)    Have recourse to legally constituted authorities, especially to the Superintendence of Industry and Commerce, and present complaints for infringements of the provisions of the regulations in force in the applicable regulations, prior consultation or request to the person responsible for Data Processing.

e)     Modify and revoke the authorization and/or request the deletion of the data when the Data Processing does not respect the principles, rights and constitutional and legal guarantees in force.

f)      Have knowledge of and free access to their personal data that have been processed.

12. OMEGA TURISMO's duties in relation to the processing of personal data.

OMEGA EVENTOS S.A.S. shall, at all times, be aware that the personal data are the property of the persons to whom they refer and that only they can decide about them. In this sense, it will use them only for those purposes for which it is duly empowered and, in any case, respecting the regulations in force on the protection of personal data.

13. Guarantees of the Right of Access.

OMEGA TURISMO S.A.S. shall guarantee the right of access when, following accreditation of the identity of the Owner, legitimacy or personality of its representative, making available to the latter, without cost or expense, in a detailed and detailed manner, the respective personal data through any type of means, including electronic means that allow the direct access of the Owner to them. Such access must be offered without any limit and must allow the Owner the possibility to know and update them online.

14. Consultations.

The Owners or their successors in title may consult the personal information of the Owner that reposes in any database. Consequently, OMEGA TURISMO S.A.S. shall guarantee the right to consult, providing the Owners with all the information contained in the individual register or linked to the identification of the Owner.  

OMEGA TURISMO S.A.S. guarantees that all requests for consultation of personal data will be dealt with:

a.  Enable electronic or other means of communication that it considers relevant.

b.  Establish forms, systems and other simplified methods, which must be informed in the privacy notice.

c.   Use the customer service or complaint services it has in operation.

d.  In any case, regardless of the mechanism implemented for handling consultation requests, these will be attended to within a maximum term of ten (10) working days counted from the date of their receipt. When it is not possible to attend the consultation within said term, the interested party shall be informed before the expiration of the 10 days, expressing the reasons for the delay and indicating the date on which his consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term..

15. Claims

The Owner or his successors in title who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Law, may file a complaint with the person responsible for the Data Processing, channeling it and sending it through the designated agency, whose contact details are specified later in numeral 22 of this document, and which will exercise the function of personal data protection in OMEGA TURISMO S.A.S . The claim may be presented by the Owner, taking into account the information indicated in article 15 of Law 1581 of 2012 and in Decree 1377 of 2013, and other regulations that modify or add them.

16. Implementation of procedures to guarantee the right to file claims.

At any time and free of charge, the Owner or his/her representative may request OMEGA TURISMO S.A.S. staff to rectify, update or delete his/her personal data, upon proof of identity. The rights of rectification, updating or deletion can only be exercised by:

a)   The owner or his successors in title, with prior accreditation of his identity, or through electronic tools that allow him to identify himself.

b)   His representative, upon accreditation of the representation.

When the request is formulated by a person other than the Owner, the person or mandate to act shall be duly accredited; and in case of not accrediting such status, the request shall be considered not presented.

The request for rectification, updating or deletion must be submitted through the means enabled by OMEGA TURISMO S.A.S, indicated in the privacy notice and contain, as a minimum, the following information:

a.  The name and address of the Owner or any other means to receive the response

b.   Documents proving the identity or personality of the representative.

c.  A clear and precise description of the personal data in respect of which the Owner seeks to exercise any of the rights.

d.  If necessary, other elements or documents that facilitate the location of the personal data.

17. Rectification and updating of data.

OMEGA TURISMO S.A.S. has the obligation to rectify and update, at the request of the Owner, the information of the Owner that turns out to be incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, the following shall be considered:

In requests for rectification and updating of personal data, the Owner must indicate the corrections to be made and provide documentation to support their request.

OMEGA TURISMO S.A.S. is free to set up mechanisms to facilitate the exercise of this right, as long as they benefit the owner. Consequently, electronic or other means considered pertinent may be enabled.

OMEGA TURISMO S.A.S. may establish simplified forms, systems and other methods, which must be informed in the privacy notice and which will be made available to interested parties on the website.

18. Data deletion.

The Owner has the right, at any time, to request OMEGA TURISMO S.A.S. to delete his/her personal data when:

a.  He/She considers that these data are not being treated in accordance with the principles, duties and obligations set out in current legislation.

b.  They are no longer necessary or relevant for the purpose for which they were collected.

c.  The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial deletion of personal information in accordance with the owner’s request in the registers, files, databases or treatments carried out by OMEGA TURISMO S.A.S. It is important to bear in mind that the right of cancellation is not absolute and the person in charge may refuse to exercise it when:

a.   The Owner has a legal or contractual duty to remain in the database.

b.  The elimination of data hinders judicial or administrative actions linked to fiscal obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

c.   The data are necessary to protect the legally protected interests of the Owner; to carry out an action in the public interest, or to comply with an obligation legally acquired by the Owner.

19. Revocation of authorization.

Owners of personal data may revoke consent to the processing of their personal data at any time, provided that it is not prevented by a legal or contractual provision. To this end, OMEGA TURISMO S.A.S. must establish simple and free mechanisms that allow the Data Owner to revoke his/her consent, at least by the same means by which it was given.

It should be considered that there are two ways in which revocation of consent can occur.

The first can be about the totality of the consented purposes, i.e. OMEGA TURISMO S.A.S. must stop completely processing the data of the Owner; the second can be about certain types of processing, such as, for example, for advertising or market research purposes. With the second modality, i.e. the partial revocation of consent, other purposes of the treatment that the person in charge, in accordance with the authorization granted, can carry out and with which the owner agrees.

20. Information security and security measures.

OMEGA TURISMO S.A.S. shall adopt the technical, human and administrative measures necessary to ensure the security of the records, avoiding their alteration, loss, consultation, unauthorized or fraudulent use or access.

21. Personal data protection function at OMEGA TURISMO S.A.S.

OMEGA TURISMO S.A.S, as an institution, and under the terms established in the current regulations, will act as RESPONSIBLE FOR THE PROCESSING of personal data. For all effects, it will act as THE PROCESSOR OF THE TREATMENT of personal, financial, commercial data and suppliers of the Internal Control area.

 

OMEGA TURISMO S.A.S designates the Internal Control area, or the dependency that takes its place, as the instance that, through the mail tesorería@omegaeventos.co, who will receive, process and channel the different requests received, and will send them to the respective dependencies, which, once they receive these communications, will begin to comply with the function of personal data protection and must process the requests of the Owners, in the terms, periods and conditions established by the regulations in force, for the exercise of the rights of access, consultation, rectification, updating, suppression and revocation referred to in the current regulations on personal data protection.

In the event you believe that OMEGA TURISMO S.A.S. has given a use different to the one that was authorized and to the applicable laws, you may contact us by means of a  communication addressed to the Internal Control area, address cll 11 #28 45 ofc 501 Tel . 3099989, or via e-mail tesoreria@omegaeventos.co

Validity

This manual is effective as of March 2, 2017 and supersedes any special regulations or manuals that may have been adopted by administrative bodies at OMEGA TURISMO S.A.S.

ANNEX 1 DOCUMENT AUTHORISING AND ENDORSING THE USE OF PERSONAL DATA

Through the issuance of Law 1581 of 2012, regulated by Decree 1377 of 2013, the constitutional principle is developed that all persons have to know, update and rectify any type of information collected or that has been subject to processing of personal data in banks or databases and, in general, in archives of public and / or private entities.

In this regard, OMEGA TURISMO S.A.S, as the company that stores and collects personal data, requires your authorization so that, freely, prior, expressly, voluntarily and duly informed, all administrative departments may collect, collect, store, use, circulate, delete, process, compile, exchange, process, update and dispose of the data that have been supplied and that have been incorporated in different databases or data banks, or in all types of electronic repositories that OMEGA TURISMO S.A.S. has at its disposal. This information is and will be used in the development of the company’s corporate purpose, as a travel agency and hotel operator at a national level.

Taking into account the foregoing, it is understood that OMEGA TURISMO S.A.S., in accordance with the terms set forth in article 10 of Decree 1377 of 2013, is expressly and unequivocally authorized to maintain and handle all your information, unless you directly, expressly, unequivocally and in writing within thirty (30) working days from the receipt of this communication, that is,  to the e-mail account set up for this purpose: tesoreria@omegaeventos.co.

Additionally, in your condition as holder of the data and in accordance with the provisions of applicable law, you may at any time exercise your rights, in particular: to know the information, request the update, rectification and / or deletion or revoke the consent granted for the processing of personal data, via email tesoreria@omegaeventos.co

As a sign of acceptance of the foregoing (in case of physical diligence or through the website http://www.omegaturismo.co),

I expressly and unequivocally consent and authorize that my personal data will be processed in accordance with the provisions of this document and/or authorization..

FIRMA: _____________________________

NOMBRE: ____________________________

CC.No: ____________________________

ANNEX 2
MODEL PRIVACY NOTICE

OMEGA TURISMO S.A.S, domiciled in the city of Bogotá, Colombia, acts and is responsible for the processing of personal data.

How to contact us: cll 11 28 45 ofc 501

E-mail: tesoreria@omegaeventos.co

Telephone: 7 43 25 63 

Your personal data will be included in a database and will be used directly or through designated third parties, among others, and in a merely illustrative manner, for the following direct and indirect purposes related to the object and purposes of OMEGA TURISMO S.A.S:

a.  To achieve efficient communication regarding, on the one hand, our services and other activities related to OMEGA TURISMO S.A.S.’s own functions.

b.   Inform about new services that are related to those offered;

c.   To comply with obligations contracted with public authorities, as well as with our strategic allies, contractors, contracting parties, clients, suppliers, and employees;

d.   Inform about changes in the services and products of our society;

e.   Evaluate service quality

f.   To carry out internal studies on the services offered by us.

Information holders are informed that they may consult OMEGA TURISMO’s Internal Manual of Personal Data Policies and Procedures, which contains the policies for the treatment of the information collected, as well as the consultation and complaint procedures that will allow them to exercise their rights to access, consult, rectify, update and delete the data. See: http://www.omegaturismo.co

Cookies & Consent Banner

This widget was formerly known as the EU Cookie Law Widget.

The European Union’s ePrivacy Directive (often referred to as the ‘cookie law’) and General Data Protection Regulation (GDPR) place requirements on website owners and operators to provide information about, and gain consent for their use of cookies.

To help WordPress users in Europe who wish to comply with the regulations, we have created a widget that can be enabled from the Dashboard.

Cookie Usage

WordPress and Jetpack-powered sites make use of cookies for a variety of different purposes. For more information, please refer to our dedicated cookie documentation, as well as the Automattic Cookie Policy.

Enabling the Widget

The Extra Sidebar Widgets module is required and now enabled by default. If you do not see the functionality described below, please visit Control Jetpack’s Modules on One Page to learn how to activate it.

You can add the widget — titled Cookies & Consents Banner (Jetpack) — via Appearance — Widgets in your dashboard. It can be added to any widget position, and the banner will display at the bottom of the screen when the site is loaded.

Note: The banner will only appear on posts or pages on your site that display the widget area to which you add the widget. To display the banner on the front page of your site, be sure to add the widget to a widget area that appears in that location. This will be dictated by your theme.

Widget Features & Options

  • Banner text — The banner will display a default cookie notification message, which can be customized to your needs or liking.
  • Privacy Policy Link — The link to your site’s privacy policy. If available on your site, this will default to the URL of your Privacy Policy page. If no such page is available, it will default to https://automattic.com/cookies, the Automattic Cookie Policy, which covers Jetpack. If you wish to link to any different URL, you can select the Custom URL option and add it.
  • Link text – The text of the link pointing to your site’s privacy policy (see Privacy Policy Link above). The default text is Cookie Policy.
  • Button text – The text of the button that users will click to accept and dismiss the cookie notice. The default text is Close and accept.
  • Capture consent & hide the banner — The banner’s dismissal rule can be set to one of three options: when a visitor specifically clicks on the button (this option is required for sites running Jetpack Ads), when a visitor scrolls down the page, or after a specific amount of time (as determined by you). If choosing to dismiss the banner after a specific amount of time, the minimum length is 3 seconds, and the maximum length is 1,000. Once the banner accepted/hidden, a technical cookie named eucookielaw is set, which prevents it from being displayed until the acceptance/consent expires (see Consent expires after below). If your site is using Jetpack Ads, an additional technical cookie named personalized-ads-consent will also be set, following the same expiration rule and allowing personalized ad content to be served to the accepting visitor.
  • Consent expires after — The amount of time a visitor’s acceptance of your cookie policy will be honored. Once expired, the banner will show again to the visitor, and they will have another opportunity to accept it The default value is 180 days.

Advertisements

Data used: the following information (available from the visitor’s browser) is collected and sent to Automattic’s Demand Partners: IP address, geographic data (derived from the IP address), user agent, operating system, device type, user ID Unique user (randomly) generated identifier), current URL and IAB (Interactive Advertising Bureau) category of interest. Registration data (IP address, geographic data, user agent, operating system, device type) are stored for 30 days. The unique user ID is stored in cookies and is retained for 1 year.

Activity tracking: ad impressions, video-related events (i.e., pause, silence, 100% views, etc.) or errors, and click events on ads. Several cookies are used for the following purposes: deliver ads aimed at specific visitors, store user identifiers and collect anonymous statistics from the advertising platform.

Google Analytics

Data used: See the appropriate Google Analytics documentation for the specific type of data you collect. For sites running WooCommerce (also owned by Automattic) and this feature simultaneously and having all purchase tracking explicitly enabled, purchase events will send Google Analytics the following information: order number, name and product name, category of the product, total cost and quantity of items purchased. Google Analytics offers IP anonymization, which can be enabled by the site owner.

Activity Tracking: This feature sends page display events (and potentially video playback events) to Google Analytics for consumption. For sites running WooCommerce-driven stores, some additional events are also sent to Google Analytics: shopping cart additions and deletions, product list views and clicks, product detail views and purchases. The site owner must enable tracking of each specific WooCommerce event.

To protect

Data used: to verify the login activity and potentially block fraudulent attempts, the following information is used: attempt of the user’s IP address, attempt of email address / username (that is, according to the value they tried to use during the login process) and all IP-related HTTP headers attached to the user trying to make them.

Tracked activity: failed login attempts (these include the IP address and the user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if / when a user has successfully completed a mathematical captcha to prove that he is a real human. Learn more about this cookie

Data Synced (?): Login attempts failed, containing the user’s IP address, username or email address attempt and user agent information.