Cookie Policy

Last updated: March 14, 2026 | Version: 2.0 Bulletproof

1. Introduction and Legal Compliance

This Cookie Policy ("Policy") explains how Michal Černáček ("we," "us," "Company") uses cookies, tracking pixels, web beacons, and similar technologies on cernacek.com and related properties. This Policy complies with GDPR, CCPA/CPRA, UK DPA 2018, PECR, LGPD, PIPEDA, and applies exclusively to users and audiences in EU/EEA, North America, and Oceania. We do NOT track users in Africa or Asia.

By using our website, you acknowledge that you have read and understood this Cookie Policy. In jurisdictions requiring explicit consent, your continued website use or explicit consent grants us permission to use cookies as described herein.

2. What Are Cookies and Related Technologies?

2.1 Cookie Definition and Types

Cookies are small text files (typically 4KB or less) stored on your device's hard drive when you visit a website. They contain a unique identifier and expiration date. Types of cookies include:

  • Session Cookies: Temporary cookies deleted when you close your browser; used to maintain login status and user preferences during a session
  • Persistent Cookies: Remain on your device for extended periods (days, months, or years); used to remember preferences and track behavior across multiple visits
  • First-Party Cookies: Set by our domain directly; used for core website functionality
  • Third-Party Cookies: Set by external domains (advertising networks, analytics providers); used for tracking and advertising purposes

2.2 Similar Tracking Technologies

Beyond traditional cookies, we also use:

  • Web Beacons (Tracking Pixels): Invisible 1x1 pixel images embedded in emails and web pages that signal when content is viewed or clicked
  • Local Storage: Browser storage mechanism similar to cookies; stores larger amounts of data (5-10MB) on your device
  • Session Storage: Temporary client-side storage cleared when you close the browser
  • Log File Analysis: Server-side tracking recording IP addresses, user agents, pages visited, and timestamps
  • Device Fingerprinting: Collection of browser/device characteristics to create unique identifiers

3. Cookies We Use and Their Purposes

3.1 Essential/Strictly Necessary Cookies

Purpose: Essential for website functionality; required to enable core features without which the site cannot operate properly.

Examples:

  • Session management and user authentication
  • Security tokens and anti-CSRF protection
  • Maintaining active user sessions
  • Payment processing and transaction security
  • Load balancing and server stability

Consent Required: No explicit consent required under GDPR and most privacy laws; these are legally necessary.

3.2 Performance and Analytics Cookies

Purpose: Measure website performance, user behavior, and analytics to improve user experience and optimize website functionality.

Data Collected:

  • Number of page views and unique visitors
  • Time spent on pages and user journey paths
  • Click patterns, scroll depth, and interaction data
  • Device and browser information
  • Geographic location (country/region level, not precise)
  • Traffic sources (referrers, search keywords)

Providers: Google Analytics (ga.js, analytics.js, gtag.js), Hotjar, Mixpanel

Consent Required: Opt-in consent recommended (legit interest may apply in some jurisdictions)

3.3 Functionality and Preference Cookies

Purpose: Remember user choices, preferences, and customization settings to enhance website usability.

Data Remembered:

  • Language and locale preferences
  • Theme selections (dark/light mode)
  • Accessibility settings and preferences
  • Recently viewed products or content
  • Wish lists and saved items
  • User interface customizations

Consent Required: Opt-in consent required in strict jurisdictions; legit interest basis may apply elsewhere

3.4 Advertising and Marketing Cookies

Purpose: Track visitor behavior across websites to deliver personalized advertisements and measure campaign effectiveness.

Data Tracked:

  • Pages visited and content viewed
  • Ad impressions, clicks, and conversions
  • Purchase history and product interests
  • Search queries and browsing behavior
  • Demographic and interest data
  • Cross-site tracking and retargeting data

Providers: META (Facebook Pixel), Google Ads, Google Marketing Platform, LinkedIn Insight Tag, TikTok Pixel, Microsoft Advertising

Consent Required: Explicit opt-in consent required under GDPR, CCPA, and most privacy laws

3.5 Email and Communication Tracking

Purpose: Track email opens, link clicks, and engagement with marketing communications.

Data Tracked: Email open timestamps, clicked links, forwarding behavior, device/client information

Consent Required: Explicit opt-in for marketing emails; tracking requires additional consent

4. Third-Party Service Providers

We partner with third-party service providers who place cookies on our website. These providers are contractually obligated to protect your data and comply with privacy laws.

4.1 Analytics Providers

  • Google Analytics: Tracks website traffic, user behavior, and conversions. Privacy Policy: https://policies.google.com/privacy
  • Hotjar: Heatmaps, session recordings, and user feedback. Privacy Policy: https://www.hotjar.com/legal/policies/privacy

4.2 Advertising Platforms

  • META (Facebook/Instagram Pixel): Tracks conversions and enables retargeting. Privacy Policy: https://www.facebook.com/privacy/explanation
  • Google Ads: Conversion tracking and personalized advertising. Privacy Policy: https://policies.google.com/privacy
  • LinkedIn Insight Tag: Professional audience analytics. Privacy Policy: https://www.linkedin.com/legal/privacy-policy

4.3 Website Infrastructure

  • Hosting Providers: Server-side cookies for session management and security
  • CDN Services: Content delivery and performance optimization

5. Cookie Storage and Duration

Cookie retention varies by purpose:

  • Essential Cookies: Session duration (cleared on browser close) or up to 12 months
  • Analytics Cookies: Typically 26 months (Google Analytics default)
  • Advertising Cookies: 30 days to 2 years depending on provider and purpose
  • Preference Cookies: 1 year or longer

6. Your Choices and How to Manage Cookies

6.1 Browser-Level Cookie Management

Most web browsers allow you to control cookie behavior:

  • View stored cookies and see their content
  • Delete specific cookies or clear all cookies
  • Block cookies from specific websites
  • Block third-party cookies entirely
  • Enable "Do Not Track" signals (privacy setting)
  • Set cookies to delete automatically on browser close

Browser Instructions:

  • Chrome: Settings > Privacy and Security > Cookies and other site data
  • Firefox: Preferences > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Cookies and website data
  • Edge: Settings > Privacy > Cookies and site permissions

6.2 Opt-Out Tools and Services

Third-party opt-out services allow you to prevent tracking across multiple websites:

  • Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
  • Digital Advertising Alliance (DAA): https://optout.aboutads.info/
  • Network Advertising Initiative (NAI): https://optout.networkadvertising.org/
  • Your Online Choices (EU): https://www.youronlinechoices.com/

6.3 Impact of Blocking Cookies

Important: Blocking or deleting cookies may impact your website experience:

  • You may be logged out of accounts
  • Saved preferences will be lost
  • Website functionality may be limited
  • Personalized content may not display correctly
  • Performance analytics will be incomplete (does not affect functionality)

7. Consent Management and Legal Basis

7.1 How We Obtain Consent

For cookies requiring explicit consent (under GDPR, CCPA, PECR):

  • Consent is obtained via cookie banner or preference center on first website visit
  • We provide clear information about each cookie category and purpose
  • You can withdraw consent at any time through preference settings
  • Your consent is recorded and used to configure cookie behavior

7.2 Legal Basis for Cookie Processing

GDPR Legal Basis:

  • Consent: For advertising, marketing, and non-essential analytics cookies
  • Legitimate Interest: For analytics and functional cookies where data is anonymized or user benefit is clear
  • Legal Obligation: For compliance and security cookies required by law
  • Contractual Necessity: For session management and essential website operations

8. Data Protection and Security

Cookies and tracking data are protected through:

  • HTTPS/TLS Encryption: Data transmitted securely between browser and server
  • Secure Flag: Cookies marked as secure are only sent over encrypted connections
  • HttpOnly Flag: Cookies inaccessible to JavaScript, preventing XSS attacks
  • SameSite Attribute: Prevents CSRF attacks by restricting cross-site cookie transmission
  • Data Anonymization: Analytics data aggregated and anonymized where possible

9. International Data Transfers

Some cookie data is transferred to third parties located outside your country or the EEA. These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by authorities
  • Binding Corporate Rules (BCRs)
  • Adequacy decisions (e.g., for the US under Privacy Shield or successor frameworks)

10. Jurisdiction-Specific Notices

10.1 GDPR (EU/EEA)

You have the right to access, correct, delete, or port your cookie data. See our Privacy Policy for full data subject rights.

10.2 CCPA (California)

California residents can request to know what data is collected, delete collected data, and opt-out of "sale" of personal information. We do not sell cookies in the traditional sense but share them with advertising partners under "sharing for targeted advertising," which may be considered a "sale" under CCPA.

10.3 PECR (UK/EU)

Explicit consent is required for non-essential cookies under UK PECR and similar European regulations.

10.4 LGPD (Brazil)

Cookie data is processed with explicit consent and in compliance with LGPD security and data handling requirements.

11. Policy Updates and Changes

We may update this Cookie Policy to reflect new technologies, legal changes, or business updates. Material changes will be communicated via email or prominent website notice. Your continued website use after updates constitutes acceptance of the updated policy. Please check this page periodically for updates.

12. Contact Information

For Cookie-Related Questions:
Michal Černáček
Slovakia
michal@cernacek.com

To File a Complaint: Contact your local data protection authority or regulatory body.