GDPR document
Cookie Policy
Effective from: 22 May 2026
This Policy explains what cookies are, which cookies we use on olivlaw.com, for what purposes, and how you can manage your consent. The olivLaw platform is operated by VaultApps S.R.L. (vaultapps.ro). It complements the Privacy Policy.
Cookies are small text files placed on your device by websites you visit. They enable authentication, save your preferences, and measure usage.
Categories used
Strictly necessary cookies
Indispensable for Platform operation (authentication, security, CSRF prevention, consent storage). They cannot be disabled via banner; if you block them in your browser, certain sections will not work. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) and Art. 5(3) of the ePrivacy Directive (“strictly necessary” exception).
Preferences cookies
Remember language (RO/EN), geo (RO/EU/US), and other non-essential settings. Enabled by implicit consent on first visit; you can delete them from your browser at any time.
Analytics cookies
We use Google Analytics 4 (property G-YM8ES6EY1S) to measure traffic in aggregate: pageviews, sources, session duration. They are activated only with your explicit consent via banner. We apply Google Consent Mode v2 with a `denied` default and the `ads_data_redaction=true` + `url_passthrough=true` options to minimize transmitted data.
Marketing cookies
We currently do not use third-party marketing cookies and do not run retargeting campaigns. Enabling the “Advertising” category in settings switches Google Consent Mode to `granted` for `ad_storage`, `ad_user_data`, and `ad_personalization` — a signal required for any future Google Ads campaign. Until the first campaign launches, no marketing cookie is set.
Specific cookies
| Name | Category | Purpose | Retention | Provider |
|---|---|---|---|---|
| olivlaw_session | Strictly necessary | Sesiune autentificată / Authenticated session | Sesiune / Session | VaultApps (olivLaw) |
| olivlaw_csrf | Strictly necessary | Protecție CSRF / CSRF protection | Sesiune / Session | VaultApps (olivLaw) |
| olivlaw_locale | Preferences | Preferință limbă (RO/EN) / Language preference | 12 luni / 12 months | VaultApps (olivLaw) |
| olivlaw_geo | Preferences | Preferință zonă (RO/EU/US) / Geo preference | 12 luni / 12 months | VaultApps (olivLaw) |
| olivlaw_consent | Strictly necessary | Stocare consimțământ cookies (v1, ad, analytics) / Cookie-consent storage | 12 luni / 12 months | VaultApps (olivLaw) |
| _ga | Analytics | Identificator unic agregat Google Analytics 4 / Google Analytics 4 client ID | 24 luni / 24 months | Google (GA4) |
| _ga_YM8ES6EY1S | Analytics | Stare sesiune GA4 pentru proprietatea olivLaw / GA4 session state for the olivLaw property | 24 luni / 24 months | Google (GA4) |
| __cf_bm | Strictly necessary | Cloudflare bot management | 30 minute / 30 minutes | Cloudflare |
How to manage your consent
- Banner: a banner appears on your first visit with Accept all / Customize / Only necessary options. Your choice is stored for 12 months in the `olivlaw_consent` cookie.
- Granular settings: from the modal you can enable Analytics and Advertising independently. Strictly necessary cookies stay on at all times.
- Browser settings: you can block or delete cookies directly from your browser (Chrome, Firefox, Safari, Edge). See vendor instructions.
- Withdraw consent: you can withdraw consent at any time via the “Cookie settings” link in the site footer. Withdrawal does not affect the lawfulness of prior processing.
- Do Not Track / Global Privacy Control: we honor both signals. If your browser sends them, the banner is suppressed and Analytics + Advertising remain disabled automatically.
Third-party cookies
Analytics cookies (`_ga`, `_ga_YM8ES6EY1S`) are set by Google Analytics 4 only after consent. Google acts as an independent controller for that data under its own terms. We use Google Consent Mode v2 with `ads_data_redaction=true` and `url_passthrough=true` to transmit the minimum necessary.
Cloudflare sets the `__cf_bm` cookie (30-minute lifetime) for bot protection. Cloudflare acts as a processor under GDPR Art. 28 and has Standard Contractual Clauses (SCCs) for any extra-EEA transfer.
Changes
We will update this Policy whenever new cookies are added or purposes change. Material changes will be announced via banner. The current version and revision date are displayed at the top.
Cookie questions
For questions or to exercise your GDPR rights regarding cookies, write to us at the address below.
privacy@vaultapps.ro