Cookie policy

1. What are cookies

Cookies are small text files that websites place on your device when you visit them. They are widely used to make websites work, to improve efficiency, and to provide information to the operators of a site. Some cookies are deleted when you close your browser (session cookies), while others remain on your device until they expire or you delete them (persistent cookies).

Cookies can be set by the website you are visiting (first party cookies) or by third party services that the website uses, such as analytics or security providers.

2. How we use cookies

Gatekick Labs Limited ("Gatekick Labs", "we", "us") uses a limited number of cookies on gatekick.com. We use cookies for two purposes.

• Security. Cloudflare sets cookies to protect our website from automated abuse and to verify that visitors are genuine users. These cookies are strictly necessary for the operation of the site.
• Analytics. Google Analytics 4 sets cookies to help us understand how visitors use our website, which pages are visited most often, and how users navigate through the site. This data helps us improve the experience for everyone.

We do not use any marketing cookies, retargeting cookies, or social media tracking pixels.

3. Types of cookies we use

Strictly necessary cookies

These cookies are essential for the website to function correctly. They are used by Cloudflare to provide security, bot protection, and content delivery. Because they are strictly necessary, they do not require consent under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC) as transposed into Maltese law.

Cookie name	Provider	Purpose	Duration	Type
cf_clearance	Cloudflare	Set after a visitor successfully completes a Cloudflare Turnstile challenge. Proves the visitor has passed the security check so they are not challenged again on subsequent requests. Used only on the contact page.	Up to 30 minutes	Strictly necessary
__cf_bm	Cloudflare	Bot management cookie. Distinguishes between humans and automated bots to protect the website from malicious traffic.	30 minutes	Strictly necessary
__cflb	Cloudflare, Inc.	Load balancing cookie used by Cloudflare CDN to route traffic efficiently and ensure consistent delivery of site content.	Up to 24 hours	Strictly necessary
CookieConsent	Cookiebot (Usercentrics A/S, Denmark)	Stores your cookie consent state (which categories you accepted or refused) for the gatekick.com domain so we can respect your choice on subsequent visits and demonstrate compliance with the GDPR.	1 year	Strictly necessary

Analytics cookies

These cookies are set by Google Analytics 4 (GA4). They are used to understand how visitors use our website. The data is pseudonymous: GA4 assigns each browser a randomly generated identifier (the _ga cookie) that allows us to distinguish visitors and measure traffic, but we do not receive your name, email, or other directly identifying data. IP addresses are truncated by Google before storage and are not stored on Google's servers.

Under Article 5(3) of the ePrivacy Directive (as transposed in Malta by S.L. 586.01) and Article 6(1)(a) of the GDPR, analytics cookies require your prior consent before they are set. If you have not given consent, these cookies are blocked automatically by Cookiebot together with Google Consent Mode v2.

Cookie name	Provider	Purpose	Duration	Type
_ga	Google Ireland Limited (GA4)	First-party cookie set on .gatekick.com. Assigns a randomly generated identifier to each browser. Used to distinguish visitors and to calculate visitor, session, and campaign data.	2 years (cookie TTL)	Analytics
_ga_MT4FY4HL0C	Google Ireland Limited (GA4)	First-party cookie set on .gatekick.com. Persists session state and engagement data for the GA4 property identified by measurement ID G-MT4FY4HL0C.	2 years (cookie TTL)	Analytics

The durations above refer to how long the cookie persists on your device. Separately, Google retains event-level analytics data on its servers for 14 months, after which it is automatically deleted. Note that the GA4 client identifier remains personal data under Article 4(1) GDPR even though we do not combine it with other identifiers to single you out.

4. Third party processors and international transfers

Gatekick Labs Limited is the controller of personal data processed via cookies on gatekick.com. The cookies described above are set in cooperation with the following processors (Article 4(8) GDPR):

• Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), which operates Google Analytics 4 on our behalf under a Data Processing Addendum (Article 28 GDPR). Data may be transferred to Google LLC in the United States. You can read Google's privacy policy at policies.google.com/privacy.
• Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, United States), which provides security and content delivery services for gatekick.com under its Customer Data Processing Addendum. You can read Cloudflare's privacy policy at cloudflare.com/privacypolicy.
• Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark), which operates the Cookiebot consent management platform on our behalf. Consent records are processed within the European Union and are not transferred to a third country. See section 5 below.

We do not share cookie data with any other third parties, and we do not permit any third party to use cookies on our website for advertising, retargeting, or cross-site tracking purposes.

International transfers. Google LLC and Cloudflare, Inc. are established in the United States. Transfers to these providers are safeguarded by the European Commission's adequacy decision of 10 July 2023 establishing the EU-US Data Privacy Framework (C(2023) 4745), under which both providers are certified. Where the EU-US Data Privacy Framework does not apply to a specific data flow, transfers also rely on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) supplemented by appropriate technical and organisational measures as required by Chapter V of the GDPR. You may request a copy of the relevant transfer safeguard by contacting us at [email protected].

5. Consent and our consent management platform

Under Article 5(3) of the ePrivacy Directive (as transposed in Malta by Subsidiary Legislation 586.01) and Article 6(1)(a) of the GDPR, storing or accessing information on a visitor's device requires the visitor's prior, freely given, specific, informed, and unambiguous consent, unless the cookie is strictly necessary for the provision of the service explicitly requested by the visitor (Article 5(3) ePrivacy Directive). Strictly necessary cookies are therefore exempt from the consent requirement; the lawful basis for any processing they involve is our legitimate interest in securing the website (Article 6(1)(f) GDPR). Analytics cookies are not strictly necessary and require your prior consent.

To collect, store, and demonstrate consent in compliance with the GDPR and the ePrivacy Directive, gatekick.com uses Cookiebot by Usercentrics A/S as its consent management platform. Usercentrics A/S is established at Havnegade 39, 1058 Copenhagen, Denmark — within the European Union — so consent records are not transferred to a third country.

When you first visit gatekick.com, Cookiebot displays a consent banner. The banner presents "Accept all", "Reject all", and "Customise" options at the same visual prominence and with equal click-effort, in line with EDPB Guidelines 03/2022 on deceptive design patterns. No option is pre-selected, continued browsing is not treated as consent, and access to gatekick.com is not conditional on accepting non-essential cookies (no cookie wall). You may accept only strictly necessary cookies, or grant granular consent separately for analytics. We additionally use Google Consent Mode v2 with all signals defaulted to "denied", so analytics tags will not fire until you actively grant consent.

Your consent choice is recorded by Cookiebot together with the date and time, your IP address (which Cookiebot truncates so the stored value cannot identify you directly), the website domain, the consent state (which categories you accepted or refused), your browser user agent, and the version of the consent banner you saw. The legal basis for this consent log is Article 6(1)(c) GDPR — compliance with our legal obligation under Article 5(3) of the ePrivacy Directive read together with our accountability duty under Articles 5(2) and 7(1) GDPR to demonstrate that valid consent was given. The consent record is retained for 12 months from the date of collection, after which Cookiebot will prompt you for fresh consent. Consent records are kept solely for compliance demonstration and are not used for any other purpose.

Information about how Cookiebot processes your data is available in Cookiebot's privacy policy.

6. Your choices and how to withdraw consent

You have full control over the cookies that are set on your device. Under Article 7(3) GDPR you can withdraw your consent at any time, free of charge, and as easily as you gave it (a single click reopens the banner; a second click records your new choice). The change takes effect immediately. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

• Change or withdraw your consent. Click the cookie icon shown in the lower-left corner of every page on gatekick.com to reopen the Cookiebot banner, or use this button: Change my cookie preferences.
• Delete the consent record. Cookiebot stores your consent choice in a cookie called CookieConsent. Deleting this cookie from your browser will cause the consent banner to reappear on your next visit, allowing you to make a fresh choice.
• Right to be informed. The full list of cookies and trackers in use, together with their providers, purposes, and expiration, is shown to you in the Cookiebot banner before you give consent. The same list is reproduced in section 3 of this policy.
• Browser settings. Most web browsers allow you to block or delete cookies through their settings. Consult your browser's help documentation for specific instructions. Note that blocking strictly necessary cookies may affect the functionality of the website.
• Google Analytics opt out. In addition to withdrawing consent through Cookiebot, Google provides a browser add-on that opts you out of Google Analytics tracking across all websites. You can download it at tools.google.com/dlpage/gaoptout.
• If Cookiebot is blocked on your device. Some privacy-focused browsers and content blockers prevent consent.cookiebot.com from loading. If this happens, our site is configured to block all non-essential cookies by default — including Google Analytics — through Google Consent Mode v2, so no analytics cookies will be set. To enable analytics in that situation, allow Cookiebot for gatekick.com in your blocker and reload the page.
• Do Not Track and Global Privacy Control. Some browsers send a Do Not Track (DNT) or Global Privacy Control (GPC) signal. There is currently no universal legal standard requiring response to either signal in the EU; we do not currently honour DNT or GPC automatically and rely on the Cookiebot consent mechanism. We will revisit this if EU or Maltese regulators issue binding guidance.

For more information about cookies in general, visit allaboutcookies.org. For a full description of how we process personal data beyond cookies, including all your data subject rights, see our privacy policy.

7. Your rights and how to complain

In relation to personal data processed via cookies on gatekick.com, you have the rights described in Articles 15–22 of the GDPR, including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing carried out on the basis of legitimate interest (including bot-protection logging). To exercise any of these rights, email [email protected]. We will respond within one month of receipt of your request, as required by Article 12(3) GDPR. Where necessary, that period may be extended by two further months and we will inform you of any extension within one month.

You also have the right to lodge a complaint with a data protection supervisory authority. Our lead supervisory authority is the Office of the Information and Data Protection Commissioner (IDPC) in Malta — Level 2, Airways House, High Street, Sliema SLM 1549, Malta; telephone +356 2328 7100; email [email protected]; website idpc.org.mt. You may also complain to the supervisory authority of your EU/EEA Member State of habitual residence, place of work, or place of the alleged infringement (Article 77 GDPR).

8. Changes to this policy

We may update this cookie policy from time to time to reflect changes in the cookies we use, changes in applicable law, or changes in our practices. We use major.minor version notation: minor revisions (wording, clarifications) increment the minor number (1.1, 1.2…); material changes that alter the substance of our processing or your rights increment the major number (2.0) and will trigger Cookiebot to re-display the consent banner so you can review and update your choices. When we make changes, we will update the version number and effective date at the top of this page. We encourage you to review this policy periodically.

This policy will be updated to reflect the forthcoming ePrivacy Regulation once adopted and applicable.

9. Contact

If you have any questions about this cookie policy or about the cookies used on gatekick.com, you can contact us at [email protected].

Gatekick Labs Limited, a limited liability company incorporated in Malta under company number C 115354, with registered address at Tigne Towers 90/1, Tigne Street, Sliema, Malta. We are subject to the General Data Protection Regulation (Regulation (EU) 2016/679), the ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC) as transposed in Malta by S.L. 586.01, and the Maltese Data Protection Act (Chapter 586). We have not appointed a Data Protection Officer because our processing activities do not meet the criteria in Article 37(1) GDPR; for all data-protection matters please contact us at [email protected].