<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=482955330209157&amp;ev=PageView&amp;noscript=1">
Skip to content
  • There are no suggestions because the search field is empty.

How should you disclose your use of Aqurate to your website visitors?

This article provides implementation steps and example wording you can use to disclose Aqurate’s on‑site recommendations and email personalization in your Privacy Policy and Cookie Policy. It also outlines how to gate Aqurate with your cookie banner/CMP and how to align with Google Consent Mode v2.

DISCLAIMER

  • This article and the sample text are examples only and do not constitute legal advice.
  • You as the customer remain solely responsible for complying with all applicable laws and for ensuring the final wording and configurations match your actual use of Aqurate and other technologies.

Implementation Checklist. 10 Steps to Go Live

Governance and contracts 

  • Check Aqurate’s Privacy Policy and DPA and review listed sub‑processors/locations (EU regions).

  • Update your Records of Processing Activities to include Aqurate.
Legal bases and wording
  • Choose and document your legal bases (consent; plus contract/legitimate interests if applicable for logged‑in personalization).
  • Update your Privacy Policy and Cookie Policy, some examples provided below.

CMP and Consent Mode v2

  • Add Aqurate as a vendor in your CMP under “Personalization” (and “Analytics” if you use that category). Block Aqurate scripts/cookies until consent; disable on withdrawal.
  • If using Google tags, ensure Consent Mode v2 is enabled and signals are sent; test EEA defaults and per‑purpose toggles.
Cookies/SDK inventory
  • List all Aqurate storage items (cookie/localStorage names, purposes, durations) in your Cookie Policy. Traditionally for Aqurate the items are named _sp_id, _sp_ses, and _sp_cookie.
Retention and data lifecycle
  • Check event/profile retention in your systems and consult the default retention for Aqurate.
  • Define and document deletion/anonymization on withdrawal or end of retention.
Rights handling
  • Ensure your access/export/delete/object workflows include Aqurate data. Provide a contact channel and SLAs.

 

What controllers must disclose about Aqurate

  • Identity and roles: You are the controller. Aqurate is your processor under a Data Processing Agreement.
  • Purposes: On‑site product/content recommendations and email personalization; related analytics/performance reporting and service improvement.
  • Data categories: Pseudonymous identifiers (cookie/SDK/user/session IDs), contact identifiers if provided (e.g., email), device/browser data (IP, user agent, OS, language, screen), interaction data (pages/products viewed, clicks, carts, purchases, and email opens/clicks). No special category data.
  • Legal bases: Consent for non‑essential cookies/trackers and associated personalization/analytics; marketing emails require consent (or soft opt‑in where permitted). If you also rely on contract or legitimate interests for some logged‑in personalization, document this and offer an objection route.
  • Profiling: Explain the logic in plain language and clarify there are no solely automated decisions with legal or similarly significant effects.
  • Recipients/transfers: Aqurate as processor; EU cloud sub‑processors (Google Cloud EMEA, Microsoft Azure Ireland, AWS EMEA).
  • Retention: Define how long you keep events, profiles/segments, and email engagement data (with clear durations or criteria).
  • Rights and choices: How users manage cookie preferences/withdraw consent, object to personalization when relying on legitimate interests, unsubscribe from marketing, and exercise GDPR rights.
  • Security: High‑level security statement (encryption, access controls).
  • Changes: How you will notify users about updates.

 

Privacy Policy (EXAMPLE)

Text placed between square brackets should be updated as per the actual use case.

Section: Personalization with Aqurate.ai

  • Provider and role

    • We use Aqurate, provided by MACHINE LEARNING SOLUTIONS SRL, 2-4 Calea Circumvalatiunii, office 210, Timisoara, Timis, Romania (“Aqurate”), to personalize our website [and our marketing emails]. Aqurate acts as our data processor under a data processing agreement and processes personal data only on our instructions.

  • What we use it for

    • On‑site recommendations: tailoring product listings, recommendations, and content to your interests.
    • [Email personalization: tailoring the content of our marketing emails and newsletters.]

  • Categories of personal data

    • Identifiers: pseudonymous cookie/SDK IDs, session ID, [customer/account ID], [email address if provided/hashed].
    • Technical data: IP address, device and browser information (e.g., type, OS, language, screen resolution), timestamps, referrer parameters.
    • Interaction data: pages and products viewed, clicks, searches, add‑to‑cart/checkout events, purchases/returns, [and email opens/clicks (for our emails)].
    • Inferences/segments based on the above. We do not use special category data.

  • Legal bases

    • We rely on your consent for the non‑essential cookies/technologies used by Aqurate and the related personalization and analytics (GDPR Art. 6(1)(a)). You can manage or withdraw consent at any time via [Cookie settings link].
    • For marketing emails, we rely on your consent (or soft opt‑in where permitted). You can unsubscribe at any time.
    • [If applicable] Some logged‑in personalization may be necessary to perform our contract (Art. 6(1)(b)) or based on our legitimate interests in improving our services (Art. 6(1)(f)). You can object at any time by contacting us at [email] or via [account settings link].

  • Profiling and how it affects you

    • We analyze your interactions (e.g., pages viewed, clicks, purchases) together with device and account/order data to infer interests. Models predict which products or content are most relevant to you and may change the order and selection of items you see on our site and in our emails. We do not make decisions with legal or similarly significant effects solely by automated means. You can withdraw consent or object as described above.

  • Recipients and transfers

    • Aqurate processes data on our behalf and may use EU‑based cloud providers (Google Cloud EMEA, Microsoft Azure Ireland, Amazon Web Services EMEA). For details, contact us.

  • Retention

    • Browsing and event data used for personalization: kept for up to [X months] after collection.
    • Email engagement data: kept while you subscribe and for up to [Y months] thereafter.
    • Aggregated or anonymized data may be retained longer.

  • Your choices and rights

    • Manage cookies/withdraw consent: [Cookie settings link].
    • Object to personalization (where we rely on legitimate interests): contact [email].
    • Unsubscribe from marketing: use the link in any marketing email or contact us.
    • Exercise your GDPR rights (access, rectification, erasure, restriction, portability, objection) by contacting [email]. We will work with Aqurate to fulfill your request.

  • Security

    • We and Aqurate apply appropriate security measures (including encryption in transit and at rest and access controls).

 

Cookie Policy (EXAMPLE)

Text placed between square brackets should be updated as per the actual use case.

Aqurate Entry

Vendor: Aqurate (MACHINE LEARNING SOLUTIONS SRL)

Purpose: Personalization of on‑site content and product recommendations; related performance reporting and service improvement; personalization of marketing email content (if subscribed).

Technologies used: First‑party cookies and/or local storage to store a pseudonymous user/visitor ID and session ID; event tracking for interactions (e.g., product views, clicks, carts, purchases). Personal data processed: Pseudonymous IDs, device/browser data (including IP address), URLs and on‑site events, purchase events, and aggregated performance metrics.

Type: Non‑essential; only set with your consent.

Retention: User identifier up to [X months]; session identifier until end of session/[Y minutes]; adjust if you clear cookies or withdraw consent.

Control: You can grant or withdraw consent at any time via [Cookie settings link]. If you disable the “Personalization” [and/or “Analytics”] category, Aqurate’s cookies and tracking will not run.

 

Note on Google Consent Mode v2 (for your Cookie Policy and CMP)

If you use Google tags, your CMP must send Consent Mode v2 signals in the EEA/UK: ad_storage, analytics_storage, ad_user_data, ad_personalization.

Aqurate should be controlled by your CMP category for “Personalization” (and, if you group it there, “Analytics”). Ensure your Aqurate loader/tag is blocked until “Personalization” consent is granted and is disabled on withdrawal.

Keep your Cookie Policy clear that:
  • Turning off “Personalization” prevents Aqurate from setting or reading non‑essential identifiers.
  • Your Google tags respect Consent Mode v2 signals (analytics_storage/ad_storage/ad_user_data/ad_personalization). These signals are for Google technologies; Aqurate should follow your CMP’s “Personalization” setting.
Implementation tips:
  • Default to denied in EEA/UK until consent.
  • On consent change, immediately enable/disable Aqurate and delete its identifiers if you implement deletion on withdrawal.
  • Document how CMP choices map to tag behavior for audits.