Skip to main content

    Cookie policy

    How we use cookies and similar technologies on our website.

    1. About this policy

    This Cookie Policy explains which cookies and similar storage technologies we use on our websites, why we use them, and how you can manage them. It applies to all Digital Front domains, including digitalfront.nl and any subdomains.

    This policy supplements our Privacy Policy. For full information on how we process personal data, including data collected via cookies, please refer to our Privacy Policy. In the event of any inconsistency, the Privacy Policy shall prevail.

    2. Who we are

    Digital Front is the data controller for the cookies and tracking technologies on our websites, as defined in the General Data Protection Regulation (GDPR) and the Dutch Telecommunications Act.

    Digital Front VOF (General Partnership)

    Erich Salomonstraat 572
    1087 KC Amsterdam

    Visits by appointment only.

    KVK (Chamber of Commerce) number: 42014733

    VAT number: NL869298306B01

    Email: info@digitalfront.nl

    3. What are cookies?

    Cookies are small text files that websites store on your device when you visit them. They help the site remember your preferences and understand how you use the site. In addition to traditional cookies, we also use similar browser technologies such as localStorage and sessionStorage, which store data directly in your browser.

    • First-party storage is set by the website you are visiting (our domains). It can only be read by our site.
    • Third-party cookies are placed by external services embedded on our site, such as booking tools or error-tracking services. These services may read their cookies across different websites.

    4. Legal basis

    Dutch law requires us to explain the legal basis for each type of cookie.

    Strictly necessary cookies: no consent required

    Cookies that are strictly necessary for the service you have requested are exempt from the consent requirement under article 11.7a(3) of the Dutch Telecommunications Act. For the associated data processing we rely on our legitimate interests under article 6(1)(f) GDPR. You cannot disable these cookies because the site will not function without them.

    Analytical and functional cookies: your consent

    All other cookies require your prior consent under article 11.7a(1) of the Dutch Telecommunications Act and article 6(1)(a) GDPR. We never place these cookies before you have made an active choice. You can accept, refuse, or adjust your preferences at any time.

    5. Cookies we use

    A complete overview of all cookies and browser storage used on our site, grouped by category.

    Strictly necessary

    Required for the website to function. These cannot be disabled.

    NamePurposeDurationType
    df_consentStores your cookie preferences (which categories you have accepted or refused).1 yearFirst-party cookie
    theme (localStorage)Remembers your dark/light mode preference so the site loads with the chosen theme.PersistentFirst-party localStorage
    df_chat_messages (sessionStorage)Keeps your chat conversation in the current browser tab so you do not lose context while navigating.Tab sessionFirst-party sessionStorage
    df_form_draft (sessionStorage)Stores your contact form draft so your message is not lost if you accidentally navigate away.Tab sessionFirst-party sessionStorage

    Analytical & error tracking

    Vercel Analytics and Speed Insights run on every visit without cookies under our legitimate interest (GDPR Art. 6(1)(f)). Sentry error tracking is only loaded after you give consent via the toggle.

    NamePurposeDurationType
    Vercel AnalyticsAnonymous page-view counts. No cookies, no identifiers. Visitors are deduplicated via a 24-hour rotating hash of IP and user agent, which cannot be linked back to you.Per page view (no persistent storage)First-party (Vercel), cookieless, legitimate interest
    Vercel Speed InsightsCore Web Vitals performance metrics (load speed, interactivity, visual stability). No cookies or identifiers, measurements are anonymous.Per page view (no persistent storage)First-party (Vercel), cookieless, legitimate interest
    SentryError tracking and performance diagnostics so we can fix bugs quickly. Loaded only after you accept the toggle. Data is processed in the US under Sentry's Data Processing Agreement.Browser session (deleted when browser closes)Third-party (Sentry), consent required

    Functional

    Enable features such as booking an appointment. Only loaded after you give consent.

    NamePurposeDurationType
    Cal.euEnables the calendar booking widget embedded on our site. Sets a persistent cookie (__clnds, 1 year) and session cookies for slot reservation and booking flow.__clnds: 1 year. Session cookies: deleted when browser closesThird-party (Cal.eu, EU-hosted)

    AI chat

    Enables the AI assistant. Messages are forwarded to OpenAI (US) for processing. Only active after you give consent.

    NamePurposeDurationType
    OpenAI API (chat session)Processes your chat messages to generate AI responses. Messages are sent to OpenAI servers in the United States.30 days (server-side)Third-party API (OpenAI)

    6. Third parties and data transfers

    Some cookies are placed by external services embedded on our site. These services may process data outside the European Economic Area (EEA). The table below shows where each provider is located and which safeguards apply:

    ServicePurposeLocation
    VercelHosting, analytics, and performance monitoringUS (EU SCCs + Data Privacy Framework)
    SentryError tracking and performance monitoringUS (EU SCCs + Data Privacy Framework)
    Cal.euAppointment scheduling and bookingEU (European Union)
    OpenAIProcessing of AI chat messagesUS (EU Standard Contractual Clauses)
    ResendEmail delivery for contact form submissionsUS (EU Standard Contractual Clauses)
    CloudflareInvisible bot detection on the contact form (Turnstile). Loaded without consent under the ePrivacy 'strictly necessary' exemption. Does not set cookies; processes browser signals only for the single verification step.US (EU Standard Contractual Clauses + Data Privacy Framework)

    All providers act as processors on our behalf. Where data is transferred outside the EEA, we use EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework to ensure an adequate level of protection.

    7. Your consent

    On your first visit to our site, a cookie banner appears with three options: Accept all, Reject all, or Customise.

    • No pre-loading: analytical and functional cookies are never placed before you have made an active choice. If you do nothing, only strictly necessary cookies are used.
    • Your choice is stored in a first-party cookie (df_consent, valid for one year) and recorded in a pseudonymised audit log in which your IP address is hashed with a daily rotating key hash.
    • You can change your choice at any time by clicking the cookie icon at the bottom left of any page. Withdrawing consent is as easy as giving it, as required by article 7(3) GDPR. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.
    • Our cookie banner gives equal visual weight to all options. We do not use dark patterns or pre-ticked boxes.
    • You have access to the full site even if you refuse all non-essential cookies. We never make access to content or functionality conditional on accepting tracking cookies.

    8. Managing cookies

    You have two ways to manage cookies:

    • Our cookie settings: click the cookie icon at the bottom left of any page to reopen the banner and adjust your preferences.
    • Your browser settings: you can delete or block cookies via your browser. Please refer to your browser's help pages for instructions. Note that blocking all cookies, including strictly necessary ones, may cause the site to function improperly.

    If you delete cookies in your browser, your df_consent cookie will also be removed. On your next visit, the banner will appear again so you can make a new choice.

    9. How long we keep cookie data

    Different cookies and related data have different retention periods:

    • Consent cookie (df_consent): 1 year, then automatically deleted.
    • Theme preference (localStorage): until you clear your browser data.
    • Analytics beacons (Vercel Analytics, Speed Insights): per page view, no persistent storage. Sentry session cookies: deleted when you close your browser. Cal.eu: __clnds cookie persists for 1 year, session cookies are deleted when you close your browser.
    • Chat messages (sessionStorage): deleted when you close the browser tab.
    • Form drafts (sessionStorage): deleted when you close the tab or submit the form.
    • AI chat sessions (server-side): 30 days, then automatically deleted via Redis TTL.
    • Consent log: 5 years, in accordance with the accountability requirement in article 7(1) GDPR and guidance from the Dutch Data Protection Authority.

    External providers may retain data in accordance with their own policies. We recommend consulting their privacy policies directly.

    10. Your rights

    Under the GDPR, you have the following rights in relation to personal data processed via cookies:

    • Right of access: to request which data we hold about you.
    • Right to rectification: to have inaccurate data corrected.
    • Right to erasure: to request deletion of your data.
    • Right to restriction: to ask us to temporarily stop processing.
    • Right to data portability: to receive your data in a machine-readable format.
    • Right to object: to object to processing based on legitimate interests.
    • Right to withdraw consent: to withdraw your cookie consent at any time, without affecting the lawfulness of earlier processing.

    To exercise any of these rights, please email info@digitalfront.nl. We will respond within one month, as required by article 12(3) GDPR.

    If you believe we have not handled your request properly, you have the right to lodge a complaint with the Dutch supervisory authority:

    Autoriteit Persoonsgegevens

    autoriteitpersoonsgegevens.nl

    +31 (0)88 1805 250

    11. Changes to this policy

    We may update this Cookie Policy when we add or remove cookies, change providers, or when the law requires it. The "last updated" date at the top of this page always shows the most recent version. For material changes that require renewed consent, such as adding a new cookie category, we will reset your preferences and show the cookie banner again.

    12. Questions?

    Questions about our use of cookies? Please email info@digitalfront.nl. We aim to respond within one month.