Cookie Policy
This Cookie Policy explains which cookies and similar technologies are used on www.mamethod.com (the "Website") and on legal.mamethod.com, why they are used, how long they last and how you can manage your choices. It is referenced by, and forms an integral part of, our Privacy Policy.
Non-essential storage of, or access to, information on your device is disabled by default and is activated only after your prior consent. This follows Article 5(3) of the ePrivacy Directive, Article 399 of the Polish Electronic Communications Law (PKE), Article 122 of the Italian Codice Privacy, the Garante's 2021 cookie guidelines and the GDPR consent standard reflected in EDPB Guidelines 05/2020. EDPB Guidelines 2/2023 confirm that Article 5(3) also covers comparable technologies such as pixels, local storage and certain tracking identifiers.
1. What is a cookie?
A cookie is a small text file that a website asks your browser to store on your device. Similar functions can be implemented through local storage, session storage, pixels, web beacons, SDKs, device identifiers and some forms of fingerprinting (collectively, "Cookies" in this policy).
Cookies are classified by:
- duration: session or persistent;
- provenance: first-party (
mamethod.com) or third-party; - purpose: technical, functional, analytics/performance, marketing/advertising or social-media related.
2. How consent works
When the Website asks for Cookie consent, non-essential categories are off by default. The consent interface allows you to:
- accept all non-essential Cookies;
- reject all non-essential Cookies and continue with technical Cookies only;
- choose by category, with non-essential categories disabled until selected.
Closing the banner without accepting non-essential categories keeps the default refusal for those categories. We do not treat scrolling, continued browsing, silence, inactivity or pre-ticked boxes as consent.
You can change or withdraw your Cookie consent at any time by clicking "Cookie settings" or a similar privacy-preferences control in the footer of the Website. Withdrawal is effective for future processing and does not affect processing that occurred before withdrawal. You may also write to [email protected] if the preference control does not work as expected.
You can also block or delete Cookies in your browser settings. Browser controls apply to both essential and non-essential Cookies, but they may not distinguish between categories.
Blocking technical Cookies may prevent login, booking, checkout, security checks, media playback or other functions that you request from working correctly.
3. Legal bases and categories
The ePrivacy rules decide whether storing or accessing information on your device requires consent. The GDPR legal basis below applies where the Cookie or similar technology involves personal data.
| Category | When used | ePrivacy status | GDPR legal basis |
|---|---|---|---|
| Technical / strictly necessary | Security, session handling, fraud prevention, load balancing, consent storage, account, checkout and services explicitly requested by you | Exempt from prior consent where strictly necessary | Art. 6(1)(b) GDPR where needed for a requested service; Art. 6(1)(f) GDPR for security, fraud prevention and platform integrity; Art. 6(1)(c) GDPR where required by law |
| Functional | Optional preferences and optional integrations that improve the experience but are not strictly necessary | Consent unless strictly necessary for a feature you request | Art. 6(1)(a) GDPR consent, or Art. 6(1)(b) GDPR where needed for a requested feature |
| Analytics / performance | Statistics, diagnostics, error measurement and service reporting | Consent unless the tool is purely technical or meets the conditions for analytics assimilated to technical Cookies | Art. 6(1)(a) GDPR consent, or Art. 6(1)(f) GDPR only for strictly limited technical diagnostics not requiring ePrivacy consent |
| Marketing / advertising | Ad attribution, conversion measurement, retargeting, optimisation and similar advertising activity | Prior consent required | Art. 6(1)(a) GDPR consent |
| Social embeds | Embedded posts, players, social widgets and similar third-party content | Prior consent required unless the content is loaded only after your explicit request | Art. 6(1)(a) GDPR consent for non-essential embeds; Art. 6(1)(b) GDPR where necessary to deliver content you explicitly request |
4. Cookies and similar technologies used on the Website
The table below is based on the current Website configuration, provider documentation and live checks performed before this version. Provider names, domains and exact retention can change when Wix, Stripe, Cloudflare or social platforms update their infrastructure. We review this table when we add, remove or materially change Cookies, and at least annually.
4.1 Technical and strictly necessary Cookies
These Cookies support transmission, security, fraud prevention, session handling, consent recording, checkout or account features. We set them without asking for consent only where the technical or strictly necessary exemption applies.
| Name / technology | Provider | Purpose | Duration | Location / transfer mechanism |
|---|---|---|---|---|
XSRF-TOKEN | Wix | Fraud and CSRF protection for calls made by the Website | Session | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
hs | Wix | Security cookie for Wix infrastructure | Session | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
svSession | Wix | Security, stability and core site function | 12 months | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
ssr-caching / SSR-caching | Wix | Server-side rendering and cache performance | Up to 24 hours; live headers may use shorter periods such as 20 seconds | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
TS* | Wix / edge security | Attack detection and platform security | Session | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
server-session-bind, client-session-bind, client-binding | Wix | API protection and session binding | Session | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
sec-fetch-unsupported | Wix | Security and compatibility signal used by Wix when browser security headers are not fully supported | Session or short persistent period configured by Wix | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
wixSession, wixSession2, wixSession3 | Wix | Security, stability and core site function where Wix session features are used | Up to 12 months | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
bSession | Wix | Platform resilience, system effectiveness and requested Wix feature operation | 24 hours | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
fedops.logger.sessionId | Wix | Session diagnostics and error reporting for platform resilience | 12 months | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
smSession | Wix | Identifies logged-in site members where member login is used | Session | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
consent-policy | Wix | Stores Cookie choices so the Website can remember consent, refusal and category settings | Normally up to 6 months unless a shorter duration is configured | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
__stripe_mid, __stripe_sid, m | Stripe | Fraud prevention, checkout security and risk assessment in payment flows | 30 minutes to 2 years, depending on the Stripe Cookie | Ireland and USA; DPF where certified, otherwise SCCs and supplementary measures |
__cf_bm, cf_clearance, _cfuvid | Cloudflare | Bot management, challenge validation, rate limiting and anti-abuse security where Cloudflare enables those features | __cf_bm is typically 30 minutes of inactivity; cf_clearance and _cfuvid depend on the security feature enabled | EU and USA; DPF where certified, otherwise SCCs and supplementary measures |
4.2 Functional Cookies
Functional Cookies remember optional preferences or support optional integrations. They remain off unless you consent, except where a preference is strictly necessary for a feature you explicitly request.
| Name / technology | Provider | Purpose | Duration | Location / transfer mechanism |
|---|---|---|---|---|
wixLanguage | Wix | Stores a selected language on multilingual Wix pages, if that feature is active | 12 months | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
| Wix app preference storage | Wix / Wix apps | Stores optional display or feature preferences for Wix applications enabled on the Website | Up to 12 months unless the app documents a shorter period | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
4.3 Analytics / performance Cookies
Analytics and performance technologies help us understand page views, site performance, errors and service use. Wix platform diagnostics used only for security, resilience and basic service operation are treated as technical. Wix business statistics or any analytics tool that is not strictly technical is loaded only after analytics consent, unless it is configured in a way that qualifies as analytics assimilated to technical Cookies under the applicable rules.
We do not intentionally deploy Google Analytics 4, Adobe Analytics or a separate third-party analytics tag in this version. If such a tool is added, this Policy and the consent interface will be updated before it is used for EU, Polish or Italian visitors.
| Name / technology | Provider | Purpose | Duration | Location / transfer mechanism |
|---|---|---|---|---|
| Wix Analytics / Wix platform diagnostics | Wix.com Ltd | Site statistics, platform diagnostics and business reporting available through Wix | Session to 12 months depending on the specific Wix event or storage item | Israel adequacy decision; Wix sub-processors under adequacy decisions or SCCs |
4.4 Marketing / advertising Cookies
The marketing technology disclosed for this version is the Meta Pixel (Facebook / Instagram), used for ad attribution, conversion measurement and campaign optimisation. It is non-essential and remains blocked unless you opt in to marketing Cookies.
| Name / technology | Provider | Purpose | Duration | Location / transfer mechanism |
|---|---|---|---|---|
_fbp | Meta Platforms Ireland Ltd | Identifies a browser for Meta ad attribution and conversion measurement | 90 days | Ireland and USA; DPF where certified, otherwise SCCs and supplementary measures |
_fbc | Meta Platforms Ireland Ltd | Stores the Meta click identifier (fbclid) when the visitor arrives from a Meta ad link | 90 days | Ireland and USA; DPF where certified, otherwise SCCs and supplementary measures |
Meta domain Cookies, for example fr | Meta Platforms Ireland Ltd / Meta Platforms, Inc. | Ad delivery, measurement, frequency capping and related Meta advertising services when Meta technologies or embeds are reached | Normally up to 90 days for advertising Cookies, unless Meta documents a different period | Ireland and USA; DPF where certified, otherwise SCCs and supplementary measures |
We do not classify the Meta Pixel as functional, analytics-only or strictly necessary. If you reject marketing Cookies, marketing pixels and advertising embeds remain blocked.
4.5 Social-media embeds and external social links
External social links do not set those platforms' Cookies until you follow the link. Embedded posts, players, share buttons or similar widgets are non-essential and load only after consent for the relevant category or after you explicitly request the embedded content.
| Provider | When relevant | Role and transfer information | Privacy policy |
|---|---|---|---|
| Instagram / Facebook (Meta) | Meta embeds, share buttons or Meta-linked content | Meta is an independent controller for its platform processing; transfers may involve Ireland and the USA under DPF or SCCs | facebook.com/privacy/policy |
| TikTok | TikTok embeds or TikTok-linked content | TikTok is an independent controller for its platform processing; transfers may involve the UK, USA, Singapore, Malaysia and other locations under adequacy decisions or SCCs | tiktok.com/legal/privacy-policy |
| WhatsApp (Meta) | External WhatsApp contact links when you click them | WhatsApp is an independent controller for its communication service; transfers may involve Ireland and the USA under DPF or SCCs | whatsapp.com/legal/privacy-policy-eea |
5. Retention of Cookie-derived data
The duration column above describes how long the Cookie or similar storage normally remains on your device. Server-side records derived from technical Cookies, security logs, payment risk signals, analytics events or marketing events may be retained for the periods described in the Privacy Policy, including security and fraud-prevention logs for up to 24 months, marketing consent logs until consent is withdrawn plus a reasonable suppression period, and legal/accounting records where required by law.
6. Transfers outside the EEA
Cookie-related providers may process personal data outside the European Economic Area. The main transfer mechanisms used for this Cookie Policy are:
- adequacy decisions, including Israel for Wix, the United Kingdom where relevant, and the EU-US Data Privacy Framework for certified U.S. entities;
- EU Standard Contractual Clauses 2021, with supplementary measures and transfer impact assessments where required, for transfers not covered by an adequacy decision or DPF certification;
- Art. 49 GDPR derogations only for exceptional, occasional transfers where the GDPR conditions are met.
More detailed recipient and transfer information is provided in Sections 6 and 7 of our Privacy Policy. A copy of the applicable safeguard for a specific transfer can be requested at [email protected].
7. Do Not Track and Global Privacy Control
Do Not Track is not a uniform legal consent standard and is not treated as opt-in consent for non-essential Cookies. Where our consent tool can technically honour a browser signal such as Global Privacy Control, it is treated as an opt-out for non-essential categories. Otherwise, use the cookie banner, the Website's Cookie settings control, browser settings or the contact route in Section 2 to manage your choice.
8. Cookies on this legal subdomain
The subdomain legal.mamethod.com is hosted through Cloudflare Pages/CDN and serves static legal pages. It does not intentionally load analytics, advertising, third-party scripts, web fonts or embeds. It does not intentionally set first-party application Cookies. Cloudflare may set security Cookies, such as __cf_bm, cf_clearance or _cfuvid, when its bot-management, challenge, rate-limiting or anti-abuse features require them. Those Cloudflare Cookies are not used by us for advertising or analytics.
9. Updates and renewed consent
When we add, remove or materially change non-essential Cookies, we update this Cookie Policy and refresh consent where required. If you refuse or customise Cookies, we do not repeatedly ask for the same consent at every visit unless the conditions have materially changed, the Website cannot recognise your previous choice, or the applicable rules allow a new request after the relevant period. The date at the top of this page indicates the latest revision.
10. Contact
For any question about this Cookie Policy, write to [email protected].