Knowledge Base

What data does Real Cookie Banner process?

Real Cookie Banner is a consent management plugin for WordPress. You can use it to obtain consent to set cookies and process personal data from your website visitors. This requires Real Cookie Banner itself to set cookies and process (personal) data. We explain below what and where Real Cookie Banner stores and reads data on your website.

What data from website visitors does Real Cookie Banner process?

Real Cookie Banner sets the cookies mentioned below. In addition, it stores the consent provided by the website visitor in the cookie banner, so that you as the website operator can comply with the obligation to disclose under the GDPR.

Practically, this means that each consent of your website visitors is stored in the database of your WordPress website. You can view them visually prepared in your WordPress backend under Cookies > Consent > List of consents and export them.

In addition – logically – the cookie banner will be displayed in the browser of the website visitor, where data will be processed. If the “Geo Restriction” feature has been activated by the website operator, the visitor’s IP address is used to determine the visitor’s country. For this purpose, the MaxMind GeoIP2 database is used, which is stored locally in the WordPress of the accessed website. This means that the IP address is not transmitted to a third server for location determination.

Documentation of consent

Each consent is documented to fulfill the obligation to disclose. This involves documenting the following data per consent:

  • id: Incremental identification number of the documented consent.
  • ipv4: IPv4 address of the website visitor (disabled by default, as it may be considered personal date within the EU).
  • ipv6: IPv6 address of the website visitor (disabled by default, as it may be considered personal date within the EU).
  • ipv4_hash: IPv4 address without the last octet as a salted SHA256 or as a fallback MD5 hash to prevent an attack by mass storage of consents by an IP address range.
  • ipv6_hash: IPv6 address without the last octet as salted SHA256 or as fallback MD5 hash to prevent an attack by mass storage of consents by an IP address range.
  • uuid: UUID is a server-side randomly generated pseudonymous unique identification number of the website visitor, under which all consents given by the website visitor are documented as long as the cookie exists in which his UUID is stored in his terminal device.
  • revision: Hash that allows to assign which settings of the cookie banner (texts, colors, features, service groups, services, content blockers, etc.) were used at the time of consent to play out the cookie banner. Changes to these settings will result in the visitor’s consent being obtained again.
  • revision_independent: Hash that lets assign which cookie banner settings (texts, colors, features, service groups, services, content blockers, etc.) were used at the time of consent to play out the cookie banner. Changes to these settings do not result in the visitor’s consent being obtained again.
  • previous_decision: MD5 hashes of consents that the website visitor with this UUID has already given prior to this consent, in order to provide a history of consents in terms of the website visitor’s information rights.
  • decision_hash: MD5 hash over the data of the entire consent.
  • decision: services and its service groups to which the website visitor has consented. Each service and service group is thereby represented by a unique identification number (ID).
  • blocker: If consent was given via a content blocker, the unique identification number (ID) of the content blocker.
  • button_clicked: Button in the cookie banner, which the website visitor has clicked to give consent. This allows the origin of the consent to be traced in retrospect.
  • context: Consents are obtained per context (e.g. WordPress website ID or website language). How a context is structured is explained in more detail in the cookie real_cookie_banner_* definition.
  • viewport_width: width of the viewport in px in which the website in the browser of the website visitor, at the time consent was given. This allows the origin of the consent to be tracked in retrospect.
  • viewport_height: height of the viewport in px in which the website in the website visitor’s browser, at the time consent was given. This allows the creation of the consent to be tracked in retrospect.
  • referer: URL on which the consent was given. Thus, in retrospect, the origin of the consent can be traced.
  • pure_referer: URL on which the consent was given, but without query parameters, which does not belong to the definition of the page as defined in the permalink structure configured in the WordPress settings. This allows in retrospect the origin of consent to be tracked and aggregated to show on which subpage consents were granted.
  • url_imprint: URL of the imprint linked in the cookie banner.
  • url_privacy_policy: URL of the privacy policy that was linked in the cookie banner.
  • dnt (deprecated): used before Real Cookie Banner version 2.0.0 to indicate that consent was given via the Do Not Track HTTP header (replaced by custom_bypass).
  • custom_bypass: If consent was not given by hand, the technical mechanism through which consent is given. geo represents geo-restriction functionality and dnt represents minimal consent (refusal of all non-essential services) via the Do Not Track HTTP header. Additional technical mechanisms can be defined by the website operator using the Real Cookie Banner developer API.
  • created: Date and time when consent was given and documented.
  • forwarded: If consent was obtained via Consent Forwarding on a third party website, its website URL.
  • forwarded_blocker: If consent was obtained via Consent Forwarding on a third party website and consent was obtained there via a content blocker, the unique identification number (ID) of the content blocker.
  • user_country: If the “Geo Restrictions” feature is enabled, the country from which the website visitor most probably came is stored. This information was determined at the time of consent based on a comparison of the website visitor’s IP address with a locally stored copy of the MaxMind GeoIP2 database.
  • tcf_string: If consents are obtained for vendors, purposes, special Purposes, features, and special features according to the TCF v2.0 or newer standard, consents to these are formatted as TC String.

Where does Real Cookie Banner process (personal) data?

Real Cookie Banner is a consent management WordPress plugin. That means you install Real Cookie Banner completely in your WordPress website. The plugin creates database tables in your WordPress database during installation, where all settings, but also consents of your visitors are stored. In addition, the Real Cookie Banner extends the interfaces and routines of your WordPress so that, among other things, consent of your visitors can be stored.

Real Cookie Banner is installed and run on your webspace (so it does not run in a “cloud” of us). You configure the cookie banner according to your wishes and the individual requirements of your website. If the cookie banner is shown, this is done from your webspace (no data is ever downloaded from our servers by your visitors). The consents are collected, processed and documented on your webspace. With our solution, consents are never transferred to our servers, captured or processed there.

Furthermore, we as the manufacturer of Real Cookie Banner have no access to the settings or individual documented consents. Unless you explicitly and proactively give us access to your WordPress installation as part of a support request.

Do you need a data processing agreement for Real Cookie Banner?

Based on the type of data processing described in the preceding, we have the legal opinion not to be a data processor in the sense of Art. 28 GDPR.

We have deliberately chosen this approach so that everything takes place on your server and therefore under your sovereignty so that we make the use of our software as uncomplicated as possible for you legally.

As a consequence, currently we do not offer a data processing agreement and do not consider a reference to data processing by devowl.io GmbH in your privacy policy necessary.

What cookies does Real Cookie Banner set?

Real Cookie Banner sets cookies and cookie-like information on your website visitor’s device. These are technically necessary to store your website visitor’s choices and to load services to which he has consented on the website.

Cookies for all visitors

The following cookies and cookie-like information are stored by Real Cookie Banner for all website visitors. * in the name of the cookie stands for a placeholder, which is explained in more detail for the respective cookie.

The visitors of your website are informed in the Real Cookie Banner service in the cookie banner that these cookies are set. In this way, you fulfill your obligation to inform. The cookies are set on the basis of the fulfilment of a legal obligation (obtaining consent to set cookies and process personal data) according to Art. 6 GDPR.

real_cookie_banner-test

  • Type: HTTP Cookie
  • Host: Domain where your website is hosted
  • Duration: 365 days (default)
  • Purpose: The cookie is set to test whether HTTP cookies can be set. It will be deleted immediately after the test.

real_cookie_banner_*

  • Type: HTTP Cookie
  • Host: Domain where your website is hosted
  • Duration: 365 days (default)
  • Purpose: The cookie stores the UUID (Universally Unique Identifier) of the website visitor. The UUID is a server-side randomly generated pseudonymous unique identification number of the website visitor, under which all consents given by the website visitor are documented as long as this cookie exists. In addition, a revsion hash is stored, which makes it possible to look up which settings (texts, colors, features, service groups, services, content blockers, etc.) were used to display the cookie banner at the time of consent. Furthermore, the cookie stores which services from which service groups the visitor consented to. Each service and each service group is represented by a unique identification number (ID).
  • Placeholder: One cookie of this type is written and read per context of a WordPress website. There are the following contexts:
    • WordPress Blog: A WordPress installation can contain one or more (called WordPress Mulisite) WordPress websites (technically called “blog”). Each WordPress websites has a unique ID. Consequently, for the default WordPress single site installation, -blog:1 is appended to the cookie name as context. If one is in a WordPress multisite, for example, in the WordPress website with ID 3, then -blog:3 is appended as the context.
    • Website language: WordPress websites can be output in multiple languages using multilanguage plugins such as WPML, Polylang, TransatePress or Weglot. Per language, a separate consent is obtained by default in the cookie banner. For example, -lang:en_US for English (United States) or -lang:de_DE for German (Germany) is appended as context.
    • Individual context: The website operator can extend Real Cookie Banner individually via its developer API. Thereby, further contexts can be programmatically defined.

real_cookie_banner_*-tcf

  • Type: HTTP Cookie
  • Host: Domain where your website is hosted
  • Duration: 365 days (default)
  • Purpose: If consents are collected under the Transparency & Consent Framework (TCF), the cookie stores consents given in TCF vendors, purposes, special purposes, features, and special features in the standardized TC String format.
  • Placeholder: One cookie of this type is written and read per context of a WordPress website. The contexts are designed the same way as for the real_cookie_banner_* cookie.

Cookies for specific visitors

The following cookies and cookie-like information is stored by Real Cookie Banner for logged-in visitors who have at least the edit_posts permission in the WordPress permission system. * in the name of the cookie stands for a placeholder, which is explained in more detail with the respective cookie.

real_queue-test

  • Type: Local Storage
  • Host: Domain where your website is hosted
  • Purpose: The cookie is set to check if entries can be set in Local Storage. It will be deleted immediately after the test.

real-queue-restore-jobs-*

  • Type: Local Storage
  • Host: Domain under which your website is operated
  • Purpose: Real Cookie Banner brings a queuing system that allows it to process tasks in the browser. This is used, for example, for the service scanner feature. Jobs in a queue can be assigned to a browser to process. The cookie stores jobs that have already been assigned to the browser but have not yet been fully processed. Each job is thereby represented by a unique ID.
  • Placeholder: One such cookie is set per website within a WordPress installation. The website is represented at by a MD5 hash of site URL and blog ID.

real-queue-lock-tab-*

  • Type: Local Storage
  • Host: Domain under which your website is operated
  • Purpose: In the queuing system described earlier, each browser is supposed to process only one queue, and not one queue per open tab where the queue script is executed. Therefore, the tab that is currently processing the queue stores the current time as a UNIX timestamp every 3 seconds to indicate that it is still processing the queue. Other tabs read this information periodically to be able to take over the processing of the queue if necessary.
  • Placeholder: One such cookie is set per website within a WordPress installation. The website is represented at by a MD5 hash of site URL and blog ID.

WordPress Plugins by devowl.io

Find helpful articles

Topics

Menu
GDPR Cookie Consent with Real Cookie Banner