Documento attualmente in ingleseQuesto documento legale è mantenuto in un'unica versione di riferimento in lingua inglese. Una traduzione italiana certificata è in fase di preparazione. Per il testo legale integrale e attuale, fai riferimento alla versione inglese: Leggi la versione in inglese →

Cookie Policy

Version 1.2026

Last updated: June 2026

1. What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and supply information to site operators. Similar technologies include web beacons, pixels, and local storage.

This Cookie Policy explains which cookies and similar technologies we use on the GIORIZZ platform (giorizz.com), why we use them, and how you can manage your preferences.

This policy should be read together with our Privacy Policy, which explains how we process your personal data more broadly.

2. Essential Cookies (Strictly Necessary)

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually set only in response to actions you take, such as logging in, setting your language preferences, or filling in forms.

Cookie / Technology	Purpose	Duration
Supabase session cookies	User authentication and session management	Session / 7 days
Next.js locale cookie	Language preference persistence	1 year
CSRF token	Cross-site request forgery protection	Session
Partner/concierge session	Authentication for B2B partner and concierge portals	Session / 24 hours

Legal basis: these cookies are strictly necessary for the provision of the service you have requested and are exempt from consent requirements under Article 5(3) of the ePrivacy Directive (2002/58/EC) and Article 122 of the Italian Privacy Code (D.Lgs. 196/2003).

3. Analytics & Performance

To understand how visitors use our platform and to monitor its performance, we use Vercel Analytics and Vercel Speed Insights — privacy-focused, first-party tools that:

Do not use advertising cookies or enable cross-site tracking
Collect only anonymised, aggregated data (page views, performance metrics)
Do not create user profiles or share data with third parties for their own purposes

We also use Sentry for application error and crash monitoring. Its optional Session Replay and performance tracing features — which capture masked interaction data to help us reproduce errors — belong to this analytics category.

These analytics and performance tools are loaded only after you opt in via the “Analytics” toggle in our cookie banner. If you decline them, or if your browser sends a Global Privacy Control (GPC) signal, they are not loaded at all. You can change your choice at any time through the banner.

Legal basis: consent (Article 6(1)(a) GDPR and Article 5(3) of the ePrivacy Directive). Basic error and crash monitoring without Session Replay or performance tracing may run on the basis of our legitimate interest in the security and integrity of the service (Article 6(1)(f) GDPR).

4. Security Technologies

We use Cloudflare Turnstile as a CAPTCHA mechanism to protect our platform from automated abuse, bots, and credential-stuffing attacks.

Technology: Cloudflare Turnstile (non-interactive challenge)
Data processed: browser fingerprint and interaction signals (used to distinguish humans from bots)
Duration: session only (no persistent cookies)
Purpose: security of authentication endpoints (signup, login, password reset)

Legal basis: Turnstile is classified as a security measure necessary to protect the service from attacks. Security technologies are exempt from consent requirements under the ePrivacy Directive, as confirmed by EDPB guidance on the scope of the “strictly necessary” exemption.

5. Cookies We Do NOT Use

For clarity, GIORIZZ does not use:

Third-party advertising or retargeting cookies
Social media tracking pixels (Facebook Pixel, LinkedIn Insight, etc.)
Cross-site tracking technologies
Fingerprinting for advertising purposes
Google Analytics, Google Tag Manager, or any Google advertising products

6. How to Manage Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View what cookies are set and delete them individually
Block third-party cookies
Block cookies from specific sites
Block all cookies
Delete all cookies when you close the browser

Please note that blocking essential cookies may prevent you from using certain features of our platform, including logging in and making bookings.

Browser-specific instructions:

Chrome: Settings > Privacy and Security > Cookies and other site data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Cookies and site permissions

6.1 Global Privacy Control (GPC)

We honour the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we treat it as a valid opt-out request for any non-essential data processing, in compliance with the California Privacy Rights Act (CPRA) and other applicable laws.

7. Google Consent Mode v2

Although GIORIZZ does not currently use Google advertising or analytics products, our platform is compatible with Google Consent Mode v2. Should we integrate Google services in the future, we will:

Implement a consent management platform (CMP) that supports the IAB Transparency and Consent Framework (TCF 2.2)
Ensure that consent signals are passed to Google services via Consent Mode v2 (ad_storage, analytics_storage, ad_user_data, ad_personalization parameters)
Update this Cookie Policy accordingly

8. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, our practices, or applicable law. The “Last updated” date at the top of this page reflects the most recent revision.

Material changes will be communicated via a prominent notice on our platform.

9. Contact

For questions about this Cookie Policy or our use of cookies and similar technologies:

GIORIZZ S.r.l.
Data Protection: legal@giorizz.com
Website: giorizz.com