Many local and regional data privacy laws stipulate that data subjects (website visitors) have the right to know which data has been collected on them. In the context of cookies, this means that when a visitor opens up a website and consents to loading cookies, website owners are legally obliged to be able to provide proof of that consent upon request from the visitor.
Mono ensures that our partners and their clients - the SMBs who legally own the websites - are able to comply with these regulations. We do this by storing documentation of every single consent and consent withdrawal on all websites built on the Mono platform.
Everything about the cookie notification banner
Learn more about how you set up the cookie notification banner and provide visitors with a consent withdrawal option here.
What exactly does Mono log?
When a visitor consents to cookies on the cookie notification banner, we log the following information on our servers:
- Timestamp: a record of when exactly the consent was provided.
- Site ID: the ID of the website on which the consent was provided.
- Domain name: the URL of the website on which the consent was provided.
- Partner ID: the ID of the partner account in RAI that the website was create on. This helps us narrow down the search for a specific consent in case you can't provide a UUID or IP address (see below).
- Cookie banner text: the text string on the cookie banner at the time of consent.
- IP address: the visitor's IP address at the time of consent.
- UUID: in order to match a consent with a specific visitor, we add a 32-digit universally unique identifier (UUID) to each consent provided.
Mono also logs if the same visitor subsequently withdraws the consent they have previously given.
Why log both IP and UUID?
Logging only the visitor's IP address won't necessarily be enough to identify a specific consent. For example, 50 people working in the same office share the same IP address so that data alone is not enough to tie the consent to a specific user/device. The UUID is unique for each visitor and can therefore be tied to a unique user or device.
Where do visitors find the UUID?
After having accepted or acknowledged cookies, visitors will see a small tab in the bottom-left corner of the website that appears when they are scrolling down any page and are approaching the bottom of the page. Upon clicking the tab, they are presented with a banner where they can see their unique UUID.
The UUID is stored in a cookie in the visitor's local storage. Be aware that if the visitor clears cookies on their browser, the UUID will also be cleared and we will no longer be able to trace that visitor's unique consent through the UUID.
For how long is consent data stored?
We store consent data for a period of 12 months. This way, we don't risk retaining visitor data for longer than strictly necessary and relevant. This enables our partners and your SMB clients to be compliant with data minimization and retention policies of the GDPR and ePrivacy regulations.
For the website visitor, this means that they have to renew their consent every year. In other words, they will see the cookie notification banner again 12 months after their first consent.
How can we retrieve these consent logs?
In the unlikely event that a visitor would ask one of your SMB clients for proof that he or she has in fact consented to loading cookies on their website, follow these steps:
- Collect information: ask your SMB client to try to get as much information from the visitor as possible. Ideally, try to get the UUID and an IP address.
- Contact Mono: create a ticket with the Mono Service Team and add the information you've collected in step 1.
- We'll look through the logs and get back to you as soon as possible.