Cookie Policy
Cookie & Similar Technologies Policy
Last updated: 2025‑05‑31
1. Who we are
MARBLE IDOLION ("MI", "we", "us") operates the website marble-idolion.com.
Contact: [email protected]
Data protection officer (DPO): Not applicable (sole proprietorship). For data protection inquiries, contact [email protected]
2. What are cookies?
Cookies are small text files that are stored on your device when a website is loaded. For convenience, we use the term "cookies" in this policy to include similar technologies that store and read information on your device, such as HTML5 storage features (e.g. sessionStorage, localStorage). These technologies are used for a variety of purposes, such as keeping you logged in, measuring site performance, and analyzing user behavior.
3. How we obtain consent
We use Google Tag Manager (GTM-KFBC28KP) to manage cookies and obtain consent through CookieHub. On your first visit, you will see our cookie consent banner. Essential cookies load automatically; all other categories (analytics, advertising, etc.) only load if you click "Allow all cookies" or enable them under "Cookie settings". You can change or withdraw consent at any time through the cookie consent banner or your browser settings.
4. Cookies and storage we use
Below is a comprehensive list of cookies and storage mechanisms used on our website:
| Category | Name | Purpose / Legal Basis | Expiry |
|---|---|---|---|
| Strictly Necessary | csrftoken | Prevents cross-site request forgery attacks. Legitimate interests (Art 6(1)(f) GDPR). | 364 days |
| sessionid | Django session cookie for server-side session management. Legitimate interests. | Session | |
| is_ipad | Device detection for iPad users to ensure proper responsive design. Legitimate interests. | Session | |
| cookiehub | Stores your cookie consent choices. Legal obligation (Art 6(1)(c) GDPR). | 365 days | |
| Analytics | _ga, _gid (Google Analytics) | Site usage statistics and performance monitoring via Google Tag Manager. Consent. | Up to 2 years |
| gtm* (Google Tag Manager) | Manages cookie deployment and tracking scripts. Consent. | Various | |
| Authentication | access_token (sessionStorage) | JWT access token for API authentication. Contract performance (Art 6(1)(b) GDPR). | Session (15 minutes validity) |
| refresh_token (httpOnly cookie) | JWT refresh token for maintaining authentication. Contract performance. | 30 days | |
| Functional | Newsletter preference | Stored server-side, managed via authenticated API calls. Consent. | Until changed |
| Progressive Web App | Service Worker | Enables offline functionality and PWA features. Legitimate interests. | Persistent |
5. Third-party services and cookies
We use the following third-party services that may set their own cookies:
- Google Tag Manager: Container for managing tracking scripts
- Google Analytics: Website analytics and performance monitoring
- Google Fonts: Web font delivery (may set performance cookies)
- Cloudinary: Image hosting and optimization service
- Shoelace: UI component library (no cookies set)
For Google OAuth login functionality, additional session cookies may be set by Google during the authentication process.
6. Data transfers
Some of our third-party providers may transfer data outside the EEA/UK. Where this occurs, we rely on:
- EU Commission adequacy decisions
- Standard Contractual Clauses
- Other appropriate safeguards under GDPR
7. Retention
- Cookie consent logs: 5 years (compliance evidence under Art 7(1) GDPR)
- Analytics data: As per Google Analytics retention settings
- Authentication tokens: As specified in the expiry column above
- Session data: Cleared when browser session ends
8. How to control cookies
You can manage your cookie preferences by:
- Using the cookie consent banner managed through Google Tag Manager/CookieHub
- Adjusting your browser settings:
- Chrome: Settings › Privacy & Security › Cookies and other site data
- Firefox: Settings › Privacy & Security › Cookies and Site Data
- Safari: Preferences › Privacy › Manage Website Data
- Opting out of Google Analytics: tools.google.com/dlpage/gaoptout
- Managing interest-based advertising:
Note: Blocking essential cookies may impact core functionality including authentication, gameplay, and leaderboards.
9. Local storage and session storage
In addition to cookies, we use browser storage mechanisms:
-
SessionStorage: Temporary storage for JWT access tokens, game state, and API keys
-
Service Worker Storage: For PWA offline functionality
These storage mechanisms are cleared when you close your browser (sessionStorage) or can be manually cleared through browser settings.
10. Updates
We may update this policy to reflect technical, legal, or regulatory changes. Material changes will be communicated through the cookie consent banner and this page will be updated with the new effective date.
11. Contact us
For questions about this Cookie Policy or our use of cookies, please contact:
- Email: [email protected]