Effective date: March 2026 · Last updated: March 2026 · This policy describes our cookie obligations under the EU ePrivacy Directive (2002/58/EC), the German TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz), and GDPR Article 6(1)(a).
1. What Are Cookies and Why Are They Used?
Cookies are small text files placed on your browser when you visit a website. Similar technologies include local storage, pixel tags, and tracking scripts.
Cookies are used on the RYSTAT website and customer panel for the following purposes:
- Session security and authentication
- Remembering your preferences
- Measuring website performance
- Improving service quality
As services are provided to users in the EU, prior opt-in consent is required in all cases for non-essential cookies. This requirement applies to all EU/EEA visitors, including users in Germany under the EU ePrivacy Directive and German TTDSG §25.
2. Cookie Categories and Consent Status
Category 1 — Strictly Necessary Cookies
No consent required. These cookies are essential for the basic functions of the website and customer panel. They cannot be disabled, but may be blocked via browser settings (which may cause some services to stop functioning).
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| Session cookie (session_id) | Secure login and session management | First-party | Session |
| CSRF token | Cross-site request forgery protection | First-party | Session |
| Language preference (lang) | Retaining selected language setting | First-party | 12 months |
| Cookie consent status (cookie_consent) | Recording your consent preferences | First-party | 12 months |
| Cloudflare security cookies (__cf_bm, cf_clearance) | Bot detection and DDoS protection | Third-party (Cloudflare) | 30 minutes – 1 day |
Category 2 — Functional / Preference Cookies
Consent required. These cookies are used to provide a personalised experience and remember your preferences. They are not required for core functions.
| Cookie / Technology | Purpose | Type | Duration |
|---|---|---|---|
| Currency / region preference | Pricing and content localisation | First-party | 12 months |
| Panel display settings | Dark mode, column layout, etc. | First-party | 12 months |
| Support widget session (Intercom / equivalent) | Live support chat functionality | Third-party | 1 week – 9 months |
Category 3 — Analytics / Statistics Cookies
Consent required. These cookies measure visitor behaviour pseudonymously and are used to improve our services. They are not shared with third parties for personalised advertising purposes.
| Cookie / Provider | Purpose | Data transfer country | Duration |
|---|---|---|---|
| Google Analytics 4 — _ga (Google LLC) | Visitor counting and anonymised traffic measurement | USA (with Standard Contractual Clauses — SCCs) | 2 years |
| Google Analytics 4 — _ga_<measurement-id> (Google LLC) | Session state persistence (GA4 measurement) | USA (with Standard Contractual Clauses — SCCs) | 2 years |
Analytics measurement uses Google Analytics 4 (GA4), provided by Google LLC. GA4 loads only after cookie consent has been given; IP anonymisation is enabled and RYSTAT does not forward personal data (name, email) directly through Google Analytics. As Google may process data in the USA, the transfer relies on the EU Standard Contractual Clauses (SCCs).
Category 4 — Marketing / Advertising Cookies
Consent required. These cookies are used to deliver content and advertisements relevant to your interests.
RYSTAT does not currently use any marketing or retargeting cookies. No third-party advertising, conversion-tracking, or retargeting cookies are placed. Should marketing cookies be used in the future, this section will be updated to state the provider name, data transfer country, and cookie duration, and the cookie consent mechanism will be re-triggered.
3. Consent Mechanism
RYSTAT adopts an explicit opt-in model for cookie use. A cookie preference banner is displayed on your first visit to our website or customer panel. In this banner:
- Strictly necessary cookies are pre-selected and cannot be disabled.
- Separate consent checkboxes are provided for functional, analytics, and marketing cookies; none are pre-ticked.
- "Accept All" and "Accept Strictly Necessary Only" options are presented on equal footing.
- Category-by-category selection is available via the "Customise My Preferences" option.
Your consent can be changed or withdrawn at any time. To do so, use the "Manage Cookie Preferences" link at the bottom of the page or write to privacy@rystat.com.
3.1 Consent records
Consents given are recorded together with the date, selected categories, and browser information. This record is retained to satisfy the demonstrable consent requirement under GDPR Article 7(1).
4. Managing and Disabling Cookies
4.1 Browser settings
You may block all cookies or delete existing cookies from your browser settings. However, doing so may cause certain functions to stop working.
- Google Chrome: Settings → Privacy and security → Cookies
- Mozilla Firefox: Settings → Privacy & Security → Browser Privacy
- Safari: Preferences → Privacy
- Microsoft Edge: Settings → Cookies and site permissions
4.2 Provider-specific opt-out options
- Cloudflare: Cloudflare security cookies are in the strictly necessary category; disabling them may affect access to the service.
- Other providers: The opt-out mechanisms in the respective providers' privacy policies may be used.
4.3 Data deletion request
To request deletion of personal data collected via cookies: privacy@rystat.com
Your request will be assessed under GDPR Article 17 and responded to within 1 month.
5. Third-Party Links and Embedded Content
The RYSTAT website or customer panel may contain links to third-party services or embed their content. The privacy and cookie policies of such third parties apply to those links or embedded contents. RYSTAT has no control over those third-party practices.
6. Legal Basis
Cookie processing activities are carried out under the following legal bases:
| Cookie category | Legal basis | Legislation |
|---|---|---|
| Strictly necessary cookies | Legitimate interest / Technical necessity for the performance of the contract | TTDSG §25(2); GDPR Art. 6(1)(b) and (f) |
| Functional cookies | Consent | TTDSG §25(1); GDPR Art. 6(1)(a) |
| Analytics cookies | Consent | TTDSG §25(1); GDPR Art. 6(1)(a) |
| Marketing cookies | Consent | TTDSG §25(1); GDPR Art. 6(1)(a) |
7. Policy Updates
This Cookie Policy may be updated as the cookies used or legal requirements change. Material changes will be announced on the website and the consent mechanism will be re-triggered. We recommend reviewing the current policy on a regular basis.
8. Contact
For cookie and privacy enquiries: privacy@rystat.com
Data controller: Unifics Limited — rystat.com
Legal correspondence: legal@rystat.com