Cookies policy
Version 1.0 - Effective August 12, 2025
SCOPE
This policy applies to westpoint-group.com ("Site") and partner.westpoint-group.com ("Partner Portal"). Portal-specific details are outlined below.
VERSION HISTORY
- Version 1.0 (August 12, 2025): Initial version
- Version 1.1 (December 4, 2025): Second version
- Version 1.2 (December 18, 2025): Third version
1. WHAT IS A COOKIE?
A cookie is a small text file placed on your device (computer, tablet, smartphone) when you visit a website. It allows the site to remember information about your visit, such as your preferred language and other settings, to make your next visit easier and the site more useful.
2. WHY DO WE USE COOKIES?
The westpoint-group.com website uses cookies and similar technologies to:
- Ensure proper website functionality
- Remember your preferences and settings
- Analyze site usage for improvement
- Secure your browsing
- Personalize your user experience
3. COMPLETE COOKIE INVENTORY
The table below presents a comprehensive inventory of all cookies used on our site:
| Name | Category | Provider / Domain | Purpose | Duration | 1st/3rd | Storage | Consent | Trigger |
|---|---|---|---|---|---|---|---|---|
| westpoint_cookie_consent | Strictly necessary | Site | Remember consent choice | 12 months | 1st | Cookie | No | After choice (Accept/Decline) |
| westpoint_session | Strictly necessary | Site | Application session | 30 days | 1st | Cookie | No | On loading |
| XSRF-TOKEN | Strictly necessary | Site | Anti-CSRF | Session | 1st | Cookie | No | On loading |
| cf_clearance | Security | Cloudflare Turnstile | Verify human/anti-bot | Session | 3rd | Cookie | No | When Turnstile appears |
| cf_turnstile | Security | Cloudflare Turnstile | Verification token | 5 min | 3rd | Cookie | No | When Turnstile appears |
| user_preferences | Functionality | Site | Display preferences | 6 months | 1st | Cookie | No | As needed |
| language | Functionality | Site | Chosen language | 12 months | 1st | Cookie | No | As needed |
| _ga | Analytics | Google Analytics | User ID | 13 months | 1st | Cookie | Yes | After analytics opt-in |
| _gid | Analytics | Google Analytics | User ID | 24 h | 1st | Cookie | Yes | After analytics opt-in |
| _ga_* | Analytics | Google Analytics 4 | Property and session ID | 13 months | 1st | Cookie | Yes | After analytics opt-in |
| ph_phc_*_posthog | Analytics | PostHog | Behavior analysis | 1 year | 1st | Cookie | Yes | After analytics opt-in |
3.1 Explanatory notes
Note 1 - Wishlist: In reality, wishlist data is stored in the browser's localStorage and not in cookies. This entry is maintained for information but no cookie is currently set.
Table legend:
- 1st/3rd: First-party (1st) or third-party (3rd) cookie
- Storage: Type of storage used (Cookie, localStorage, etc.)
- Consent: Does it require explicit consent (Yes/No)
- Trigger: When the cookie is created
3.5 Marketing cookies (subject to consent)
These cookies may be used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
Note: Currently, the westpoint-group.com site does not use marketing cookies. If this changes, we will update this policy and request your explicit consent.
4. COOKIE MANAGEMENT
4.1 Consent
When you first visit our site, a cookie banner informs you of their use. You can:
- Accept all cookies
- Decline non-essential cookies
- Customize your preferences by category
You can modify your choice at any time by clicking the "Manage cookies" link available in the site footer.
Consent logging: We keep proof of your consent (timestamp, choices made, policy version) for 13 months for regulatory compliance purposes.
4.2 Browser settings
You can also configure your browser to accept or decline cookies. Here are links to instructions for the most common browsers:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-your-computer
- Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
- Edge: https://support.microsoft.com/en-us/microsoft-edge/
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Warning: If you disable strictly necessary cookies, some site features may no longer work properly.
5. THIRD-PARTY COOKIES
Some content or services offered on our site may include third-party cookies. These third parties may include:
- Analytics services
- Security services (Cloudflare Turnstile)
- Mapping services
- Social media widgets (if integrated)
- Embedded content (YouTube videos, maps, etc.)
These third parties have their own privacy policies and we have no control over their cookies. We encourage you to consult their respective policies.
6. RETENTION PERIOD
Cookies have varying lifespans:
- Session cookies: automatically deleted when the browser is closed
- Persistent cookies: remain on your device until expiration or manual deletion
The maximum retention period for cookies on our site is 13 months, in accordance with CNIL recommendations. Note: Google Analytics cookies are configured to respect this 13-month maximum limit.
7. SECURITY
We take appropriate security measures to protect information stored in cookies:
- Use of HTTPS protocol to encrypt exchanges
- Secure cookies (Secure flag) for sensitive data
- Protection against XSS attacks (HttpOnly flag)
- Protection against CSRF attacks (SameSite flag)
8. INTERNATIONAL TRANSFERS
Some cookies may result in transfers outside the EU/EEA. When the recipient is certified under the EU-U.S. Data Privacy Framework (DPF), transfers to the United States rely on this adequacy decision. Otherwise, they are governed by Standard Contractual Clauses, with additional measures (encryption, minimization, access restrictions).
Concerned providers:
- Google Analytics: may transfer data to the United States
- PostHog: may process data in the United States and Europe
- Stadiamaps.com: may process data in the United States
- Cloudflare Turnstile: may process data in the United States and other countries (DPF certified)
9. YOUR RIGHTS
In accordance with GDPR and French legislation, you have rights regarding the use of cookies:
- Right to access collected information
- Right to withdraw your consent at any time
- Right to object to certain processing
- Right to data erasure
To exercise these rights, contact our DPO: Guillaume LEROUX at [email protected]
10. POLICY UPDATES
This cookie policy may be updated periodically to reflect changes in our practices or legislation. The last update date is indicated at the top of the document.
Last updated: December 4, 2025 (Version 1.1)
11. CONTACT
For any questions regarding our use of cookies, you can contact us:
Data Protection Officer (DPO):
Guillaume LEROUX
Email: [email protected]
Address: 12 rue Lavoisier, Ducos, BP 27885 - 98863 NOUMÉA CEDEX, New Caledonia
Technical maintenance
GLADIUS FRANCE
Address: 5 B rue duffour dubergier, 33000 Bordeaux, France
Email: [email protected]
12. MORE INFORMATION
For more information on cookies and data protection:
- CNIL: https://www.cnil.fr/en/cookies-and-other-tracking-devices
- Your Online Choices: http://www.youronlinechoices.com/
- All About Cookies: https://www.allaboutcookies.org/
13. PARTNER PORTAL COOKIES
The partner portal (accessible only to professional partners) uses specific cookies:
| Name | Category | Purpose | Duration | Domain | 1st/3rd | HttpOnly | SameSite | Secure | Consent | Trigger |
|---|---|---|---|---|---|---|---|---|---|---|
| laravel_session | Strictly necessary | Authentication session | 120 min | partner.westpoint-group.com | 1st | Yes | Lax | Yes | No | On login + navigation |
| XSRF-TOKEN | Strictly necessary (security) | CSRF protection (frontend reads this token) | 120 min | partner.westpoint-group.com | 1st | No | Lax | Yes | No | On display/loading |
| cf_turnstile | Security (anti-bot) | Cloudflare Turnstile verification tokens | A few minutes | *.cloudflare.com | 3rd | Yes | __ | Yes | No | When the widget is displayed |
| cf_clearance | Security (anti-bot) | Cloudflare Turnstile verification tokens | Session | .cloudflare.com | 3rd | Yes | __ | Yes | No | When the widget is displayed |
13.1 Partner portal specificities
- Analytics disabled: no analytics cookies (Google Analytics, PostHog) are placed on the partner portal
- Strictly necessary cookies only: only cookies essential for functionality and security are used
- No consent banner: no cookies requiring consent are used
- "Manage cookies" link: available in the portal footer for information
13.2 Enhanced security
Partner portal cookies benefit from enhanced security measures:
- Secure flag: transmission only over HTTPS
- HttpOnly flag: protection against XSS attacks
- SameSite flag: protection against CSRF attacks
- Short expiration: time-limited sessions
14. VERSIONING AND ARCHIVING
This cookie policy is archived with each modification. Previous versions can be provided upon written request. Each version is identified by a number and effective date to ensure traceability of changes concerning the use of cookies and tracking technologies.