What we mean by cookies and “similar” tools
In the broad sense, the word cookie in this text covers the small data files a website can place in your browser, and also the equivalent technologies that perform a similar function, such as local storage entries, session storage entries, and certain types of pixel or script request that are used to recognise a browser, save preferences, or help measure how pages are read. The exact technical label matters less for your control than the purpose and whether we need your prior consent for that purpose under the rules that apply in your country.
When we talk about a first-party technology, the setting is under our own host name or a subdomain we use for the same project. A third-party item may be set by a partner, such as a company that provides measurement technology, in line with a contract and with respect for the roles of controller and processor as defined in the GDPR. We describe those roles more fully in the privacy policy, because personal data and identifiers can overlap between documents.
The banner, the settings screen, and your rights
When you first open the public site, you will see a notice at the bottom of the page with the choices to accept all optional categories, to reject optional items and keep the minimum needed to operate the service and remember the refusal, or to open Cookie Settings to decide category by category. Strictly necessary items cannot be turned off in that screen, because that would make it impossible to save your choice in a secure way in the same browser, or to protect forms, or to run basic error handling.
You can return to a preference screen through the link on this page that opens the same panel when JavaScript is available in your browser, or you can clear site data for this origin through your browser’s tools, knowing that a fresh visit may then show the banner again as if you had not decided yet, unless we have changed the way we store a token and asked users to reconfirm. You can also manage global cookie rules for many sites in your browser’s privacy settings, which sit alongside our site-specific options.
What each category does, in plan language
Strictly necessary
These are needed for a service you ask for, such as the ability to send a form without losing your message token in a basic way, to remember a security-related flag where we have one, to load your previous consent so we do not ask on every subpage in the same session in a way that would annoy without benefit, and to support accessibility choices when we store a simple on-device flag you select. The legal basis in data protection law is often contract necessity or a related provision for security, in addition to the ePrivacy exception for what is essential for a requested service.
Analytics, if you opt in
Where we add measurement tools, they help us see which areas of the text are most useful, which navigation paths are confusing, and how often a page is opened. We aim to use configuration options that limit unnecessary identifiers, to aggregate data where that is the point of the report, and to keep retention in the measurement product aligned with a reasonable period to improve the product, as described in the table below. You can say no, and the site can still be read in a form that does not need that level of analysis.
Marketing, if you opt in
This label covers optional pieces that are used to make sure a message we might show about a new part of the project is not repeated without reason, and to test whether a campaign about our own information only reaches people who have already engaged with a related page, rather than buying unrelated lists. We do not sell your personal data to arbitrary advertisers through this public site, and a contract with a processor does not change your statutory rights, which the privacy policy lists.
Local storage on your own machine
We may store a simple structure in localStorage that encodes the version of your choice and the state of the toggles, so a later visit in the same browser can read the same information without a round trip to our server for that one fact. The content does not by itself let us know your name, unless you also send that through a form, which is processed under the privacy policy instead.
How to withdraw or change consent
Withdrawal is possible at the level of a category, where that category is based on consent. Use the Cookie Settings path that matches your situation, or clear storage for the site. If the law gives you a right to ask us to confirm what we have on the server side about a measurement token that escaped the purely local picture, you can also use the contact route in the privacy policy, and we will respond in line with the time frames there. Withdrawing does not call into question the lawfulness of a narrow group of past operations the law may still allow, but it will stop forward-looking use that depends on the consent you have withdrawn, where the facts match that case.
Time on the device: summary table
| Item type | Typical purpose | Typical life |
|---|---|---|
| Strictly necessary storage | Form safety, load balancing hints, or consent string | Until you clear data or we bump a version and ask again |
| Optional analytics | Page statistics and funnels | As set in the product, often a rolling number of months |
| Optional marketing | Relevance and frequency capping of our own messages | As set in the product, and never beyond what the partner allows |
Processors and third-party tags
When a partner’s script runs only because you have accepted a category, that partner acts under instructions we document in a data processing style agreement where the GDPR requires it. The partner is expected to use servers and safeguards that fit the risk, including standard contractual clauses or another approved transfer method if a server is in a country without an adequacy decision, unless the product can be set to stay in the EEA. We review who we work with, but we are not responsible for a partner’s own legal duties beyond what the law and contract assign to us as controller, without prejudice to the fact that a processor is directly bound by the GDPR in several respects as well.
Your rights, supervisory authorities, and the link to the privacy policy
Depending on the situation, the GDPR and national law may give you access, rectification, erasure, restriction, objection, and portability, as described in the privacy policy, and you may have a right to lodge a complaint with a data protection authority, such as the Office of the Data Protection Ombudsman in Finland if the facts connect to our processing, or the authority in your habitual residence or place of work in other EEA cases. We do not use cookies to build a long-term marketing profile in a way that the law would treat as a separate “profiling with legal effect” decision without more; if that ever changed, the privacy side would be updated in detail.
If we publish a technical annex for analytics
Where we add a specific vendor name, storage key list, and retention in days, you may see a small annex under this same address path with more columns in the table. The annex is part of the same policy family and will be linked from the footer. Until that annex exists, the summary above describes the design intent, and the implementation will follow the same categories in the setting screen.
Contact the controller about cookies
Styxreonthep, Mannerheimintie 1, 00100 Helsinki, Finland. Email: contact@styxreonthep.world. Phone: +358 9 622 9930. If you write, mention “cookies and storage” in the subject line, and, if you can, your browser and device type, so the reply is concrete.
Read the privacy policy Terms of use