Legislation and practices related to cookies and privacy are changing rapidly. At iAdvize, we help you to better understand these constraints and make our solution evolve to allow you to support your visitors in an optimal way, while remaining within the framework imposed by the law. We are always on the lookout for changes in usage and technical solutions, so this article is updated regularly!
1. Legislation and web practices
Reminder: a cookie is a small file deposited on the hard disk of an Internet user by his browser when he visits a website. This file stores information for future use.
In 2020, the CNIL (French national commission for information technology and civil liberties) adopted guidelines and a recommendation about "cookies and other tracers", followed in 2021 by a series of articles on the same subject. These actions aim to give Internet users a better control over their data during their browsing; in particular, Internet users must give their consent to the use of cookies by the site they are visiting.
In 2022, to better respect the privacy of Internet users, the most widely used browsers (Mozilla, Safari, Chrome in 2023) will no longer support "third party cookies", which are able to track Internet users from domain to domain, generally for marketing purposes. Only "first party cookies", deposited only in connection with the site's domain, continue to function.
Whether the cookies are "third party" or "first-party", Internet users must always consent to their deposit by the site they are visiting, unless it is absolutely essential to the proper use of the site. The CNIL specifies that continuing to browse the site does not mean consent.
2. The iAdvize cookie
iAdvize only needs one cookie for the conversation to take place: iadvize-SID_NUMBER-vuid, which was previously a "third-party" cookie. From January, 2023, it will become a first-arty cookie (you can make the switch and join the beta by reaching your usual contact at iAdvize). This cookie has two functions:
- targeting visitors according to the criteria of your engagement strategy
- tracking the conversation itself with iAdvize
The data stored by this cookie for a domain is kept for 12 months.
Aligned with legislation and browser practices, the iAdvize cookie is a "first party" cookie by default, associated with the domain on which it is used for each website. No change is required for sites that previously used it as a third-party cookie. As with other services associated with your site, consent is generally required from visitors.
In line with legislation and new browser practices, the iAdvize cookie is a "native" cookie by default, associated with the domain on which it is used for each website. No modification is necessary for sites that previously used it as a third-party cookie. As with other services associated with your site, users are generally required to give their consent.
3. Cookies and data stored in the browser
This section summarizes how iAdvize uses cookies and what data is collected about your visitors.
3.1. How does iAdvize use cookies?
- You install the iAdvize tag on the pages of your website, which allows the activation of the main iAdvize cookie
- in the iAdvize administration, you set up your conversation strategy, including targeting rules
- iAdvize analyzes the behavior of visitors to present them with notifications, according to the parameters set by these targeting rules
- the main iAdvize cookie allows the conversation to take place (continuity of the conversation between pages, memorization of the conversation history)
- 2 other cookies can be used to track transactions.
3.2. The list of our visitors' cookies
Variable |
Description |
Period of validity |
Essential for the proper functioning of iAdvize |
Submitted for consent |
iadvize-SID_NUMBER-consent |
This cookie registers the consent (or not) to the use of other cookies. |
12 months or less |
Yes, in case of consent from the chatbox |
No |
iadvize-SID_NUMBER-vuid |
This cookie generates a unique visitor ID (vuid) + identification of the device (deviceId), allowing the continuity of the conversation and, if the "strong authentication" feature is activated, a token (jwtIdentity). |
12 months or less |
Yes |
Yes, at least for the conversation to take place |
transactionBundle.transaction transactionBundle.retryCount |
These cookies record the transaction if users have integrated the transaction tag to track it. They disappear once the transaction is done. |
7 days or less |
No |
Yes |
idzUtmCampaign |
This other transaction cookie links transactions to campaigns conducted with iAdvize. |
7 days or less |
No |
Yes |
iadvize_test_cookie_top_domain |
This cookie is necessary: it is used to determine the domain where iAdvize cookies will be stored so that they can be accessed by all your sub-domains. |
1 second or less |
Yes |
No |
*iadvize-SID_NUMBER-jtwIdentity |
This cookie only appears if your visitor activates "strong authentication" on your site. |
12 months or less |
Yes |
Yes |
Local of Session Storage |
These cookies are used to operate the iAdvize chatbox and are essential for the solution to work properly. |
The duration of a session |
Yes |
Yes |
3.3. What does iAdvize do with the data it collects?
- iAdvize uses cookies to store information in the browser of visitors to a site, solely for the purposes mentioned above.
- iAdvize uses only the cookies mentioned above, and does not use any external libraries that may deposit other cookies.
- The information collected is limited to a unique, anonymized visitor ID and to the data that our users wish to be stored in iAdvize, whether transmitted automatically or entered by a user (such as a visitor's first and last name or contact details).
- Only iAdvize and authorized users have access to this information. It is not shared with any third party, and iAdvize does not resell any data.
More information on iAdvize and cookies in our main article and in our article dedicated to consent from the chatbox.
3.4. Continuity of conversation for "multi-domain" projects
Since third-party cookies were phased out in 2024, iAdvize can no longer reliably link visitor identities between domains. While this is good news for privacy in general, it means that multi-domain clients need to add a query parameter to their pages to maintain conversation continuity between websites that don't share a top-level domain.
4. What does iAdvize do with the collected data?
-
iAdvize uses cookies to store information in the browser of site visitors, solely for the purposes mentioned above
-
iAdvize uses only the cookies mentioned above, and does not use any external library that may deposit other cookies
-
The information collected is limited to a unique, anonymized visitor ID and to the data that our users want to keep in iAdvize, whether automatically transmitted or entered by a user (such as a visitor's first and last name or contact information)
-
Only iAdvize and its authorized users have access to this information. It is not shared with any third party, and iAdvize does not sell any data
More information about iAdvize and cookies in our main article and in our article about consent from the chatbox.
5. Implement iAdvize cookies
5.1. With a CMP
The implementation of iAdvize cookies can be achieved through integration within your CMP (Consent Management Platform). This platform is essential to your compliance and ensures that cookie implementation complies with RGPD requirements.
The CMP makes it possible to provide visitors with clear and detailed information on the management of their personal data, as well as to collect their consent in a transparent manner. Using a CMP also enhances the user experience by offering greater control over their privacy preferences, ensuring a privacy-friendly browsing experience.
5.2. Without a CMP
It is nevertheless possible to implement iAdvize cookies on your website without having a CMP, but this approach risks making the user experience less fluid, as visitors will have to search for cookie information, which can complicate navigation and reduce overall user satisfaction. In addition, you'll need to add a button on its site to allow visitors to revert to their cookie choices at any time.
5.3. When your visitors do not consent to cookies
It is more and more frequent that users refuse cookies when they arrive on a site; according to our observations, this is the case for at least 20% of visitors, and this figure is growing.
iAdvize has therefore developed a solution that we recommend you use to keep 100% of your visitors engaged. This solution work based on the following principle:
- when visitors refuse the cookie deposit, they are still engaged by a notification according to simpler criteria, not requiring a cookie
- they can always start the conversation; before initiating it, they consent to the cookie deposit from the chatbox, at the same time as they validate the GDPR form
- the "conversational" part of the cookie having been accepted, the conversation can then start normally!
This solution, which allows your visitors to consent to cookies directly from the conversation, requires a slight modification of the iAdvize tag and an additional setting in the administration. This article describes this solution in detail.
To know more about our cookies, you can also read: web storage and duration of active sessions.
6. Consent from the chatbox: engage your visitors, even if they refuse cookies
An increasing number of Internet users systematically refuse cookies when they arrive on a site, even if those cookies can be useful, like iAdvize's. This article explains how to continue to engage all your visitors, even when they refuse to accept cookies when arriving on your site. To learn more about the legal framework and the iAdvize cookie, the article iAdvize and cookies summarizes this topic.
6.1. Principle
Usually, as explained in this article, the data collected by the iAdvize cookie allows it to work in two ways:
- by targeting visitors according to the criteria of your engagement strategy
- by tracking the data of the conversation held with iAdvize
When a visitor refuses the deposit of cookies on a site, the solution you can implement works as follows:
- by targeting visitors according to simple criteria that do not require cookies such as the current page address, the type of device (mobile or desktop), the browser language, the time and day of the visit, etc.
- by offering them to accept the use of the cookie from the chatbox, so that iAdvize can follow the conversation before they engage in it.
Since visitors have refused cookies when they arrive on your site, targeting cannot take into account:
- the number of pages viewed
- the time spent on the site
- the previous page
- the time elapsed since the last visit
- the visits
- referencing
- the probability of intelligent targeting functions
- scoring rules
- and these visitors cannot be taken into account in the calculation of increment tests.
On the other hand, you can engage 100% of your site's visitors with iAdvize, without ever tracking them on your site for that.
6.2. Technical implementation
Step 1: add the "explicit cookies consent” mode in the iAdvize tag
The cookie consent code is available in your iAdvize administration.
You will need to log in to iAdvize: https://ha.iadvize.com/admin/login
Once connected:
- click on your "Profile" button at the top right, then click the links "Projects" and "insert this script"
- only managers and administrators have access to the iAdvize administration
Step 2: manage the visitor consent in the cookie banner
For this step we have 2 solutions that can be more or less integrated with your Consent Management Platform (CMP). We do recommend to get in touch with your iAdvize contact to choose the most suitable solution for your brand and CMP.
Solution 1
Standalone mode: implement the Explicit Cookie consent script (and nothing more).
This mode is the easiest to deploy but has several limitations, please be aware of the 3 limitations listed below before implementing it.
You will only need to implement the principal script detailed above to make the Explicit Cookie consent work.
Also, as it is a legal obligation you will need to implement on your website an access for your visitors to change or remove their consent:
<script> function removeIAdvizeCookiesConsent() { window.iAdvizeInterface = window.iAdvizeInterface || []; window.iAdvizeInterface.push(function(iAdvize) { iAdvize.set('visitor:cookiesConsent', false); }); // Replace this feedback alert with your own UX alert('iAdvize cookies consent has been removed'); } </script>
<a href="#" onclick="removeIAdvizeCookiesConsent()">Remove iAdvize cookies consent</a>
As this mode is standalone this access to change or remove the cookie consent cannot only redirect your visitors to your CMP.
Here are the 3 main limitations of this cookie consent mode:
⚠ This mode is standalone, which means that it does not share the consent status with your consent management platform (CMP)
⚠ Here is the list of the engagement rules that will no longer be triggered for all your visitors (whether or not they accept cookies from your website): number of pages viewed, time spent on the site, previous page, time elapsed since the last visit, # of visits, referencing, probability of intelligent targeting functions, scoring rules and that these visitors cannot be taken into account in the calculation of increment tests.
Solution 2
CMP integrated: share with your CMP the visitor cookie consent.
This mode is more advanced but offers you a way to manage iAdvize cookie consent that is fully integrated to your CMP.
Here are the two key steps to deploy this mode:
2.1 Communicate the visitor's consent from your CMP to iAdvize
You will need to implement the Explicit cookie consent script to each page of your website to communicate the visitor’s consent on the cookie consent banner or from the chatbox during their navigation and share it with your CMP through this script:
<script> window.iAdvizeInterface = window.iAdvizeInterface || []; window.iAdvizeInterface.push(function(iAdvize) { var iAdvizeConsent = iAdvize.get('visitor:cookiesConsent'); if (iAdvizeConsent !== CMP_iAdvizeConsent) { iAdvize.set('visitor:cookiesConsent', CMP_iAdvizeConsent); } }); </script>
Note:
- You will need to add / run this script above each time the user sets or updates their consent and implement it to each page
-
<script> function updateIAdvizeConsentInCMP(consent) { // update your CMP for iAdvize } window.iAdvizeInterface = window.iAdvizeInterface || []; window.iAdvizeInterface.push(function(iAdvize) { iAdvize.on('visitor:cookiesConsentChange', updateIAdvizeConsentInCMP) } </script>
Note:
- Without this code your CMP may erase iAdvize cookies, and visitors lose their ongoing conversations
- If your CMP does not allow the update by vendors to change the visitor's consent for iAdvize, you will need to dedicate to iAdvize its own category of cookies inside your CMP.
Legal recommendation:
Regarding your Consent Management Platform (CMP), best will be to:
- Dedicate to iAdvize’s cookie its own category so that it is easier to update after the visitor changed their consent from the chatbox
- Manage your CMP by vendors (some CMP allow it) and associate iAdvize to a vendor category, so that the visitor’s agreement will also be updated after their consent from the chatbox
To go further :
- As a visitor who already had an iAdvize conversation and now refuses cookies: the cookie will be cleaned and so, the visitor will lose access to its conversation history
- There is no impact on the tag performance with this new parameter
- Transaction tag: how it works? No difference
- Custom data tag: how it works? Custom data present on the page will be available for the targeting engine, however, custom data on the previous pages for a visitor that did not consent won’t be available for the targeting engine
- Duration of consent: starting a conversation extends the lifetime of the iAdvize cookie, to guarantee access to the conversation to the visitor
- Duration is 12 months
7. Admin setup for GDPR consent
7.1. Personalize the message when opening the chatbox
Default message:
[ENG] "To support you to the best of our ability, we use a conversational cookie and keep a history of that conversation. We also have access to your site navigation."
Engagement > Setting > Privacy > Display of legal information
This message will be visible in the preview of the GDPR inside the chatbox.
In case you wish not to ask to the visitor their GDPR consent, you can add this script behind the visitor cookie's consent. That way, the visitors giving their consent in your CMP won’t have to consent in the chatbox.
<script> window.iAdvizeInterface = window.iAdvizeInterface || []; window.iAdvizeInterface.push(function(iAdvize) { iAdvize.set('visitor:GDPRConsent', true); }); </script>
7.2. Enter your legal info
Default message:
[ENG] "The cookie (vuID) that we deposit on your browser is technically necessary for the display and provision of the chat service (exchange with an agent or a chatbot). It is also used to store the language used, the number of pages viewed, the browsing time and the time of connection, and the browser type, and their URL."