New resource available  view now

Cookies Management Policy

1. PURPOSE

This policy aims to establish guidelines for the collection, use, storage, and management of cookies and tracking technologies on IGC Pharma websites (hereinafter, the “Website”), ensuring:

  • Legal compliance (CIPA, GDPR, CCPA/CPRA, Law 1581 of 2012 and applicable regulations).

  • Transparency for users.

  • Protection of privacy and personal data.

  • Appropriate technical control of tracking technologies.

2. SCOPE

This policy applies to:

  • All public IGC Pharma websites.

  • Web applications and landing pages.

  • Analytics, marketing, personalization, and integrated third-party tools.

Applies to:

  • Employees

  • Technology providers

  • Marketing, IT, and security teams

3. KEY TECHNICAL DEFINITIONS

3.1 Cookie

A small data file stored in the user’s browser when they visit a website. Function: Allows the website to remember browsing information.

3.2 Cookie-like Technologies

These include:

  • Pixels (Web Beacons): invisible images used to track interaction.

  • Scripts: code that runs in the browser.

  • SDKs (Software Development Kits): tools for integrating data into applications.

  • Local Storage / Session Storage: local storage in the browser.

This document is confidential and is an uncontrolled copy if it is outside the IGC Pharma system

3.3 IP Address

A unique identifier assigned to a device on the internet.

  • Used for data routing.

  • May reveal approximate location.

  • Considered indirect identification information.

    3.4 Signaling Information

    Technical data transmitted during web communication, such as:

  • IP address

  • User-Agent (device/browser type)

Session identifiers

3.5 “Pen Register” (Signaling Register)

  • In the legal context (CIPA): A process or technology that captures addressing or signaling information without including the content of the communication.

Technical example:

  • Analytics scripts that collect IP addresses and identifiers.

4. COOKIE CLASSIFICATION

4.1 According to their purpose

a. Strictly necessary cookies. Enable the basic operation of the site. Do not require prior consent.

Examples:

  • Authentication o Security 
  • Load balancing

b. Performance or analytics cookies

  • Measure traffic and behavior.
  • Help optimize the site.

Example: Google Analytics

c. Functionality Cookies

  • Store user preferences.

Example: Language and Visual settings

d. Advertising and Marketing Cookies 

  • Allow for ad personalization.
  • Use cross-site tracking.

Example:
o Facebook Pixel o Google Ads

4.2 According to their origin

  • First-party cookies: created by IGC Pharma.

  • Third-party cookies: created by external services.

    4.3 According to their duration

  • Session cookies: deleted when the browser is closed.

  • Persistent cookies: remain for a defined period.

5. COMPLIANCE PRINCIPLES

IGC Pharma adopts the following principles:

5.1 Prior consent (Opt-in)

  • No non-essential cookies will be executed before consent is obtained.

Consent must be:

  • Freely given o Informed
  • Specific
  • Unambiguous

5.2 Data Minimization

Only strictly necessary data is collected.

5.3 Transparency

Users must know:

  • What data is collected
  • What it is used for
  • With whom it is shared 5.4 Security

Technical controls are implemented to prevent unauthorized access.

5.5 User Control

The user will be able to:

  • Accept or reject cookies.
  • Revoke their consent at any time.
  • Configure granular preferences.

6. TECHNICAL IMPLEMENTATION

6.1 Consent Banner

It must comply with:

  • Appearance before any non-essential tracking.
  • Clear options: Accept, Reject, Configure.
  • Prior blocking of non-essential scripts.

6.2 Script Management

The following mechanisms must be implemented:

  • Script blocking

  • Tag managers with consent control

  • Consent-based conditional execution

 

6.3 Consent Logging

The following must be stored:

  • Date and time

  • User preferences

  • Anonymous identifier


6.4 Technical Audit
Periodic audits must be performed:

  • Identification of active cookies

  • Pre-blocking validation

  • Third-party verification

7. USE OF THIRD PARTIES

IGC Pharma may use third-party services such as:

  • Analytics (e.g., Google Analytics)

  • Advertising (e.g., Meta, Google Ads)

User experience (e.g., Hotjar)


Obligations:

  • Data Processing Agreements (DPAs)
 

  • Legal compliance verification

  • Privacy Impact Assessment

8. LEGAL BASIS

Depending on the jurisdiction:

8.1 GDPR (EU)

Basis: Explicit consent

8.2 CCPA/CPRA (California)

Right to: Opt-out of data sales and tranparency

8.3 CIPA (California)

  • Prohibition of the use of “pen register” technologies without:

  • A court order (according to the interpretation requested)

  • Informed consent

9. USER RIGHTS

Users may:

  • Access their data

  • Request deletion

  • Restrict processing

  • Revoke consent

  • File complaints


10. DATA RETENTION

Data collected through cookies:

  • Must have a defined retention period

  • Must not be stored longer than necessary


11. INTERNAL RESPONSIBILITIES

IT Team

  • Technical implementation

  • Script control


Legal/Compliance Team

  • Regulatory validation

  • Policy updates

Marketing

 
  • Responsible use of tracking tools

Security (Cybersecurity)

  • Third-party audits

  • Data breach prevention Leakage


12. CORRECTIVE MEASURES

IGC Pharma must:

  • Disable any non-compliant technology

  • Delete improperly collected data

  • Report relevant privacy incidents


13. POLICY UPDATES

This policy will be reviewed:

  • At least once a year

  • When legislation changes

  • When new technologies are implemented


14. CONTACT

For privacy inquiries:
Email: security@igcpharma.com Address: IGC Pharma, Inc.

No thanks.