Engineer-ledThe Axional family on the Airtool platform — ERP and WMS engineered together by one team, on the platform we own underneath.Explore Axional
Está viendo la edición Perú. Está viendo la edición Colombia. You're viewing the Pakistan edition. Cambiar a la edición global →Cambiar a la edición global →Switch to the global edition →
Legal

Cookies Policy

This policy explains the cookies and similar technologies used by Deister, S.A. on this site. It is the per-cookie disclosure the Spanish data-protection authority (AEPD) requires of every site.

What is a cookie?

A cookie is a small text file that a website stores on your device when you visit it. Cookies are widely used to make websites work, to make them work more efficiently, and to provide information to the owners of the site. Some cookies are set by the site you are visiting (first-party cookies) and others are set by domains other than the one you are visiting (third-party cookies).

Similar technologies — such as the browser's local storage and session storage — are governed by the same legal regime as cookies under Article 5(3) of the ePrivacy Directive. This policy covers both.

Regulatory framework

The processing of cookies on this site is governed by Article 5(3) of the ePrivacy Directive (2002/58/EC, amended by 2009/136/EC), Regulation (EU) 2016/679 (GDPR), the Organic Law 3/2018 (LOPDGDD), the EDPB Guidelines 2/2023 on the technical scope of Article 5(3), and the Spanish Data Protection Agency Guía sobre el uso de cookies (current edition). The CONTROLLER is Deister, S.A., Sant Pere Claver 15, 08034 Barcelona, Spain. Contact: [email protected].

Cookies set by this site

This site does not set any marketing or profiling cookies. Google Analytics 4 is used for aggregate audience measurement — its cookies (_ga and _ga_[MEASUREMENT-ID]) are only set if the visitor explicitly consents via the banner displayed on first visit.

_ga (analytics, consent required)

  • Name: _ga
  • Controller: Deister, S.A. and Google LLC (joint controllers for analytics processing).
  • Purpose: distinguish individual visitors for aggregate audience measurement. Used by Google Analytics 4.
  • Duration: 2 years.
  • Type: analytics.
  • Consent required: yes — only set after the visitor accepts via the cookie-consent banner. Google Consent Mode v2 keeps measurement in the denied state until consent is granted.
  • Third-country transfer: data is transmitted to Google LLC in the United States under standard contractual clauses (Article 46 GDPR, post-Schrems II).

_ga_[MEASUREMENT-ID] (analytics, consent required)

  • Name: _ga_[MEASUREMENT-ID] (where [MEASUREMENT-ID] is the GA4 property identifier for this site).
  • Controller: Deister, S.A. and Google LLC (joint controllers).
  • Purpose: persist session state for Google Analytics 4.
  • Duration: 2 years.
  • Type: analytics.
  • Consent required: yes — same conditions as _ga above.
  • Third-country transfer: same as _ga above.

cookie-consent-v1 (functional)

  • Name: cookie-consent-v1
  • Controller: Deister, S.A. (first-party, browser localStorage — not an HTTP cookie).
  • Purpose: store the visitor's consent choice (accepted or rejected) so the banner is not shown again on subsequent visits.
  • Duration: until cleared by the visitor. Stored in localStorage, not subject to browser cookie expiry.
  • Type: functional / consent-management.
  • Consent required: no — strictly-necessary exemption applies. The storage write is required to honour the visitor's stated choice and is the minimum necessary to avoid re-asking on every page load.

deister_locale (functional)

  • Name: deister_locale
  • Controller: Deister, S.A. (first-party)
  • Purpose: persist the visitor's regional navigation choice across page loads. Set when the visitor lands on a country-prefixed home (/pk/, /pe/ or /co/) so subsequent navigation retains the regional gating, or by the locale-override link when the visitor switches to the global edition. Read by the geo-routing Lambda@Edge at the CloudFront viewer-request stage so the cached regional home is served on cache hits.
  • Payload: a single short string — one of pk, pe, co or default.
  • Duration: one year (max-age 31,536,000 seconds).
  • Type: functional / UI-customisation.
  • Attributes: path=/; SameSite=Lax. Secure attribute is implicit because production responses run on HTTPS-only with HSTS.
  • Consent required: no — strictly-necessary exemption applies under Article 5(3) of the ePrivacy Directive, EDPB Guidelines 2/2023 §3.2 and AEPD Guía table 4 (cookies de personalización exentas del consentimiento). Legal basis under the GDPR: Article 6(1)(f), legitimate interest in delivering geo-appropriate navigation.

Browser storage similar to cookies

The public surface of this site uses localStorage for two purposes:

  • cookie-consent-v1: stores the visitor's consent choice (see "Cookies set by this site" above).
  • deister_locale: on airtool.io this entry may be present if the visitor has used the sibling site; on deister.io and deister.es it stores the regional navigation choice.

Two admin-only assets (designer.js and editor-panel.js) also use localStorage to persist editor UI state, but those assets only render behind authenticated admin sessions and are not loaded on public pages.

Third-party network requests

The site emits a JavaScript beacon to Cloudflare Web Analytics (static.cloudflareinsights.com for the beacon script; cloudflareinsights.com for the measurement endpoint). The beacon reports aggregate page-view data — URL, referrer host, viewer country, browser and operating system, core-web-vitals performance signals — to Cloudflare. No cookie is set by Cloudflare. No persistent client identifier is stored. Sessions are derived from a daily-rotating salt of the visitor's IP address and user-agent, so the same visitor on two different days is counted as two anonymous visitors. The CONTROLLER receives only aggregate counts on the Cloudflare dashboard. The processing qualifies for the strictly-necessary-analytics exemption from consent under Article 5(3) of the ePrivacy Directive, EDPB Guidelines 2/2023 §3.2 and the AEPD analytics-exemption criteria.

If the visitor consents via the cookie banner, the site loads Google Analytics 4 via gtag.js (www.googletagmanager.com) and transmits page-view and event data to Google's measurement endpoints (www.google-analytics.com, analytics.google.com). This is a third-country transfer to the United States under standard contractual clauses (Article 46 GDPR, post-Schrems II). No GA4 request is made before the visitor accepts or after the visitor rejects.

The site embeds video content via youtube-nocookie.com with the dnt=1 (do-not-track) parameter, exposed only as a poster-image facade. The iframe is loaded only after the visitor explicitly clicks the poster, at which point Google's own YouTube terms apply to the resulting connection. No cookies are set before the visitor's click.

Typography is self-hosted under /assets/fonts/ — no third-party font origin is contacted.

Managing cookies

You can clear any cookie at any time using your browser's standard privacy controls. Every modern browser (Chrome, Edge, Firefox, Safari, Brave, Vivaldi, etc.) provides settings to view, delete and block cookies, both globally and per site. See your browser's documentation for the exact path.

To withdraw analytics consent and clear the GA4 cookies, click "Cookie settings" in the footer of any page. Clearing the deister_locale cookie returns the navigation to the canonical home. You can also use the "switch to the global edition" link offered on the regional homes — it clears the cookie and routes you back to the canonical /index.html.

Changes to this policy

If we add a new cookie or similar technology to this site, this policy will be updated in the same commit that ships the change. The Content Security Policy currently in force makes it mechanically impossible to add a third-party tracker without an explicit Terraform diff that we audit through both the security-posture and analytics review topics, so this disclosure stays in sync with the deployed reality by construction.

See also the Privacy Policy at /privacy-policy/ for the broader data-protection framework, the data-subject rights, and the AEPD complaint route.