GWP Book a demo
Legal

Cookie Policy

Last updated: 12 July 2026

1. Scope

This policy describes everything the GWP gift unit ("the widget") stores in a shopper's browser when it runs on a participating retailer's site, and how the widget interacts with that retailer's consent tooling. It also covers this marketing site.

This marketing site (gwpingenuity.com) itself sets no cookies. The inventory below applies only to the widget running on retailer sites.

2. What the widget stores

The widget uses a small, fixed set of first-party cookies and localStorage keys. There is nothing else — no third-party cookies, no fingerprinting, no cross-site identifiers.

NameTypeDurationPurpose
gwp_sel First-party cookie 30 days Carries the shopper's gift selection across the basket → checkout subdomain hop on the retailer's own domain.
gwp_ses First-party cookie 30 days Session reference used for frequency capping and for attributing a claimed gift to the retailer.
__gwp_probe First-party cookie (technical) 5 seconds A short-lived write-probe used to test whether a cookie can be set on the retailer's registrable domain; removed immediately after the test.
gwp_sel localStorage Until cleared Mirror of the gift selection, used when the cookie is unavailable.
gwp_ses localStorage Until cleared Mirror of the session reference.
gwp_shows localStorage Until cleared Counts how often the unit has been shown, to enforce frequency caps.

All of the above are set only on the retailer's own domain (with SameSite=Lax). They are never third-party cookies, are never shared across sites, and cannot be used to follow a shopper from one retailer to another.

3. How the widget honours consent

The widget reads — and never writes — the consent state exposed by the retailer's consent management platform (CMP). It understands the IAB TCF API, Didomi and OneTrust, including reading the OptanonConsent cookie that OneTrust sets, so it can honour a decision the shopper has already made.

  • If the shopper has explicitly declined the relevant consent category, the widget stores nothing at all and does not render.
  • If a CMP is present and consent is granted, the widget stores the items in the table above.
  • If no CMP is present on the page, the widget's storage posture is configured per retailer, in line with that retailer's own compliance stance.

4. Classification

[LEGAL REVIEW: classification of each item above as strictly necessary vs non-essential (and the corresponding PECR/ePrivacy consent treatment) to be confirmed by counsel per deployment.]

5. Managing these cookies

Because everything above lives on the retailer's own domain, you can remove it by clearing cookies and site data for that retailer's site in your browser, or by changing your choices in the retailer's consent banner. For more on the data behind these identifiers, see our Privacy Policy.