Cookie Policy
Last updated: 12 July 2026
1. Scope
This policy describes everything the GWP gift unit ("the widget") stores in a shopper's browser when it runs on a participating retailer's site, and how the widget interacts with that retailer's consent tooling. It also covers this marketing site.
This marketing site (gwpingenuity.com) itself sets no cookies. The inventory below applies only to the widget running on retailer sites.
2. What the widget stores
The widget uses a small, fixed set of first-party cookies and localStorage keys. There is nothing else — no third-party cookies, no fingerprinting, no cross-site identifiers.
| Name | Type | Duration | Purpose |
|---|---|---|---|
gwp_sel | First-party cookie | 30 days | Carries the shopper's gift selection across the basket → checkout subdomain hop on the retailer's own domain. |
gwp_ses | First-party cookie | 30 days | Session reference used for frequency capping and for attributing a claimed gift to the retailer. |
__gwp_probe | First-party cookie (technical) | 5 seconds | A short-lived write-probe used to test whether a cookie can be set on the retailer's registrable domain; removed immediately after the test. |
gwp_sel | localStorage | Until cleared | Mirror of the gift selection, used when the cookie is unavailable. |
gwp_ses | localStorage | Until cleared | Mirror of the session reference. |
gwp_shows | localStorage | Until cleared | Counts how often the unit has been shown, to enforce frequency caps. |
All of the above are set only on the retailer's own domain (with SameSite=Lax). They are never third-party cookies, are never shared across sites, and cannot be used to follow a shopper from one retailer to another.
3. How the widget honours consent
The widget reads — and never writes — the consent state exposed by the retailer's consent management platform (CMP). It understands the IAB TCF API, Didomi and OneTrust, including reading the OptanonConsent cookie that OneTrust sets, so it can honour a decision the shopper has already made.
- If the shopper has explicitly declined the relevant consent category, the widget stores nothing at all and does not render.
- If a CMP is present and consent is granted, the widget stores the items in the table above.
- If no CMP is present on the page, the widget's storage posture is configured per retailer, in line with that retailer's own compliance stance.
4. Classification
[LEGAL REVIEW: classification of each item above as strictly necessary vs non-essential (and the corresponding PECR/ePrivacy consent treatment) to be confirmed by counsel per deployment.]
5. Managing these cookies
Because everything above lives on the retailer's own domain, you can remove it by clearing cookies and site data for that retailer's site in your browser, or by changing your choices in the retailer's consent banner. For more on the data behind these identifiers, see our Privacy Policy.