This page describes the cookie technologies and tracking logic that we can verify on the public website www.decimosrl.it, including the self-hosted consent banner, Google Tag Manager, Dealfront / Leadfeeder, Google Ads and Google reCAPTCHA.
Cookies are small text files or comparable identifiers stored or read on the user device in order to keep a website operational, remember choices, measure traffic or enable optional advertising technologies.
This policy applies only to the public Decimo website and its language versions. It does not cover the dedicated restricted services linked from the public website, such as configurator or support environments.
The public website is configured to support Dealfront / Leadfeeder as an optional Analytics tool for B2B traffic analysis and visiting-company intelligence.
Based on the current technical configuration, the related cookies or local storage entries are expected to include _lfa, _lfa_consent, _lfa_test_cookie_stored and _lfa_expiry.
These identifiers should be set only after a valid consent to the Analytics category.
When Analytics consent is granted, the website emits a dedicated consent event and attempts to run window.ldfdr.acceptCookie() in an idempotent way. If Analytics consent is later withdrawn, the website clears the known Dealfront cookie names and resets the local consent state.
Google Tag Manager acts as the technical tag container used on the public website. In the current setup it is initialized client-side with Google Consent Mode defaults set to deny optional analytics and advertising storage before the user makes a choice.
Google Ads and related advertising or remarketing cookies remain part of the Marketing category and should load only after marketing consent has been granted.
Because the GTM container itself is managed outside this repository, the live container must remain aligned with the website consent model so that optional analytics and advertising tags do not fire before consent.
Google reCAPTCHA is used as an anti-spam and security measure for protected forms. It is not treated as an optional analytics or marketing tool in the public-site consent model.
According to the project code, the reCAPTCHA script is requested only when the user interacts with a protected form, rather than being loaded globally on every page from the start.
The public website uses a self-hosted consent component based on CookieConsent v3. Users can choose between:
Preferences can be reopened and updated at any time through the Manage cookies link available in the footer. The technical preference cookie decimo_cookie_consent is used only to remember the user choice.
In addition to the technical preference cookie, the website records key consent events through an internal PHP endpoint. Depending on the event, the server-side log may include the event type, consent version, language, requested path, selected categories, IP address and user agent.
This log is intended to document consent choices and support accountability. It is not described in the project as a profiling tool.
The configurator and support services are separate restricted environments. They should rely only on technical, login, session and security cookies and should not inherit the public-site analytics or marketing banner behavior.