How does a cookie banner work?

AdOpt is a consent management platform that helps you build a relationship of transparency and trust with your website visitors.

With AdOpt, all visitors accessing your website will see a banner requesting consent in a direct, free, informed, and specific manner, as required by the GDPR and other privacy regulations.

Below, we explain the steps involved in processing consent within AdOpt.

• AdOpt checks whether this access is from a new visitor (i.e., whether they already have an AdOpt cookie stored in their browser).

  1.1. If the visitor already has the AdOpt cookie, the banner will not be displayed again, and only the Controller (floating icon with the AdOpt or website logo) will remain visible.
  1.2. If the visitor does not have the AdOpt cookie, they will be treated as a new visitor.
  1.3. Essential/Required cookies and tags will be automatically activated to ensure the website functions properly.

The banner displayed by AdOpt includes:

• A list of third-party tags/cookies and their respective classifications, as defined by the AdOpt administrator for that website.
• Links to the Cookie Policy, Privacy Policy, and Terms of Use.
• A public link to the Data Subject Request Page or Opt-out Page, allowing the visitor to revoke consent at any time.

The visitor can:

• Accept all cookies.
• Reject all non-required cookies.
• Customize their preferences, reviewing the detailed list of categories and selecting which ones to allow. This option enables partial consent.

Once the visitor confirms their choice, AdOpt generates a unique CookieID, which is stored in the user’s browser.

Consent information is recorded in the Consent Log within AdOpt and includes:

• Date and time of consent.
• Anonymized CookieID of the visitor.
• List of accepted or rejected tags and cookies.
• Version of the Cookie Policy, Privacy Policy, and Terms of Use in effect at the time of consent.

These records are accessible in the AdOpt dashboard under Consent Logs, ensuring traceability and legal proof of consent.

If the AdOpt banner has been configured to block tags, the process works as follows:

• On the first interaction, only necessary tags are freely activated in the Cookie Banner, while all others remain blocked until the visitor grants consent.
• Upon each new visit, the visitor’s browser checks the permission list recorded in AdOpt.
• Tags verify whether consent has been given before being activated or remaining blocked.
• Only the tags explicitly authorized by the visitor will be triggered.

This ensures compliance with LGPD, GDPR, and other regulations, preventing unauthorized cookies or trackers from being executed.

If a visitor requests to revoke consent (opt-out), the process follows these steps:

• The visitor’s CookieID is updated to “inactive/opt-out”, ensuring that no further data collection occurs.
• This CookieID is retained solely for proof of consent, with no tracking capability.

• Two emails are sent:
  2.1. To the data subject (if identified), confirming the request.
  2.2. To the website/DPO, informing them of the request.

  • The company can check if other integrated systems also need to process the request (e.g., CRM, ERPs, APIs).
  • If no personal data is associated with the CookieID, no further action is required.

If the visitor provided an email or other personal data, the company must:

• Locate and delete the data in all related systems (following its Data Mapping process).
• If it is company policy, send a confirmation email to the data subject regarding the deletion.

The visitor will be informed via:

• A confirmation pop-up on the website.
• A link in the email, directing them to an educational guide on how to manually delete cookies from their browser.

• AdOpt keeps a record indicating that CookieID example.7a3657 requested an opt-out on a specific date and time.
• This record can be accessed at any time for privacy audits or legal proof of compliance.

AdOpt ensures that your website visitors have full control over their data, meeting the requirements of LGPD and other privacy laws.

For more information, check out our content on consent management and privacy in our blog. 🚀