Cookie Policy
Executive summary
- RAENBI.com currently uses two verified first-party local-storage entries in the reviewed codebase:
cookies-consentandtheme - Optional analytics stay off unless you actively enable them and a deployment has a configured
ANALYTICS_ID - The current public consent UI does not expose a live marketing category, does not use pre-ticked optional choices, and does not treat continued browsing as consent
- You can reopen Cookie Preferences from the footer at any time and withdraw analytics consent as easily as you gave it
Controller and scope
This policy applies to the public pages published on raenbi.com. It covers the consent banner, the Cookie Preferences control rendered on this legal page and also available from the footer, the verified local-storage keys used by the current front-end implementation, and the conditional loading path for optional analytics on the technical RAENBI.com site.
For cookie-related processing described here, the controller is RAENBI S.R.L., Belgium. The dedicated privacy channel is privacy@raenbi.com; the general contact route is contact@raenbi.com. RAENBI has not formally designated a Data Protection Officer because the processing described in this policy does not meet the designation thresholds of Article 37 of the GDPR.
This policy does not automatically cover client environments, third-party platforms opened outside this domain, or externally hosted tools and documents that may be linked from RAENBI.com but are operated elsewhere.
Current consent model
RAENBI.com shows a consent banner when no prior decision has been recorded locally. The banner offers direct allow analytics and keep analytics off actions, and the same preferences control lets you save the analytics choice separately while necessary storage remains active.
The current implementation does not rely on pre-ticked optional categories. Continuing to browse does not by itself enable optional analytics.
Even after consent is given, the analytics component is loaded only if a deployment also has a configured ANALYTICS_ID. If no such ID is configured, the optional analytics path remains inactive.
Legal framework and legal bases
RAENBI assesses the current implementation under Directive 2002/58/EC, the Belgian Law of 13 June 2005 on electronic communications, the GDPR, the Belgian Law of 30 July 2018 on data protection, the EDPB Guidelines 05/2020 on consent, and the Planet49 judgment (C-673/17).
| Category | Current implementation | ePrivacy position | GDPR legal basis | Purpose |
|---|---|---|---|---|
| Necessary storage | Consent memory and theme preference | Treated as storage that is strictly necessary for a function explicitly requested by the user | GDPR, Art. 6(1)(f) where related personal-data processing occurs | Keep the site operational, remember the consent state applied on the device, and apply the theme explicitly chosen by the user |
| Optional analytics | Conditional Google Analytics loading through Runatics when consent is on and ANALYTICS_ID is configured | Requires prior consent before activation | GDPR, Art. 6(1)(a) | Measure aggregated usage patterns and improve technical delivery decisions |
Verified storage and activation inventory
The list below reflects the current repository implementation reviewed on 27 May 2026.
| Item | Type | Category | When it is written or loaded | What it does | Retention note |
|---|---|---|---|---|---|
cookies-consent | localStorage | Necessary | Created or updated when you accept analytics, keep analytics off, or save a new analytics choice | Stores the local consent object, including necessary, analytics, marketing, decided, and a timestamp | Remains until you change your choice or clear local storage |
theme | localStorage | Necessary after user action | Written only when you use the visible theme toggle | Stores the explicitly selected interface theme value (light or dark) | Remains until you change the theme again or clear local storage |
| Google Analytics loading through Runatics | External script activation | Analytics | Loaded only if two conditions are both true: you enabled analytics and the deployment has a configured ANALYTICS_ID | Loads gtag.js from Google Tag Manager and initializes the configured Google Analytics measurement ID | Provider-managed identifiers, if any, depend on the live deployment and are not hardcoded in this repository |
Transfers and third-party processing
The two verified necessary-storage entries identified above remain on the device unless you clear them or replace them with a new choice. The current repository review did not identify a separate server-side transfer created solely by storing cookies-consent or theme locally.
If optional analytics is enabled and a deployment has a configured ANALYTICS_ID, the current implementation loads Google's analytics script from www.googletagmanager.com. Depending on the deployment and provider configuration, this may involve processing by Google and may involve transfers outside the EEA.
Any such non-EEA analytics transfer requires a Chapter V GDPR transfer mechanism before activation in production, such as an adequacy decision where applicable or the Standard Contractual Clauses adopted by Decision (EU) 2021/914. This repository review verified the technical loading path, but not a live production measurement ID or a deployment-specific contract pack.
What this policy does not claim
This policy intentionally avoids claims that could not be verified in the current repository review:
- no verified first-party language-storage key was identified in the current RAENBI.com codebase (the verified necessary storage is limited to
cookies-consentandthemeas listed in the inventory above; locale selection is URL-driven on this domain, not stored client-side) - no live marketing, profiling, or advertising toggle is exposed by the current public consent UI
- no exact provider-managed analytics cookie names or durations are hardcoded in this repository
- no statement is made that optional analytics is active on every deployment of RAENBI.com
Your rights
Where cookie-related processing involves personal data, you may request:
- access under GDPR, Art. 15
- rectification under GDPR, Art. 16
- erasure under GDPR, Art. 17
- restriction of processing under GDPR, Art. 18
- data portability under GDPR, Art. 20, where the conditions for that right are met
- objection under GDPR, Art. 21 to processing based on legitimate interests, where applicable
- withdrawal of consent at any time under GDPR, Art. 7(3) for optional analytics
- the right not to be subject to a decision based solely on automated processing under GDPR, Art. 22, if such processing occurs
To exercise any of these rights, use the contact page or write to privacy@raenbi.com and identify the request as a privacy matter. For the broader personal-data framework surrounding those rights, see the Privacy Policy.
How to change or withdraw your choice
Under GDPR, Art. 7(3), you may withdraw consent to optional analytics at any time, and withdrawing it must be as easy as granting it. Withdrawal does not affect the lawfulness of analytics activation that took place before the withdrawal.
You can manage optional analytics in three practical ways:
- Use the Cookie Preferences control on this page or reopen the same dialog from the footer and save a new choice
- Clear the relevant local-storage entry in your browser; if you remove the consent record, the banner will appear again on a later visit
- Block or delete storage through your browser settings, bearing in mind that clearing necessary storage may reset consent memory and interface preferences
Questions, complaints, and related documents
If you need clarification about this policy or want to report a concern about RAENBI.com storage or consent behaviour, use the contact page or write to privacy@raenbi.com and specify that the request concerns cookies or consent.
If you believe your data-protection rights have been infringed, you may also lodge a complaint with the Belgian Data Protection Authority (APD/GBA), Rue de la Presse 35, 1000 Brussels, Belgium.
Related internal references:
Review cycle
RAENBI reviews this policy after material changes to consent handling, analytics activation, or client-side storage behaviour, and at least once per year.