In this document, we describe how we process your personal information when you use our Consenter Agent. Consenter Agent is a browser extension operated by Law & Innovation Technology GmbH (L&I Technology) on behalf of the end user and which is able to technically communicate with cookie banners operated by L&I Technology on behalf of website providers. The data is processed in accordance with the General Data Protection Regulation (GDPR), the German Telecommunications-Digital Services-Data Protection Act (TDDDG) and, amongst others, guidelines from the French data protection authority CNIL.
Effective: December 2025
1. Summary
1.1 What personal data do we collect?
Overall, we collect the following personal data:
Your consent pre-settings, i.e. a combination of binary decisions (yes/no) as to whether you wish to give your consent for a particular purpose or not.
Consent record in your browser cookie, i.e. purpose-specific consents per third-party provider, including metadata (ID of the consent per third-party provider, timestamp of the consent per third-party provider, CB version per purpose, domain of the website).
Your consent history, i.e. a collection of your consent records that documents the history of your consents. It may be used later to resolve disputes; for this reason, revoked consents remain stored.
Consent record for the website provider, i.e. purpose-specific consents per third-party service, including metadata on consent (ID of consent per third-party provider, timestamp of consent per third-party provider, CB version per purpose, domain of the website, NO refused consents, NO user ID).
1.2. Why and how do we collect and use your data?
L&I Technology processes your personal data and consents exclusively for the purposes of consent management. L&I Technology processes anonymized data for the continuous improvement and further development of the service and for scientific research purposes in the field of effective consent processes and data subject rights. To this end, it applies the guidelines published by the French data protection authority CNIL (Exemption Audience measurement Configuration guide Matomo Analytics). Identifiers such as IP addresses are only stored in aggregated form.
1.3 Who else gets access to your data?
The data we collect is only shared with our service providers for the aforementioned purposes, which is explained in more detail below. Overall, we engage the following service providers (i.e. processors):
Cloudfront AWS (https://aws.amazon.com/de)
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855 Luxembourg
Strapi Content Management System (https://strapi.io)
Strapi Inc.
3500 S Dupont Hwy, Dover, DE 19901, USA
Matomo (https://matomo.org)
InnoCraft Ltd.
7 Waterloo Quay, PO625, 6140 Wellington, Neuseeland
2. How do we process your data to enable our consent management service?
To use our Consenter Agent, you must download it from an app store, possibly via a link in a Consenter banner on a website that you visited. To display content in your Consenter Agent, which is running locally on your browser, we use a content management system (CMS). The app store and the CMS process some personal data from you for this purpose.
2.1 Downloading the extension via an app store
If you install the Consenter Agent through an App Store (e.g. the Google Chrome Store), the App Store provider may process additional data, such as:
Account and profile data, device and browser identifiers, IP address and general usage statistics of the browser and the App Store.
Metadata about the extension and its installation/use, such as install/uninstall events, ratings, crash reports, and diagnostic data.
Since the processing is governed by the respective App Store, we want to inform you about this. Please learn more about this
at Google’s Privacy Policy covering its Chrome Store.
2.2. Automatic takeover of specific settings in Consenter Banner as default settings in Consenter Agent
When you download the Consenter Agent from the App Store via the link in a Consenter banner (‘Safe for further sites’), we will attempt to apply the specific settings you have made in the banner as general default settings in your Consenter Agent. You can then adjust these default settings at any time in the consent agent. However, not all browsers allow these settings to be transferred from the banner to the agent.
If this function is supported by a browser (e.g. by the Google Chrome Store), the App Store is generally able to read these settings and connect them to the end-user who downloads the agent. We would like to point out that the insight into the end user's private life is very limited, especially since the end-user can change the pre-settings at any time and the App Store can therefore not draw any reliable conclusions about the consent behavior of the end-user. In addition, the App Store would have to be able to base the reading of this information on its own legal basis. Therefore, we consider the risk of abuse of this information through the App Store to be low.
2.3. Displaying content in your Consenter Manager via our CMS
We use a Content Management System (CMS) from Strapi to deliver content to you, such as text and images. Solely for the purpose of delivering information to you securely, Strapi might have access to server log data (including IP address, timestamp, request URL, user agent.
3. How do we process your consent pre-settings?
In your consent agent, you can pre-set the purposes for which you allow your data to be processed when visiting the website. You can adjust these settings at any time when visiting the respective website via our so-called handover notice.
3.1 Which personal data do we collect?
Your consent pre-settings are personal insofar as they contain your preferences regarding consent.
However, in the current status quo, they are not identifying (not even weakly identifying), as no unique identifier is contained in the consent pre-setting.
3.2 How do we process your data and where do we store it?
We treat your consent pre-settings similar to the ‘no photography’ badge at a conference: consent pre-settings are de facto public, but that's in your interest: you want to tell every website that you don't want to be tracked, for example, or that you want to see personalised advertising instead of irrelevant banner ads.
Your consent pre-settings are stored locally in your browser in your agent and are only transferred locally between the agent and the cookie banner.
3.3 How long do we keep your data?
We store your consent presettings as long as you have your agent installed. If you uninstall your agent, we will also delete your presettings.
4. How do we process your consent records in your browser cookie?
The storage of your consent records in your browser cookie serves the purpose of automatically transferring and applying previously granted and denied consents when you visit the service provider's website again.
4.1 Which personal data do we collect?
Your consent record is personal data insofar as it documents your consent.
Contains a unique consent ID for the consent record.
Contains a timestamp of when the consent record was created.
If an existing consent is changed, a new consent record is created, which then contains the ID of a now obsolete previous consent record.
It is weakly identifying, as presenting the same consent record (consent ID or timestamp) twice makes it possible to recognise a user between two visits to a website; however, the consent records themselves contain very little insight into your private life.
However, if all purposes have been refused, the consent record (cookie) does not contain a consent ID or timestamp. In this case, the consent record (cookie) is not identifying. For technical reasons, however, it is protected in the same way as the weakly identifying versions.
4.2 How do we process your data and where do we store it?
Consent records (cookies) are stored as cookies in your browser.
They are transmitted in encrypted form between the consent banner and the website.
SameSite=strict, i.e. the cookie is not automatically sent to third-party websites.
The cookie is origin-bound, meaning that only the service provider's website can access it.
The cookie is not HttpOnly, meaning that it can be read from JavaScript, which is technically necessary for the service.
However, JavaScript outside the service provider's website does not have access to the cookie. Only the service provider's website can access the cookie.
4.3 How long do we keep your data?
We store your cookie for 365 days. You can always delete your consent record cookie by cleaning your browser cache.
5. How do we process your consent record in your consent history?
Your consent history provides you with an overview of all consents you have given to website operators (i.e. a collection of all consent records). Here you can also revoke all consents you have given.
5.1 Which personal data do we collect?
For information on the nature of consent records as personal data, see the previous point. Please also note the following special features:
As a collection of a user's consent records, it maps a user's consent and browsing history.
This means that the consent history (agent) is highly personal and, as a rule, even highly identifiable.
There is a need for protection, similar to a user's history in their web browser (Google Chrome, Firefox, Safari).
5.2 How do we process your data and where do we store it?
Consent record (agent) is only transferred locally between the agent and the consent banner;
stored in consent history (agent) and secured there accordingly; however, please note that we do not encrypt your consent history to avoid compromising the usability of the consent agent (encryption would require you to enter your password on every website before your preferences could be passed on to the websites); you should therefore ensure that you do not implement any other malicious extensions in your browser that would read your consent history.;
is technically signed in the backend of the L&I system and contractually secured against misuse with the service provider to ensure integrity (NOTE: represents a new state of the art compared to the lower verification function of other consent management platforms).
5.3 How long do we keep your data?
We store your consent records in your consent history as long as you need them to prove the existence or non-existence of your consent in the event of a dispute with the website providers (i.e. initial granting of consent, refusal of consent, revocation of consent, re-granting of consent).
6. How do we process your consent record for website you visit?
Website operators also need access to the consents they have been granted in order to prove the lawfulness of their processing of personal data. To this end, L&I Technology collects all consent records received from different users for website providers as well (PLEASE NOTE: these consents only contain consent IDs, NO user IDs).
6.1 Which data do we collect?
For information on the nature of consent records as personal data, see the previous point. Please also note the following special features:
The website provider cannot derive any user profiles beyond the explicitly (and intentionally) linked consent records (customer store), as NO user IDs are stored.
For reasons of data minimisation, NO refusals of consent are stored either.
6.2 How do we process your data and where do we store it?
Consent records (customer store) are currently stored centrally in the cloud at L&I as part of the consent record store (customer store) and are technically and organisationally secured against unauthorised access, minimising the risk of misuse.
Amazon Web Services (AWS) is currently used as the service provider for this purpose.
6.3 How long do we keep your data?
We store your consent records for the website provider as long as the provider needs for proving the legality of processing your data.
7. What is our legal basis and what are your rights?
7.1 Why are we allowed to process this data?
We process the aforementioned personal data in order to properly fulfil the service of managing your consents, according to Art. 6 sect. 1 lit. b GDPR and § 25 sect. 2 nr. 2 TDDDG.
7.2 What are your rights?
You can easily delete most personal data by uninstalling the extension and deleting the consent record cookie in your browser. You do not have the right to have consent records deleted that the website provider stores for itself as proof of the lawfulness of its data processing.
The system should actually display all consent decisions correctly. If you are certain that our system is not displaying a decision correctly, please contact us. In this case, it is most likely a technical error, which we will of course correct as quickly as possible with your help.
If you would like to download your consent history or transfer it to another service provider, please send us a message.
7.3. How can you contact us and enforce your rights?
If you have questions regarding the processing of your personal data, please contact us. You can send an e-mail to info@law-innovation.tech. We will do our best to address your concerns and provide you with answers.
We will review your request and do everything we can to accommodate it. If we conclude that the rights concerning your personal data do not apply, we will explain to you why. We may require an additional proof of your identity (like a document) to verify you are the one making the request.
If you are not satisfied, you have the option to issue a formal complaint with the relevant supervisory authority.
8. Will this privacy policy change?
Yes, the information on this page can evolve, for example when the law or the way we process data change. When this happens, we will always make it clear and publish the changes on this page.
The older versions of this document will be stored and kept accessible.
