1. Introduction
This Cookie Policy explains how the website sabahouse-advisors.com (“Website”) uses cookies and similar technologies in accordance with the General Data Protection Regulation (GDPR), ePrivacy Directive, EDPB guidance and CNPD recommendations.
The Website uses CookieYes CMP to ensure that no non-essential cookies are activated without the user’s prior, explicit and granular consent.
2. What are cookies?
Cookies are small text files placed on your device that enable essential functionalities, security controls, analytics, personalization, and advertising.
Similar technologies may include tags, pixels, SDKs, fingerprinting scripts, and device identifiers.
3. Data Controller
Saba House Advisors
Website: https://sabahouse-advisors.com
Email: dataprotection@sabahouse-advisors.com
4. Use of CookieYes CMP
The Website implements CookieYes – Consent Management Platform, ensuring:
Prior and explicit consent before enabling non-essential cookies
Granular consent by category
Consent logs for audit purposes
Ability to change or withdraw consent at any time
Automatic blocking of scripts prior to consent
The cookie banner appears on the first visit or whenever relevant modifications occur.
5. Cookies used on this Website
5.1 Strictly Necessary Cookies
These cookies are essential for the Website’s functioning, WooCommerce features, payment processing and security.
| Cookie | Domain | Duration | Purpose |
|---|---|---|---|
| rc::a | google.com | persistent | reCAPTCHA – bot detection |
| rc::c | google.com | session | reCAPTCHA interaction security |
| wp_woocommerce_session_* | sabahouse-advisors.com | 2 days | Customer session/trolley persistence |
| woocommerce_items_in_cart | sabahouse-advisors.com | session | Cart tracking |
| woocommerce_cart_hash | sabahouse-advisors.com | session | Detect changes in cart content |
| m | m.stripe.com | 13 months | Fraud prevention by Stripe |
| __stripe_mid | sabahouse-advisors.com | 1 year | Stripe customer identifier |
| __stripe_sid | sabahouse-advisors.com | 1 hour | Stripe session identifier |
| _cf_bm | paypal.com | 1 hour | Cloudflare Bot Management |
| _cfuvid | paypal.com | session | Consistent session and security rules |
5.2 Analytics Cookies (Sourcebuster)
Used only with consent.
| Cookie | Duration | Purpose |
|---|---|---|
| sbjs_migrations | session | Migration parameter tracking |
| sbjs_current_add | session | Additional info on current traffic source |
| sbjs_first_add | session | Additional info on first recorded source |
| sbjs_current | session | Current UTM tracking |
| sbjs_first | session | First UTM tracking |
| sbjs_udata | session | Aggregated behavioural data |
| sbjs_session | 1 hour | Sourcebuster analytics session ID |
5.3 Advertising Cookies
Enabled only upon consent.
| Cookie | Domain | Duration | Purpose |
|---|---|---|---|
| NID | google.com | 6 months | Personalised advertising preferences |
6. Additional Technologies Used
The Website integrates:
iDenfy KYC: identity verification processed externally
reCAPTCHA: anti-fraud and anti-abuse security
WooCommerce & Payment Gateways: operational cookies for e-commerce
No unnecessary tracking is performed.
7. Managing Consent
Users may:
Accept all categories
Reject non-essential categories
Customise preferences
Withdraw consent at any time (“Review Consent” link in footer)
No analytics or advertising cookies are triggered without opt-in.
8. International Transfers
Some third-party cookies (Google, PayPal, Stripe) may involve data transfers to the United States. These providers rely on Standard Contractual Clauses (SCCs) and supplementary safeguards.
9. Legal Basis for the Use of Cookies
| Cookie Category | Legal Basis | Rationale |
|---|---|---|
| Strictly necessary | Art. 6(1)(b) and Art. 6(1)(f) | Contract performance (checkout, payments) and legitimate interest (security, fraud prevention) |
| Analytics | Consent | Activated only after opt-in via CookieYes |
| Advertising | Consent | Never activated without express consent |
Users may withdraw consent at any time via the CMP interface.
10. Data Retention Associated With Cookies
Cookies are retained according to the durations listed in the main tables.
Additional retention details:
Essential cookies: retained strictly for functionality, security and fraud prevention
Analytics cookies (Sourcebuster): aggregated; session data expires upon completion
Consent logs (CookieYes CMP): retained as required for GDPR compliance
KYC metadata (iDenfy): only minimal status data stored locally; sensitive identity data never stored on the Website (processed solely by iDenfy)
11. Security and Technical Measures
Cookie and session security
Full-site TLS encryption
HttpOnly, Secure and SameSite flags
Wordfence firewall and intrusion prevention
Bot mitigation via Google reCAPTCHA and Cloudflare Bot Management
External script integrity checks via SRI Manager
Payment security
The Website does not store card data
Payments handled by Stripe, PayPal, Google Pay (PCI-DSS compliant)
KYC verification security
Temporary session tokens for iDenfy KYC
Secure webhooks (optional HMAC)
Minimal metadata stored in WordPress
Verification status retrieved via secure APIs
12. KYC Integrations (iDenfy)
Although detailed in the Privacy Policy, interaction with cookies is clarified:
Interaction between cookies and KYC
KYC flow does not set cookies directly
Operates via secure API interactions and embedded scripts
Stored metadata limited to:
_idenfy_status
_idenfy_scanref
Data processed externally by iDenfy
Identity document (image + extracted data)
Selfie / biometric template
Device metadata
AuthToken and scanRef
Final decision (approved/denied/failed/expired)
Legal basis for KYC
Compliance with legal obligations (anti-fraud / AML)
Contract performance (identity verification required before service delivery)
Legitimate interest in transaction security
13. Changes to this Cookie Policy
We may update this policy. CookieYes will request renewed consent when material changes occur.