Last updated: 28 May 2026
Cookie Policy
Information notice about cookies and similar technologies used on sardiniadriver.com.
1. What cookies and storage technologies are
Cookies are small text files that websites store on the user's device to remember
information useful for the site to work properly or to analyse navigation. Equivalent
technologies include the browser's localStorage and
sessionStorage, HTTP headers that stay on the device only for the duration
of the request, and server-side writes to a serverless database. On sardiniadriver.com
we use all these technologies in a strictly first-party manner
(i.e. under the sardiniadriver.com domain).
2. Categories and consent management
On sardiniadriver.com consent is managed via a first-visit banner and a persistent "Manage cookies" panel always available at the bottom-left of the page. Three categories are defined:
- Technical (necessary) — always active, no consent required. Guarantee the basic functioning of the site (consent storage, anonymous session, admin authentication security).
- Analytics — opt-in. When active, the site measures visits anonymously
and in aggregate (
pageviewstable) and CTA clicks (eventstable) in the Cloudflare D1 serverless database. Without consent no tracking request is sent. - Marketing — opt-in. Would allow advertising profiling and remarketing. Currently not in use: the category is provisioned for future campaigns; no pixel or third-party cookie is loaded.
Consent is stored in localStorage under the key
sd_cookie_consent_v2 with the structure
{technical:true, analytics:boolean, marketing:boolean, ts, version:2}.
You can change or withdraw it at any time from the "Manage cookies" panel.
When you change consent, the analytics tracker enables or disables itself within the
same page without a reload (custom sd:consent-changed event).
3. Detailed list of cookies, storage and server-side writes
| Name / resource | Type | Category | Provider | Purpose | Duration | Consent |
|---|---|---|---|---|---|---|
sd_cookie_consent_v2 | localStorage | Technical | Sardinia Driver (first-party) | Stores your cookie consent choice | Persistent, until withdrawn | No |
sd_session_id | sessionStorage | Technical | Sardinia Driver (first-party) | Anonymous session identifier (16 random bytes) to avoid counting the same visit twice. Used by analytics writes if the user has accepted the Analytics category. | Browser session (cleared on tab close) | No |
sd_admin | HTTP cookie | Technical (admin) | Sardinia Driver (first-party) | Controller's backoffice session. HttpOnly, Secure, SameSite=Strict, scoped to /api/admin. Never sent during public browsing. | 12 hours from login | No (necessary for the backoffice to function) |
pageviews table (Cloudflare D1) | First-party serverless database | Analytics | Sardinia Driver (first-party) — Cloudflare D1 infrastructure | Writes one row per page visit: timestamp, path, referrer, source classification, language, country (CF-IPCountry), sd_session_id, SHA-256 hash of the User-Agent. | 180 days, then automatic daily deletion | Yes — only with Analytics consent |
events table (Cloudflare D1) | First-party serverless database | Analytics | Sardinia Driver (first-party) — Cloudflare D1 infrastructure | Writes one row per tracked CTA click ([data-track-cta]) and other interaction events: type, label, path, sd_session_id, language, JSON metadata. | 180 days, then automatic daily deletion | Yes — only with Analytics consent |
leads table (Cloudflare D1) | First-party serverless database | Technical (request fulfilment) | Sardinia Driver (first-party) — Cloudflare D1 infrastructure | Stores the contact form content (name, email, phone, service, message), plus country, SHA-256 hash of the visitor's IP (ip_hash) and SHA-256 hash of the User-Agent (ua_hash) for security/auditing. IP and UA never stored in clear. | 24 months (non-converted requests) / 10 years (confirmed bookings, tax obligation) | No (pre-contractual execution, art. 6.1.b GDPR) |
| Google Fonts (woff2) | Third-party HTTP request | Technical | Google LLC | Loads the Inter and Montserrat web fonts. Google receives the browser's IP at the moment of the font request. | Browser HTTP cache | No |
| OpenStreetMap (map iframe) | Third-party HTTP request (only when the contact page loads) | Technical | OSM Foundation | Displays the map of the office and points of interest | Session | No |
WhatsApp link (wa.me) | Outbound link | Technical | Meta Platforms | Direct link to the WhatsApp number (only opened on user click) | On click only, no persistent cookie | No |
For more information on the privacy policies of third-party providers:
- Cloudflare Privacy Policy
- Resend Privacy Policy
- Google Privacy Policy
- OpenStreetMap Privacy Policy
- WhatsApp Privacy Policy
4. How to manage consent from our panel
The easiest way to change consent is the "Manage cookies" button always available at the bottom-left of the site. From there you can enable/disable the Analytics and Marketing categories individually and save the new preference. The change is effective immediately: if you withdraw Analytics, the tracker stops sending pageviews and events within the same page without a reload.
5. Managing cookies from the browser
In addition to our panel, you can disable, delete or block cookies and storage from your browser settings. Disabling technical cookies may break parts of the site.
6. Controller and contacts
Data controller: Stefano Scalas — "Sardinia Driver di Stefano Scalas", Via Sorgono 12, 09042 Monserrato (CA), Italy. For cookie questions write to [email protected].
For data processing in general, see our Privacy Policy.