Frequently asked questions

If you can't find what you're looking for you can always contact us here.

How do I implement TRUENDO on my website?

The TRUENDO CMP can be implemented on every website and it is UX and UI optimized. Our implementation process is detailed in the Documentation section.

All you need to do is follow the simple steps as presented. It will only take you a few minutes to be compliant.

Will maintenance be required after initial implementation?

We value your time and want to make the compliance process as convenient as possible. After the implementation of the TRUENDO CMP on your website, the product will be updated automatically. The software will scan your website once a month in order to detect any new cookies that may have been set.

Who can I talk to when I have a problem?

For any type of difficulty (product adjustment, solution choice or any technical problem) feel free to contact our highly trained team. Just click on the chat function at the bottom-right corner of the website and we will contact you as soon as possible.

Is tax included in the price?

No, VAT (Value Added Tax) is not included in the price. For sales in member countries of the European Union, we charge the applicable VAT. If we are notified of a sales tax ID number of a non-Austrian company within the European Union, the service will be exempt from VAT.

What is the contract length?

The contract (or subscription) is valid for 1 year or 1 month, depending your preferred payment method.

How long is the payment period?

The payment period lasts 1 year or 1 month, depending in your preferred payment method.

What are the available payment methods?

Payments can be made with all major credit cards (VISA, MasterCard and American Express). We use Stripe as a payment service provider.

What is the cancellation and refunds policy?

TRUENDO will be available to you for as long as you have paid, i.e. either 1 month or 1 year. You can cancel the contract at any time.

To cancel the contract, log into your TRUENDO account and go to the “My Organization” tab, and then “Subscription”. We do not offer any refunds.

What are the rules that apply for using cookies and/or accessing end user device information on my website?

The article 5 (3) of the ePrivacy Directive (ePD) in conjunction with GDPR regulate the requirements for accessing end user device information and the usage of cookies.

The ePD allows using cookies and accessing end user device information for the following three cases:  It’s technically necessary, like session/login cookies, etc. Strictly necessary for providing the service, like cookies for storing items in shopping carts, language selection cookies, log-in information, cookies from payment service provider,  accessing end user device information (like browser attributes) for correct display of design (elements) on your website, cookies storing information about cookie-consent (legally needed) In any other cases: You need to inform the user in a clear and comprehensive way about the purpose of processing and the user gives his consent (GDPR-compliant opt-in)

What does consent mean?

Art 5 (3) ePD in conjunction with art 4 (11) GDPR require “informed consent”, which is defined as the following: \

1. It has to be explicit.
2. Freely given: consent to data processing can’t be the condition to use your service/website. The user has the right to withdraw his consent any time.
3. User needs to be informed about:
     - The purpose of the processing.
     - Who the controller is.
     - Are third-parties involved?
     - their right to withdraw
4. It must be specific: it should be clear what data processing activities are carried out. The user has the opportunity to consent to each data processing activity.
5. Unambiguous: it is clear that the user has actively agreed on the data processing activities.  
You must not set cookies without consent, consent by "using the website", or pre-ticked boxes
6. Consent has to be given in-advance: no cookies/tracking before that.

How do I comply with the information obligation when using cookies? What does the information need to contain?

- Details of the cookies you intend to use: what kind of personal information does it collect? (e.g. ip address, browser attributes)    
- Life-time of the cookie    
- Is it a first-party cookie or a third-party cookie?    
- Who is the data processor?      
- The purpose for which you intend to use the cookies (marketing, statistics, etc.)

What else do I need to provide to legally comply?

The user needs to have the opportunity to get insights to which cookies and/or processing purposes they consented to. You need to have a consent record. This consent record can and should be anonymous.

Do I need consent for anonymous tracking?

Short answer: yes.
The European Court of Justice (ECJ) ruled that device fingerprinting, hidden identifiers, etc. need user consent, even if no cookies are used.  

What if I use only technical necessary cookies?

Then no CMP or cookie banner is needed. You only need to add to your privacy policy the information what kind of (technical) cookies you use and what (technical) purpose they fulfill.

If I’m using Matomo do I need consent?

Yes, if it is configured in such way that it tracks your visitors and/or it is analyzing end user device information within your server data/logs. You also need to declare in your privacy policy that you self-host it and no third-parties get access to the collected data.

In which languages do I need to provide a CMP?

This is not directly stated in the GDPR, but as the user needs to get “informed consent”, the user needs to be able to understand the information you provide them. It’s advised that you provide the CMP in the languages you provide your website in.

When does the cookie banner need to be displayed?

Consent has to be given in-advance to the data being processed: there must be no non-necessary cookies/tracking/data processing before that. The easiest way to show the cookie banner is upon the first visit of your website. Then let the user decide which services/purposes they want to give their consent to. After that you can set cookies accordingly.

Does the user need to consent to all services individually?

No. It would make operating a website difficult and tedious if a user would have to consent to each cookie service, individually, before using your website.  

It’s sufficient to categorize your cookie service by processing purposes (marketing, statistics, etc.). You can also provide an accept all button and a reject all button. Declining all non-necessary cookie services has to be as easy as accepting all.

If I’m located outside of the EU, do I need to implement a CMP?

Yes. If you process data from customers from the European Union and/or target citizens of the EU with your website, you need to comply with EU law, even if you are located outside of the EU.

How long do I need to store the consent record of a user?

There is no strict rule here, but there are recommendations. Some data protection authorities have made recommendations such as CNIL (France) or the Irish Data Protection Commission.  

France: best practice at least 6 months for consent.
‍Ireland: maximum of 6 months for consent according to the Irish data protection commission

What does the record of consent for cookies need to contain?

1. Who provided the consent (user ID).
2. When and how consent was acquired from the user.
3. What user consented to.

Can you summarise everything I need to implement on my website?

1. Block all cookies before consent is obtained.
2. Show a cookie banner on the user’s first visit to your website.
3. A brief explanation of the purposes (marketing, statistics, social content etc.).
4. The user must have the option to consent to each purpose individually, the option to reject all non-necessary cookies and the option to accept all cookies.
5. Provide the cookie consent tool in all languages in which your website is provided in.
6, Make sure that your website works properly if all non-technical cookies are rejected.
7. Make sure your website works properly if only some purposes are being consented to.
8. Make sure your website does not set any non-consented cookies.
9. Provide a platform to allow the user to manage and view their consent.