Universum logo

Cookie Policy

1.     Cookies and Similar Technologies

We, Universum Communications Sweden AB and its subsidiaries (“Universum”, “we” or “us”), use cookies on our websites. Cookies are text files that are stored on your device via an internet browser when you visit a website. They help us remember your preferences, enhance your user experience, and understand how our website is being used.. For this purpose, we can also use other techniques, such as tracking pixels, Application Programming Interface (API), such as conversion APIs or code in apps. In addition, we may use these cookies or other techniques to target you with interesting employer branding content.

Some of the cookies we use are deleted at the end of the browser session, i.e., when you close your browser (known as session cookies). Other cookies are kept on your end device and enable us or our partner companies to recognize your browser on the next visit (persistent cookies). Furthermore, cookies can be "first-party cookies" (set by us) or "third-party cookies" (set by external providers).

If not specifically stated below, you can view the exact retention period of a given cookie by displaying the cookie in your browser. If you opt out of accepting cookies, the functionality of our website may be limited. You can also learn more about our use of cookies and similar technologies and your choices below. 

We will continuously update this policy and ask you to review it regularly to stay up to date with our use of cookies. Our use of cookies may include processing of personal data. For further information on our processing of personal data, please see our Privacy Policy.

2.    How you can control the Use of Cookies

You can control or disable cookies at any time via:

·       Our consent management platform (CMP) – formerly known as cookie banners, or cookie pop-ups

A CMP is a tool that helps websites collect, manage, and document user consent for data processing, ensuring compliance with privacy laws like GDPR and CCPA.

·       The use of opt-out tools provided by platforms such as Meta, or through the Digital Advertising Alliance:
https://optout.aboutads.info/

·       Your browser settings

Most web browsers allow you to automatically remove all cookies when you close the web browser. Additionally, most web browsers allow you to disable the use of third-party cookies. You can always review the cookies that have been stored by your web browser. You may choose to block some or all cookies, or even to delete cookies that have already been set, but you should be aware that you might lose some functions of the website or the digital service. 

If you want to restrict or block the cookies that are set by our website or services, or by any site, you may freely change the settings in your web browser. The “Help” function in your web browser should explain how.

Please note that disabling cookies may affect the functionality of our websites.

3.    Technically Necessary Cookies / Essential Cookies

We may use technical necessary cookies or essential cookies, which are required for basic website functionalities. Meaning these are cookies that are merely required to collect certain information on our platforms to provide a service required or wanted by you as user. This extends to navigation or session cookies that enable smooth navigation and use of the website (and for instance permit access to the restricted area); analysis cookies that are set directly by us to collect aggregated information about the number of users and their behavior; functional cookies that provide you with navigation by certain selected criteria as part of a service optimization (e.g. selected language, purchase of selected products).The legal basis for these cookies is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and/or the protection of our websites.

4.    Analytical Cookies or Performance Cookies

We may use cookies for analytical and statistical purposes which help us understand how visitors interact with our website, as we want to constantly improve the user-friendliness and performance of our websites. Due to this, we may use analysis technologies (including cookies) which measure and evaluate which functions and content of our websites are used, how and how often. On this basis we can improve our websites for you.

5.    Marketing Cookies and Advertisement Cookies

Marketing and advertisement cookies help us deliver relevant ads and track conversions. Therefore we may use web technologies (also cookies) from selected partners to be able to provide you with content and advertising specially tailored to you on websites and social media sites. This content is selected and displayed based on your usage behavior.

6.    Cookies and Technologies that we use via Third-Party Providers

We also may use third-party cookies or other technology provided to us by external providers in various areas. In the following, we inform you about the respective providers and how you can object to the cookie or the corresponding technology. In general, in the case of websites, you can make an appropriate setting in your browser, or you may opt to configurate the cookie settings within our consent management platform under “Settings”. 

7.     Description and specification of cookies and technologies that we may use

7.1.   Universum Cookies (First-Party Cookies)

7.1.1. Universum – Authentication Cookies

Our websites may use authentication cookies to store the user's authenticated session. These cookies may be used to provide functionality such as single sign-on experience, auto refreshing of authenticated sessions as well as to ensure that website pop-ups are displayed only once per session. The cookies are only set upon the use to the relevant application and/or site and may be specific to that application and/or site. They may contain personal information of you as the user such as the username, name, email, and other information. The cookies are necessary for the application to function as expected and may have a lifetime of up to 6 hours (if not specified otherwise) or until the user logs out. The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the protection of our websites.

7.2.  Third-Party Providers’ Cookies

7.2.1. AWS

Our websites may use load balancing cookies from Amazon Web Services, Inc. and its affiliates (“AWS”). There are two different cookies we may use; both will be indicated as “AWSALB cookies” as both of them are load balancer cookies designed for different browsers. One of the AWS cookies is the AWSALB cookie and the other AWS cookie is the AWSALBCORS cookie. Depending on your browser one or both may be used by us to determine the ideal routing path and to allocate server traffic to optimize the user experience and performance. The AWSALB cookies are encrypted and do not contain any personally identifiable information.

7.2.1.1.AWS - AWSALB or AWSALBCORS

Both of the AWSALB cookies are set by the load balancer on AWS. From a technical perspective a load balancer is an application that routes and manages the traffic to and from the application. We use load balancers provided as a service from AWS and it is on this level that one of the AWSALB cookies are set. The load balancer sits in between the browser and the actual server hence any request coming from the browser first arrives at the load balancer which redirects that request to an available server. 

The purpose of this cookie is to allocate server traffic to make the user experience smooth and fast. Our websites may have multiple instances of the application on different servers behind the load balancer. This means that requests coming from a browser can be served by many different servers. Both AWSALB cookies help the load balancer to identify the optimal final server to which requests coming from a specific browser should be routed to.

The AWSALB cookie is generated on the first request from the browser to the load balancer. It is then stored on the user's browser and sent with each subsequent request to the load balancer. 

We may use:

·       AWSALB which is necessary for load balancing, usually with a 7 day expiration.

·       AWSALBCORS which is necessary for CORS handling, usually with a 7 day expiration.

You can prevent the storage of cookies or beacons by making a corresponding setting in your browser software; however, note that if you do so you may not be able to use the full functionality of this website. You can view the precise storage duration of the cookies for yourself by accessing this information via your respective browser. The legal basis is a legitimate interest under Art. 6 (1) sentence 1 f GDPR, namely pursuance of our business purposes and the protection of our websites.

7.2.2.     Cloudflare

We may use cookies from Cloudflare, Inc. (“Cloudflare”) to improve the security, performance, and reliability of our website. Cloudflare provides content delivery network (CDN) services and protects our website from malicious traffic (e.g., DDoS attacks). In doing so, Cloudflare may place technical necessary/ essential cookies on your device, such as:

·       Cookie Name: __cf_bm, __cfduid (may vary based on Cloudflare's current implementation)

These cookies are strictly necessary for Cloudflare's security features and performance optimization. For example, the __cf_bm cookie helps manage incoming traffic and filter bots, while __cfduid (deprecated for end-users since 2021) was used to identify trusted web traffic. Cloudflare cookies typically expires after 30 minutes to a few hours, depending on the cookie.

Data we may collect:

·       Anonymized IP addresses

·       Device and browser information

·       Website access metadata


Cloudflare does not use these cookies to track users across websites.

Cloudflare’s cookies are set on the legal basis of having a legitimate interest under Article 6(1)(f) GDPR in protecting our website and ensuring its availability and security.

Cloudflare, Inc., is based in the United States, transfers to Cloudflare are protected by the use of Standard Contractual Clauses (SCCs) and other approved safeguards in accordance with Articles 44–49 of the GDPR. Cloudflare is certified under the EU-U.S. Data Privacy Framework, ensuring appropriate safeguards for personal data transfers.

7.2.3.     Cookiebot

We may use cookies from.

·       CookieConsent store the user’s cookie consent for the current domain and may be stored up to 1 year.

·       1gif tracks the number of sessions for Cookiebot functionality.

These cookies are set as technically necessary cookies and as such, the legal basis is legitimate interest under Art. 6 (1) (f) GDPR, namely pursuance of our business purposes and the protection of our websites.

7.2.4.     Google

We may use cookies or pixels in connection to the services provided by Google. More details in relation to the specific service or the platform can be seen below.

Therefore, we may use:

7.2.5.     Google Analytics

We may have integrated Google Analytics. Google Analytics is a web analytics service. Web analysis is the collection and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for what length of stay a subpage was viewed. A web analysis is mainly used for optimizing a website and for the cost-benefit analysis of internet advertising. The operator of the Google Analytics component is Google Ireland Ltd., Google Building Gordon House, 4 Barrow Street, D04 E5W5, Dublin, Ireland.

We may use:

·       _ga to distinguish users for usually 2 years.

·       _gid to distinguish users for usually 24 hours.

·       ga<container-id> is used to persist session state for usually 2 years.

·       gacgb_<container-id> contains campaign related information for usually 90 days. Universum may link our Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless we opted out.

We may use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the data subject's internet connection is truncated by Google and anonymized when access to our websites is made from a Member State of the European Union or from another State Party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. By setting the cookie, Google is able to analyze the use of our website. Every time one of the individual pages of this website is accessed by us and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google becomes aware of personal data, such as the IP address of the data subject, which, among other things, serve Google to track the origin of visitors and clicks and subsequently enable commission statements. The cookie is used to store personal information, such as access time, the location, and browser from which access was made and the frequency of visits to our website by the data subject. Every time you visit our websites, this personal data, including the IP address of the internet connection used by you, may be transferred by Google to the USA This personal data may be stored by Google in the USA. Google may pass on this personal data collected through the technical procedure to third parties.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from placing a cookie on your information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, you have the possibility to object to the collection of data generated by Google Analytics, related to the use of this website, as well as the processing of this data by Google and to prevent such data. To do this, you must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout?hl=en. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If your information technology system is later deleted, formatted or reinstalled, you must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by you, it is possible to reinstall or reactivate the browser add-on. Further information and Google's applicable privacy policy are available at  https://policies.google.com/privacy?hl=en. Google Analytics is explained in more detail under this link https://marketingplatform.google.com/intl/en/about/analytics/.  

7.2.6.     Google reCAPTCHA

In specific cases we may use the reCAPTCHA service https://www.google.com/recaptcha/intro/  by Google Ireland Ltd., Google Building Gordon House, 4 Barrow Street, D04 E5W5, Dublin, Ireland (“Google”) based on a legitimate interest (i.e. the interest to ensure the correctness of data, avoidance of automatic registrations / orders by so-called bots, and economical operation of our online offering within the meaning of Art. 6 (1) f) GDPR).This is permitted under Art 46 para 2 c GDPR as we agreed the standard contractual clauses with Google. We may use reCAPTCHA to distinguish whether an input is made by a human being or abusively made by automated, mechanical processing. The query in this context includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. Your input will be transmitted to Google and analyzed for this purpose. For more information about Google reCAPTCHA and Google’s Data Protection Policy, please visit the following links: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html.

7.2.7.     Google Remarketing

Our websites may use the remarketing or “similar audiences” function from Google Ireland Ltd., Google Building Gordon House, 4 Barrow Street, D04 E5W5, Dublin, Ireland (“Google”). This enables us to target the visitors to our websites with advertising by displaying personalized, interest-driven advertisements to the users of the website when they visit other websites in the Google Display network. Google uses cookies to perform the analysis of the website use, based on which the interest-driven advertisements are generated. No personal data of the website visitors is stored. If you then visit another website in the Google Display network, you will be shown advertisements that are highly likely to relate to product and information areas you have previously accessed.  You can learn more on how you can control your Google ads settings by clicking on the following link: https://support.google.com/My-Ad-Center-Help/answer/12155656?visit_id=638211180018569406-2962152707&rd=1. Alternatively, you can deactivate the use of cookies from third-party providers by accessing the deactivation page of the Network Advertising Initiative at https://optout.networkadvertising.org/?c=1 and the implementing the additional information about opting out as set out there. For further information on Google Remarketing and Google’s data protection policy, click: https://safety.google/privacy/ads-and-data/. The legal basis is your consent under Art. 6 (1) sentence 1 a GDPR.

7.2.8.     Google Conversion Tracking

We may use the marketing and remarketing services (for short: “Google Marketing Services”) of Google Ireland Ltd., Google Building Gordon House, 4 Barrow Street, D04 E5W5, Dublin, Ireland (“Google”). The Google Marketing Services enable us to display advertisements for our website and services in a more targeted manner so that you are only shown advertisements that you may be interested in. If you see e.g., advertisements for products that you were interested in on other websites, this is referred to as “remarketing”. For this purpose, when our websites and other websites are accessed on which Google Marketing Services are active, Google directly executes a Google code and what are termed (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. These are used to store an individual cookie, i.e., a small file on your device (comparable technologies may also be used instead of cookies). The cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites you search for, the content you are interested in, and which offers you have clicked. It also stores technical information on the browser and operating system, referring websites, time of visit, and other information on the use of the online offering. Similarly, your IP address is recorded, whereby in the context of Google Analytics we state that the IP address is shortened in within member states of the European Union or in other signatory states of the agreement on the European Economic Area. Only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address is not merged with your data within other Google offerings. Google may also combine the above information with information from other sources. If you subsequently visit other websites, tailored advertisements can be displayed depending on your interests. Your data is processed in a pseudonymized form as part of the Google Marketing Services. This means that Google stores and processes e.g., not your name or e-mail address, but instead processes the relevant data based on the cookie within pseudonymized user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, irrespective of who the holder of this cookie is. This does not apply if you have expressly permitted Google to process the data without this pseudonymization. The information about you collected by Google Marketing Services is transferred to Google and may be stored on Google’s servers in the USA. The Google Marketing Services deployed by us include the “Google AdWords” online advertising program. Google AdWords supplies every AdWords customer with a different “conversion cookie”. This means that cookies cannot be traced via the websites of AdWords customers. The information obtained using the cookie enables conversion statistics for AdWords customers to be produced who have opted for conversion tracking. The AdWords customers are notified of the total number of users who clicked their advertisement and were forwarded to a page containing a conversion tracking tag. However, they are not given any information that could be used to personally identify users. We may involve third parties based on the “DoubleClick” Google marketing services. DoubleClick uses cookies that enable Google and its partner websites to place advertisements based on users’ visits to our websites and other websites on the internet. Additionally, we may deploy the “Google Tag Manager” to integrate and manage Google analytics and marketing service within our website. For further information on data usage for marketing purposes by Google, refer to the overview page: https://policies.google.com/technologies/ads; Google’s privacy policy can be accessed at https://www.google.com/policies/privacy. If you would like to opt out of interest-driven advertising from Google Marketing Services, you can use the settings and opt-out options provided by Google: https://www.google.com/policies/privacy

7.2.9.     LearnWorlds

We may use cookie from LearnWorlds (CY) Ltd (“LearnWorlds”).

Therefore, we may use:

·       slim_session which preserves the user’s session state across all website visits and expires after 2 days.

·       anonymous_token which ensures secure user access and proper session management and is a persistent cookie.

These cookies are set as technically necessary cookies and as such, the legal basis is legitimate interest under Art. 6 (1) (f) GDPR, namely pursuance of our business purposes and the protection of our websites.

7.2.10.   LinkedIn

We may use tracking technologies from LinkedIn to measure the effectiveness of our advertising campaigns and to better understand visitor behavior. More details in relation to the specific service or the platform can be seen below:

7.2.11.    LinkedIn Conversion API (Server-Side Tracking)

We may use the LinkedIn Conversion API to track and measure the effectiveness of our advertising campaigns on LinkedIn. Unlike traditional cookies stored in your browser, the Conversion API operates on a server-to-server basis. This means certain data related to your interactions with our website is sent securely from our servers directly to LinkedIn’s servers.

This server-side tracking allows for more accurate conversion attribution, especially when browser-based cookies are limited or blocked. It helps us understand how users interact with our site after viewing or clicking on a LinkedIn ad.

What Data Is Collected:

Depending on your interactions with our website, the following types of information may be shared with LinkedIn via the Conversion API:

·       Hashed identifiers (e.g.,name*, email address*, in a pseudonymized format)

·       Event data (e.g., form submissions, purchases, or other conversion actions)

·       Timestamps and URLs of visited pages

·       Browser and device metadata (e.g., IP address, user agent)

·       Referral information (e.g., campaign source)

*not applicable to Universum’s Career Test

This data is used by LinkedIn for matching conversions, creating aggregated reports, and optimizing ad performance. LinkedIn does not share this data with other advertisers.

Data shared via the Conversion API is retained by LinkedIn in accordance with its privacy policies and is typically stored for no longer than 180 days.

We only activate the LinkedIn Conversion API after obtaining your explicit consent through our cookie banner. You can withdraw or manage your consent at any time via our

You can also opt out of LinkedIn's use of tracking technologies for advertising purposes directly through your LinkedIn account: LinkedIn Advertising Preferences (https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out)

For more details on how LinkedIn processes personal data, please refer to the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy

7.2.12.   LinkedIn Insight Tag -Browser-Side Tracking

LinkedIn Insight Tags are lightweight JavaScript tag that may be set as first-party cookies by domains like snap.licdn.com. The LinkedIn Insight Tag is a cookie code that we may have added to our websites to enable in-depth campaign reporting and to help us unlock valuable insights about our website visitors. We may use the LinkedIn Insight Tag to retarget website visitors and unlock additional insights about users interacting with our LinkedIn adverts.

The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is pseudonymized. The LinkedIn browser cookie is stored in a visitor’s browser until they delete the cookie, or the cookie expires (there’s a rolling six-month expiration from the last time the visitor’s browser loaded the Insight Tag).

You can opt-out of cookies from LinkedIn on your LinkedIn settings page and we recommend you read their Cookie Policy (https://www.linkedin.com/legal/cookie-policy) for more information.

Some cookies from LinkedIn may also be set as third-party cookies and may include:

Cookie Name

Domain

Purpose

Expiration

lang

linkedin.com

Used to remember your language setting to ensure LinkedIn.com displays in the language selected by you in your settings.

Session

bcookie

linkedin.com

Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform and diagnostic purposes

1 year

li_gc

linkedin.com

Used to store consent of guests regarding the use of cookies for non-essential purposes 

6 months

lidc

linkedin.com

To facilitate data center selection 

24 hours

AnalyticsSyncHistory

linkedin.com

Used to store information about the time a sync took place with the lms_analytics cookie

30 days

UserMatchHistory

linkedin.com

LinkedIn Ads ID syncing

Used for id sync process. It stores the last sync time to avoid repeating the syncing process in a frequent manner.

30 days

bscookie

.www.linkedin.com

Used for remembering that a logged in user is verified by two factor authentication

1 year

For more information on the kind of cookies LinkedIn provides please visit their Cookie Policy (https://www.linkedin.com/legal/cookie-policy) and their Cookie Table (https://www.linkedin.com/legal/l/cookie-table).

You can also manage your preferences via LinkedIn at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

7.2.13.   Matomo

We may use Matomo (formerly known as Piwik), an open-source web analysis service to analyze the traffic on our websites in order to help us improve your user experience. This data is only processed by us and our web hosting platform. Your IP address will be anonymized before it is stored.

1.      pktestcookie: A session cookie that tests if the browser supports cookies.

2.     pkid#: a cookie that collects statistics such as visit duration, pages viewed and user count, lasting 1 year.

3.     pkses#: A cookie that tracks page requests and user activity during the session, lasting 1 day.

Matomo cookies remain on your device until you delete them.

If you do not agree to the storage and use of your data, you can deactivate the storage and use by opposing to the processing. In this case, an opt-out cookie is stored in your browser, which prevents Matomo from storing usage data.

1.      mtm_consent_removed: A long-term cookie that documents the “do-not-track” setting for 30 years.

Although the default expiry of this cookie is 30 years, some browsers delete this cookie if the visitor has not visited your website in 7 days (Safari), 45 days (Firefox) or 400 days (Chrome) (as of the date of this policy, 24 October 2024). If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out will need to be reactivated when you visit any of our websites that may use Matomo’s cookies again.

You can find more information about the privacy settings of Matomo software by clicking on the following link: https://matomo.org/docs/privacy/.

7.2.14.   Meta

We may use tracking technologies in connection to the services provided by Meta Platforms, Inc (“Meta”). More details in relation to the specific service or the platform can be seen below:

7.2.15.   Meta Conversions API (CAPI) – Server-Side Tracking

In addition to using cookies and pixels (e.g., Meta Pixel – formerly known as Facebook Pixel), we may use Meta CAPI. This is a server-side tool provided by Meta Platforms Ireland Limited, which allows us to send website event data directly from our servers to Meta’s servers.

This helps us to improve the accuracy and reliability of event tracking (e.g., purchases, sign-ups, page visits, survey completions) and conversion tracking and enables more effective advertising on Metas platforms by enhance advertising campaign performance, and ensure better attribution.

How does Meta CAPI work compared to Meta Pixel?

Unlike the Meta Pixel, which collects data via your browser using cookies, CAPI collects event data directly from our web server. In many cases, this data corresponds to user actions (e.g., purchases, form submissions) and is sent in parallel with the Meta Pixel for more reliable tracking.

While CAPI itself is server-side, some of the data it processes originates from cookies and other client-side identifiers (such as browser ID or session ID), which may qualify as personal data under the GDPR.

Data Collected via CAPI may include:

·       Event type and timestamp

·       Page URL or referrer

·       Purchases or other conversion events

·       IP addresses and user-agent (e.g., browser and device information)

·       Browser ID and external ID (if consented via cookies)

·       Marketing campaign data (UTM parameters, Facebook click IDs)

·       User identifier (e.g., name, email addresses * - only if provided by the user and hashed before sending)

 

*not applicable to Universum’s Career Test

All personal data (such as name or email addresses) is hashed on our server before it is transmitted to Meta, in accordance with Meta’s best practices and GDPR requirements.

Meta uses this data for analytics and ad delivery, as outlined in their privacy policy: https://www.facebook.com/privacy/policy

This data helps us:

·       Measure the performance of our Meta ads

·       Optimize our ad delivery

·       Improve personalization for Meta users

The data collected via CAPI is shared with Meta Platforms Ireland Limited, which may transfer it to Meta Platforms, Inc. in the United States or other third countries.

Such transfers are protected by the use of Standard Contractual Clauses (SCCs) and other approved safeguards in accordance with Articles 44–49 of the GDPR.

Learn more about Meta’s data transfer mechanisms: https://www.facebook.com/help/566994660333381

Meta stores data according to its own internal retention policies. We do not retain personally identifiable CAPI data longer than necessary and store only anonymized or aggregated event logs where needed

7.2.16.   Meta Login/ (Social) Login via Facebook (formerly known as Facebook Connect)

With Meta’s Login (formerly known as Facebook Connect), you may can use your Facebook account to open a new account at Universum. If you create a Universum account via Facebook or log in to an existing Universum account via Facebook, we will gain access to your public profile and your e-mail address. We use this information to pre-populate or update your Universum account and then provide you with the Universum account. Since we use your Facebook data to create a Universum account, the legal basis is the contract for the Universum account pursuant to Art. 6 (1) (b) GDPR, as in described in this clause. We will store your personal data for the purposes and period of the existence of your Universum account.

When you choose to log in or register via Facebook / Meta (sometimes called “Login with Facebook” or “Facebook Connect”), you are allowing us to use your Facebook / Meta account credentials. This means we obtain certain information from your Facebook / Meta profile, which may include (depending on what you permit):

·       Your name

·       Email address

·       Profile picture

·       Public profile information (e.g. gender, age, locale)

·       Possibly friends list or other permissions if requested and granted

We only request the minimum permissions needed for the functionality offered.

We may use cookies or similar tracking technologies in conjunction with Facebook / Meta Login. These may include:

·       Session cookies to maintain your login state

·       Persistent cookies to remember preferences

·       Third‑party cookies to enable the login mechanism (e.g. from Facebook / Meta)

What personal data may be collected and processed

Data collected

Purpose

Legal basis

Facebook / Meta profile data (name, email, etc.)

To authenticate you, create or update your account, provide personalized services

Your explicit consent at the time of login / contract fulfilment (if part of user account)

Cookies / tracking data

To maintain login session; improve security; optionally for analytics / optimisation if consent given

Necessary for legitimate interest or performance of contract; any analytics / profiling beyond essential must be consented to

IP address, device identifiers, browser type

Security, fraud prevention, compatibility

Legitimate interest; possibly contractual necessity

For the Meta Login itself, we will clearly ask for your consent to obtain specified profile data. You can refuse or revoke this consent.

If Meta transfers any of your personal data to servers outside the European Economic Area (EEA), appropriate safeguards will be in place (standard contractual clauses or other GDPR‑compliant measures).

Data obtained via the Meta Login will be stored only as long as necessary for the purpose (e.g. as long as your account remains active or for legal compliance).

Cookies have their own expiry periods; session cookies expire when the session ends; persistent cookies have specific expiry dates which will be communicated in our cookie banner / settings.

7.2.17.   Meta Pixel (formerly known as Facebook Pixel) – Browser-Side Tracking

We use the Meta Pixel (formerly Facebook Pixel), a web analytics and advertising tool provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

The Meta Pixel helps us track user interactions on our website after users click on a Meta ad (e.g., on Facebook or Instagram). This allows us to measure the effectiveness of our ads, optimize ad delivery, and build targeted advertising audiences. The data collected by the Meta Pixel is anonymous to us, which means we cannot see the personal data of individual users. However, the collected data is stored and processed by Meta.

What data does the Meta Pixel collect?

The Meta Pixel may collect information such as:

·       Visited webpages

·       Referrer URL

·       Conversions (e.g., completing a survey)

·       Browser and device information

·       Operating system

·       IP address

·       Time zone

·       Actions taken on the website (e.g., purchases, sign-ups, form submissions)

·       Pseudonymous Meta ID (linked to your Facebook/Instagram account, if applicable

Meta may link this data to your Meta account and use it for its own advertising purposes in accordance with their Data Policy: https://www.facebook.com/policy.php. You can allow Meta and its partners to place ads on and off Meta. A cookie may also be stored on your device for these purposes.

How we may use Meta Pixel data:

We may use the Meta Pixel data to:

·       Measure the success of our Facebook and/or Instagram advertising campaigns

·       Build custom audiences for future ads

·       Optimize ads based on collected data

·       Deliver more relevant advertising on Facebook and Instagram

You can also opt out of Meta’s interest-based ads by changing your ad preferences in your Meta account: https://www.facebook.com/adpreferences/ad_settings

The data collected via the Meta Pixel may be transferred to and processed by Meta Platforms, Inc. in the United States and other third countries. These transfers are conducted under Meta’s Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure appropriate safeguards for data transfers outside the EU/EEA.

You can read more about Meta’s data transfer mechanisms here: https://www.facebook.com/help/566994660333381

The use of Meta Conversions API is based on your explicit consent under Article 6(1)(a) of the GDPR. We may only process personal data through CAPI when you have actively opted in via our cookie consent banner.

You can withdraw your consent at any time by accessing the cookie settings on our website.

Where the data is processed based on a legitimate interest (e.g., for security or fraud prevention purposes), we ensure this does not override your fundamental rights and freedoms (Article 6(1)(f)).

7.2.18.   Meta Tags & other Meta Cookies

We may use additional cookies provided by Meta, such as a Meta Tag which is a cookie code that we may have added to our websites to enable in-depth campaign reporting and to help us unlock valuable insights about our website visitors. We may use the Meta Tag to retarget website visitors and unlock additional insights about users interacting with our Meta adverts.

The Meta Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views.

The following cookies may be set as first-party cookies by domains like such as:

·       lastExternalReferrer which tracks the URL of the last page visited before landing on our website and is a persistent cookie. This cookie helps us identify referral sources and improve marketing attribution.

·       lastExternalReferrerTime which records the timestamp of when a user was referred from an external website to ours and is a persistent cookie. This cookie is used to better understand user journey timing and assist in marketing attribution.

·       topicsLastReferenceTime which collects data about user activity across websites to build user profiles and deliver more relevant advertising. This cookie may be used to support interest-based advertising and audience segmentation.

The following cookies may be set as third-party cookie by Meta Platfroms Ireland Ltd.:

·       _fbp  which is used by Meta to deliver a range of advertising services, including real-time bidding from third-party advertisers. This cookie identifies users for the purpose of targeted advertising across Meta’s platforms (e.g., Facebook, Instagram) and partner websites. Unless not specified differently, the cookie is stored by default for a duration of 90 days.

For more information please see: https://www.facebook.com/privacy/policy

7.2.19.   Mixpanel

We may use cookies from Mixpanel, Inc. (“Mixpanel”) an analysis service to analyze the traffic on our websites in order to help us improve your user experience.

Therefore, we may use:

mp_*_mixpanel: This localStorage item identifies user's device and stores preferences like language settings or market region. It allows us to track user interactions, such as clicks and page views, while also monitoring site performance and identifying issues. The * is a unique, randomly generated string. The information is typically retained for up to 1 year.

 __mpq_*_ev and __mpq_*_pp: These localStorage items are created by Mixpanel to temporarily store activity events before they are sent to the Mixpanel server. Once the data is successfully transmitted, these items are cleared, though an empty storage record may persist.

The legal basis is your consent under Art. 6 (1) (a)a GDPR.

Processing location:

·       European Union.

For more information, please have a look at Mixpanel’s privacy policy by clicking on the following link: https://mixpanel.com/legal/privacy-policy/.

7.2.20.  Salesforce Marketing Cloud Account Engagement (formerly Pardot)

We may use Salesforce’s marketing automation tool “Account Engagement” from Salesforce.com, Inc. with its address of principal executive offices at Salesforce Tower, 415 Mission Street, 3rd Fl, San Francisco, California 94105 and/or its affiliates (“Salesforce”). A list of Salesforce affiliates can be found in the List of Affiliates section of Salesforce's latest 10-K Form, available on the SEC Filings tab by using the Annual Filings filter on the page https://investor.salesforce.com/financials/default.aspx. Salesforce might process personal data outside the European Economic Area by having entered into Binding Corporate Rules in accordance with Art. 46 para. 2 b GDPR and Art. 47 GDPR, for more information please see: https://compliance.salesforce.com/en/salesforce-bcrs.

Account Engagement tracks website visitor and prospect activities on our website and landing pages by setting cookies on your browser. Cookies are set to remember preferences (like form field values) when you return to our site. We also set a cookie for logged-in users to maintain the session and remember table filters.

Account Engagement sets first-party cookies for tracking purposes and sets third-party cookies for redundancy. Using first-party and third-party cookies together is standard in the marketing automation industry. Salesforce doesn’t store personally identifying information, only a unique identifier. First-party cookies are set on Account Engagement domains and tracker subdomains. Universum may not opt to have a tracker subdomain configured, in those cases Salesforce use third-party cookies on https pages.

Here is an overview of the cookies that Universum might use:

·       visitor_id<accountid>, the visitor cookie includes a unique visitor ID and the unique identifier for Universum’s account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in Universum’s Pardot account. This cookie is set for visitors by the Account Engagement tracking code.

·       pi_opt_in<accountid>, if Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a true or false value when you opt in or out of tracking. If you opt in, the value is set to true, and you are cookied and tracked. If you opt out or ignore the opt-in banner, the opt-in cookie value is set to false. Your cookie is disabled, and you are not tracked.

·       visitor_id<accountid>-hash, your hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor and access corresponding prospect information.  

·       lpv<accountid>, this LPV cookie is set to keep Salesforce from tracking multiple page views on a single asset over a 30-minute session. For example, if you reload a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.

·       Pardot, a session cookie named pardot is set in your browser while you’re logged in as a user or when a visitor accesses a form, landing page, or page with Account Engagement tracking code. The cookie denotes an active session and isn’t used for tracking.

7.2.21.   Spotify

We may use services from Spotify AB (“Spotify”). Spotify sets cookies to implement audio content from Spotify on our website and also may register information on user interaction related to the audio content.

Therefore, we may use:

·       sp_landing which is set by Spotify to implement audio content on the website and expires after 1 day.

·       sp_t which is set by Spotify to implement audio content on the website and expires after 365 days.

7.2.22.  Stripe

We may use cookies from Stripe Payments Europe, Ltd. a company registered in Ireland with its registered address at C/O A & L Goodbody, Ifsc, North Wall Quay Dublin D01 H104, Ireland (“Stripe”). Stripe provides a payment processing platform through its Stripe Connect Account to facilitate the payment process when you purchase Universum’s products and/or services online via our websites. Stripe’s cookies are classified as technically necessary cookies as they are necessary for contractual fulfillment according to Art. 6 para. 1 c GDPR. You can learn more about Stripe and read Stripe’s privacy policy at https://stripe.com/privacy. Therefore, the following cookies may be used:

·       __stripe_mid: Set for fraud prevention purposes and helps Stripe assess the risk associated with an attempted transaction and has a duration of 1 year.

·       __stripe_sid: Set for fraud prevention purposes and helps Stripe assess the risk associated with an attempted transaction and has a duration of 30 minutes.

·       m: For fraud detection. Helps Stripe assess the risk associated with an attempted transaction on the website and has a duration of 2 years.

·       Id: Set for fraud prevention purposes and helps Stripe assess the risk associated with an attempted transaction and has a duration for the Session.

·       _ab: Set for fraud prevention purposes and helps Stripe assess the risk associated with an attempted transaction and has a duration for the Session.

·       _mf: Set for fraud prevention purposes and helps Stripe assess the risk associated with an attempted transaction and has a duration for the Session.

·       1: Tests whether sessionStorage is available in the browser or if fallback mechanisms are needed for basic functions and has a duration for the Session.

7.2.23.  Tidio

We may use services from Tidio LLC ("Tidio"), a customer communication platform that provides live chat and chatbot automation on our website. Tidio enables real-time engagement with visitors, assisting them with inquiries and guiding them toward relevant content. Therefore, the following cookie may be used:

·       tidio_state: A cookie that maintains the state of the chat widget, preserving conversation history across pages and ensuring proper chat functionality. Expires at the end of the session.

For more information, please have a look at Tidio’s Privacy Policy.

7.2.24.  Vimeo

We may use services from Vimeo.com, Inc. ("Vimeo"). Vimeo’s embeddable video player uses cookies essential for secure video playback. Therefore, the following cookies may be used:

·       player_clearance: A Vimeo cookie used for bot prevention, expires after 7 days.

·       cf_clearance: A Cloudflare cookie used for bot prevention, expires after 1 year.

·       cf_bm: Cloudflare bot manager, manages incoming traffic that matches criteria associated with bots, expires after 30 minutes.

·       cfuvid: Cloudflare cookie used to enforce rate-limiting rules, expires after the session.

For more information, please have a look at Vimeo’s Privacy Policy: https://vimeo.com/privacy (https://vimeo.com/cookie_policy).

7.2.25.  Wix

We may use services from Wix.com Ltd (“Wix”). The cookies set by Wix are done so in order to provide a greater experience for visitors and customers, to identify registered members, to monitor and analyze the performance, operation and effectiveness of Wix’s platform and to ensure the platform is secure and safe to use.

Therefore, we may use:

·       svSession which is required for login functionality on the Wix platform in question and expires after 6 months.

·       Fedops.logger.sessionID which synchronizes the website and CMS to enable updates and expires after 12 months.

·       ssr-caching which ensures optimized response times through caching and expires after 24 hours.

·       hs which is used to prevent cross-site request forgery for visitor security and is a session cookie meaning it has a duration for the session.

·       XSRF-TOKEN is used to prevent cross-site request forgery for enhanced browsing security and is a session cookie meaning it has a duration for the session.

7.2.26.  YouTube

In order to provide an attractive design on our websites, we use YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google.

On some of our websites we use plugins from YouTube. If you access our websites with such a plug-in – for example a media library – a connection to the YouTube servers will be established and the plugin will be displayed. It will then be communicated to the YouTube server which of our websites you have visited. If you are logged in as a member of YouTube, YouTube can assign this information to your personal user account. When using the plugin, e.g., by clicking on the start button of a video, YouTube can also assign this information to your user account. You can prevent this by logging out of your YouTube user account and other user accounts of the YouTube and Google before using our websites and deleting the corresponding cookies from the companies.

Depending on where you are located, YouTube might process your personal data outside the European Economic Area by complying with an adequate legal framework.

The following Google entity may process your personal data:

·      Google Ireland Limited is mainly responsible for users of Google services based in the European Economic Area or Switzerland, located at Gordon House, Barrow Street, Dublin 4, Ireland.

·      Google LLC is mainly responsible for users of Google services based in the United Kingdom, located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

For more information on how YouTube processes personal data please see: https://www.youtube.com/intl/ALL_uk/howyoutubeworks/our-commitments/protecting-user-data/.

8.    Contact information

You are welcome to contact us about our use of Cookies at contact@universumglobal.com.

Universum logo
Follow us:

Talent Insights and Employer Branding Expertise
© 2025 Universum Communications Sweden AB, company registration no. 5565875993, 103 86 Stockholm. All Rights Reserved.