naftalan.health | Cookies Policy
COOKIES POLICY
Platform naftalan.health
Last updated: 06.06.2025 | Version: 1.0
Alexandr Umanet | naftalan.health
1. Introduction
This Cookies Policy (the "Policy") describes how naftalan.health, operated by Alexandr Umanet (the "Operator"), uses cookies and similar local storage technologies on your device.
This Policy applies in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), as well as applicable data protection legislation in Israel (Protection of Privacy Law, 5741-1981 and its regulations) and Turkey (Law on Protection of Personal Data No. 6698, KVKK). It applies to all visitors from the European Union/EEA, Israel, and Turkey.
When you first visit naftalan.health, you will see a consent banner fixed at the bottom of the screen. Strictly necessary cookies are activated automatically. All other categories are blocked by default and activated only upon your explicit consent.
2. What Are Cookies?
Cookies are small text files stored on your device (computer, phone, tablet) when you visit a website. They allow the platform to remember information about your previous visit, analyse traffic, and personalise content.
2.1. Types of Cookies by Source
-
First-party cookies — placed directly by naftalan.health on your device;
-
Third-party cookies — placed by external partners (Google Analytics, Meta/Facebook Pixel, Stripe, PayPal). Data may be transferred to servers in other countries, including the United States.
2.2. Types of Cookies by Duration
-
Session cookies — deleted automatically when you close your browser;
-
Persistent cookies — stored until their expiry date. For example, Google Analytics (_ga) — 2 years.
3. Categories of Cookies Used
naftalan.health uses the following categories of cookies:
3.1. Strictly Necessary (Essential) Cookies
Always active; cannot be disabled. No consent required. Legal basis: legitimate interest of the Operator (GDPR Art. 6(1)(f)); performance of a contract (GDPR Art. 6(1)(b)).
| Cookie Name | Provider | Duration | Purpose |
|---|---|---|---|
| cookie_consent | naftalan.health | 1 year | Stores the visitor's cookie consent choice and timestamp. |
| __stripe_mid | Stripe | 1 year | Fraud prevention and secure payment processing. Set only on payment pages. |
| __stripe_sid | Stripe | 30 minutes | Session identifier for Stripe payment security. |
Note: Stripe cookies are set only when you proceed to payment. They are required for the secure processing of your transaction and cannot be disabled.
3.2. Analytics / Statistical Cookies
Disabled by default. Activated only upon your explicit consent. Legal basis: consent of the data subject (GDPR Art. 6(1)(a); KVKK Art. 5(1); Israeli Privacy Protection Regulations).
Analytics cookies help understand how visitors interact with the platform. naftalan.health uses Google Analytics 4 with the following privacy settings: (1) Google Consent Mode v2 — GA cookies are not set until your consent is given; (2) IP address anonymisation (anonymize_ip: true); (3) data is processed by Google LLC and may be transferred to servers in the United States.
| Cookie Name | Provider | Duration | Purpose |
|---|---|---|---|
| _ga | Google Analytics 4 | 2 years | Unique visitor ID (randomly generated). Used to count visits, sessions, and campaign data. |
| _ga_* | Google Analytics 4 | 2 years | Stores session state for the specific GA4 property of naftalan.health. |
| _gat / _gat_gtag_* | Google (gtag.js) | 1 minute | Limits the frequency of requests to Google servers. Appears only under high traffic. |
Note: naftalan.health uses GA4 exclusively. The legacy _gid cookie (Universal Analytics, retired July 2023) is not set.
3.3. Marketing / Advertising Cookies
Disabled by default. Activated only upon your explicit consent. Legal basis: consent of the data subject (GDPR Art. 6(1)(a); KVKK Art. 5(1); Israeli Privacy Protection Regulations).
Marketing cookies are used to measure the effectiveness of advertising campaigns and to show relevant ads on other platforms (retargeting). naftalan.health uses the Meta/Facebook Pixel.
| Cookie Name | Provider | Duration | Purpose |
|---|---|---|---|
| _fbp | Meta (Facebook) Pixel | 3 months | Used by Meta to deliver, measure, and improve the relevance of Facebook/Instagram ads. |
| _fbc | Meta (Facebook) Pixel | 3 months | Stores the Facebook ad click ID. Set when you arrive via a Facebook advertising link. |
These cookies may transfer data to servers in the United States under the policies of Meta Platforms Inc. See: www.facebook.com/privacy/policy.
3.4. Payment Processing Cookies
Set when you initiate a payment. Legal basis: performance of a contract (GDPR Art. 6(1)(b)). No consent required.
naftalan.health uses Stripe and PayPal for payment processing. These providers may set additional cookies during checkout to ensure transaction security and fraud prevention.
| Cookie Name | Provider | Duration | Purpose |
|---|---|---|---|
| __stripe_mid | Stripe Payments Europe Ltd | 1 year | Device fingerprinting for fraud prevention. |
| __stripe_sid | Stripe Payments Europe Ltd | 30 minutes | Secure session management during payment flow. |
| enforce_policy, cookie_check | PayPal (Europe) S.à r.l. | Session / persistent | Cookie support detection and compliance enforcement for PayPal checkout. |
Stripe Privacy Policy: stripe.com/privacy | PayPal Privacy Policy: paypal.com/webapps/mpp/ua/privacy-full
4. Consent to the Use of Cookies
When you first visit naftalan.health, you will see a banner fixed at the bottom of the screen with the following options:
-
"Accept all" — activates all categories (necessary + analytics + marketing);
-
"Necessary only" / "×" — analytics and marketing cookies remain disabled.
Your choice is stored locally on your device and includes a timestamp. The banner will not reappear on the same device unless you clear your browser data.
naftalan.health uses Google Consent Mode v2: Google Analytics and advertising cookies are technically blocked until consent is given. Upon acceptance, the command gtag('consent', 'update', ...) is triggered.
You may change your preferences at any time via the "Cookie Settings" link in the website footer.
4.1. Proof of Consent
Consent is recorded locally on your device (cookie_consent key), including a timestamp. Clearing browser cache or changing device will result in the loss of stored consent — the banner will reappear. No server-side consent record is maintained.
5. Legal Basis for Processing
| Category | Legal Basis | Applicable Law |
|---|---|---|
| Necessary | Legitimate interest / performance of contract | GDPR Art. 6(1)(b)(f); KVKK Art. 5(2); Israeli PPL |
| Analytics | Consent of the data subject | GDPR Art. 6(1)(a); KVKK Art. 5(1); Israeli PPL Regulations |
| Marketing | Consent of the data subject | GDPR Art. 6(1)(a); KVKK Art. 5(1); Israeli PPL Regulations |
| Payment | Performance of a contract | GDPR Art. 6(1)(b); KVKK Art. 5(2)(c) |
6. Managing and Deleting Cookies
6.1. Via the Platform Banner
You may change your preferences at any time by opening the "Cookie Settings" section in the footer of naftalan.health.
6.2. Via Browser Settings
You can also manage or disable cookies in your browser's security/privacy settings:
-
Google Chrome: chrome://settings/cookies
-
Mozilla Firefox: about:preferences#privacy
-
Microsoft Edge: edge://settings/privacy
-
Safari (iOS/macOS): Settings — Safari — Privacy
-
Opera: opera://settings/cookies
To disable Google Analytics across all websites, install the Google Analytics Opt-out Browser Add-on: tools.google.com/dlpage/gaoptout
Please note: disabling all cookies may affect the correct functioning of naftalan.health, including the ability to complete bookings and payments.
6.3. Third-Party Opt-Outs
-
Google Analytics: tools.google.com/dlpage/gaoptout
-
Facebook/Meta Ads: www.facebook.com/adpreferences/ad_settings
-
Stripe: stripe.com/privacy
-
PayPal: paypal.com/webapps/mpp/ua/privacy-full
7. International Data Transfers
When analytics and marketing cookies are enabled (with your consent), your data may be transferred to and processed on servers outside the EU/EEA, Israel, or Turkey, including in the United States:
-
Google LLC (Google Analytics 4) — transfers under EU Standard Contractual Clauses (SCCs). See: policies.google.com/privacy
-
Meta Platforms Inc. (Facebook Pixel) — transfers under EU SCCs. See: www.facebook.com/privacy/policy
-
Stripe Payments Europe Ltd — EU-based entity; US transfers under SCCs. See: stripe.com/privacy
-
PayPal (Europe) S.à r.l. et Cie, S.C.A. — EU-based entity; US transfers under SCCs. See: paypal.com/webapps/mpp/ua/privacy-full
Israel: The EU has granted Israel an adequacy decision (Commission Decision 2011/61/EU), meaning data transfers to Israel are treated as equivalent to intra-EU transfers.
Turkey: Turkey does not currently hold an EU adequacy decision. Transfers involving Turkish users are conducted on the basis of Standard Contractual Clauses or the data subject's explicit consent.
8. Updates to This Cookies Policy
The Operator may update this Policy as necessary in connection with technical changes to the platform, legislative changes, or operational changes. The updated version will be published at naftalan.health/cookies-policy with the date indicated.
For material changes (addition of new categories or providers), the consent banner will be shown again, requesting fresh consent.
9. Contact
For any questions regarding the use of cookies on naftalan.health, please contact:
| Operator | Alexandr Umanet |
| info@naftalan.health | |
| Platform | naftalan.health |
| Cookie Settings | naftalan.health — website footer |
| Supervisory Authority (EU) | Your national data protection authority — edpb.europa.eu/about-edpb/board/members_en |
| Supervisory Authority (IL) | Privacy Protection Authority — gov.il/en/departments/the_privacy_protection_authority |
| Supervisory Authority (TR) | Personal Data Protection Authority (KVKK) — kvkk.gov.tr |
This Cookies Policy is effective from 06.06.2025 — Version 1.0
© 2025 Alexandr Umanet. All rights reserved.
© 2025 Alexandr Umanet | naftalan.health | Page