Cookie Policy

Last Updated: 23 June, 2026

COOKIE POLICY

Governing the Use of Cookies, Pixels, Tags, and Tracking Technologies across the Bidvers Website, Mobile Application, and All Associated Services

Document

Cookie Policy

Version

1.0

Effective Date

As displayed on the Platform at time of first visit

Last Updated

June 2026

Data Controller (Oman)

Sireen Investment Global Co.

Data Controller (Europe)

Bee Group Technology Srl (Romania)

Platforms Covered

www.bidvers.com, Bidvers mobile app (iOS / Android), all subdomains and APIs

Privacy Contact

privacy@bidvers.com

Related Documents

Privacy Policy (www.bidvers.com/privacy-policy) | Terms of Use (www.bidvers.com/terms-of-use)

THIS COOKIE POLICY EXPLAINS WHAT COOKIES AND SIMILAR TRACKING TECHNOLOGIES ARE USED ON THE PLATFORM, WHY THEY ARE USED, AND HOW YOU CAN CONTROL THEM. BY CONTINUING TO USE THE PLATFORM AFTER PROVIDING YOUR CONSENT THROUGH THE COOKIE BANNER, YOU AGREE TO THE PLACEMENT OF COOKIES AS DESCRIBED IN THIS POLICY.

TABLE OF CONTENTS

1. Introduction

2. What Are Cookies and Similar Technologies

3. Legal Framework

4. How We Obtain Your Consent

5. Categories of Cookies

6. Strictly Necessary Cookies

7. Functional Cookies

8. Analytics and Performance Cookies

9. Advertising, Marketing, and Retargeting Cookies

10. Third-Party Tracking Technologies and Pixels

11. Mobile Application Tracking

12. Detailed Cookie Register

13. Managing and Controlling Cookies

14. Impact of Disabling Cookies

15. Do Not Track and Global Privacy Control

16. Data Collected Through Cookies

17. International Data Transfers Via Cookies

18. Data Retention for Cookie Data

19. Children and Cookies

20. Changes to This Cookie Policy

21. Contact Information

Schedule A: Complete Cookie and Tracking Technology Register

Schedule B: Third-Party Advertising Partner Opt-Out Links

1. INTRODUCTION

1.1 This Cookie Policy (the "Policy") explains what cookies, pixels, tags, web beacons, software development kits (SDKs), and similar tracking technologies are used on the Bidvers website at www.bidvers.com, the Bidvers mobile application (iOS and Android), and all associated subdomains, APIs, and digital services (collectively, the "Platform").

1.2 This Policy describes the types of cookies we use, the purposes for which they are used, the third parties that set cookies on the Platform, and the choices you have to manage and control cookies.

1.3 This Policy should be read together with our Privacy Policy (available at www.bidvers.com/privacy-policy) and our Terms of Use and Service Agreement (available at www.bidvers.com/terms-of-use), which are incorporated herein by reference.

1.4 Bidvers operates advertising campaigns across multiple digital advertising platforms, including Google Ads, Meta (Facebook and Instagram) Ads, and TikTok Ads. Bidvers also uses Google Analytics and Microsoft Clarity for analytics and user behaviour tracking. This Policy provides full transparency regarding the cookies and tracking technologies deployed by each of these services on the Platform.

1.5 The data controller responsible for cookie-related data processing is determined by your geographic location in accordance with Section 2 of the Privacy Policy: Sireen Investment Global Co. for users in the Sultanate of Oman, and Bee Group Technology Srl for users in Europe and all other jurisdictions.

2. WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES

2.1 Cookies

2.1.1 A cookie is a small text file that is placed on your device (computer, smartphone, tablet) by a web server when you visit a website. Cookies enable the website to recognise your device, remember information about your visit (such as your preferences, login status, and browsing history), and provide functionality.

2.1.2 Cookies can be classified as follows:

  1. First-party cookies: set by the Bidvers website (www.bidvers.com) directly;
  2. Third-party cookies: set by external services integrated into the Platform, such as Google Analytics, Microsoft Clarity, Meta Pixel, TikTok Pixel, and Google Ads;
  3. Session cookies: temporary cookies that are deleted when you close your browser;
  4. Persistent cookies: cookies that remain on your device for a specified duration or until manually deleted.

2.2 Pixels (Web Beacons / Tracking Pixels)

2.2.1 A pixel (also known as a web beacon, clear GIF, or tracking pixel) is a tiny, invisible image or code snippet embedded in a web page or email. When the page or email is loaded, the pixel sends information to the server that placed it, such as your IP address, browser type, the page URL, and the time of the request.

2.2.2 The following pixels are deployed on the Platform:

  1. Meta Pixel (formerly Facebook Pixel): used by Meta Platforms, Inc. to track conversions from Facebook and Instagram advertisements, build targeted audiences, and enable retargeting;
  2. TikTok Pixel: used by TikTok (ByteDance Ltd.) to track conversions from TikTok advertisements, measure ad performance, and enable retargeting;
  3. Google Ads Conversion Tracking Tag: used by Google LLC to track conversions from Google Ads campaigns and optimise ad delivery.

2.3 JavaScript Tags and SDKs

2.3.1 JavaScript tags are code snippets embedded in the Platform's pages that execute when a page loads, collecting data about user interactions.

2.3.2 The following JavaScript-based tracking tools are deployed:

  1. Google Analytics (gtag.js / GA4): collects usage data including page views, session duration, bounce rate, user flow, events, and conversions;
  2. Microsoft Clarity: records session replays (visual recordings of user interactions), heatmaps (aggregated click and scroll patterns), and behavioural metrics. Microsoft Clarity masks sensitive input fields by default to prevent the recording of personal data entered in forms.

2.4 Local Storage and Session Storage

2.4.1 In addition to cookies, the Platform may use browser local storage and session storage to store non-sensitive preference data on your device. These technologies function similarly to cookies but can store larger amounts of data and are not automatically transmitted with every HTTP request.

2.5 Device Fingerprinting

2.5.1 Certain third-party services integrated into the Platform, including Stripe (for fraud detection), may use device fingerprinting techniques that combine technical attributes of your device (browser version, operating system, screen resolution, installed fonts, timezone) to create a probabilistic identifier. This identifier is used exclusively for fraud prevention and security purposes.

3. LEGAL FRAMEWORK

3.1 European Users (EEA)

3.1.1 For users located in the European Economic Area, the placement of cookies and similar technologies on your device is governed by:

  1. The ePrivacy Directive (Directive 2002/58/EC) as amended by Directive 2009/136/EC, and as implemented in the national law of each EU member state;
  2. The General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, which governs the processing of personal data collected through cookies;
  3. Applicable national cookie legislation, including (for users in Romania) the Romanian implementation of the ePrivacy Directive.

3.1.2 Under the ePrivacy Directive, the placement of non-essential cookies requires the user's prior, informed, and freely given consent. Strictly necessary cookies that are essential for the provision of a service explicitly requested by the user are exempt from the consent requirement.

3.2 Omani Users

3.2.1 For users located in the Sultanate of Oman, the collection of data through cookies and tracking technologies is governed by the Personal Data Protection Law (Royal Decree No. 6/2022) and its implementing regulations, to the extent that such technologies process personal data.

3.3.1 The following GDPR legal bases apply to our use of cookies:

Cookie Category

Legal Basis

Justification

Strictly Necessary

Legitimate Interest, Art. 6(1)(f); ePrivacy Art. 5(3) exemption

Essential for Platform operation; no consent required

Functional

Consent, Art. 6(1)(a)

Not strictly necessary; enhances user experience; requires opt-in consent

Analytics / Performance

Consent, Art. 6(1)(a)

Measures usage for product improvement; requires opt-in consent

Advertising / Marketing / Retargeting

Consent, Art. 6(1)(a)

Serves targeted ads and measures campaign performance; requires opt-in consent

Stripe (Payment / Fraud)

Performance of Contract, Art. 6(1)(b); Legitimate Interest, Art. 6(1)(f)

Essential for payment processing and fraud detection; no consent required

4. HOW WE OBTAIN YOUR CONSENT

4.1.1 When you first visit the Platform, a cookie consent banner is displayed prominently on your screen. The banner provides clear, concise information about the categories of cookies used and offers you the following choices:

  1. Accept All: enables all categories of cookies, including functional, analytics, and advertising cookies;
  2. Reject All (or Accept Only Necessary): enables only strictly necessary cookies. All non-essential cookies are blocked;
  3. Customise / Manage Preferences: opens a detailed settings panel where you can enable or disable each category of cookies individually.

4.1.2 Non-essential cookies are not placed on your device until you have made an affirmative choice. Scrolling, navigating, or interacting with the Platform does not constitute consent.

4.2.1 Our consent mechanism provides granular control at the category level. You can accept one category (for example, analytics) while rejecting another (for example, advertising). Each category is described with a clear explanation of its purpose and the third parties involved.

4.3.1 When you make a cookie consent choice, we store a record of your consent (including the date, time, categories accepted, categories rejected, and the version of the consent text) in a strictly necessary first-party cookie (_bid_consent) on your device and in our server-side consent management logs. This record is retained for the purposes of demonstrating compliance with Article 7(1) of the GDPR (accountability for consent).

4.4.1 You may change or withdraw your cookie consent at any time by:

  1. Clicking the "Cookie Settings" or "Manage Cookies" link in the footer of every page of the Platform;
  2. Adjusting cookie preferences in the dedicated Cookie Preferences Centre accessible from your account settings;
  3. Deleting cookies through your browser settings (see Section 13).

4.4.2 Withdrawal of consent takes effect prospectively. Cookies already placed prior to withdrawal may remain on your device until they expire or are manually deleted through your browser settings. Data already collected through cookies prior to withdrawal was lawfully processed and will be retained in accordance with our data retention schedule.

4.5.1 We will re-present the cookie consent banner to you in the following circumstances:

  1. When this Cookie Policy is materially updated;
  2. When new cookie categories or new third-party tracking providers are added;
  3. Periodically, at intervals not exceeding twelve (12) months, to ensure your consent remains current and informed;
  4. If you clear your browser cookies (which removes the consent record stored in _bid_consent).

5. CATEGORIES OF COOKIES

5.1 The Platform uses five categories of cookies and tracking technologies. Each category is described in detail in Sections 6 through 10 below, with the complete technical register in Schedule A.

Category

Consent Required?

Can Be Disabled?

Strictly Necessary

No (exempt under ePrivacy Art. 5(3))

No (Platform will not function without them)

Functional

Yes

Yes (may degrade user experience)

Analytics / Performance

Yes

Yes (no impact on core functionality)

Advertising / Marketing / Retargeting

Yes

Yes (no impact on core functionality)

Payment / Fraud Prevention (Stripe)

No (essential for payment processing)

No (bidding and payment will not function)

6. STRICTLY NECESSARY COOKIES

6.1 These cookies are essential for the Platform to function and cannot be disabled. They enable core functionality such as user authentication, session management, security protections, and load balancing. Without these cookies, features you have requested (such as logging in, placing bids, or managing your account) cannot be provided.

6.2 Strictly necessary cookies do not require your consent under Article 5(3) of the ePrivacy Directive because they are indispensable for the provision of a service explicitly requested by you.

6.3 The following strictly necessary cookies are set on the Platform:

Cookie Name

Provider

Purpose

Type

Duration

Category

_bid_session

Bidvers (1st party)

Maintains your authenticated session after login

Session

Browser close

Strictly Necessary

_bid_csrf

Bidvers (1st party)

Cross-site request forgery protection token

Session

Browser close

Strictly Necessary

_bid_consent

Bidvers (1st party)

Stores your cookie consent preferences and consent record

Persistent

12 months

Strictly Necessary

_bid_cc

Bidvers (1st party)

Stores your detected country code for jurisdictional routing

Persistent

12 months

Strictly Necessary

_bid_lb

Bidvers (1st party)

Load balancer affinity cookie for server routing

Session

Browser close

Strictly Necessary

__stripe_mid

Stripe (3rd party)

Fraud prevention: persistent device identifier for payment security

Persistent

12 months

Strictly Necessary

__stripe_sid

Stripe (3rd party)

Fraud prevention: session-level device token for payment security

Session

30 minutes

Strictly Necessary

7. FUNCTIONAL COOKIES

7.1 Functional cookies enable enhanced functionality and personalisation features that are not strictly necessary for the Platform to operate. They remember choices you make (such as your language, region, or display preferences) and provide improved, personalised features.

7.2 If you disable functional cookies, the Platform will still function but you may experience a less personalised experience (for example, you may need to re-select your language each time you visit).

7.3 Functional cookies require your consent.

Cookie Name

Provider

Purpose

Type

Duration

Category

_bid_lang

Bidvers (1st party)

Remembers your selected language preference

Persistent

12 months

Functional

_bid_region

Bidvers (1st party)

Remembers your selected region and currency display preference

Persistent

12 months

Functional

_bid_recent

Bidvers (1st party)

Stores IDs of recently viewed Auctions for quick access

Persistent

30 days

Functional

_bid_watchlist

Bidvers (1st party)

Stores IDs of Auctions added to your watchlist before login

Persistent

7 days

Functional

_bid_theme

Bidvers (1st party)

Remembers your display theme preference (light/dark mode)

Persistent

12 months

Functional

8. ANALYTICS AND PERFORMANCE COOKIES

8.1 Analytics cookies collect information about how you use the Platform, including which pages you visit, how long you spend on each page, which features you interact with, error messages you encounter, and your navigation patterns. This data helps us understand Platform usage, identify problems, and improve the user experience.

8.2 Analytics cookies require your consent. If you do not consent, analytics cookies will not be placed and no analytics data will be collected from your sessions.

8.3 Google Analytics (GA4)

8.3.1 We use Google Analytics 4 (GA4), provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to measure and analyse Platform usage.

8.3.2 Google Analytics uses first-party cookies set under the bidvers.com domain (prefixed with _ga) to distinguish unique visitors and maintain session state. Google Analytics also collects technical data including IP address, browser type, operating system, screen resolution, and referring URL.

8.3.3 IP Anonymisation: We have enabled IP anonymisation in our Google Analytics implementation, which truncates your IP address before it is stored by Google, ensuring that the full IP address is never retained.

8.3.4 Data Sharing: Google Analytics data may be shared with other Google services (such as Google Ads) for the purpose of linking analytics data with advertising data to measure campaign effectiveness. This cross-service data sharing only occurs if you have consented to both Analytics and Advertising cookies.

8.3.5 Google's data processing terms and privacy commitments for Google Analytics are available at: https://policies.google.com/privacy and https://support.google.com/analytics/answer/6004245.

Cookie Name

Provider

Purpose

Type

Duration

Category

_ga

Google (3rd party)

Distinguishes unique visitors by assigning a randomly generated client ID

Persistent

24 months

Analytics

_ga_<ID>

Google (3rd party)

Maintains session state for GA4 property

Persistent

24 months

Analytics

_gid

Google (3rd party)

Distinguishes users for 24-hour analytics aggregation

Persistent

24 hours

Analytics

_gat_<ID>

Google (3rd party)

Throttles request rate to Google Analytics servers

Persistent

1 minute

Analytics

_gac_<ID>

Google (3rd party)

Stores campaign attribution data from Google Ads

Persistent

90 days

Analytics

8.4 Microsoft Clarity

8.4.1 We use Microsoft Clarity, provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA), to understand how users interact with the Platform through session recordings and heatmaps.

8.4.2 Session Recordings: Microsoft Clarity records user sessions as visual replays, capturing mouse movements, clicks, scrolls, and page transitions. Clarity automatically masks text entered in input fields, password fields, and form fields to prevent the capture of personal data. We have additionally configured Clarity to mask all sensitive data entry areas on the Platform.

8.4.3 Heatmaps: Clarity generates aggregated heatmaps showing where users click, scroll, and hover on each page. Heatmaps are based on aggregated, anonymised data and do not identify individual users.

8.4.4 No Personal Data in Recordings: Clarity is configured to redact and mask any personal data that may appear on screen during session recordings. Bidvers does not use Clarity to collect or record personal data, payment information, or login credentials.

8.4.5 Microsoft Clarity may share data with Microsoft Advertising (formerly Bing Ads) for product improvement purposes. Microsoft's privacy commitments for Clarity are available at: https://clarity.microsoft.com/terms and https://privacy.microsoft.com/en-us/privacystatement.

Cookie Name

Provider

Purpose

Type

Duration

Category

_clck

Microsoft (3rd party)

Persists the Clarity user ID and session preferences

Persistent

12 months

Analytics

_clsk

Microsoft (3rd party)

Connects multiple page views by a user into a single Clarity session

Persistent

1 day

Analytics

CLID

Microsoft (3rd party)

Identifies the first-time Clarity saw this user on any Clarity-enabled site

Persistent

12 months

Analytics

ANONCHK

Microsoft (3rd party)

Indicates whether MUID (Microsoft user identifier) is transferred to ANID (advertising ID)

Session

Browser close

Analytics

MR

Microsoft (3rd party)

Indicates whether to refresh MUID

Persistent

7 days

Analytics

SM

Microsoft (3rd party)

Used in synchronising the MUID across Microsoft domains

Session

Browser close

Analytics

9. ADVERTISING, MARKETING, AND RETARGETING COOKIES

9.1 Advertising cookies are used to deliver advertisements that are relevant to your interests, to measure the effectiveness of advertising campaigns, to limit the number of times you see an advertisement, and to enable retargeting (showing you Bidvers advertisements on third-party websites and apps after you have visited the Platform).

9.2 Advertising cookies require your explicit consent. If you do not consent, no advertising cookies will be placed, no pixels will fire, and no retargeting audiences will include your data.

9.3 Bidvers operates advertising campaigns on the following platforms, each of which deploys its own cookies, pixels, and tracking technologies on the Platform:

9.4 Google Ads

9.4.1 Google Ads is provided by Google LLC. When you click on a Bidvers advertisement displayed on Google Search, Google Display Network, YouTube, or other Google properties, Google sets cookies on your device to track the conversion (whether you completed a desired action, such as registering an account or placing a bid).

9.4.2 Google Ads uses the Google Ads Conversion Tracking tag and may link conversion data with your Google Analytics data (if both Analytics and Advertising cookies are consented to) to provide cross-channel campaign measurement.

9.4.3 Google Ads may also build retargeting audiences based on your visit to the Platform, enabling Bidvers to show you advertisements on Google properties after you leave the Platform.

9.4.4 Google's advertising privacy policy is available at: https://policies.google.com/technologies/ads.

Cookie Name

Provider

Purpose

Type

Duration

Category

_gcl_au

Google (3rd party)

Stores conversion attribution data for Google Ads campaigns

Persistent

90 days

Advertising

_gcl_aw

Google (3rd party)

Stores click information from Google Ads for conversion tracking

Persistent

90 days

Advertising

_gcl_dc

Google (3rd party)

Stores DoubleClick (Display & Video 360) click attribution

Persistent

90 days

Advertising

IDE

Google (3rd party, doubleclick.net)

Used by DoubleClick to register and report ad interactions for retargeting

Persistent

13 months (EEA) / 24 months (other)

Advertising

NID

Google (3rd party)

Stores preferences and advertising personalisation for signed-out users

Persistent

6 months

Advertising

1P_JAR

Google (3rd party)

Gathers website statistics and tracks conversion rates for Google Ads

Persistent

30 days

Advertising

CONSENT

Google (3rd party)

Stores cookie consent state for Google services

Persistent

24 months

Advertising

9.5 Meta Pixel (Facebook and Instagram Ads)

9.5.1 The Meta Pixel is provided by Meta Platforms, Inc. (1 Hacker Way, Menlo Park, CA 94025, USA). Bidvers deploys the Meta Pixel on the Platform to track conversions from advertisements displayed on Facebook and Instagram, to build Custom Audiences for ad targeting, and to enable retargeting of Platform visitors across the Meta network.

9.5.2 The Meta Pixel fires when you visit the Platform and sends event data to Meta, including: the page URL, referring URL, your browser and device information, Meta cookie identifiers, and information about the actions you take on the Platform (such as viewing an Auction, placing a bid, or completing a purchase). This data is hashed and matched against Meta user profiles to measure ad effectiveness.

9.5.3 Advanced Matching: Bidvers may enable Meta's Advanced Matching feature, which hashes personal data fields (such as email address or phone number) before transmission to Meta for improved attribution accuracy. All data transmitted through Advanced Matching is SHA-256 hashed before leaving your browser.

9.5.4 Meta Conversions API (CAPI): In addition to the browser-based Meta Pixel, Bidvers may implement the Meta Conversions API, which sends server-side event data directly from Bidvers's servers to Meta. CAPI provides more reliable conversion tracking and is not affected by browser cookie restrictions.

9.5.5 Meta's data processing terms and privacy commitments are available at: https://www.facebook.com/privacy/policy/ and https://www.facebook.com/legal/terms/dataprocessing.

Cookie Name

Provider

Purpose

Type

Duration

Category

_fbp

Meta (3rd party)

Stores a unique browser ID for ad delivery and retargeting across Facebook and Instagram

Persistent

90 days

Advertising

_fbc

Meta (3rd party)

Stores click attribution data from Facebook ad clicks

Persistent

90 days

Advertising

fr

Meta (3rd party, facebook.com)

Delivers advertising and tracks ad impressions and clicks

Persistent

90 days

Advertising

tr

Meta (3rd party)

Meta Pixel tracking cookie for event deduplication

Session

Browser close

Advertising

datr

Meta (3rd party, facebook.com)

Identifies the browser for security and site integrity purposes

Persistent

24 months

Advertising

sb

Meta (3rd party, facebook.com)

Browser identification for security purposes

Persistent

24 months

Advertising

9.6 TikTok Pixel

9.6.1 The TikTok Pixel is provided by TikTok (ByteDance Ltd., and its Irish subsidiary TikTok Technology Limited for EEA users). Bidvers deploys the TikTok Pixel on the Platform to track conversions from advertisements displayed on TikTok, to build audiences for ad targeting, and to enable retargeting of Platform visitors on TikTok.

9.6.2 The TikTok Pixel fires when you visit the Platform and sends event data to TikTok, including: the page URL, referring URL, browser and device information, TikTok cookie identifiers, and information about the actions you take on the Platform (such as page views, registrations, and purchases).

9.6.3 TikTok Events API: In addition to the browser-based Pixel, Bidvers may implement the TikTok Events API for server-side conversion tracking, providing more reliable attribution data.

9.6.4 TikTok's data processing terms and privacy commitments are available at: https://www.tiktok.com/legal/page/global/privacy-policy and https://ads.tiktok.com/i18n/official/policy/business-products-terms.

Cookie Name

Provider

Purpose

Type

Duration

Category

_ttp

TikTok (3rd party)

Assigns a unique visitor ID for TikTok ad attribution and retargeting

Persistent

13 months

Advertising

_ttclid

TikTok (3rd party)

Stores the click ID from a TikTok ad click for conversion attribution

Persistent

90 days

Advertising

tt_sessionId

TikTok (3rd party)

Tracks session information for TikTok Pixel event reporting

Session

Browser close

Advertising

tt_pixel_session_index

TikTok (3rd party)

Counts the number of sessions for TikTok Pixel reporting

Session

Browser close

Advertising

ttwid

TikTok (3rd party, tiktok.com)

Used by TikTok to identify the visitor across sessions for ad targeting

Persistent

13 months

Advertising

10. THIRD-PARTY TRACKING TECHNOLOGIES AND PIXELS

10.1 Data Controllership

10.1.1 When third-party cookies and pixels are placed on your device by Google, Meta, TikTok, or Microsoft, these companies act as independent data controllers (or, in some cases, joint controllers with Bidvers) for the personal data they collect. Their own privacy policies govern their use of your data.

10.1.2 Bidvers has entered into data processing agreements or joint controller arrangements with each of these providers, as required by the GDPR. For Meta, this includes the Meta Controller Addendum. For Google, this includes the Google Ads Data Processing Terms.

10.2 Cross-Device Tracking

10.2.1 Third-party advertising partners may use deterministic or probabilistic methods to link your activity on the Platform with your activity on other websites, applications, and devices. This enables cross-device retargeting (showing you Bidvers ads on your phone after you visited the Platform on your laptop, or vice versa).

10.2.2 Cross-device tracking is only enabled if you have consented to advertising cookies. You can prevent cross-device tracking by disabling advertising cookies.

10.3 Server-Side APIs

10.3.1 In addition to browser-based pixels, Bidvers may use server-side APIs (including Meta Conversions API, TikTok Events API, and Google Ads Enhanced Conversions) to send conversion event data directly from Bidvers's servers to the advertising platforms. Server-side events may include hashed personal data (email, phone number) for attribution matching.

10.3.2 Server-side event data is transmitted only if you have consented to advertising cookies and tracking. Your consent choice on the Platform is respected for both browser-based and server-side data transmission.

11. MOBILE APPLICATION TRACKING

11.1 Mobile Identifiers

11.1.1 The Bidvers mobile application may collect mobile advertising identifiers, specifically the Apple Identifier for Advertisers (IDFA) on iOS and the Google Advertising ID (GAID) on Android. These identifiers are used for the same purposes as advertising cookies: conversion tracking, audience building, and retargeting.

11.1.2 On iOS 14.5 and later, the collection of IDFA requires your explicit opt-in consent through Apple's App Tracking Transparency (ATT) framework. If you do not consent, the IDFA is not collected and no identifier-based tracking is performed.

11.1.3 On Android, you can reset or opt out of personalised advertising using your device's advertising settings.

11.2 SDKs in the Mobile Application

11.2.1 The Bidvers mobile application integrates the following third-party SDKs:

  1. Google Analytics for Firebase (GA4): analytics and event tracking;
  2. Meta SDK (Facebook SDK): conversion tracking, app event logging, and audience building;
  3. TikTok SDK: conversion tracking and app event logging;
  4. Microsoft Clarity SDK: session recording and heatmap analytics;
  5. Stripe SDK: payment processing and fraud detection.

11.2.2 Each SDK operates under the same consent requirements described in this Policy. Non-essential SDKs are activated only after you have provided consent through the in-app consent mechanism.

11.3 Push Notification Tokens

11.3.1 If you enable push notifications, the mobile application collects your device push notification token for the purpose of sending auction alerts, bid updates, and transactional notifications. Push notification tokens are not used for advertising or retargeting and do not require cookie consent (they are governed by your operating system notification settings).

12. DETAILED COOKIE REGISTER

12.1 The complete, detailed register of all cookies and tracking technologies deployed on the Platform is set out in Schedule A to this Policy.

12.2 The register includes: cookie name, provider, purpose, type (session or persistent), duration, category, and whether consent is required.

12.3 The register is reviewed and updated at least quarterly, or whenever a new tracking technology is added to the Platform. The most current version is always available at www.bidvers.com/cookie-policy.

13. MANAGING AND CONTROLLING COOKIES

13.1.1 The primary method for managing cookies on the Platform is through our Cookie Preferences Centre, accessible via the "Cookie Settings" link in the footer of every page. The Preferences Centre allows you to enable or disable each non-essential cookie category at any time.

13.2 Browser Settings

13.2.1 You can also control cookies through your browser settings. Most modern browsers allow you to:

  1. View all cookies stored by the browser;
  2. Delete individual cookies or all cookies;
  3. Block all cookies or only third-party cookies;
  4. Set preferences for specific websites.

13.2.2 Instructions for managing cookies in common browsers:

  1. Google Chrome: chrome://settings/cookies
  2. Mozilla Firefox: about:preferences#privacy
  3. Apple Safari: Preferences > Privacy
  4. Microsoft Edge: edge://settings/content/cookies

13.3 Mobile Device Settings

13.3.1 On mobile devices, you can manage tracking through your device settings:

  1. iOS: Settings > Privacy & Security > Tracking (controls App Tracking Transparency);
  2. Android: Settings > Privacy > Ads (controls Google Advertising ID and personalised ads).

13.4 Advertising Platform Opt-Outs

13.4.1 You can opt out of personalised advertising from each of our advertising partners through the mechanisms listed in Schedule B.

13.5 Industry Opt-Out Tools

13.5.1 You can opt out of interest-based advertising from multiple participating companies through the following industry tools:

  1. European Interactive Digital Advertising Alliance (EDAA): www.youronlinechoices.eu
  2. Digital Advertising Alliance (DAA): www.aboutads.info/choices
  3. Network Advertising Initiative (NAI): www.networkadvertising.org/choices

14. IMPACT OF DISABLING COOKIES

14.1 The following table summarises the impact of disabling each cookie category:

Category Disabled

Impact on Platform Experience

Impact on Bidvers Operations

Strictly Necessary

Cannot be disabled. Platform will not function.

N/A

Functional

Language, region, and display preferences not remembered. Recently viewed Auctions not stored.

No operational impact.

Analytics / Performance

No impact on functionality. Platform works identically.

Bidvers loses insight into usage patterns and cannot diagnose issues as quickly.

Advertising / Marketing

No impact on functionality. You will still see advertisements, but they will be generic rather than personalised.

Bidvers cannot measure ad campaign effectiveness or build retargeting audiences.

Stripe (Fraud Prevention)

Cannot be disabled. Payment and bidding will not function.

N/A

15. DO NOT TRACK AND GLOBAL PRIVACY CONTROL

15.1 Do Not Track (DNT)

15.1.1 The Platform does not currently respond to "Do Not Track" (DNT) browser signals, as there is no universally accepted standard for DNT compliance and the W3C DNT specification was retired in 2019. Your cookie consent choice on the Platform takes precedence.

15.2 Global Privacy Control (GPC)

15.2.1 The Platform will honour the Global Privacy Control (GPC) signal (sec-gpc: 1) where required by applicable law. When a GPC signal is detected from a browser in a jurisdiction that legally recognises GPC as a valid opt-out mechanism, Bidvers will treat the signal as an opt-out of the sale or sharing of personal data for targeted advertising purposes, equivalent to rejecting advertising cookies.

15.2.2 GPC does not affect strictly necessary cookies, functional cookies (if previously consented to), or analytics cookies (if previously consented to).

16. DATA COLLECTED THROUGH COOKIES

16.1 The following categories of data may be collected through cookies and similar tracking technologies deployed on the Platform:

  1. IP address (truncated/anonymised for Google Analytics);
  2. Browser type, version, and language;
  3. Operating system and device type;
  4. Screen resolution and viewport dimensions;
  5. Referring URL and exit page;
  6. Pages visited, features used, and actions taken on the Platform;
  7. Date, time, and duration of visits;
  8. Unique cookie identifiers and randomly generated client IDs;
  9. Mobile advertising identifiers (IDFA/GAID), where consented to;
  10. Click IDs from advertising campaigns (gclid, fbclid, ttclid);
  11. Hashed personal data (email, phone) transmitted via server-side APIs with consent;
  12. Mouse movements, clicks, and scroll depth (Microsoft Clarity session recordings, with sensitive fields masked).

16.2 Cookie-collected data is processed in accordance with our Privacy Policy. The legal bases, retention periods, data subject rights, and international transfer safeguards described in the Privacy Policy apply equally to data collected through cookies.

17. INTERNATIONAL DATA TRANSFERS VIA COOKIES

17.1 Data collected through third-party cookies and pixels may be transferred to and processed in countries outside the European Economic Area, including the United States (Google, Meta, Microsoft) and Singapore/China (TikTok/ByteDance, with EEA data hosted in the EEA/UK under TikTok's Project Clover).

17.2 For transfers from the EEA, the following safeguards are in place:

  1. Google: EU-U.S. Data Privacy Framework certification; Standard Contractual Clauses;
  2. Meta: Standard Contractual Clauses as per Meta's Data Processing Terms;
  3. Microsoft: EU-U.S. Data Privacy Framework certification; Standard Contractual Clauses;
  4. TikTok: Standard Contractual Clauses; EEA user data stored in European data centres under Project Clover with independent security oversight.

17.3 For details on international data transfer safeguards, see Section 10 of the Privacy Policy.

18. DATA RETENTION FOR COOKIE DATA

18.1 Data collected through cookies is retained for the duration specified in the cookie's expiration (as set out in the cookie register in Schedule A), after which the cookie expires and the data is no longer associated with your device.

18.2 Server-side data derived from cookies (such as analytics reports, conversion logs, and audience segments) is retained as follows:

  1. Google Analytics data: 14 months from the date of collection (configurable; Bidvers has set the retention period to 14 months);
  2. Microsoft Clarity data: 30 days for session recordings; aggregated heatmap data retained for 12 months;
  3. Google Ads conversion data: retained by Google for the duration of the Bidvers advertising account or until deleted;
  4. Meta Ads conversion data: retained by Meta for up to 2 years, subject to Meta's data retention policies;
  5. TikTok Ads conversion data: retained by TikTok for up to 2 years, subject to TikTok's data retention policies;
  6. Bidvers consent records (_bid_consent cookie data): retained for 3 years from the date of consent for GDPR accountability purposes.

19. CHILDREN AND COOKIES

19.1 The Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly set non-essential cookies for, or collect cookie-based data from, children under 18.

19.2 If we become aware that cookie data has been collected from a child under 18, we will delete the data and instruct all third-party recipients to do the same.

20. CHANGES TO THIS COOKIE POLICY

20.1 Bidvers reserves the right to update this Cookie Policy at any time.

20.2 For material changes (such as the addition of new tracking technologies, new advertising partners, or changes to consent mechanisms), Bidvers will:

  1. Post the updated Policy on the Platform with a prominent notice at least thirty (30) calendar days before the effective date;
  2. Re-present the cookie consent banner to all users so that consent can be renewed;
  3. Update the "Last Updated" date at the top of this Policy.

20.3 For non-material changes (typographical corrections, formatting, or clarifications), the Policy may be updated without prior notice.

20.4 Prior versions of this Policy are archived and available upon request by contacting privacy@bidvers.com.

21. CONTACT INFORMATION

21.1 For any questions, concerns, or requests regarding this Cookie Policy, please contact:

Oman (Sireen Investment Global Co.)

Europe (Bee Group Technology Srl)

Cookie / Privacy Enquiries

privacy@bidvers.com

privacy@bidvers.com

Data Protection Officer

dpo@bidvers.com

dpo@bidvers.com

General Support

support@bidvers.com

support@bidvers.com

SCHEDULE A: COMPLETE COOKIE AND TRACKING TECHNOLOGY REGISTER

This register provides a comprehensive list of all cookies, pixels, tags, and SDKs deployed on the Bidvers Platform as of the effective date. It is reviewed quarterly.

A.1 Strictly Necessary Cookies

Cookie Name

Provider

Purpose

Type

Duration

Category

_bid_session

Bidvers

Authenticated session management

Session

Browser close

Strictly Necessary

_bid_csrf

Bidvers

CSRF protection token

Session

Browser close

Strictly Necessary

_bid_consent

Bidvers

Cookie consent record (categories, timestamp, version)

Persistent

12 months

Strictly Necessary

_bid_cc

Bidvers

Country code for jurisdictional routing

Persistent

12 months

Strictly Necessary

_bid_lb

Bidvers

Load balancer server affinity

Session

Browser close

Strictly Necessary

__stripe_mid

Stripe

Persistent device ID for fraud prevention

Persistent

12 months

Strictly Necessary

__stripe_sid

Stripe

Session device token for fraud prevention

Session

30 minutes

Strictly Necessary

A.2 Functional Cookies

Cookie Name

Provider

Purpose

Type

Duration

Category

_bid_lang

Bidvers

Language preference

Persistent

12 months

Functional

_bid_region

Bidvers

Region and currency display

Persistent

12 months

Functional

_bid_recent

Bidvers

Recently viewed Auction IDs

Persistent

30 days

Functional

_bid_watchlist

Bidvers

Pre-login watchlist Auction IDs

Persistent

7 days

Functional

_bid_theme

Bidvers

Display theme preference

Persistent

12 months

Functional

A.3 Analytics and Performance Cookies

Cookie Name

Provider

Purpose

Type

Duration

Category

_ga

Google Analytics

Unique visitor identification (client ID)

Persistent

24 months

Analytics

_ga_<ID>

Google Analytics

GA4 property session state

Persistent

24 months

Analytics

_gid

Google Analytics

24-hour user distinction

Persistent

24 hours

Analytics

_gat_<ID>

Google Analytics

Request rate throttling

Persistent

1 minute

Analytics

_gac_<ID>

Google Analytics

Campaign attribution from Google Ads

Persistent

90 days

Analytics

_clck

Microsoft Clarity

Clarity user ID persistence

Persistent

12 months

Analytics

_clsk

Microsoft Clarity

Session page view linking

Persistent

1 day

Analytics

CLID

Microsoft Clarity

First-seen user identification

Persistent

12 months

Analytics

ANONCHK

Microsoft Clarity

MUID to ANID transfer indicator

Session

Browser close

Analytics

MR

Microsoft Clarity

MUID refresh indicator

Persistent

7 days

Analytics

SM

Microsoft Clarity

MUID cross-domain sync

Session

Browser close

Analytics

A.4 Advertising, Marketing, and Retargeting Cookies

Cookie Name

Provider

Purpose

Type

Duration

Category

_gcl_au

Google Ads

Conversion attribution

Persistent

90 days

Advertising

_gcl_aw

Google Ads

Click information for conversion tracking

Persistent

90 days

Advertising

_gcl_dc

Google Ads

DoubleClick click attribution

Persistent

90 days

Advertising

IDE

Google (DoubleClick)

Retargeting ad interaction tracking

Persistent

13/24 months

Advertising

NID

Google

Preferences and ad personalisation (signed-out)

Persistent

6 months

Advertising

1P_JAR

Google

Website statistics and ad conversion rates

Persistent

30 days

Advertising

CONSENT

Google

Google services consent state

Persistent

24 months

Advertising

_fbp

Meta (Facebook)

Browser ID for Facebook/Instagram ad delivery and retargeting

Persistent

90 days

Advertising

_fbc

Meta (Facebook)

Facebook ad click attribution

Persistent

90 days

Advertising

fr

Meta (facebook.com)

Ad delivery, impression, and click tracking

Persistent

90 days

Advertising

tr

Meta (Facebook)

Pixel event deduplication

Session

Browser close

Advertising

datr

Meta (facebook.com)

Browser identification for security

Persistent

24 months

Advertising

sb

Meta (facebook.com)

Browser identification for security

Persistent

24 months

Advertising

_ttp

TikTok

Visitor ID for ad attribution and retargeting

Persistent

13 months

Advertising

_ttclid

TikTok

TikTok ad click ID for conversion attribution

Persistent

90 days

Advertising

tt_sessionId

TikTok

Session tracking for Pixel event reporting

Session

Browser close

Advertising

tt_pixel_session_index

TikTok

Session count for Pixel reporting

Session

Browser close

Advertising

ttwid

TikTok (tiktok.com)

Cross-session visitor identification for ad targeting

Persistent

13 months

Advertising

SCHEDULE B: THIRD-PARTY ADVERTISING PARTNER OPT-OUT LINKS

You can opt out of personalised advertising and data collection from each of our advertising and analytics partners using the links below:

Partner

Opt-Out / Privacy Settings

Privacy Policy

Google (Ads, Analytics, DoubleClick)

https://adssettings.google.com and https://tools.google.com/dlpage/gaoptout

https://policies.google.com/privacy

Meta (Facebook, Instagram)

https://www.facebook.com/adpreferences and https://www.facebook.com/settings?tab=ads

https://www.facebook.com/privacy/policy/

TikTok

https://www.tiktok.com/privacy/ads-and-your-data (in-app: Settings > Privacy > Personalised Ads)

https://www.tiktok.com/legal/page/global/privacy-policy

Microsoft (Clarity, Advertising)

https://account.microsoft.com/privacy and https://about.ads.microsoft.com/en-us/resources/policies/opt-out-of-the-microsoft-advertising-network

https://privacy.microsoft.com/en-us/privacystatement

Stripe

Not applicable (essential for payment; cannot opt out)

https://stripe.com/privacy

EDAA (Industry)

https://www.youronlinechoices.eu

N/A

DAA (Industry)

https://www.aboutads.info/choices

N/A

NAI (Industry)

https://www.networkadvertising.org/choices

N/A

BY CONTINUING TO USE BIDVERS.COM OR THE BIDVERS MOBILE APPLICATION AFTER PROVIDING YOUR CONSENT THROUGH THE COOKIE BANNER, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS COOKIE POLICY.

END OF COOKIE POLICY

www.bidvers.com