# 1. What this page covers
A "cookie" is a small text file that a website stores in your browser. The
EU ePrivacy Directive (2002/58/EC, as amended) and Article 11.7a of the Dutch
Telecommunications Act (Telecommunicatiewet) require us to tell you which cookies we
set, what they do, and to ask for your consent for any cookie that is not
strictly necessary to deliver the service you asked for.
On this website we set a strictly-necessary cookie and one optional preference
cookie, neither of which require consent. Below is the full list and what each
cookie does.
# 2. The cookie we set
| Name |
Purpose |
Type |
Duration |
Lawful basis |
_xs |
Server-side correlation of page-views inside a single visitor session, used purely for service measurement and abuse detection. The cookie value is an opaque, randomly generated identifier (ULID) that is not linked to your name, email or any third-party identity. It is hashed with a server-side salt before any aggregate event is forwarded to our analytics processor; the raw cookie value never leaves our servers. |
First-party, strictly necessary |
13 months (rolling) |
Article 11.7a(3) Telecommunicatiewet (technically necessary); Article 6(1)(f) GDPR (legitimate interest) |
xs_locale |
Remembers the locale you picked using the language switcher so we serve the same language on your next visit. Currently only English is published, but the cookie still exists for forward compatibility. Contains an ISO language code (e.g. en); no personal data. |
First-party, preference |
12 months |
Article 11.7a(3) Telecommunicatiewet (necessary to deliver the service explicitly requested by the visitor) |
Both cookies are set with SameSite=Lax, HttpOnly=false, Secure when the connection is HTTPS, scoped to the entire site (Path=/).
# 3. What we do not use
For full transparency, the following are not present on this website:
- No client-side Google Analytics, no
gtag.js, no Google Tag Manager, no Plausible, no Matomo, no Hotjar, no FullStory and no other behavioural-analytics or session-recording SDK loaded in your browser.
- No Meta Pixel, LinkedIn Insight tag, X (Twitter) tag or any other advertising remarketing tag.
- No third-party fonts that would phone home (we self-host where needed).
- No A/B-testing or personalisation cookies.
- No advertising IDs of any kind (we send
non_personalized_ads = true on every server-side analytics event).
For aggregate audience measurement we use Google Analytics 4 in server-side
Measurement Protocol mode: our server forwards a small set of pseudonymised
events (page-views and form-submission conversions) over a server-to-server HTTPS
request, with no script ever loaded in your browser. Full details are in the
privacy notice, § 2.
If we ever decide to add a non-strictly-necessary cookie or load a third-party tag in
your browser in future, we will publish an updated notice and present a proper consent
banner before that cookie is set, in line with the ePrivacy Directive.
# 4. How to clear or block cookies
You can clear or block cookies set by this site at any time using your browser's
built-in settings:
- Chrome / Edge / Brave: Settings → Privacy and security → Cookies and other site data → See all site data and permissions → search for globalxess.com.
- Safari (macOS): Settings → Privacy → Manage Website Data → search for globalxess.com.
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → search for globalxess.com.
Blocking the _xs cookie does not break the website. The pages still
load normally; we simply lose the ability to correlate the requests on our side.
# 5. Changes to this notice
We may update this notice if our cookie set changes. The "Last updated"
date in the sidebar always reflects the date of the current version. For the related
topic of how personal data is processed more broadly, see the
privacy notice.
