Skip to content
Meridian Consulting Group

Legal

Cookie Policy

How we use cookies and similar technologies on meridiangroup.it.com.

Last updated: 20 April 2026Contact: legal@meridiangroup.it.com

1. About this policy

This Cookie Policy explains how MERIDIAN CONSULTING GROUP LTD uses cookies and similar technologies on this website. It should be read alongside our Privacy Policy, which explains how we handle personal data more broadly.

2. What are cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, to improve user experience and to provide information to site owners. Similar technologies (such as local storage and pixel tags) can serve the same purposes; references to “cookies” in this policy cover these technologies too.

3. Legal basis

Our use of cookies is governed by the Privacy and Electronic Communications Regulations 2003 (PECR), as amended, and the UK GDPR. The Data (Use and Access) Act 2025 introduced limited exemptions for strictly necessary, security, authentication and basic analytics cookies. Where the law requires consent, we collect it through the cookie banner displayed on your first visit. You can withdraw consent at any time.

4. Cookies we use

4.1 Strictly necessary (no consent required)

These are essential for the website to function and cannot be switched off. They are typically set in response to actions you take, such as signing in, filling in forms, or setting privacy preferences.

  • sb-<project>-auth-token (Supabase) - manages your authenticated session. Session cookie, HTTP-only.
  • sb-<project>-auth-token-code-verifier (Supabase) - secures the OAuth/PKCE sign-in flow. Session cookie.
  • meridian-consent (Meridian) - records your cookie preferences so the banner does not reappear. 12 months.
  • cf_clearance (Cloudflare) - verifies the browser has passed a security check. Up to 30 days.
  • cf_bm (Cloudflare) - bot-management cookie that distinguishes humans from automated traffic. Up to 30 minutes.
  • __cf_bm / _cfuvid / __cfruid (Cloudflare) - rate limiting and DDoS protection. Session to 30 minutes.

4.2 Security (no consent required)

Cloudflare Turnstile is used to protect our authentication and contact forms from automated abuse. It may set short-lived tokens on your device solely for that purpose and does not track you across sites.

4.3 Functional (consent-based)

We currently do not set functional cookies beyond those listed as strictly necessary. If this changes, we will update this policy and the cookie banner to reflect the new cookies and request your consent.

4.4 Analytics (consent-based)

These cookies and tracking technologies are loaded only after you click “Accept all”in the cookie banner. If you choose “Only necessary”, none of them are set or executed.

  • _ga, _ga_* (Google Analytics 4) - measures pages visited, traffic source and aggregated session data. IP addresses are anonymised. Up to 2 years.
  • _clck, _clsk, MUID, ANONCHK, SM (Microsoft Clarity) - heatmaps and session replay (no keystroke capture, no form-field content) to understand how the site is used. Up to 1 year.

We also use Vercel Web Analytics and Vercel Speed Insights. Both are cookieless and rely on anonymised aggregate data only; no personal identifiers are stored on your device.

4.5 Marketing (consent-based)

We do not run advertising or marketing cookies. We do not share data with ad networks.

5. Third parties that may set cookies

  • Cloudflare, Inc. - DNS, CDN, DDoS protection and Turnstile bot-protection (strictly necessary).
  • Supabase Inc. - authentication and session management (strictly necessary).
  • Google LLC / Google Ireland Limited - Google Sign-In if you choose to use it (Google may set its own cookies on its sign-in pages), and Google Analytics 4 if you accept analytics cookies.
  • Microsoft Corporation - Microsoft Clarity heatmaps and session replay, only if you accept analytics cookies.
  • Vercel Inc. - hosting, Web Analytics and Speed Insights. Both analytics products are cookieless.
  • Resend, Inc. - delivers transactional emails (account, contact-form replies). Does not set browser cookies on our domain.
  • secserv.me (payment processor)- handles paid engagement checkout when you click “Buy”. Cookies set on secserv.me’s own domain are governed by their privacy policy.

We do not control cookies set by third parties on their own domains. Please review their policies for more information.

6. Managing your preferences

You have three ways to manage cookies:

  • Our cookie banner.Shown on your first visit. Use “Only necessary” to decline optional cookies, or “Accept all” to consent to everything we may set.
  • Browser controls.Most browsers let you view, delete or block cookies from individual sites or globally. See your browser’s help pages for instructions.
  • Change your mind. To withdraw consent, delete the cookie named meridian-consent using your browser controls and reload the site; the banner will appear again.

Blocking strictly necessary cookies may stop parts of the site (for example, sign-in) from working correctly.

7. Changes to this policy

We may update this Cookie Policy to reflect changes to cookies we use, to third-party services or to applicable law. The “Last updated” date at the top indicates when it was last revised. Material changes will be signalled on the website and, where appropriate, through a fresh consent prompt.

8. Contact

  • Email: legal@meridiangroup.it.com
  • Post: Data Protection, MERIDIAN CONSULTING GROUP LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

You have the right to complain to the UK Information Commissioner’s Office about our use of cookies or handling of personal data - ico.org.uk.

MERIDIAN CONSULTING GROUP LTD

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Company number: 17101771 · Registered in England and Wales

SIC 70210 · 70229

For legal enquiries: legal@meridiangroup.it.com

← Back to home