Cookie statement

Our website downloads cookies to your computer - after your consent. Cookes make the site work properly and give us information that we use to improve your user experience. Third parties can download cookies too, via our website. In this cookie statement you can read about the types of cookies we use.

About cookies

On our website we use cookies: small files that are sent by an internet server and that are stored on your computer. Cookies are also placed via third parties that we have hired.

Allow cookies and delete cookies

When you first visit our website, you will see the message at the bottom of the window "SURF places functional cookies to make this website work properly. We also place analytical cookies to improve the website. Where possible, the data is anonymised. We place these cookies without your explicit consent.

We ask your permission to place third party cookies. Embedded content (such as YouTube videos) may contain third party cookies. By clicking "Accept", you consent to the placing of third party cookies.

You can delete the cookies via your browser settings. There you can also set the type of cookies that will be placed on your computer. Most cookies have an expiration date. This means that they expire automatically after a certain period of time and no longer record any information about your visit to the site. You can also choose to delete cookies manually via your browser settings.

Agreements with third parties about cookies

We have made agreements with third parties who place cookies, about the use of cookies and applications. However, SURF does not have full control over what the providers of these applications do with cookies themselves when they read them out. In the privacy statements of these parties, you can read more about these applications and how they handle cookies (please note that these can change regularly).

Types of cookies on surf.nl 

Functional cookies

Our website uses a number of functional cookies, which ensure that the website functions correctly:

  • cookieconsent_status: necessary to store your cookie preferences and is valid for 12 months

Analytical and tracking cookies

SURF uses the open source web statistics package Matomo & Piwik.pro to track statistics. This allows us to see how visitors use the SURF website and provides us with information that will help us improve the website.

By using Matomo, we process the data in-house and do not provide it to third parties. The collected data is stored in the Netherlands in an encrypted environment. Matomo is also set to automatically anonymize the IP address of the website visitor: the last 9 digits of the IP address are not stored or displayed. When your browser is set not to be tracked, Matomo will not collect data from your visit. SURF does not use cookies to identify visitors, but only to improve the website.

By using Piwik.pro, SURF and Piwik.pro process data of visitors. The collected data is stored in Sweden (EEG) in an encrypted environment. Piwik.pro is also set to automatically anonymize the IP address of the website visitor: the last 9 digits of the IP address are not stored or displayed. When your browser is set not to be tracked, Matomo will not collect data from your visit. SURF does not use cookies to identify visitors, but only to improve the website.

SURF places the following Matomo cookies on your computer

Matomo uses the following cookies on your computer:

  • _pk_ref: This cookie tracks from which website you are visiting the SURF website. It is valid for 6 months.
  • _ pk_cvar: This optional cookie is placed on your computer when, for example, you participate in a survey. The cookie prevents you from being asked to participate in the same survey a second time. This cookie is valid for 2 years.
  • _pk_id: This cookie determines if you are a new or returning visitor. This cookie is valid for 2 years.  
  • _pk_ses: This cookie determines which pages you have visited on SURF.nl. The cookie is only valid during that specific visit.

Reject Matomo cookies

SURF places the following Piwik cookies on your computer

Analytics

 

_pk_ses.<appID>.<domainHash>

Module: Analytics
Expires after: 30 minutes (can be changed)
Extends: Automatically
Type: First-party cookie
About: Shows an active session of the visitor. If the cookie isn’t present, the session has finished over 30 minutes ago and it was counted in a pk_id cookie.

_pk_id.<appID>.<domainHash>

Module: Analytics
Expires after: 13 months (can be changed)
Extends: No
Type: First-party cookie
About: Used to recognize visitors and hold their various properties.
Value: <visitorID>.<cookieCreationTimestamp>.<visitsCount>.<currentVisitTimestamp>.<lastVisitTimestamp>.<lastEcommerceOrderTimestamp>

  • visitorID: Value is generated via JavaScript when not provided otherwise.
  • cookieCreationTimestamp: Cookie creation time.
  • visitsCount: 0 means there are no previous visits.
  • currentVisitTimestamp: Current time. Refreshed with every user action.
  • lastVisitTimestamp: Time of the last visit. Empty if there are no previous visits. It is also used to increase the number of visits (together with the cookie pk_ses).
  • lastEcommerceOrderTimestamp: Time of the last ecommerce order. Empty if there are no ecommerce orders.

_pk_cvar

Module: Analytics
Expires after: 30 minutes (can be changed)
Extends: No
Type: First-party cookie
About: Holds custom variables that were set during the previous page view. It’s not enabled by default. Requires calling the storeCustomVariablesInCookie() method on the Javascript tracker object.
Value: Custom variable keys and values.

app_id

Module: Analytics
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Used to pass a site or app ID between Piwik PRO’s modules: Analytics, Tag Manager, Audience Manager, Consent Manager, Administration.
Value: A site or app ID.

piwik_auth (deprecated)

Module: Analytics (versions below 16.0.0)
Expires after: 24 minutes (can be changed)
Extends: Automatically
Type: First-party cookie
About: Stores session information for Piwik PRO’s user interface (UI). As long as this cookie is valid and contains a login and a token_auth parameter, a visitor is considered as a logged-in visitor, and a PIWIK_SESSID cookie will be refreshed.
Value: login=<userLogin>:token_auth=<tokenHash>:_=<signature>

  • userLogin: User’s login.
  • tokenHash: md5 hash created from a login and a token_auth parameter.
  • signature: Checksum

PIWIK_SESSID (deprecated)

Module: Analytics (versions below 16.0.0)
Expires after: 24 minutes (can be changed)
Extends: No
Type: First-party cookie
About: Stores a PHP session ID.
Value: A unique session identifier.

Tag Manager

_stg_debug / stg_debug

Module: Tag Manager
Expires after: 14 days
Extends: Automatically
Type: First-party cookie
About: Determines if the Tag Manager’s debugger should be displayed. A cookie is removed after you close the debugger.
Value: 1 when debug mode is turned on.
Created if: You use a stg_debug query parameter in the URL.

stg_traffic_source_priority

Module: Tag Manager
Expires after: 30 minutes
Extends: Automatically
Type: First-party cookie
About: Stores the type of traffic source that explains how the visitor reached your website.
Value:

  • 1: Direct
  • 2: Referral
  • 3: Social media
  • 4: Organic search
  • 5: Campaign

Created if: You use the traffic source condition in a trigger.

stg_last_interaction

Module: Tag Manager
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Determines whether the last visitor’s session is still in progress or a new session has started.
Value: A timestamp of the last interaction a visitor had on your website.
Created if: You use a multiplicity condition in a trigger.

stg_returning_visitor

Module: Tag Manager
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Determines if the visitor has already been to your website — they are returning visitors.
Value: A timestamp of the last interaction a visitor had on your website.
Created if: You use a returning-visitor condition in a trigger.

stg_fired__<appID>

Module: Tag Manager
Expires after: The session ends. (Fixed idle time or after a browser is closed.)
Extends: No
Type: First-party cookie
About: Determines if the combination of a tag and trigger was fired during the current visitor’s session.
Value: A timestamp of the moment when a tag is fired.
Created if: You use a multiplicity condition in a trigger, and a trigger is set to fire a tag once per session. A cookie is created after the tag is fired.

stg_utm_campaign

Module: Tag Manager
Expires after: The session ends. (Fixed idle time or after a browser is closed.)
Extends: No
Type: First-party cookie
About: Stores a name of the campaign that directed the visitor to your website.
Value: An encoded value of an utm_campaign query parameter.
Created if: You use the campaign condition in a trigger, and a visitor enters your website from a campaign with an utm_campaign query parameter.

stg_pk_campaign

Module: Tag Manager
Expires after: The session ends. (Fixed idle time or after a browser is closed.)
Extends: No
Type: First-party cookie
About: Stores a name of the campaign that directed the visitor to your website.
Value: An encoded value of a pk_campaign query parameter.
Created if: You use the campaign condition in a trigger, and a visitor enters your website from a campaign with a pk_campaign query parameter.

stg_externalReferrer

Module: Tag Manager
Expires after: The session ends. (Fixed idle time or after a browser is closed.)
Extends: No
Type: First-party cookie
About: Stores an URL of a website that referred a visitor to your website.
Value: The window.location.origin value for a referral website.
Created if: You use the external referrer condition in a trigger, and a visitor enters your website from a referral website.

_stg_opt_out_simulate

Module: Tag Manager
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Used to simulate the behavior of the opt-out snippet in the debugger. It turns off all tracking tags in the tested domain.
Value:

  • true: Opt-out simulation is turned on.
  • false: Opt-out simulation is turned off.

Created if: You turn on opt-out simulation in debug mode.

_stg_optout

Module: Tag Manager
Expires after: 365 days
Extends: Automatically
Type: First-party cookie
About: Used to turn off all tracking tags in the tested domain.
Value:

  • true: A visitor opts out of tracking.
  • false: A visitor agrees to tracking.

Created if: A visitor opts out of tracking. (You use an opt-out snippet.)

stg_global_opt_out (deprecated)

Module: Tag Manager
Expires after: 365 days
Extends: Automatically
Type: Third-party cookie
About: Used to turn off all tracking tags on websites that belong to one Piwik PRO account.
Value:

  • 1: A visitor opts out of tracking.
  • 0: A visitor agrees to tracking.

Created if: A third-party cookie is set when a visitor opts out of tracking. (You use a global opt-out snippet.)

Local storage

In addition to cookies, Piwik PRO uses local storage in the visitor’s browser to stack some information. Here’s what is kept in that storage.

ppms_webstorage

Module: Tag Manager, Consent Manager and Analytics
About: Prevents visitor’s data loss that may happen because of some mechanisms used by browsers, for example, Safari’s ITP.
Value: A stringified object that contains information about created cookies for each module. It stores data about each created cookie, such as a key, value, expiry date, path, domain, and more. This is the same data that was used to create a cookie.
Created if: Each time a cookie is set in the visitor’s browser.
Removed if: A ppms_webstorage item isn’t removed automatically. But a visitor can delete it manually. Single entries in the object are removed after a corresponding cookie expires.

ppms_data_store

Module: Audience Manager
About: Stores information from forms on your website. After a visitor submits a form, the data is passed to Audience Manager. But if a form redirects a visitor to another page, data may be lost. Therefore form data is kept in the local storage as a backup. (A page where a visitor is redirected needs to have a form tracker, otherwise Piwik PRO can’t collect form data.)
Value: A JSON encoded object that contains:

  • payload: AES encrypted form data.
  • aes: RSA encrypted AES key (for payload)
  • Iv: initialization vector (for payload)

Removed if: After the form tracker sends data to the server. It can happen right after a visitor submits a form or after a new page loads in their browser.

 

 

 

SURF also uses the Mopion package to carry out online surveys of our visitors. We use the results of these surveys to be able to help our visitors even better in the future. All data from these surveys is processed anonymously.

To conduct these surveys we place these cookies
  • AWSALB / AWSALBCORS; this cookie ensures the redirection to the right server and is valid for 7 days
  • Pastease.passive.chance; this optional cookie determines if and when the survey is shown and is valid for 10 days
  • Pastease.passive.activated; this optional cookie determines if and when the survey is displayed and is valid for 10 days
  • Pastease.pro_active.chance; this optional cookie determines if and when the survey is shown and is valid for 10 days
  • Pastease.pro_active.activated; this optional cookie determines if and when the survey is shown and is valid for 10 days
  • Pastease.exit.chance; this optional cookie determines if and when the survey is shown and is valid for 10 days 
  • Pastease.exit.activated; this optional cookie determines if and when the survey is shown and is valid for 10 days
  • Pastease.returning; this optional cookie determines when the survey is shown and is valid for 10 days
  • last_page; this optional cookie determines when the survey is displayed and is valid for 10 days
  • page_count; this optional cookie determines when the survey is displayed and is valid for 10 days
  • MSopened; this optional cookie is set when the survey is opened and is valid for 10 days
  • MSFeedbackSent; this optional cookie is set when the survey is submitted and is valid for 10 days

Third-party cookies

Embedded content (YouTube videos) may use third-party cookies. You have to explicitly grant permission for these cookies to be stored on your computer. 

Do you want to allow third-party cookies or revoke your consent? Change your cookie settings

Social media buttons

The social media buttons on surf.nl are links to the social networks concerned.

Changes to the cookie statement

SURF reserves the right to make changes to this cookie statement. We recommend that you check this cookie statement regularly so that you are aware of these changes.

Privacy policy

Please also read our privacy statement. There you can read how we handle your personal data, how we protect your data and what rights you have with regard to your data.

General contact details

SURF
Moreelsepark 48
3511 EP  Utrecht
communicatie@surf.nl
+31-887873000

This cookie statement was last updated on 17 June 2021.