Legal documents · Cookies Policy

Cookies Policy

How legal.avantwerk.co.uk uses cookies and similar technologies. Statutory basis: PECR reg. 6 + UK GDPR.

Last updated: 14 May 2026 · Basis: PECR reg. 6 + UK GDPR Art. 6

Draft pending review by a practising solicitor admitted in England and Wales. Full validation by a qualified solicitor will take place before production publication.

1. What this policy covers

This Cookies Policy explains how Avantwerk Legal AI, operated by Bennovate spółka z ograniczoną odpowiedzialnością ("Bennovate", "we", "us"), uses cookies and similar tracking technologies on the website legal.avantwerk.co.uk (the "Site") and in the Avantwerk Legal AI web application.
We are required under reg. 6 of the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) ("PECR") to obtain your consent before storing or accessing any cookie on your device, unless that cookie is strictly necessary for a service you have explicitly requested. This policy explains how we fulfil that obligation.
Your consent to non-essential cookies is obtained through the cookie-consent banner displayed on your first visit to the Site, before any non-essential cookie is placed on your device.
This policy should be read alongside our Privacy Notice.

2. What is a cookie?

A cookie is a small text file that a website places on your device (computer, tablet or smartphone) when you visit it. Cookies allow the website to remember information about your visit, such as your preferred language and settings.

We may also use similar technologies such as local storage (HTML5), session storage, and browser-based IndexedDB for functional purposes within the application. Where we refer to "cookies" in this policy, we include these similar technologies unless context otherwise requires.

3. Cookie categories

We classify cookies into four categories in accordance with ICO guidance.

3.1 Strictly necessary cookies

Strictly necessary cookies are essential for the Site and the Service to function. Without them, you cannot navigate the Site or use the application. Under reg. 6(1)(d) PECR, these cookies do not require your consent.

Name / type	Purpose	Retention
Session authentication token	Maintains your logged-in session within the application	Browser session; cleared on logout
CSRF protection token	Protects form submissions against CSRF attacks	Browser session
Cookie-consent preference	Stores your consent choices so you are not shown the banner on every page load	12 months

3.2 Functional cookies

Functional cookies enable enhanced functionality and personalisation. If blocked, some features may not work correctly but the core Service remains accessible. These cookies require consent.

Name / type	Purpose	Retention
Language / locale preference	Stores your selected interface language (English / Polish)	12 months
UI layout preference	Stores your panel-width and sidebar-collapse preferences	12 months
BYOK provider preference	Stores your selected AI provider choice (no key data is stored in a cookie — the key itself is in encrypted browser IndexedDB)	12 months

3.3 Analytics cookies

Analytics cookies allow us to understand how users interact with the Service. We do not use third-party analytics cookies (such as Google Analytics) by default. Analytics cookies are disabled unless you give explicit consent.

Where analytics are enabled (by your consent), we use a privacy-preserving, self-hosted analytics solution. No data is sent to third-party analytics platforms without your specific consent.

Name / type	Purpose	Retention
Page-view event (self-hosted)	Anonymised count of page views and feature interactions for product improvement. No cross-site tracking. No individual profiling.	90 days; aggregated anonymised data retained indefinitely

3.4 Marketing cookies

We do not use marketing or advertising cookies on the Site or in the Service by default. Marketing cookies are not placed on your device unless you give explicit consent.

Where such consent is given, any marketing activity is conducted through our CRM provider (identity withheld on customer-facing surfaces — see our Privacy Notice for the category description). That CRM provider does not place any cookies on the Site at any point before the Customer has registered an account; it operates only at the account-management level post-sign-up.

4. Consent: how we obtain it and what it means

When you first visit legal.avantwerk.co.uk, you will see a cookie-consent banner before any non-essential cookie is placed. The banner presents the four categories in Section 3 and invites you to accept or decline each category separately.
You may: (a) accept all categories; (b) accept strictly necessary cookies only; or (c) select individual categories.
Your consent is:
- freely given — using the Service is not conditional on accepting non-essential cookies;
- specific — you can accept or decline each category separately;
- informed — this policy and the banner describe what each cookie does;
- unambiguous — consent is given by a positive action (ticking a box or clicking "Accept"), not by pre-ticked boxes or by simply continuing to browse.
You may withdraw or amend your consent at any time by clicking the "Cookie settings" link in the footer of any page on the Site. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
The legal basis for our use of strictly necessary cookies is reg. 6(1)(d) PECR. The legal basis for all other cookies is your prior, freely given consent under reg. 6(1) PECR and UK GDPR Art. 6(1)(a).

5. Third-party cookies and services

Transactional email. We use a third-party email service provider to send you transactional emails (account confirmation, invoice, onboarding). That provider may set cookies in emails you open (for example, a 1×1 pixel read-receipt). If you prefer not to allow such tracking, you may disable image loading in your email client. Full details of the categories of email service providers used are in our Privacy Notice Section 7.
CRM. Our CRM provider does not place any cookies during anonymous browsing of legal.avantwerk.co.uk. Post-sign-up, the CRM operates at the account-management layer and may set functional cookies tied to your authenticated session.
No Google Analytics or equivalent third-party analytics by default. We do not load Google Analytics, Hotjar, Facebook Pixel, LinkedIn Insight Tag or any equivalent third-party tracking script on any page of the Site without your explicit prior consent for analytics or marketing cookies.
Let's Encrypt. Our TLS certificate is provided by Let's Encrypt (Internet Security Research Group). Certificate validation does not set cookies and does not involve any personal data.

6. How to manage cookies in your browser

In addition to the controls we provide, you can manage cookies using your browser settings. Most browsers allow you to:

view the cookies currently stored on your device;
delete all or specific cookies;
block cookies from particular sites; and
block all third-party cookies.

Disabling strictly necessary cookies will prevent you from logging in or using core features of the Service.

Browser-specific guidance is available from the ICO at ico.org.uk/your-data-matters/online/cookies.

7. International transfers via cookies

Where a cookie places data with a third party outside the United Kingdom (for example, a CRM or email provider based in the USA), that transfer takes place under one of the mechanisms set out in our Privacy Notice Section 8 — in particular, the UK Addendum to EU Standard Contractual Clauses (IDTA) or an applicable UK adequacy instrument.

8. Changes to this Cookies Policy

We review this Cookies Policy periodically and may update it to reflect changes in the cookies we use or in applicable law. Material changes will be notified through the cookie-consent banner and by updating the effective date at the top of this policy.

9. Contact and complaints

If you have any questions about our use of cookies, or wish to exercise any right under UK GDPR or PECR, please contact dpo@avantwerk.com.

If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113 · ico.org.uk