Information concerning cookies

Dev Updated by Dev

Wisepops is an on-site marketing solution that provides website owners (hereinafter referred to as the “Clients”) with the ability to display targeted campaigns in the form of pop-ups (banner or window), WISP notifications (icon or drawer hidden or revealed at the Client’s request), bars or embeds (hereinafter together referred to as the “Services”). 

These campaigns can take the form of subscriptions to newsletters, promotions, new product announcements and more. 

A pop-up example: 

The purpose of the present notice is to document Wisepops’ position that the use of the Services by the Client does not, per se, require it to collect its website visitors’ prior consent. 

In any case, the Client is solely responsible for (i) the content of the Services that it publishes on its website, and (ii) the processing of personal data that it may be performing in the context of the use of the Services, as a Controller pursuant to the GDPR. 

Therefore, the present notice does not relieve the Client from its responsibility to comply with all applicable laws and regulations, specifically those related to the protection of personal data.  

In its deliberation no. 2020-091 of September 17th, 2020, the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés, CNIL) has issued Guidelines for the application of Article 82 of Law N°78-17 of January 6th, 1978 (loi “Informatique et libertés” modifiée) which transposes into French law the provisions of Directive 2002/58/EC of July 12th, 2002 on Privacy and Electronic Communications (“ePrivacy Directive”, ePD). 

These Guidelines apply to any operation for reading or writing any information stored or consulted on terminal equipment, irrespective of whether or not it is personal data within the meaning of Regulation (EU) N°2016/679 (hereinafter referred to as the "GDPR"). 

Paragraph 46 of these Guidelines stipulate that “the consent requirement does not apply to operations whose sole purpose is to enable or facilitate communication by electronic means or which are strictly necessary for the provision of an online communication service at the express request of users”.

Among the concerned trackers that can be considered as exempt from the consent requirement, paragraph 49 of the Guidelines lists: 

  • “trackers retaining the choice expressed by users on the deposit of trackers;”
  • “trackers intended for authentication to a service, including those designed to ensure the security of the authentication mechanism, for example by limiting robotic or unexpected access attempts;”  
  • “trackers designed to store the content of a shopping cart on a merchant site or to invoice the user for the product(s) and/or service(s) purchased;”
  • “trackers for personalizing the user interface (for example, for choosing the language or presentation of a service), when such personalization constitutes an intrinsic and expected element of the service;”
  • “trackers used to balance the load of equipment providing a communication service;”
  • “trackers enabling paying sites to limit free access to a sample of content requested by users (predefined quantity and/or over a limited period of time);”
  • “certain audience measurement trackers, subject to the reservations mentioned below.”

Paragraphs 50 to 52 of the Guidelines address the specific case of audience measurement trackers.

In this respect, it is specified that, are not subject to the legal obligation to obtain the Internet user’s prior consent under Article 82 of Law N°78-17 of January 6th, 1978, “trackers whose purpose is limited to measuring the audience of the site or application, in order to meet different needs", provided that such cookies "are strictly necessary to the operation and day-to-day administration of a website". This applies in particular to cookies allowing for a "performance measurement" or an "analysis of consulted content" (paragraph 50).

Paragraph 51 of the Guidelines specifies that, in order to be considered as exempt from consent, the trackers :

  1. "must have a purpose that is strictly limited to the sole measurement of the audience on the site or application for the exclusive account of the publisher";
  2. "must not, in particular, enable the global tracking of a person's browsing habits using different applications or browsing different websites";
  3. "may only be used to produce anonymous statistical data";
  4. "and the personal data collected may not be cross-referenced with other processing nor transmitted to third parties".

Wisepops ensures that it complies with the abovementioned criteria in order for its Services to qualify, per se, as exempt from consent pursuant to the CNIL Guidelines. 

2. Wisepops’ cookies

Wisepops allows Clients to engage their website visitors with contextual pop-ups. 

These pop-ups (notwithstanding their purpose) are only displayed if a visitor matches a predefined browsing scenario set by the Client. 

Wisepops uses cookies on the Client website to define this browsing scenario based on certain data such as the visitor’s last visit to the Client website, the Client’s campaigns the visitor has interacted with, or other relevant  information like the last purchase date. 

All these cookies are first-party, meaning they are linked to the Client’s domain, not Wisepops’. 

Specifically, the cookies involved are the following: 






Stores data during the session to define the context in which the pop-ups are displayed to the visitor: date of browsing, pop-ups seen during session, number of pages seen during session. 


750 days

Assigns data (collected via Wisepops’ cookies: history of pages viewed, pop-ups/notifications history, last connection to the Client website) issued from several devices to a single visitor.


2 years

Disables Wisepops’ Services when a visitor clicks "Don’t show pop-ups again". 


2 years

Stores custom properties across sessions (shopping cart composition, purchase history) to define the context in which the pop-ups are displayed. 


2 years

Stores the last 10 visit dates. 


2 years

Stores persistent data to align the visitor’s experience with the pop-ups that are displayed to him/her: 

1. History of pop-ups displayed to the visitor in order to avoid displaying the same pop-up. 

2. Information that the visitor’s email has already been collected to avoid asking him/her again.

The information collected via Wisepops’ cookies are stored on Wisepops’ servers and can only be accessed by the Client and Wisepops’ personnel, external consultants and third party providers, in accordance with Wisepops’ Privacy Policy. 

Wisepops does not (i) store any other information that would allow the identification of a visitor, (ii) sell or share the visitor’s email address or any other personal information that is collected by a Client via a pop-up form, or (iii) send visitors emails nor directly contact them for any purpose. 

The abovementioned cookies all primarily qualify as audience measurement cookies (or, for “wisepops_noshow”, as a tracker retaining the choice expressed by users on the deposit of trackers). As a consequence, all cookies involved by the use of the Services are, per se, not subject to the Client website visitors’ prior consent. 

Indeed, the browsing information stored is strictly limited to the sole measurement of the audience of the Client website. In particular, Wisepops does not display third-party ads to the visitors of a Client website. It does not enable the global tracking of the visitors’ browsing habits to the extent that the information collected only concerns the Client website. Such information is only used to produce anonymous statistical data, the report of which is optional for the Client. When personal data is collected, it is not cross-referenced with other processing nor transmitted to third parties.

Although the cookies involved by the use of the Services are not per se subject to the Client website visitors’ prior consent, Clients may use Wisepops to collect personal information (e.g. visitor’s name, phone number, email address) through pop-up forms.

The purpose of such processing may subject Clients to the legal requirement of obtaining the consent of their website visitors prior implementing the cookies.

Furthermore, as controllers pursuant to the GDPR, Clients are solely responsible for providing the required information to their website visitors with regard to the processing of their personal data. 

For additional information, please contact us at

Accessibility and compliance with ADA/WCAG

Compliance with Shopify's Customer Privacy