Breadcounter, LLC ("we", "us", "our") respects your privacy and is committed to transparency about the use of cookies and similar tracking technologies on our website, www.breadcounter.com. This Cookie Policy explains what cookies are, which technologies we use, the legal bases for processing, your rights, and how you can control the use of cookies.
1. What are cookies and similar technologies?
- Cookies – Small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They enable the site to recognise your device, remember preferences, and provide security, analytics, and advertising functions.
- Web beacons / pixel tags – Tiny images or scripts embedded in web pages or emails that report user interactions.
- Local storage – Data stored directly in your browser (e.g., by third-party widgets) to improve functionality.
- Server logs – Records kept by our hosting provider (GoDaddy) that capture IP addresses, browser type, device information, pages visited, and timestamps for security, troubleshooting, and performance monitoring. Retained for approximately 90 days.
- Embedded content – Third-party services (e.g., Calendly scheduler) may load their own tracking technologies as described in their privacy policies.
2. Legal basis for processing
| Category of Cookies | Legal Basis (GDPR) | Consent Required? |
|---|---|---|
| Strictly necessary (e.g., security, session management, Calendly scheduler functionality) | Legitimate interest or Contractual necessity – required for the service you explicitly request. | No – exemption under the ePrivacy Directive/PECR. |
| Performance / Analytics (e.g., GoDaddy analytics) | Explicit consent (Art. 6 (1)(a) GDPR). | Yes – prior consent before the cookie is set. |
| Functional (e.g., language or UI preferences) | Explicit consent. | Yes – prior consent. |
| Advertising / Targeting (e.g., Calendly analytics) | Explicit consent. | Yes – prior consent. |
| Other (e.g., local-storage, embedded content) | Explicit consent where personal data is processed. | Yes – prior consent. |
3. Cookie banner & consent management
We use CookieYes as our consent-management platform (CMP).
- Prior consent – On your first visit a banner appears before any non-essential cookie is set.
- Options – You may Accept all, Reject non-essential, or Customize each category (Analytics, Functional, Advertising, Other).
- Global Privacy Control (GPC) – If your browser sends a GPC signal, we treat it as a request to decline all non-essential cookies.
- Consent logging – Every consent choice (timestamp, IP address, user-agent, selected categories) is stored securely for at least 12 months to demonstrate compliance.
- Changing preferences – A persistent "Cookie Settings" link in the website footer re-opens the banner, allowing you to modify or withdraw consent at any time.
4. Detailed Cookie Inventory
| Cookie Name | Provider | Domain | Category | Purpose | Legal Basis | Retention Period |
|---|---|---|---|---|---|---|
| __cf_bm | Cloudflare (via Calendly) | calendly.com | Necessary | Cloudflare Bot Management – protects the Calendly scheduler from malicious bots. | Legitimate interest / contractual necessity | 1 hour |
| _cfuvid | Cloudflare (via Calendly) | calendly.com | Necessary | Maintains session consistency for the Calendly booking widget. | Legitimate interest / contractual necessity | Session |
| __cfruid | Cloudflare (via Calendly) | calendly.com | Necessary | Identifies trusted web traffic to ensure security. | Legitimate interest / contractual necessity | Session |
| _calendly_session | Calendly | calendly.com | Necessary | Enables meeting-scheduler functionality and allows users to add events to their calendars. | Legitimate interest / contractual necessity | 21 days |
| cal_anonymous_id | Calendly | calendly.com | Analytics | Anonymous user tracking for Calendly analytics. | Explicit consent | Session |
| _tccl_visitor | GoDaddy | breadcounter.com | Analytics | Aggregated visitor tracking for performance monitoring. | Explicit consent | 1 year |
| _tccl_visit | GoDaddy | breadcounter.com | Analytics | Aggregated visit tracking for performance monitoring. | Explicit consent | 1 hour |
| wpEmojiSettingsSupports | WordPress (first-party) | breadcounter.com | Necessary | Detects if the user's browser can display emojis correctly. | Legitimate interest / contractual necessity | Session |
| _scc_session | First-party (WordPress) | breadcounter.com | Other* | Session management (purpose currently unclear; may be used for form submissions or security). | If used for security or form processing, treat as Necessary; otherwise, treat as Consent-based. | 20 minutes |
| _cache (unspecified) | calendly.com | calendly.com | Other | Performance optimisation (never set by us). | Explicit consent (if ever enabled) | – |
| _cache (unspecified) | (none) | (none) | Other | Placeholder – not actively used. | – | – |
*The _scc_session cookie's exact function is not definitively identified. If it is required for secure form submission or authentication, it will be classified as Necessary; otherwise it will be treated as Consent-based.
5. Do Not Sell or Share My Personal Information
We do not sell personal information for monetary consideration.
For residents of California, Virginia, Colorado, Connecticut, and Utah, you may exercise your right to opt-out of the sale or sharing of personal information (including data collected via cookies) by clicking the link below:
(This link takes you to a page generated by CookieYes)
Requests are processed within 15 days.
6. Your Rights
a. Rights for EU/EEA Residents (GDPR)
- Right of Access – Request a copy of the personal data we hold about you.
- Right to Rectification – Request correction of inaccurate data.
- Right to Erasure ("Right to be Forgotten") – Request deletion, subject to legal exceptions (e.g., tax-record retention).
- Right to Restriction of Processing – Limit how we process your data.
- Right to Data Portability – Receive your data in a structured, commonly used, machine-readable format.
- Right to Object – Object to processing for direct marketing or legitimate-interest purposes.
- Right to Withdraw Consent – Withdraw consent for consent-based cookies at any time via the "Cookie Settings" link.
To exercise any of these rights, contact our Data Protection Officer
Data Protection Officer: Chris Ferretti – chris@breadcounter.com
b. Rights for California Residents (CCPA/CPRA)
- Right to Know – Request disclosure of the categories of personal information we collect, the sources, purposes, and third parties with whom we share it.
- Right to Delete – Request deletion of your personal information (subject to legal exemptions).
- Right to Opt-Out of Sale/Sharing – Use the link above to opt-out.
- Right to Non-Discrimination – We will not discriminate against you for exercising any CCPA right.
c. Rights for Residents of Virginia, Colorado, Connecticut, Utah (VCDPA, CPA, CTDPA, UCPA)
- Right to Access – Request a copy of your personal information.
- Right to Delete – Request deletion of your personal information.
- Right to Opt-Out of Sale/Sharing – Use the same "Do Not Sell or Share My Personal Information" link.
- Right to Correct – Request correction of inaccurate data.
To exercise any of these rights, email info@breadcounter.com (or the DPO email for GDPR requests).
7. Data Security Measures
We implement industry-standard technical and organizational safeguards for all cookie-derived data:
- Secure Transmission – All cookies are sent over HTTPS (TLS 1.2+).
- Secure Flag – Cookies that contain sensitive identifiers are marked Secure to ensure they are only transmitted over encrypted connections.
- HttpOnly Flag – Session and authentication cookies are set HttpOnly to prevent access by client-side scripts (mitigates XSS).
- SameSite Attribute – Cookies include SameSite=Lax or Strict to protect against CSRF attacks.
- Limited Retention – Cookies are set with appropriate expiration dates (see the inventory table). Session cookies expire when the browser is closed.
- Third-Party Security – Calendly, Cloudflare, and GoDaddy each maintain their own security programs as described in their privacy policies.
8. International Data Transfers
If personal data is transferred outside the United States (e.g., to the European Economic Area), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on adequacy decisions where applicable (e.g., U.K., Switzerland). These safeguards ensure an equivalent level of protection for your data.
9. Accessibility Statement for the Cookie Banner
Our cookie banner complies with accessibility standards:
- Fully keyboard-navigable (tab order, focus indicators).
- All controls have screen-reader friendly labels and ARIA attributes.
- Colour contrast meets WCAG 2.1 AA requirements.
- Users can reopen the banner at any time via the persistent "Cookie Settings" link.
If you encounter accessibility issues, please contact us (see Section 10).
10. Contact Information
Breadcounter, LLC (doing business as Gilmer Ferretti Group)
Email: info@breadcounter.com
Phone: 305-239-6242
Miami, FL 33131, United States
Data Protection Officer: Chris Ferretti – chris@breadcounter.com
11. Updates to This Cookie Policy
We may update this Cookie Policy to reflect changes in our practices, legal requirements, or technology. When material changes are made, we will:
- Post a prominent notice on our website.
- Update the Effective Date at the top of this page.
Please review this policy periodically to stay informed about how we protect your information.