Last updated: 26/Oct 2025
Cookie Policy
This Cookie Policy explains how Villa Santa Rosa SL (CIF/VAT: B01926245) (“Company”, “we”, “us” and “our”) uses cookies and similar technologies when you visit our website, villasantarosa.com (“Website”). It explains what cookies are, why we use them and how you can control them.
Table of Contents
- What Are Cookies?
- Why We Use Cookies
- Your Cookie Choices
- Cookies We Use
- Third-Party Providers Involved
- Controlling Cookies in Your Browser
- Updates to This Policy
- Contact Information
1. What Are Cookies?
Cookies are small data files stored on your computer or mobile device when you visit a website. They are widely used to make websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by us are called “first-party cookies”, while those set by other parties are called “third-party cookies”. Third-party cookies enable features or functionality provided by those parties (e.g. payments, bot protection, analytics and advertising).
2. Why We Use Cookies
We use first-party and third-party cookies for several reasons:
- Necessary cookies – required for technical reasons so the Website functions correctly (cart, checkout, payments, security, language).
- Functional/Preferences cookies – remember choices (e.g., language) and enable embedded features like Google Maps (loaded only when maps are displayed).
- Analytics cookies – limited to Sourcebuster cookies that track traffic sources/UTM to help us improve services (no Google Analytics or ads).
3. Your Cookie Choices
You can decide whether to accept or reject cookies. Necessary cookies cannot be switched off, but other types can be managed via:
- our Cookie Consent Banner (shown on your first visit) — use Customise to open the Preference Centre;
- the Preference Centre — available anytime via the bottom-left “Consent Preferences” button (cookie settings); open it now;
- your browser settings (see section 6 below).
Note: if you disable cookies, some parts of the Website may not function properly (e.g. cart and checkout).
4. Cookies We Use
4.1 Necessary Cookies (always active)
| Name | Purpose | Provider | Type | Expiration |
|---|---|---|---|---|
| cookieyes-consent | CookieYes sets this cookie to remember users consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. | villasantarosa.com | HTTP Cookie | 1 year |
| lang | Stores the user’s language preference to display the site in the selected language (is installed the first time you log in to the site). | villasantarosa.com | HTTP Cookie | 1 year |
| woocommerce_cart_hash | Helps WooCommerce determine when cart data changes and keep cart consistent across pages. | villasantarosa.com | HTTP Cookie | Session |
| woocommerce_items_in_cart | Stores a count of items in the cart to display and process orders correctly. | villasantarosa.com | HTTP Cookie | Session |
| wp_woocommerce_session_* | Unique code for each customer to find cart data in the database / keep session active at checkout. | villasantarosa.com | HTTP Cookie | 2 days |
| loftocean_cart | Stores cart selections for the theme’s booking/cart features to function. | villasantarosa.com | HTTP Cookie | 1 month |
| m | Stripe sets this cookie for fraud prevention purposes. It identifies the device used to access the website, allowing the website to be formatted accordingly. | m.stripe.com | HTTP Cookie (3rd-party) | 1 year 1 month 4 days |
| __stripe_mid | Fraud prevention & secure payments via Stripe.js (device identifier). | js.stripe.com / b.stripecdn.com / m.stripe.network | HTTP Cookie (3rd-party) | 1 year |
| __stripe_sid | Session identifier for fraud prevention during checkout. | js.stripe.com / b.stripecdn.com / m.stripe.network | HTTP Cookie (3rd-party) | 1 hour |
| hmt_id |
Invisible bot protection triggered by Stripe.js on checkout; helps prevent card testing and fraud.
May load only when needed; signals are sent to Stripe’s m.stripe.com.
|
hcaptcha.com / newassets.hcaptcha.com (used by Stripe) | HTTP Cookies (3rd-party) | 1 month |
| __cflb | Cloudflare load-balancing cookie used by hCaptcha when invoked by Stripe. Ensures reliable delivery of the bot-protection service; not used for tracking or advertising. | api.hcaptcha.com (used by Stripe) | HTTP Cookies (3rd-party) | 1 hour |
| __cf_bm | Cloudflare bot management cookie set by the hCaptcha resources used by Stripe. Required to distinguish humans from bots during checkout; not used for marketing. | .hcaptcha.com (used by Stripe) | HTTP Cookies (3rd-party) | 1 hour |
4.2 Functional / Preferences
| Name | Purpose | Provider | Type | Expiration |
|---|---|---|---|---|
| NID (Google Maps) | *.google.com / maps.googleapis.com | Used by Google to remember preferences and display embedded Maps; may also be used for ad-related personalization by Google services. | HTTP Cookie (3rd-party) | 6 months |
| SID, HSID, SSID, SAPISID, APISID (Google Maps) | *.google.com / maps.googleapis.com | Security, fraud prevention, and user preferences for embedded Maps; may support personalized content across Google services. | HTTP Cookies (3rd-party) | 24 months |
| CONSENT, SOCS (Google) | *.google.com | Stores Google consent settings and status that can affect how embedded services like Maps behave. | HTTP Cookies (3rd-party) | 24 months |
| __ssid | .villasantarosa.com | Used by Google services (e.g., embedded Google Maps) for security, preferences and, where applicable, personalisation. Set when Maps loads or is interacted with. Not used for payments or checkout. | HTTP Cookies (3rd-party) | 1 year 1 month 4 days |
4.3 Analytics
| Name | Purpose | Provider | Type | Expiration |
|---|---|---|---|---|
| sbjs_migrations | Sourcebuster (traffic attribution). Handles internal library updates “migrations” to keep attribution data consistent; does not contain directly identifiable information. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_current_add | Sourcebuster (traffic attribution). Saves additional details about the current source (e.g., campaign term/content) to refine attribution; no directly identifiable information. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_first_add | Sourcebuster (traffic attribution). Stores extra first-touch details (initial UTM parameters) to preserve acquisition context; no directly identifiable information. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_current | Sourcebuster (traffic attribution). Stores the current visit’s source/medium and UTM parameters for attribution; does not contain directly identifiable information. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_first | Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_udata | Sourcebuster (traffic attribution). Holds derived/non-identifiable attribution values used by Sourcebuster logic; no directly identifiable information. | .villasantarosa.com | HTTP Cookies | Session |
| sbjs_session | Sourcebuster (traffic attribution). Manages the 1-hour session window to separate visits for accurate attribution; no directly identifiable information. | .villasantarosa.com | HTTP Cookies | 1 hour |
4.4 Local Storage
| Name | Provider | Purpose | Type | Expiration |
|---|---|---|---|---|
| storeApiCartData | villasantarosa.com | Stores cart items and checkout data required for WooCommerce blocks / Store API to function. | Local Storage | Persistent (until cleared) |
| storeApiNonce | villasantarosa.com | Nonce/token used by Store API to validate requests. | Local Storage | Persistent (rotates periodically) |
5. Third-Party Providers Involved
- WooCommerce (cart & checkout) – first-party cookies on villasantarosa.com.
- Stripe (payments) – resources from
js.stripe.com,b.stripecdn.com,m.stripe.network(andm.stripe.comin some flows) may set necessary cookies for fraud prevention. - hCaptcha (via Stripe) — Stripe.js loads it when needed for anti-fraud; domains:
*.hcaptcha.com,newassets.hcaptcha.com; signals go tom.stripe.com. - Google Maps (embedded) – loads resources from
maps.googleapis.comand*.google.comand may set cookies such asNID,SID,HSID,SSID,SAPISID,APISIDto remember preferences and enhance map functionality. These are loaded only when Maps is displayed and are categorised under Functional / Preferences (non-personalised use).
6. Controlling Cookies in Your Browser
You can manage or disable cookies directly in your browser settings:
We do not use third-party advertising cookies on this site. If you encounter interest-based advertising elsewhere, you can manage your preferences via:
- EEA & UK: YourOnlineChoices (EDAA)
- USA: Digital Advertising Alliance (DAA) and Network Advertising Initiative (NAI)
- Canada: Digital Advertising Alliance of Canada (DAAC)
7. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes to the cookies we use or for other legal and operational reasons. Please revisit this page regularly to stay informed.
The "Last updated" date at the top of this page indicates when this Policy was most recently revised.
8. Contact Information
If you have any questions about our use of cookies or other technologies, contact us:
Villa Santa Rosa SL
CIF/VAT: B01926245
Avinguda Marcos Redondo 7, 17406 Viladrau, Girona, Spain
Email: info@villasantarosa.com
Phone: (+34) 622 321 324