Cookie Policy


This Cookie Policy explains how Exchange Capital Partners Ltd and ECAP (IOM) Limited (“ECAP”, “we”, “us”, “our”) use cookies and similar technologies on our website, which is hosted on the Webdadi platform.

It should be read together with our Privacy Policy, which explains how we collect, use and protect personal information.

When you visit our website, you will see a cookie banner. By clicking “Accept All”, you agree that we can store and access all cookies as described in this policy. By selecting “Accept only necessary” or “Decline”, you can reject non-essential cookies and allow only those that are strictly necessary for the site to function. You can change your preferences at any time via the cookie settings link in the footer of the site.

1. What are cookies?
Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work, improve user experience and provide information to site owners.
Similar technologies (such as pixels, tags and local storage) may also be used for similar purposes. In this policy, we refer to all of these as cookies.

2. Types of cookies we use
We group the cookies we use into the following categories:

a) Strictly necessary cookies
These cookies are essential for our website to function properly and cannot be switched off in our systems. They are usually only set in response to actions you take, such as navigating the site, submitting forms or managing your cookie preferences.
Without these cookies, some parts of the site will not work correctly. These cookies do not require your consent, but we include them here for transparency.

b) Performance / analytics cookies
These cookies help us, and our providers understand how visitors use our website (for example, which pages are visited most often) so we can improve how the site works. They typically collect information in an aggregated form.
They are only set if you consent to analytics cookies via our banner and if the relevant analytics service (such as Google Analytics) is enabled on our website.

c) Functional cookies
These cookies allow the website to remember choices you make (such as form inputs or preferences) and provide enhanced, more personalised features. If you do not allow these cookies, some or all of these services may not function properly.

Some of these cookies are only set when particular features are active on the site or when you choose to use them.

d) Targeting / advertising and social media cookies
These cookies may be set by our analytics and advertising partners (for example, Google, Facebook/Meta) to build a profile of your interests and show you relevant content or ads on other sites, and to measure the effectiveness of campaigns. Some cookies are also used when you interact with embedded content such as YouTube or Vimeo videos, or social media plugins.

We will only use these cookies where you have given your consent and where the relevant features or campaigns are active.

3. Cookies used on our site
Because our website is built on the Webdadi platform, the cookies used fall into two main groups:
a)Platform / security / consent cookies – required for the site to work and to remember your cookie choices.
b)Third-party analytics, advertising and media cookies – used for analytics, security (for example, reCAPTCHA), advertising and embedded media such as videos.

The specific cookies used on our website can change over time as we update or add features, integrate with new providers or run campaigns.

The tables below describe the main types of cookies that are currently used, or may be used in future, on our website. Some cookies will only be set if certain services are enabled (for example, analytics) or if you interact with specific content (for example, playing an embedded video).

Some of the cookies listed as “non-essential” will only be set if you consent to that category of cookies in our banner and the relevant feature is active on our site.

3.1 Strictly necessary cookies

Name
Provider
Purpose
Expiry
Type
atom2
Webdadi platform
Maintains an anonymised user session so the site functions correctly across page views.
Session
First-party
*AntiForgery*
Webdadi platform
Helps prevent fraudulent or automated form submissions (anti–cross-site request forgery).
Session
First-party
cf*, __cf*
Cloudflare
Security and performance cookies used to protect the site and manage traffic.
Session
Third-party
jwt
Webdadi platform
Short-lived authentication token used when you log into secure areas of the site.
Around 5 minutes
First-party
refreshToken
Webdadi platform
Longer-lived token used to maintain authentication without frequent logins.
Around 7 days
First-party
cookieConsent
Webdadi platform
Remembers whether you accepted, declined or limited cookies via our banner.
Around 1 year
First-party

These cookies are required to deliver core website functionality, security and your cookie preferences. They cannot be turned off via our cookie banner, but you can still block them in your browser (although the site may then not work correctly).

3.2 Performance / analytics cookies (non-essential)
These cookies help us, and our providers understand how visitors use the site.

They are only set if you consent to analytics cookies and if the relevant analytics service is active on our website.

Name
Provider
Purpose
Expiry
Type
_ga, ga<container-id>
Google
Used by Google Analytics to distinguish users and provide usage statistics (only set when Google Analytics is active and you have consented to analytics cookies).
Up to 2 years
Third-party
_gid
Google
Stores and updates a unique value for each page visited for analytics (only set when analytics are enabled and consented).
~24 hours
Third-party
_gat
Google
Throttles request rate to limit data collection on high-traffic sites (only set when analytics are enabled and consented).
~1 minute
Third-party
_gac<property-id>
Google
Stores campaign-related information to link Analytics and Ads reporting (only set when such features are enabled and consented).
~90 days
Third-party
_gcl_au
Google
Measures advertising conversions across websites and domains (only set when relevant advertising features are enabled and consented).
~90 days
Third-party

(If other analytics tools are enabled in future, their cookies will be added to this category and controlled via the same consent mechanism.)

3.3 Functional and security-related cookies (non-essential)
Some of these cookies are used for security and to support specific forms or features. They may be treated as necessary by some providers, but we list them here for transparency and control them via our banner where appropriate.

Name
Provider
Purpose
Expiry
Type
_GRECAPTCHA
Google
Used by Google reCAPTCHA to help detect bots and protect forms from abuse (set when reCAPTCHA is used on our site).
~6 months
Third-party
AEC
Google
Security cookie to prevent cross-site request forgery and ensure user requests are legitimate.
~6 months
Third-party

These cookies may be set when forms or other security features are used, and only where those features are enabled.

3.4 Targeting / advertising and social media cookies (non-essential)
These cookies support advertising, remarketing and social media integration. They are only set if you allow marketing cookies in our banner and where the relevant feature or campaign is active. Many are used when you interact with embedded content (such as YouTube/Vimeo videos) or social media plugins.

Google / DoubleClick / YouTube
Examples of cookies that may be used:

• NID, DV, SID, SAPISID, HSID, SSID, SIDCC – used for security, session maintenance, preferences and some advertising/personalisation purposes.
• __Secure-1PAPISID, __Secure-1PSID, __Secure-1PSIDCC, __Secure-1PSIDTS, __Secure-3PAPISID, __Secure-3PSID, __Secure-3PSIDCC, __Secure-3PSIDTS – help build user profiles and deliver or measure personalised advertising.
• IDE, ar_debug – used by doubleclick.net for ad delivery, measurement and troubleshooting.
• PREF, VISITOR_INFO1_LIVE, YSC – used with embedded YouTube videos to remember preferences and track viewing statistics (only set when you play a YouTube video and have consented to marketing cookies).

Facebook / Meta
Examples of cookies that may be used:
• _fbp, fr, _fbc – measure and deliver advertising, including remarketing and tracking responses to Facebook campaigns.
• wd, presence, xs, dpr, datr, sb, c_user – support login, security, layout and personalised content in connection with Facebook features.

Vimeo
Examples of cookies that may be used:
• continuous_play_v3 – remembers continuous play settings for embedded Vimeo videos.
• player, vuid – store user preferences and unique IDs for Vimeo analytics and playback.

We do not sell your personal information to advertisers. These cookies may, however, enable our providers to build profiles based on your browsing behaviour in line with their own privacy and cookie policies.

If you do not consent to marketing cookies, these tools will either not run or will run in a more limited way.

4. How we use cookies
In summary, we use cookies to:
• make our website work and keep it secure;
• remember some of the choices you make (for example, details you have entered in a form);
• understand how visitors use our website so we can improve content and navigation;
• (where you consent) support limited marketing, remarketing and social media integration.

5. Your choices
When you visit our site for the first time, you will see a cookie banner that allows you to:
• Accept All cookies;
• Accept only necessary cookies; or
• Decline non-essential cookies.

You can change your preferences at any time by using the “Cookie settings” link in the website footer or adjusting your browser settings.

If you choose to reject non-essential cookies, some functions of the site (such as embedded videos or certain analytics features) may not be available, but the core content will still be accessible.

6. Managing cookies in your browser
In addition to our banner controls, you can manage cookies through your browser settings. Most browsers allow you to:
• see which cookies are set on your device;
• delete existing cookies;
• block all cookies; or
• receive a warning before a cookie is stored.

The method varies by browser; refer to your browser’s “Help” section for instructions. If you block all cookies, some parts of our website may not function properly.

7. Third-party cookies and links
Some cookies on our site are set by third-party service providers (for example, Google, Facebook/Meta, Vimeo, YouTube, Cloudflare, Landbot or other analytics/marketing tools we may use). These third parties may use information about your visit to our site in accordance with their own privacy and cookie policies.
Our website may also include links to third-party websites. We are not responsible for the content, security or cookie practices of those websites and recommend that you read their privacy and cookie information separately.

8. Changes to this Cookie Policy
We may update this Cookie Policy from time to time, for example to reflect:
• changes in the cookies we use;
• changes to our website or the Webdadi platform; or
• updates in applicable law or guidance.

We aim to keep the cookie information in this policy accurate and up to date. Because cookies and related technologies may be changed by us or our providers, the specific cookies that are set on your device can vary over time, even within the categories described above.

Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically to stay informed about our use of cookies.

9. Contact us
If you have any questions about this Cookie Policy or our use of cookies, please contact:
Email: admin@exchange-capital.com