Cookie Declaration
Last Modified: August 1st 2024
Cookies and similar technologies set on LEGO.com
Please find list of cookies and similar technologies (“cookies”) set on the LEGO.com domain. The cookies are either set by LEGO System A/S or selected third parties. Where a third party is joint or independent controller this will be indicated in the “controller” column. Please note that only relevant strictly necessary cookies are set on LEGO.com/kids and around the LEGO.com domain when logged in with a kid’s LEGO® Account.
Cookies and personal information
To learn more about cookies, please visit our cookie policy. To learn more about your privacy and how to control your data, please visit our privacy policy.
Necessary Cookies
Name | Description | Set By | Cookie Vendor | Controller | PII Data | Type | Lifetime |
---|---|---|---|---|---|---|---|
New Relic Session ID | Monitors the number of times a user visits in order to determine how the application is performing. | New Relic | New Relic | LEGO System A/S | No PII in the cookie | Script | Until session ends |
Adyen Payment Session ID | Unique ID is assigned to a LEGO.com user throughout the payment processing session. | Adyen N.V. | Adyen N.V. | LEGO System A/S | No PII in the cookie | Beacon | 5 days |
Adyen Telemetry | Secure payment transactions. | Adyen N.V. | Adyen N.V. | LEGO System A/S | No PII in the cookie | Pixel | 5 days |
Insiders user identifier | Identifies the user to display their Insiders account details to them. | LEGO System A/S | CrowdTwist [Oracle] | LEGO System A/S | No PII in the cookie | Local storage | 14 days |
Insiders Points awarder | Identifies the user so we can award the member for their actions. | LEGO System A/S | CrowdTwist [Oracle] | LEGO System A/S | No PII in the cookie | Local storage | 14 days |
Preferred language Enabler | Identifies the user so content can be displayed in their preferred language. | LEGO System A/S | CrowdTwist [Oracle] | LEGO System A/S | No PII in the cookie | Local storage | Until session ends |
Session ID - Recommendation Engine | This drops as a Necessary cookie for site logging/health and rolling out features. When consent is given, it provides the ability to make recommendations based on “in-session” browsing activity (e.g. products/themes viewed and added to cart). | LEGO System A/S | LEGO System A/S | LEGO System A/S | Order number (if order is placed during a session) | Session storage | Until session ends |
Iovation Fingerprint | Captures and tracks fingerprint information to help guard against fraud. Automated decision-making takes place for the purpose of performing strictly necessary fraud prevention on the LEGO.com domain. | Iovation | Iovation | LEGO System A/S | Yes, captures device information used for the purpose of fraud checking. | Script / Fingerprinting | 12 months |
Anti-forgery validation token | This cookie, used by the anti-forgery system, is part of a security system that is necessary when using cookie-based authentication. Automated decision-making also takes place for the purpose of performing necessary fraud prevention on the LEGO.com domain. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Contains GUID | Session storage | Until session ends |
Account session identifier | Session identifier that is necessary to manage user sessions in the account system. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Contains GUID | Session storage | Until session ends |
Two-factor authentication | Cookie used to remember client when signing in with two-factor authentication. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Contains public user ID (PUID) and security stamp. | Persistent | 14 days |
External login providers Authentication | Authentication cookie from external login providers (Google, Facebook & Twitter) to their LEGO Account. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Yes, authentication ticket including a claims principal. [referencing information about the user that was logged in]. | Persistent | 15 mins |
Authentication Session identifier | Session identifier for “Flask”, a user/authentication system used on LEGO Ideas. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Contains GUID | Session storage | 30 days |
Age verification | If the user selects an age below 18 years, they will be considered as a child. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Age input | Persistent | 30 mins |
Waiting room | Cookie set to enable the waiting room in busy periods of traffic to enable LEGO.com to keep functioning. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Contains User Agent | Cookie | 1 hour |
Consent unique identifer | Used as a unique identifer for our Consent Management Platform. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Unique identifer | Cookie | 12 months |
Salesforce Embedded Chat Browser ID | Provides security protections for our live chat functionality. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 12 months |
Salesforce Embedded Chat Proxy Stream | Ensures user requests hit the same Salesforce proxy host to temporarily retrieve content from cache. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 3 hours |
Salesforce Embedded Chat Live Agent ID | Captures a unique pseudonymous ID for a specific browser session during chat. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | Until session ends |
Salesforce Embedded Chat Live Agent Rejected ID | Remembers the rules set by an admin to hide a chat invite button after a visitor accepts or rejects it. Without the cookie, the button repeatedly appears when triggered. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | Until session ends |
Salesforce Embedded Chat Browser Debugging ID | Correlates browser log lines on the backend to aid in debugging. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 12 months |
Salesforce Embedded Chat Language | Identifies the language for custom components, surveys, and flows, which support multiple languages. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | Until session ends |
User ID | Used to identify users and track the users activity across a domain. | LEGO System A/S | LEGO System A/S | LEGO System A/S | No PII in the cookie | Script | 2 years |
Session ID | Used to identify if the user is in an active session on a site or if this is a new session for a user (i.e. cookie doesn't exist or has expired). | LEGO System A/S | LEGO System A/S | LEGO System A/S | No PII in the cookie | Script | 30 mins |
Server-side user ID | Stores a server-side collector generated unique identifier for a user that is sent with all subsequent tracking event events. | LEGO System A/S | LEGO System A/S | LEGO System A/S | No PII in the cookie | Script | 12 months |
Usersnap | Used to remember data already filled out in a user feedback | Usersnap GmbH | Usersnap GmbH | LEGO System A/S | No PII in cookie | Local storage | Forever |
Analytic Cookies
Name | Description | Set By | Cookie Vendor | Controller | PII Data | Type | Lifetime |
---|---|---|---|---|---|---|---|
Adobe Fall back ID | Used to stitch all users on all other Adobe products. | LEGO System A/S | Adobe Analytics | LEGO System A/S | No PII in the cookie | Beacon | 2 years |
Adobe Experience Cloud ID | Identifies unique visitors and differentiates between their visits. | LEGO System A/S | Adobe Analytics | LEGO System A/S | No PII in the cookie | Beacon | 2 years |
Adobe Cookie Enabled State | Notes which cookies have been accepted/rejected in order to understand the level of information that can be seen vs reality. | LEGO System A/S | Adobe Analytics | LEGO System A/S | No PII in the cookie | Beacon | Until session ends |
Adobe Pageview Page Name | Records the number of times pages have been seen to understand a page’s level of popularity. | LEGO System A/S | Adobe Analytics | LEGO System A/S | No PII in the cookie | Beacon | Until session ends |
Medallia DXA Regional Journey Mapper - In session | Enables improvements to streamlined journeys for you as a LEGO.com user, when switching from one regional view to another. | Medallia | Medallia | LEGO System A/S | No PII in the cookie | Javascript | When browser is closed |
Medallia DXA Journey Mapper - Across sessions | Enables improvements to streamlined journeys for you as a LEGO.com user, when switching from one regional view to another. | Medallia | Medallia | LEGO System A/S | No PII in the cookie | Javascript | 1 year |
iPerceptions Performance | Improves site performance by minimizing the number of requests. | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
iPerceptions Browser & Platform Info | Tells us what platform and what browser you are using to display the right information and format (i.e. language, device type, etc.). | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
iPerceptions Page Viewed | Remembers where you’ve been so you don’t need to search to return to a certain page. | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
iPerceptions Triggered Messages | Simplifies the user’s visit by managing how many triggered messages they see. | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
iPerceptions Page Viewed Count | Keeps track of which pages a user has viewed on each visit. | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
iPerceptions Session ID | Identifies your visit by assigning a Session ID. | iPerception | iPerception | LEGO System A/S | No PII in the cookie | Session storage | Until session ends |
Optimizely Session ID | Provides the ability to enter a user into an A/B test experiment to trial new features. | LEGO System A/S | Optimizely | LEGO System A/S | No PII in the cookie | Session storage | 1 hour |
LEGO® Marketing Cookies
Name | Description | Set By | Cookie Vendor | Controller | PII Data | Type | Lifetime |
---|---|---|---|---|---|---|---|
Smartlink Unique Identifier Cookie | Recognizes a user and provides a personalized experience, starting with asking for cookie consent. | LEGO System A/S | Vibes | LEGO System A/S | Yes, contains GUID. | Script | 1 year |
Cross Session ID - Recommendation Engine | Makes recommendations based on previous purchase activity. | LEGO System A/S | LEGO System A/S | LEGO System A/S | Order number (if order is placed during a session) | Cross-Session Storage | 30 days |
Salesforce Marketing Cloud Subscriber ID | Unique identifer used as a reference number for the user. | Salesforce | Salesforce | LEGO System A/S | Identifier | Cookie | 7 days |
Salesforce Marketing Cloud Email Address | Subscriber email address. | Salesforce | Salesforce | LEGO System A/S | Email address | Cookie | 7 days |
Salesforce Marketing Cloud Job ID | The job Identifier related to the email send. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 7 days |
Salesforce Marketing Cloud List ID | The list identifier of the subscriber. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 7 days |
Salesforce Marketing Cloud Batch ID | A numeric identifier of the batch associated with a triggered email. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 7 days |
Salesforce Marketing Cloud URL ID | A unique identifier for the individual URL in a send. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 7 days |
Salesforce Marketing Cloud Member ID | Marketing Cloud business unit ID. | Salesforce | Salesforce | LEGO System A/S | No PII in the cookie | Cookie | 7 days |
Third-Party Marketing Cookies
Name | Description | Set By | Cookie Vendor | Controller | PII Data | Type | Lifetime |
---|---|---|---|---|---|---|---|
Adobe Analytics, Adobe Advertising & Experience Cloud ID | Enables ID to sync with third-party sites, such as Adobe, Google, and Facebook for ad targeting, such as suppression retargeting and similar audience targeting. | LEGO System A/S | Adobe Analytics & Adobe Advertising | LEGO System A/S | No PII in the cookie. | Beacon | 2 years |
Adobe Ad Cloud Timestamp ID | Timestamps the user’s visit to the site relative to the last advertising search. | LEGO System A/S | Adobe Ads | LEGO System A/S | No PII in the cookie | Beacon | 2 years |
Meta CAPI | Ensures visitors receive only relevant, targeted Meta ads. | Meta | Meta | LEGO System A/S and Meta are independent controllers. The Meta CAPI allows the LEGO Group to track your activity on our website. We use this to measure the effectiveness of our ads, understand and define our audience for ad targeting and to analyze the effectiveness of our website’s conversion channels (e.g. does a visit result in a sale). Meta acts as a data processor on behalf of LEGO System A/S for the above services. However, Meta will also use the data collected via the CAPI for its own purposes and may compile it with existing data they may have on you. | No PII in the cookie | Cookie | 90 days |
Google Ad and Doubleclick (Campaign Manager 360) Tags | Tracks users activity on LEGO.com to inform measurement and targeting. This will include modelling of events on LEGO.com to improve accuracy of measurement and optimisation. Targeting will include suppression, lookalike and retargeting. | LEGO System A/S and Google LLC are independent controllers. LEGO System A/S: Uses this data as a paid service from Google LLC on LEGO.com which is collected upon consent, to show you personalized advertisements while using Alphabet Inc. affiliated sites (as an example Google and YouTube) and services and subsequently enter or re-enter LEGO.com. Google Inc: Collects and uses your personal data upon consent to track page visits on LEGO.com, to be used for measurement, measurement modelling, targeting suppression, retargeting advertisements on Alphabet Inc. affiliated sites and services, and to serve marketing to someone who is similar to you. | No PII in the cookie | Script | 18 months | ||
Rakuten: Site visit and user data collector | Stores site visit and user data. | Rakuten | Rakuten | LEGO System A/S and Rakuten are independent controllers. LEGO System A/S: Collects and stores your personal information (as an example technical data, cookie data, usage information and geo-location data), which may be used to better personalize your own experiences on your return visits to LEGO.com and/or Rakuten affiliate sites. We may also use this data to identify and attract new audiences that may be similar to you regarding data profile and may enter LEGO.com and/or Rakuten affiliate sites. Rakuten: Collects and stores your personal information (as an example technical data, cookie data, usage information and geo-location data), for personalized or interest-based advertising toward you. They also may use this data to identify and attract new audiences that may be similar to you regarding data profile. For more information, visit Rakuten’s cookie policy: https://rakutenadvertising.com/en-uk/legal-notices/cookie-policy/ | Provider-generated unique identifier (random GUID) | Javascript | 13 months |
Rakuten: Sale conversion tracker | Tracks site visit and user data when a sale is made. | Rakuten | Rakuten | LEGO System A/S and Rakuten are independent controllers. LEGO System A/S: We use a unique affiliate click identifier which is set by Rakuten and stored for each new visitor entering LEGO.com who originates from a Rakuten affiliate site and results in a purchase on LEGO.com. This data is used by LEGO.com to reconcile payment for sales conversions directly attributed to Rakuten services. Rakuten: Sets a unique publisher click identifier to be stored and connected to user-specific purchases on LEGO.com. This allows Rakuten to be paid accordingly for “new” affiliate traffic sales. | Provider-generated unique identifier (random GUID) | Javascript | 30 days |
Rakuten Identifier | Identifies Rakuten users. | Rakuten | Rakuten | LEGO System A/S and Rakuten are independent controllers. LEGO System A/S: May use this data to identify Rakuten users from across various affiliate network sites. LEGO.com may use this data upon consent for data analytical and personalization services. Rakuten: Stores and uses your data upon consent to track you as a user across various affiliated network sites, using cross-network ID and search & click ID. This data is used for personalizing advertisements as well as data analytical purposes. | Provider-generated unique identifier (random GUID) | Javascript | 13 months |
Microsoft Advertising UET | Tracks site activity for retargeting purposes across the internet and activities. | Microsoft (Bing Ads Network) | Microsoft (Bing Ads Network) | LEGO System A/S and Microsoft are independent controllers. LEGO System A/S collects and controls your consented user data in order to segment, target and recruit audiences via marketing communications in the MS Network including both Bing search and MS Ad Display Network. Microsoft uses your consented data for their own marketing purposes. Link to policy: https://about.ads.microsoft.com/en-us/resources/policies/microsoft-advertising-agreement | No PII in the cookie | Script | 180 days |
Demandbase tag | The Demandbase tag collects information to identify which companies are visiting the website for B2B marketing purposes. | LEGO System A/S | Demandbase | Demandbase and LEGO System A/S | IP address | Javascript | 13 months |
Rakuten first-party tracker | Unique Site ID to track "Special Offers" (Sign-up events) and "Standard Offers" (Order events) for payment of affiliates. It is set every time a user comes into the Rakuten gateway page if the user enters this page with a siteID= value in the query string. | LEGO System A/S | LEGO System A/S | LEGO System A/S | No PII in the cookie. | Cookie | 30 days |
Firework User ID | Randomly generated user id to keep track of a user between sessions. Helps tie together pixel events for user journeys. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework Last Watched Time | The last watched engaged timestamp in UTC. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework UTM | The latest UTM params coming from URL search params. Source of truth is URL Search Params => Previously stored UTM params. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework Channel ID | The last channel id, set at the widget wrapper level to account for all widget types and layouts. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework Last Video | The last encoded video id a user has watched. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework Business ID | The last business membership id which user landed on the page with. | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |
Firework Session ID | Session value contains string with .delimiter. String consists of: fws2 - session version fe73bd67-cf64-44e9-a430-863dee1df5d0 - session id 3 - session count (number of session this user had) 1694441101864 - session start time | Firework | Firework | LEGO System A/S | No PII in cookie | Cookie | 60 days |