Cookies & Similar Technologies Policy
Effective date: 1 July 2024
Operator: Surgical Minds (operated by Sorena Afshar) (Surgical Minds, we, us)
Contact: admin@surgicalminds.com | 32a Front Street, Winlaton, Blaydon-On-Tyne, NE21 6DD, UK
This Policy explains how we use cookies, SDKs, pixels, tags, localStorage and similar technologies (together, cookies) on surgicalminds.com and related sub-domains (the Service). It should be read with our Privacy Policy.
We comply with the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR. That means we only place non-essential cookies with your consent. Essential cookies, required to provide the Service, may be used without consent.
1) What are cookies?
- Cookies are small files stored on your device by your browser.
- LocalStorage/SessionStorage store data in your browser for site functionality.
- Pixels/Tags are tiny images or code snippets that track events (e.g., page views).
- SDKs are code libraries embedded in mobile apps for analytics or functionality.
2) How we use cookies (categories & lawful basis)
| Category | What it does | Consent? | Lawful basis (UK GDPR) |
|---|---|---|---|
| Strictly necessary | Core site functions (security, load balancing, payments, login, cookie preference storage). | No (PECR exemption) | Legitimate interests/ Contract |
| Preferences | Remember choices (e.g., language, audio settings). | Yes | Consent |
| Analytics & performance | Understand usage, improve content and stability. | Yes | Consent |
| Marketing/advertising | Measure campaigns, show relevant content/ads. | Yes | Consent |
We won't set non-essential cookies until you choose Accept (you can also Reject all). You can change your choice at any time via Manage Cookies (see Section 6).
3) Cookies we use
A) Strictly necessary (no consent required)
| Cookie / Tech | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| next-auth.session-token | NextAuth.js | Authentication session management | 1st-party | 30 days |
| next-auth.csrf-token | NextAuth.js | Cross-site request forgery protection | 1st-party | Session |
| __stripe_mid, __stripe_sid | Stripe | Payment fraud prevention and checkout security | 3rd-party | 1 year / 30 minutes |
| surgical-minds-cookie-consent | Surgical Minds | Stores your cookie consent preferences | 1st-party | Persistent |
| surgical-minds-consent-metadata | Surgical Minds | Tracks consent version and timestamp | 1st-party | Persistent |
B) Preferences (consent)
| Cookie / Tech | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| No preference cookies are currently in use. When implemented, they will be listed here. | ||||
C) Analytics & performance (consent)
| Cookie / Tech | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| No analytics cookies are currently in use. When Google Analytics, Hotjar, or similar services are implemented, they will be listed here and will require your consent. | ||||
D) Marketing/advertising (consent)
| Cookie / Tech | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| No marketing cookies are currently in use. When advertising pixels (Meta, Google Ads, LinkedIn, etc.) are implemented, they will be listed here and will require your consent. | ||||
4) Mobile app SDKs (if you use our apps)
If you use our mobile apps, we may use SDKs for crash reporting, analytics or push notifications. SDKs operate like cookies in apps and are subject to opt-in consent where required. We list SDKs in our app privacy disclosures and can provide details on request.
5) Third-party cookies and international transfers
Some cookies are set by third parties. Those providers may process data outside the UK, including the EEA and the United States. Where that occurs, we rely on appropriate safeguards (e.g., UK adequacy decisions, UK IDTA / UK Addendum to EU SCCs) together with technical and organisational measures. See our Privacy Policy for more detail.
6) Your choices: give, refuse, or withdraw consent
- On first visit: our banner lets you Accept all, Reject all, or choose categories.
- Change your mind anytime: click Manage Cookies (link in the site footer) to revisit your settings and withdraw consent.
- Browser controls: you can also block or delete cookies via your browser/device settings (doing so may affect site functionality).
- We honour your choices and keep a consent log (date, categories, region) as required by PECR/UK GDPR.
7) Do Not Track
Most browsers offer a Do Not Track (DNT) setting. There is no single UK standard requiring DNT compliance; we rely on the consent choices you make via our banner and Manage Cookies.
8) Retention
We keep cookie data only as long as necessary for the stated purposes. Durations are shown in the tables above; analytics data is typically retained 12–24 months. Consent records are retained as required by law.
9) Updates to this Policy
We may update this Policy to reflect changes to cookies, providers, law or guidance. If changes are material, we will show an in-site notice or update the banner. The "Effective date" above tells you when this Policy last changed.
10) Contact
Questions about this Policy or your cookie choices?
Email: admin@surgicalminds.com
Last updated: 5 September 2025