Please note: This policy applies to all the jurisdictions that Starks currently operates.
1. INTRODUCTION AND SCOPE OF THE POLICY
This Cookie Policy ("Policy") explains how Starks Associates Limited and its Group entities ("Starks", "we", "our", or "us") use cookies and similar tracking technologies on our website Starks Associates, our web application app.starksassociate.com, and all other digital properties we operate (collectively, "our Sites").
This Policy forms part of our Data Privacy Policy and should be read and interpreted alongside the Privacy policy which contains further detail on how we collect, use, process, and protect personal data. By using our Sites, you agree to our use of cookies in accordance with this Policy, subject to your rights and choices as described herein.
2. POLICY STATEMENT
This Policy is designed to comply with all the applicable laws where Starks currently operates which include: the UK Privacy and Electronic Communications Regulations 2003 (PECR); the EU ePrivacy Directive 2002/58/EC (as amended by 2009/136/EC); the Nigeria Data Protection Act 2023 (NDPA); the NDPA General Application and Implementation Directive 2025 (GAID), effective 19 September 2025; the Protection of Personal Information Act 2013 (POPIA); and the equivalent ePrivacy and the data protection laws of all other jurisdictions in which Starks operates.
3. COOKIES AND SIMILAR TECHNOLOGIES
3.1 Cookies means a small text file placed on your device when you visit a website. Cookies enable the website to recognise your device and remember information about your visit. They are categorised by duration (session or persistent) and origin (first-party or third-party).
3.2 In addition to cookies, we may use the following technologies on our website and in our web application. These are subject to the same consent and transparency requirements as cookies under applicable law:
4. LEGAL BASIS FOR USING COOKIES
4.1 The legal basis for deploying cookies solely and majorly depend on the category of cookie and the jurisdiction of the user. Strictly Necessary and Security Cookies are deployed on the basis of legitimate interests or legal obligation for security cookies and do not require prior user consent. They are technically essential for the operation of our website and web application.
4.2 Functional, analytics, marketing, and social media cookies require your freely given, specific, informed and unambiguous consent before being deployed, consistent with the applicable laws that operate for our different users across all the jurisdictions we operate in.
5. CATEGORIES OF COOKIES WE USE
We have provided a table (Appendix A) clearly setting out the categories of cookies we use, their purposes, example technologies, typical retention duration and the legal basis for their deployment. Specific cookie names and full technical details are available in our Cookie Declaration, accessible via the 'Cookie Settings' link in the footer of our website.
6. THIRD-PARTY COOKIES AND SERVICES
Certain third parties set cookies on our Sites through integrations we have implemented. Their use of cookies is governed by their own privacy and cookie policies, which we link to as outlined below. Starks has entered into Data Processing Agreements (DPAs) or equivalent contractual arrangements with each of the following providers where required by applicable data protection law.
6.1 PostHog Analytics: We use PostHog to analyse how users interact with our Site and improve our services. PostHog collects pseudonymised usage data through cookies and similar technologies, including information such as device type, browser, pages visited, and session duration. This data is processed by PostHog, Inc. acting as our data processor under a Data Processing Agreement. You can manage or withdraw your consent through our cookie settings or your browser configuration. See the PostHog Privacy Policy for more details. We do not use PostHog to collect or process sensitive financial or payment data.
6.2 LinkedIn Insight Tag: The LinkedIn Insight Tag tracks conversions, retargeting, and campaign analytics for LinkedIn advertising. It sets cookies from the linkedin.com domain. See LinkedIn's Cookie Policy for opt-out options.
6.3 Twitter / X Widgets: These are embedded on our site and web application and Twitter/X may set cookies on your device subject to its own privacy policy. We deploy Twitter/X widgets only with your prior consent under the social media/content cookie category. See the Twitter/X Privacy Policy for more details.
6.4 Cloudflare Turnstile: Turnstile is used to protect forms and login pages from automated abuse and spam. It helps distinguish between human users and bots using privacy-preserving signals. Turnstile may collect device and interaction data necessary for security purposes. This tool is deployed as a security and fraud prevention measure and is active without prior consent under our legitimate interests and legal compliance basis. See Cloudflare's Privacy Policy and Terms of Service for more details.
6.5 No Sale of Cookie Data: Consistent with our Data Privacy Policy, Starks does not sell personal data collected through cookies or similar technologies to third parties for their own marketing or commercial purposes. Third-party advertising cookies are deployed only with your consent and are used exclusively for Starks' own advertising campaigns.
7. MANAGING AND CONTROLLING COOKIES
7.1 Cookie Consent Banner
On your first visit to our Site, a cookie consent banner will appear. You may either: (a) Accept all cookies; (b) Reject all non-essential cookies; or (c) Manage preferences by category. Only strictly necessary and security cookies are deployed prior to your consent. Your choice is saved in a consent preference cookie. Consent is as easy to withdraw as to give, consistent with UK PECR, NDPA/GAID, and POPIA requirements. Your consent for non-essential cookies may be withdrawn at any time.
7.2 Changing Your Cookie Preferences
You may update your cookie preferences at any time using any of the following methods:
7.3 Browser Controls
Most browsers allow cookie management through their settings. Browser controls permit you to: view and delete existing cookies, block all cookies from a specific website, block all third-party cookies, or block all cookies globally. Please be aware that blocking all cookies will impair the functionality of our website or web application when in use by you. In particular, you will not be able to log in to your Starks account or access secure areas of our application.
Browser instruction controls for widely used browsers:
7.4 Opt-Out of Interest-Based Advertising
You may opt out of interest-based advertising through: Network Advertising Initiative (NAI), Digital Advertising Alliance (DAA), European Interactive Digital Advertising Alliance (EDAA).
Opting out means advertisements will be less personalised, not that you will stop seeing them entirely.
7.5 Do Not Track (DNT)
Some browsers transmit a 'Do Not Track' (DNT) signal to websites to indicate that the user does not wish to be tracked. There is currently no universally agreed standard for responding to DNT signals. Our Sites do not currently alter their behaviour in response to DNT signals. We encourage you to use the consent controls described in this section to manage your preferences.
8. SPECIFIC COOKIE REQUIREMENTS (JURISDICTION BASED)
8.1 Nigeria — NDPA 2023 and GAID 2025
The Nigeria Data Protection Act 2023 (NDPA 2023) and the NDPA General Application and Implementation Directive 2025 (GAID 2025) govern the use of tracking technologies that collect personal data in Nigeria. Starks' requirements and obligations under the GAID are as follows:
Supervisory Authority: Nigeria Data Protection Commission (NDPC) | Abuja, FCT, Nigeria
8.2 United Kingdom
Under the Privacy and Electronic Communications Regulations 2003 (PECR 2003), we obtain informed consent before placing non-essential cookies. Our consent mechanism complies with Information Commissioner's Office (ICO) guidance, including ensuring that consent is as easy to withdraw as it was to give, that consent is active and not pre-ticked, that users are able to access our site and web application even if they decline non-essential cookies, and that consent is specific and not broad.
Supervisory Authority: Information Commissioner's Office (ICO) | 0303 123 1113
8.3 European Union (users in EU member states)
Users accessing our Sites from EU member states are afforded the protections of the EU ePrivacy Directive and GDPR. Our consent mechanism meets the European Data Protection Board (EDPB) 2022 Guideline standards, including the requirement for granular, category-level consent and equally prominent accept/reject options.
8.4 Canada
We ensure that consent is required under PIPEDA and applicable provincial privacy legislation, including Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64 amendments). We are transparent to our website and web application users on our policies and activities, and we publish a clear and accessible privacy policy and obtain meaningful consent before deploying tracking technologies. Our cookie consent is compliant with the applicable law in this jurisdiction.
Supervisory Authority: Office of the Privacy Commissioner of Canada (OPC); Commission d'accès à l'information (CAI) for Quebec
8.5 South Africa (POPIA)
Under POPIA, we collect personal information through cookies, complying with the eight conditions for lawful processing. Marketing cookies require consent and data subjects may object to the processing of their personal information for direct marketing purposes at any time.
Supervisory Authority: Information Regulator (South Africa)
8.6 Kenya
Under the Data Protection Act 2019 and the Data Protection (General) Regulations 2021, the personal data of our users that we collect through cookies is subject to the full range of data protection obligations, including purpose limitation, data minimisation, and the requirement to notify data subjects. The Office of the Data Protection Commissioner (ODPC) enforces these obligations.
8.7 Uganda
Under the Data Protection and Privacy Act 2019 (DPPA) and the Data Protection and Privacy Regulations 2021, the personal data we collect through cookies is processed lawfully, fairly, and with appropriate consent where required.
8.8 Ghana
Under the Data Protection Act 2012 (Act 843), the personal data of users we collect through cookies is subject to the oversight of the Data Protection Commission. We note that Ghana is currently in the process of enacting an updated Data Protection Bill (introduced October 2025) that will introduce additional obligations, including rules on children's data, data retention limits and international transfer frameworks. Starks will update this Policy upon enactment.
8.9 Mauritius
Under the Data Protection Act 2017 (as amended) and the Data Protection Regulations 2021, the personal data we collect through cookies is processed in accordance with data protection principles and subject to the oversight of the Data Protection Office (DPO, Mauritius). Starks Mauritius holds EU adequacy status, which facilitates data flows between the EU and Starks Mauritius.
8.10 Cameroon, Côte d'Ivoire, and Malawi
In Cameroon, Côte d'Ivoire and Malawi, Starks applies privacy-by-default cookie practices consistent with the applicable national laws (Law No. 2010/012 in Cameroon; Law No. 2013-450 and the ECOWAS Supplementary Act in Côte d'Ivoire; and the Electronic Transactions and Cyber Security Act 2016 in Malawi) and internationally recognised best-practice standards aligned with the African Union Malabo Convention on Cyber Security and Personal Data Protection.
9. COOKIES AND EMERGING TECHNOLOGIES
In line with the GAID 2025's requirements on emerging technologies, before deploying any Artificial Intelligence, Blockchain or Internet of Things systems that utilise cookies or similar tracking mechanisms to process personal data, we:
10. HOW LONG COOKIES REMAIN ON YOUR DEVICE
10.1 Session cookies expire when you close your browser. Persistent cookies expire at the end of the period set when they are placed (ranging from 30 minutes to 24 months). You may delete cookies at any time through your browser settings. Deleting cookies will remove saved preferences and may require re-authentication. Deleting cookies from your browser does not prevent new cookies from being placed on your next visit to our Sites. To permanently prevent cookie placement, you should either: (a) disable cookies in your browser settings; or (b) decline all non-essential cookies through our Cookie Preferences manager.
10.2 For detailed retention periods, refer to the cookie category table in Appendix B and our full Cookie Declaration accessible via 'Cookie Settings' in our Site footer.
10.3 Storage Limitation under GAID 2025 (Nigeria): The personal data we collect through cookies are not retained beyond the period necessary for the stated purpose. Where no specific retention obligation applies, cookie-collected data are deleted within six (6) months of fulfilling its collection purpose. Starks applies this standard across all cookie categories as a minimum with shorter retention periods where technically achievable.
11. UPDATES TO THIS COOKIE POLICY
We will update this Policy periodically to reflect changes in the cookies we use, changes in applicable law (including further NDPC directives) or changes in our business operations. The version number and date at the top of this document indicate when it was last reviewed. Where changes are material, we will notify you via the cookie consent banner or other appropriate means. We recommend reviewing this Policy periodically.
12. CONTACT US
For questions, concerns, or requests relating to this Cookie Policy or cookie-based personal data processing:
Data Protection Officer: [email protected]
General Support: [email protected]
