Cookie Policy

This Cookie Policy explains how North Cyprus Education uses cookies and similar technologies on northcypruseducation.com. It applies to every public page of the website. Read it together with our Privacy Policy, which describes the wider context in which we process visitor data.

We have written this document in plain language. Every claim below is what the website actually does — there is no general-purpose template content. If anything is unclear, contact us at info@northcypruseducation.com.

A cookie is a small text file stored on your device by your browser when you visit a website. Cookies let a site remember information about your visit — your language preference, that you are signed in, or that you have already chosen which optional features to enable. Similar technologies (local storage, session storage, server-side identifiers) work the same way and are covered by the same rules described here.

We group the data we collect into four categories. You can accept, reject, or customise each one independently from our cookie consent banner. The choice you make is stored in your browser for six months and you can change it at any time using the Cookie preferences link in the page footer.

Required for the website to work. These store your language preference so the right translation loads, your authenticated session if you log into the admin or agent area, and a CSRF token that protects forms from being submitted on your behalf by another site. These cannot be turned off — without them the website would not function.

What we store: a session token (only after you sign in), a language preference cookie, a CSRF token bound to your session, and your saved consent decision (so we don't ask again on every visit).

Retention: session token expires when you sign out; language preference one year; consent decision six months.

We use Google reCAPTCHA v3 to verify that contact, application, and follow-up forms are submitted by people, not bots. Without this protection our admissions inbox would fill with spam, and visitors who actually need to apply would be delayed by manual review.

reCAPTCHA sets one cookie called _GRECAPTCHA on the google.com domain and runs Google's bot-detection scoring on your form submission. We never see your raw reCAPTCHA token — only the resulting score, which we use to decide whether to accept the submission.

Retention: the _GRECAPTCHA cookie is set by Google with a six-month expiry. See Google's Privacy Policy and Terms of Service for details on how Google handles this data.

If you disable this category, our forms still work. They fall back to a stricter server-side rate limit plus a hidden honeypot field — slower but functional.

Helps us understand which countries are most interested in studying in North Cyprus, which programmes and universities visitors look at, and which articles they read. This information directly shapes which programmes we feature, which languages we prioritise, and which guidance we write next.

This is a privacy-preserving, server-side analytics system that we built and run ourselves. We do not use Google Analytics, Facebook Pixel, Hotjar, Microsoft Clarity, or any third-party analytics service.

For every page view (when you have accepted analytics), we record:

• A daily-rotating hash computed from your IP address, your browser's User-Agent string, and the current UTC date. The hash uses SHA-256 and changes every day at midnight UTC — so a visitor returning the next day produces a completely different identifier. This lets us count unique visitors per day without storing anything that could identify you over time.
• The page path you visited (e.g. /programs, /universities/emu). We strip query strings and URL fragments before storing, so search terms are never written to this table.
• The HTTP referrer header, if your browser sent one. This is the previous URL you came from.
• Your language preference (e.g. en, fa).
• Your country, derived from your IP address using a local MaxMind GeoLite2 database lookup. The IP address itself is read once for the country lookup, then discarded immediately — only the two-letter country code is stored.
• Your User-Agent string (browser and operating system identifier) for spot-checking unusual traffic. We never use it as a grouping dimension.

We do not store: your raw IP address, your name, your email, any persistent identifier, or anything that would let us match this data back to you across days.

Retention: rows older than 180 days are automatically deleted every night.

Bot filtering: known crawlers (Googlebot, Bingbot, GPTBot, ClaudeBot, AhrefsBot, social media preview fetchers, headless browsers, scripted clients) are filtered out before any row is written. The analytics reflect human reader activity, not automated traffic.

We do not currently use any marketing cookies. There is no Google Ads conversion tracking, no Facebook Pixel, no LinkedIn Insight Tag, no retargeting network of any kind running on this website.

This category exists in the consent banner so that, if we ever add such a feature, we can ask for your permission first rather than enabling it silently.

You can change your cookie choices at any time:

• Click Cookie preferences in the footer of any page to re-open the preferences modal.
• Use your browser's settings to delete the nce_cc cookie (which stores your decision) — the banner will appear again on your next visit.
• Use your browser's settings to delete the _GRECAPTCHA cookie set by Google reCAPTCHA. It will be set again the next time you submit a form, if you have accepted the Security category.

Rejecting optional categories does not break any visible feature of the website. Our analytics simply does not record your visit, and reCAPTCHA falls back to the slower honeypot path on form submissions.

The data described above is processed on our own servers, located in the European Union. The single exception is Google reCAPTCHA: when the Security category is accepted, your form submission's reCAPTCHA token is sent to Google's servers (operated by Google LLC, headquartered in the United States) for scoring. Google's transfer mechanisms and safeguards are described in its Privacy Policy.

Under the EU General Data Protection Regulation (GDPR), the UK GDPR, Turkey's Kişisel Verilerin Korunması Kanunu (KVKK), and the corresponding Northern Cyprus data protection rules, you have the right to:

• Know what data we hold about you.
• Have inaccurate data corrected.
• Have your data erased.
• Restrict or object to processing.
• Receive your data in a portable format.
• Withdraw consent for any optional category at any time.
• Lodge a complaint with your national data protection authority.

Because our analytics stores no persistent identifier that can be tied back to you, we are not technically able to retrieve your rows specifically — the daily-rotating hash makes that impossible by design. For all other data, contact us at info@northcypruseducation.com with your request and we will respond within thirty days.

If we materially change which data we collect or how we process it — for example, adding a new analytics provider or enabling marketing cookies — we will update this policy and re-prompt every visitor for consent on their next visit. Minor edits (wording, typos, structure) are made in place without re-prompting.

Questions about this Cookie Policy or about how we handle your data:

North Cyprus Education
Email: info@northcypruseducation.com