Last updated: 4 June 2026
Cookie Policy
This Cookie Policy explains how Surpl Energy Limited (“Surpl”, “we”, “us”, “our”) uses cookies and similar technologies on our websites, apps, dashboards, and related services.
Company details
Surpl Energy Limited
VENTURE HUB, 136 CAPEL STREET, DUBLIN 1, DUBLIN, D01 T2C9, IRELAND
Email: DPO@surpl.ie
This Cookie Policy should be read together with our Privacy Policy and Terms of Service. Where cookies or similar technologies involve personal data, we process that data in accordance with applicable data protection law, including the GDPR and Ireland’s ePrivacy rules.
1. What cookies are
Cookies are small text files placed on your device when you visit a website or use an online service. Similar technologies may include local storage, SDKs, tags, pixels, scripts, device identifiers, and comparable tools.
Some cookies are strictly necessary for the site to function. Others are used for preferences, analytics, performance measurement, security, or marketing. Under Irish and EU law, non-essential cookies generally require valid consent before they are set, unless a narrow exemption applies.
2. How Surpl uses cookies
We use cookies and similar technologies for the following purposes:
- Strictly necessary: to make the site work, keep you signed in, secure sessions, remember consent choices, and support essential functionality.
- Preferences: to remember settings such as language, region, display choices, and whether you are signed in.
- Analytics and performance: to understand how people use the site, measure visits, improve reliability, and identify errors or performance issues.
- Security and fraud prevention: to detect suspicious activity, protect accounts, and prevent abuse.
- Functional services: to support embedded tools, customer support widgets, dashboards, or integrations requested by the user.
- Marketing: only where we use them and only if you have given consent.
We do not place non-essential cookies before you have had the opportunity to make a choice. Consent must be specific, informed, freely given, and capable of being withdrawn as easily as it was given.
3. Legal basis for cookies and similar technologies
We rely on different legal bases depending on the cookie or technology in question.
Strictly necessary cookies are used where necessary to provide a service explicitly requested by you or to carry out the transmission of a communication over a network.
Preference cookies are used where necessary to remember your choices or where lawful consent is required.
Analytics, performance, and marketing cookies are generally used only with your consent.
We do not use pre-checked boxes, implied consent, silence, scrolling, or inactivity as consent for non-essential cookies. Equal prominence is given to accept and reject options, and you can manage choices in a clear way.
4. Cookie categories
Strictly necessary cookies
These cookies are essential for the operation of the website and cannot be turned off through the cookie selector. They are usually set in response to actions such as logging in, keeping a session active, saving consent choices, or enabling security functions.
Preference cookies
These cookies remember settings you choose, such as language, interface preferences, or certain display settings. In some cases they may be strictly necessary; in others, we will request consent where required.
Analytics cookies
These cookies help us understand how visitors use the site so we can improve usability, performance, and stability. Analytics cookies are not strictly necessary and are generally only set after consent.
Functional cookies
These cookies support features that you have requested, such as embedded services, saved settings, or interactive tools.
Marketing cookies
These cookies may be used to measure the effectiveness of campaigns or deliver tailored content. We only use them if we decide to use them and only after valid consent.
5. First-party and third-party cookies
Some cookies are placed by Surpl. Others may be placed by third parties whose services we use, such as analytics providers, embedded content providers, support tools, or authentication providers.
Third-party cookies may be set when you interact with a connected service, open a third-party page through our platform, or use an embedded feature. We encourage you to review the privacy and cookie notices of those providers.
6. Consent management and cookie selector
When you first visit our site, you should see a clear, accessible cookie selector that lets you accept all non-essential cookies, reject all non-essential cookies, accept selected categories only, or review more information before deciding.
Your choice is stored and respected. We make it just as easy to reject as it is to accept non-essential cookies. Consent for non-essential cookies is refreshed periodically; in Ireland a six-month refresh period is a practical benchmark unless a different period is justified.
If you are signed in, we may also save your cookie preference to your account so your selection can be applied across devices or sessions where technically appropriate and lawful.
You can change or withdraw your cookie preferences at any time through the cookie settings link in the site footer, account settings, or the cookie preference centre.
7. What happens if you reject non-essential cookies
If you reject analytics, functional, or marketing cookies, the site should still work, except that some optional features may be unavailable or less personalised.
Rejecting non-essential cookies should not place you at a material disadvantage or block access to the site beyond what is strictly necessary for the service you requested.
8. Cookie retention
Cookies may last for a single session or for longer periods depending on their purpose. Session cookies expire when you close your browser. Persistent cookies remain for a set period until they expire or are deleted.
Consent records may be retained for compliance and audit purposes for as long as necessary to demonstrate that valid consent was obtained and managed properly.
9. How to manage cookies
You can control cookies in several ways:
- using our cookie selector or preference centre;
- changing browser settings to block or delete cookies;
- withdrawing consent through our settings if available;
- clearing your browser storage.
Please note that blocking some cookies may affect your ability to log in, stay signed in, or use some core functions of the site.
10. Cookies and personal data
Where cookies or similar technologies collect or relate to personal data, we process that data in line with our Privacy Policy.
This may include account identifiers, device identifiers, site interaction data, consent records, and analytics events. For more information about how we handle personal data, please read our Privacy Policy.
11. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in law, technology, or our services. If changes are material, we may provide a prominent notice on the site or in your account.
12. Contact
If you have questions about this Cookie Policy or our cookie choices, contact:
Surpl Energy Limited — VENTURE HUB, 136 CAPEL STREET, DUBLIN 1, DUBLIN, D01 T2C9, IRELAND — Email: DPO@surpl.ie
Cookies we use today
This table is generated from our central cookie registry and stays aligned with the consent banner. Planned third-party analytics cookies are listed in our registry but are not loaded until we enable them and you consent.
| Name | Provider | Category | Purpose | Duration | Party |
|---|---|---|---|---|---|
| surpl_cookie_consent | Surpl | necessary | Stores your cookie consent choices and policy version. | 180 days (refreshed when you update preferences) | first-party |
| authjs.session-token | Surpl (NextAuth) | necessary | Keeps you signed in securely. | Session or up to 30 days (remember me) | first-party |
| __Secure-authjs.session-token | Surpl (NextAuth) | necessary | Secure session cookie when the site is served over HTTPS. | Session or up to 30 days (remember me) | first-party |
| authjs.csrf-token | Surpl (NextAuth) | necessary | Protects sign-in and account actions against cross-site request forgery. | Session | first-party |
| authjs.callback-url | Surpl (NextAuth) | necessary | Returns you to the correct page after authentication. | Session | first-party |
| surpl_locale | Surpl | preferences | Remembers your chosen language (English or Gaeilge). | 1 year | first-party |