Cookies policy
Free cookies policy: drafting notes
UK and EU law requires that, where a website uses cookies or equivalent technologies, the website operator must make certain disclosures in relation to the use of the cookies.
This policy template has been designed to help website operators comply with this disclosure obligation. Website operators may be required, in addition, to seek users’ consent to the use of cookies.
UK law on this subject is contained in Regulation 6 of The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. The General Data Protection Regulation or GDPR will also apply where cookies use involves the processing of personal data.
Section 1: Introduction
Section 1.2
The inclusion of this statement in your privacy policy will not in itself satisfy the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as regards consent to the use of cookies. Guidance concerning methods of obtaining such consent is included on the Information Commissioner’s website.
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/
Section 2: Credit
Section: Free documents licensing warning
Optional element. Although you need to retain the credit, you should remove the inline copyright warning from this document before use.
Section 3: About cookies
Under EU law, there are two additional requirements in relation to the use of cookies and similar technologies, which apply over-and-above the rules regulating the processing of personal data: a consent requirement and an information disclosure requirement. The provisions of this document relating to cookies are designed to aid compliance with the information disclosure requirement.
This requirement derives from Article 5(3) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), which provides that:
“Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.”
The requirement is implemented in the UK in the Privacy and Electronic Communications (EC Directive) Regulations 2003. In its current (amended) form, Regulation 6 states:
“(1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment – (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information – (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”
In their original form, these Regulations can be found on the legislation.gov.uk website.
Directive 2002/58/EC (Directive on privacy and electronic communications) – https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN
Privacy and Electronic Communications (EC Directive) Regulations 2003 (original form) – http://www.legislation.gov.uk/uksi/2003/2426/made
Section 3.2
Optional element.
Section 3.3
Optional element.
Section 4: Cookies that we use
Optional element.
Section 5: Cookies used by our service providers
Does the website serve any third party cookies, analytics cookies or tracking cookies to users?
Section 5.2
Optional element.
Section 5.3
Optional element. Will Google advertisements be published on the website?
Note: Google’s has particular privacy notification requirements in relation to the publication of Google advertisements on a website.
Required content, AdSense Help, Google, Inc – https://support.google.com/adsense/answer/1348695?hl=en-GB
Section 5.4
Optional element. Will the website use a Facebook pixel?
Section 5.5
Optional element.
Section 6: Managing cookies
Section 6.3
Optional element. Will the blocking of cookies have a negative effect upon the use of the website from a user perspective?
Section 7: Cookie preferences
Are there any cookie preference management facilities available to users on the website?
Section 7.1
Identify the web page users should visit to manage their cookie preferences.
Section 8: Our details
Optional element.
UK companies must provide their corporate names, their registration numbers, their place of registration and their registered office address on their websites (although not necessarily in this document).
Sole traders and partnerships that carry on a business in the UK under a “business name” (i.e. a name which is not the name of the trader/names of the partners or certain other specified classes of name) must also make certain website disclosures: (a) in the case of a sole trader, the individual’s name; (b) in the case of a partnership, the name of each member of the partnership; and (c) in either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.
All websites covered by the Electronic Commerce (EC Directive) Regulations 2002 must provide a geographic address (not a P.O. Box number) and an email address.
All website operators covered by the Provision of Services Regulations 2009 must also provide a telephone number.
Electronic Commerce (EC Directive) Regulations 2002 (original version) – https://www.legislation.gov.uk/uksi/2002/2013/made
Provision of Services Regulations 2009 – https://www.legislation.gov.uk/uksi/2009/2999
Section 8.1
What is the name of the company, partnership, individual or other legal person or entity that owns and operates the website?
IPA GROUP LTD
Section 8.2
In what jurisdiction is the company registered?
Kent
What is the company’s registration number or equivalent?
Company number 12612006
Where is the company’s registered address?
25 High Street, Herne Bay, Kent, England, CT6 5LJ