1 Introduction
1.1 Policy statement
The purpose of this policy is to outline considerations for the use of cookies in relation to visitors to the organisation’s website. This policy will further detail what cookies are and how to maintain compliance with the Privacy and Electronic Communications Regulations (PECR) EC Directives 2003.
1.2 Status
In accordance with the Equality Act 2010, we have considered how provisions within this policy might impact on different groups and individuals. This document and any procedures contained within it are non-contractual, which means they may be modified or withdrawn at any time. They apply to all employees and contractors working for the organisation.
2 Understanding cookies
2.1 What are cookies?
The Information Commissioner’s Office (ICO) explains that cookies are small files of letters and numbers that are downloaded onto the user’s computer when they visit a website. Cookies can help to remember the user’s preferences, record what they have added to their shopping basket and are also used to count the number of people looking at a website. This organisation has a responsibility to provide clear and comprehensive information about how it uses cookies.
About Cookies provides information about the various types of cookies, with additional information available from Age UK.
2.2 Are cookies safe?
All users should be reassured that cookies on this organisation’s website, as for others, will not cause any harm to a device nor do they identify who the user is or divulge any personal details about the user. The data they help to collect is anonymous. This organisation does not use cookies to collect any data that could be used to personally identify any user.
2.3 Disabling cookies
The All About Cookies website provides detailed guidance on disabling cookies on most modern browsers, while also making recommendations on when users should disable cookies.
3 Compliance
3.1 Organisation requirement
This organisation will adhere to the ICO guidance to ensure compliance with the PECR and must:
- Explain to users that cookies are used
- Advise what the cookies are doing and why
- Obtain consent from users to store a cookie on their device
Users of this organisation’s website must give consent, and this is done by them ticking a box or clicking a link on the website confirming that they fully understand that specific cookies are being set. In addition, users can enable or disable non-essential cookies easily.
3.2 Opting out
The user can decline to accept cookies and/or choose at any time to reject, block or delete cookies that are currently stored on their device. Users can find out how to do this for their browser by clicking “help” on the browser’s menu or by visiting: www.allaboutcookies.org. Users should be advised that should they opt to block cookies they may not be able to access certain features of the organisation’s website.
For mobile phones, information on how to reject or delete cookies on the browser can be sought in the user device manual.
3.3 Duration of cookie on device
The duration of the cookie will depend on the purpose of it. This organisation ensures that the use of cookies is both limited to what is necessary to achieve the purpose and proportionate in relation to the intended outcome.
3.4 Cookie audit
This organisation will conduct a cookie audit as detailed in the ICO guidance. Re-audit is essential and will be conducted annually.
3.5 Social media platforms
As this organisation uses social media platforms, it should be noted those platforms will also set cookies on users’ devices once they visit those pages. This organisation will ensure that the privacy notice on the website includes references to its social media sites and how individuals are able to control the setting of any non-essential cookies once they visit that site.
3.6 Non-compliance
In cases where organisations refuse or fail to comply voluntarily, the ICO has a range of options available for taking formal action when this is necessary. For further detailed information, see the ICO Regulatory Action Policy.
