Terminology and Definitions:
The Regulations apply to cookies and to similar technologies for storing
information. This could include, for example, Local Shared Objects (commonly referred to as “Flash Cookies”), web beacons or bugs (including transparent or clear gifs).
A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device. For more information see: http://www.allaboutcookies.org/
Cookies can expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer.
The Regulations apply to several types of cookies:
- Session cookies – allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes such as remembering what a user has put in their shopping basket as they browse around a site. They could also be used for security when a user is accessing internet banking or to facilitate use of webmail. These session cookies expire after a browser session so would not be stored longer term. For this reason, session cookies may sometimes be considered less privacy intrusive than persistent cookies.
- Persistent cookies – are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered. Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.
- First and third party cookies – Whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie. First party cookies in basic terms are cookies set by a website visited by the user - the website displayed in the URL window. Third party cookies are cookies that are set by a domain other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website this would be a third party cookie.
The Regulations state that consent for a cookie should be obtained from the user. The user is the person using the computer or other device to access a website.
The DPA defines ‘the data subject’s consent’ as: ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’.
Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.
There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is:
- for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
- where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
By law, Budeful must:
- Tell people that the cookies are there?
- Explain what the cookies are doing.
- Obtain user consent to store a cookie on their device.
These cookies do not give us access to your computer or any information about you, other than what you choose to share.
When you use our website for the first time, or 30 days after your last visit you will find a permissions bar appear. You can either accept using cookies or you can stop us using cookies. Either way you can browse our website.
You can set your browser not to accept cookies. Visit http://www.allaboutcookies.org/ to find out more.