Cookies

A cookie is a small text file that can be created on your device when you visit a website to store information.

They can then be accessed by the website during that, or subsequent, visits.

Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site, such as:

  • storing the contents of shopping baskets
  • allowing you to sign in to a website
  • remembering your preferences
  • analysing traffic to a website
  • tracking users’ browsing behaviour.

Without cookies, websites would have no way to ‘remember’ anything about visitors, such as how many items are in a shopping basket or whether they are signed in.

You can control how your browser accepts and handles cookies. Each browser is different in their implementation of cookie control, so it is recommended to check the help of the particular browser you are using.

What are ‘session’ and ‘persistent’ cookies?

Session cookies are cookies that expire at the end of a browser session, usually when a user quits or exits their browser application, and are not stored beyond this. A typical example would be signing in to internet banking or webmail.

Persistent cookies are cookies that remain on a user’s device in-between sessions, including device restarts. Remembering users’ preferences is a typical example, as is tracking users’ browsing to allow targeted advertising. With persistent cookies the website operator sets how long the cookie lasts for, which can be for months or even years.

You can delete previously set persistent cookies manually or configure your browser to delete cookies at a set interval.

What are ‘first-party’ and ‘third-party’ cookies?

First-party cookies are set directly by the website the user is visiting, i.e. the address displayed in the browser's address bar. A typical example would be a cookie recording a user as being signed in to that website.

Third-party cookies are set by a website other than the one the user is visiting. Generally this occurs when the website the user is visiting incorporates elements from other websites, such as advertising networks, analytical services or social media platforms. When the browser fetches these elements from the other websites, they can set cookies as well.

You can manage what type of cookies your browser allows through your browser’s settings or preferences.

Here in the UK, the Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the EU’s General Data Protection Regulation (GDPR) which give people specific privacy rights in relation to electronic communications.

If you use cookies you must:

  • say what cookies will be set;
  • explain what the cookies will do; and
  • obtain consent to store cookies on devices.

This information has to cover:

  • the cookies you intend to use; and
  • the purposes for which you intend to use them.

These requirements also apply to cookies set by any third parties whose content your website incorporates.

The methods of providing this information, and the capability for users to refuse, should be as user-friendly as possible.

Consent has to be given freely, with a clear and deliberate positive action — for example clicking a button or ticking a box.

A user continuing to use the website does not count as them giving consent.

What are ‘strictly necessary’ cookies?

Strictly necessary cookies are exempt from requiring cookie consent, though they must be essential to provide the service requested by the user, for example:

  • remembering the contents of online shopping baskets
  • providing security to sign in to an online service.

It is considered good practice to provide users with information about a website’s strictly necessary cookies, even when consent is not required.

Cookies that are helpful or convenient but not essential, or that are only essential for a website’s own purposes, still require consent.

Users should be allowed to enable or disable non-essential cookies, and this should be easy to do.

Summary

  • If you set cookies, you must tell people and clearly explain what the cookies do and why.
  • You must get the user’s consent before any cookie is set.
  • Consent must be actively and clearly given.
  • Cookies that are essential to provide the online service that the user is requesting are exempt from requiring consent.
  • Any other technology that is used to store or gain access to information on a user’s device are subject to the same rules.

Further information about cookies and information rights can be found at the Information Commissioner’s Office (ICO).

What cookies are used by Cassean’s website?

Here at Cassean we don’t use third-party cookies: we do not carry online advertising, track visitors to our site or include content from social media platforms.

We use cookies to allow you to sign in. These are strictly necessary as without them you wouldn’t be able to securely access the private area of our website.

Cookies used by Cassean’s website
Name Description Expires
cassean_session Records session information upon signing in to the private area of our website. When you close your browser application or sign out.
cassean_user Indicates whether the visitor is currently signed in to the private area of our website. Set upon signing in. When you close your browser application or sign out.