Iubenda logo
Start generating


Table of Contents

Cookie Policy – Everything you need to know

If your website is using any type of cookies, you’ll likely need a cookie policy. But what is it? What should it include? And how can you tell if your site uses cookies?

cookie policy

In this post, we’ll explain everything you need to know about cookies, cookie policies and even show you a sample template. Keep reading!

Let’s start from the basics. To understand if you need a cookie policy, you need to know what cookies are first.

What are cookies?

Cookies are small data files generally stored on a user’s computer/browser. Every time you go back to a website you’ve already visited, cookies remember your preferences (such as your password or language).
Cookies can have different purposes:

  • Some of them are meant to give you a more enhanced experience of the website you’re visiting. For example, trackers can remember your username and password or the items you’ve added to your cart during online shopping. These are the so-called technical cookies.
  • Others can track your online behavior to give you targeted advice: have you ever looked for something to buy online, and then ads for that same thing would pop up everywhere? Well, that’s because of profiling cookies, or trackers.

If your website uses cookies – even just technical cookies – you’ll need a cookie policy.


Craft your Cookie Policy effortlessly

Start using our generator today to create a Cookie Policy for your website that is customizable, professional, and drafted by an international legal team. A simple way to handle compliance.

Video Thumbnail

See it in action (0:37)

In short, a cookie policy is a document that gives information about the cookies and trackers used on a website including details about the types of cookies used, the function, purpose and storage duration of the cookie on the user’s computer. 

The exact details of what needs to be included in a cookie policy depends on the data privacy law that applies to you.

Keep in mind that having a this policy is a legal requirement under various privacy laws like the GDPR, ePrivacy and even US laws like the CCPA/CPRA.

Most likely yes. If your site uses cookies or trackers that you’ll likely need a policy as cookie and tracking related disclosures are required under several global privacy laws like the ePrivacy, GDPR, CCPA/CPRA and more.

The ePrivacy Directive & GDPR in Europe are quite strict about data protection. The GDPR, known for being the most restrictive, specifically mentions online identifiers like cookies in Recital 30, highlighting them as a form of data collection. It requires you to get consent from your visitors before tracking them with cookies.

In the other side the CCPA/CPRA in California, USA shares its goal of protecting user privacy. While there are some differences—for example, the CPRA allows cookies to be loaded automatically but requires that users have a way to opt out—the core idea is the same: having a Cookie Policy is essential for compliance.

We’ve provided a few details about the main laws below.

When it comes to cookies, trackers and similar technologies, you can think of the ePrivacy and the GDPR as complementing and working alongside each other.

Under the law, you’re required to inform users that you’re using cookies on your site and obtain their consent before doing so. In practice, you’ll need to:

  • show a cookie banner on the user’s first visit;
  • implement a cookie policy that provides further details about your use of cookies; and
  • block non-exempt cookie scripts from running prior to consent.

👉 Learn more about the legal requirements concerning cookies here.

While the wording and requirements are not exactly the same as the European laws, some US laws like the CPRA (CCPA amendment) require you to inform users of your site’s use of trackers, and to give them the opportunity to easily opt-out. This differs from European laws, which instead require to get the user’s consent before running cookies and trackers (aka opt-in).

⚠️ Remember, privacy laws can apply to you even if you’re not based in the region it comes from.
If you’re not sure about which privacy laws apply to you, do this 1-min quiz → 

Cookie policies are important because they inform users visiting a website how that website uses cookies. Cookies are small files that remember what you like on a site, like your password or what’s in your shopping cart. By having a cookie policy in place, websites follow laws that protect user’s privacy online. This cookie policy helps visitors understand what information the site collects about them and how it uses that information.

How are a cookie policy and a privacy policy different?

A cookie policy is a part of a privacy policy but focuses specifically on the use of cookies on a website. While the privacy policy talks about all the ways a website collects, uses, and protects your personal information, the cookie policy specifically tells you about the cookies the website uses. It explains what types of cookies are there, why they are used, and how you can manage or turn them off.

Feature Cookie Policy Privacy Policy
What it Covers Talks about how a website uses cookies (small data files) to track users. Explains how a website collects, uses, shares, and protects user information.
Purpose To inform users about the types of cookies the site uses and why. To inform users about their rights and how their personal data is handled.
Information Collected Typically includes information on browsing habits and preferences. Can include personal details like name, address, email, and browsing data.
User Control Users can often choose to accept or reject cookies. Users are informed about how they can control their personal information.
Legal Requirement Required by law in many places to obtain consent before using cookies. Required by law in many places to ensure users’ privacy is protected.

Here are the key elements typically included in a comprehensive cookie policy (Keep in mind that specific requirements may vary depending on jurisdiction):

  • Overview: Begin with a brief introduction explaining the purpose of the policy and its relation to the website’s privacy practices.
  • Types of Cookies: Provide an explanation of the different types of cookies used on the website, such as essential cookies, functional cookies, analytical cookies, and advertising or targeting cookies. Describe each type and its purpose.
  • Cookie Details: Present a list or table of the specific cookies used on the website, including their names, purposes, expiration dates, and any third parties involved in placing or accessing those cookies.
  • Consent: Explain how the website obtains user consent for the use of cookies. Describe the methods used, such as explicit consent through a cookie banner or implied consent through browser settings. If applicable, mention the possibility of withdrawing consent.
  • Third-Party Cookies: If the website allows third-party cookies, disclose the third-party services or partners involved and provide links to their respective cookie policies or opt-out mechanisms.
  • Cookie Management: Explain how users can manage or disable cookies through browser settings or other mechanisms. Provide instructions or links to relevant resources if available.
  • Data Protection and Privacy: Address how the website handles personal data collected through cookies. Describe the data protection measures in place and link to the website’s privacy policy for more detailed information.
  • Updates to the Policy: Clarify that the cookie policy may be subject to periodic updates and provide the date of the most recent update.
  • Contact Information: Include contact details for visitors to reach out with questions, concerns, or requests regarding the cookie policy or their personal data.

It’s important to note that the specific requirements for a cookie policy may vary depending on the applicable laws and regulations in different countries or regions. Therefore, it’s recommended to consult with legal professionals or seek guidance specific to your jurisdiction to ensure compliance.

There are some elements that every generic policy has to include:

  • the types of cookies that you’re installing, for example, tracking cookies, advertising, etc.;
  • any third parties that run cookies on your site/app;
  • the purposes for why each category of cookies is used;
  • the details on how users can exercise their legal rights in regard to cookies. For example, how they can manage their preferences or withdraw consent.

Also, consider that your policy should be available in all the languages in which your services are provided.

You can create your cookies policy with online generators, like iubenda’s Privacy and Cookie Policy Generator.
iubenda can help you create a comprehensive cookie policy, with clauses written by actual lawyers.
All you need to do is:

  • Scan your website and to see what kind of cookies you’re running.
  • Create your documents in a few clicks.
  • Add it to your website.

Not sure how to get started with your Cookie Policy?

Use our site scanner to see what kind of cookies you’re running

Scan your Website for Free Now!

To help you have a better idea of how it should look, here’s a template. Just click the button below to open it 👇

💡 Remember: This is a sample use this template as a guide, but don’t just copy and paste!

It’s against your best interests as, legally, cookie policies need to be specific to the cookies and scripts running on YOUR site.

👋 Try iubenda’s Generator instead
Creating your cookie policy has never been so easy!

Moreover, our Generator is supported by an international legal team, which takes care of updating your documents when the laws change. So, you have just one thing left to do: focus on your business.

Max Mara

The simple but elegant cookie banner that pops up on the footer of the Max Mara site is a good example of persistent visibility without interrupting the user’s browsing experience. The inclusion of a “Continue without accepting” option respects user preferences and provides an alternative for those who may choose not to consent to cookies, promoting user choice and privacy.

Cookie policy example from the MaxMara site


The Adidas cookie banner has a floating banner on their website that adheres to GDPR. The banner features ‘accept,’ and ‘reject,’ buttons placed at an equal levels, with the same color and level of visual prominance. Ensureing that it’s not just in line with laws like the GDPR and ePrivacy, but also with the French DPA’s (the CNIL) guidelines.

Cookie policy example from Adidas site

la Repubblica

The publication la Republica is a good example of how transparency can boost conversion. The publication explains their purposes for running personalized ads and gives users the option to subscribe to their paid publication for an ad-free experience. You can read more about paywalls for publishers here → 

Example of publisher cookie policy

🚀 Check out more examples here!

Regularly updating your document is necessary to stay complaint with evolving regulations and to provide accurate information to your website visitors.

In general, to update your cookie policy, you’ll need to:

  1. Add info about any new cookies or similar technologies running on your site. So for example, if you added new social buttons to your site, you’d need to update your privacy and cookie policies to include disclosures about the new cookies, their purposes, and duration.
  2. Add disclosures related to any updated laws that may apply to you or your users. For example, if you’re based in California USA and decide to expand your audience to include users from Virginia, or from the UK, you’ll need to update your policies to include the disclosures required under those privacy laws. Alternatively, if the laws that apply to you change, for example, the German Data Protection Authority issues new requirements for cookie policies – then you’ll need to update your cookie policy to include the new information.

Luckily, if you’re using iubenda, we regularly monitor and automatically handle these updates for you. Our free site scanner also regularly scans your site to alert you of any compliance issues. Learn more here.

Stay Compliant Effortlessly ✅
  • Let iubenda handle the hassle of updating your cookie policy.
  • We constantly monitor evolving laws and keep your policy up-to-date.
  • Focus on your business while we take care of the legalities.
Proactive Updates for Peace of Mind ✅
  • Trust iubenda to proactively update necessary clauses on our end.
  • Rest assured that your cookie policy will always be current.
  • Stay compliant without the stress of manual updates.
Website Scans for Informed Compliance ✅
  • Our regular website scans keep you informed about new services.
  • Ensure all required elements are included in your policy.
  • Be ready for any changes while we handle the monitoring.
Your Business, Our Priority ✅
  • Experience a seamless solution tailored to your needs.
  • Let iubenda manage legal aspects so you can focus on your core business.
  • Join thousands of satisfied customers and enjoy peace of mind

Get a Cookie Policy for your website

Try our Generator risk-free