If your website is using any type of cookies, you’ll likely need a cookie policy. But what is it? What should it include? And how can you tell if your site uses cookies?
In this post, we’ll explain everything you need to know about cookies, cookie policies and even show you a sample template. Keep reading!
Let’s start from the basics. To understand if you need a cookie policy, you need to know what cookies are first.
Cookies are small data files generally stored on a user’s computer/browser. Every time you go back to a website you’ve already visited, cookies remember your preferences (such as your password or language).
Cookies can have different purposes:
If your website uses cookies – even just technical cookies – you’ll need a cookie policy.
✅ Craft Your Cookie Policy Effortlessly: Start Using Our Generator Today!
In short, a cookie policy is a document that gives information about the cookies and trackers used on a website including details about the types of cookies used, the function, purpose and storage duration of the cookie on the user’s computer.
The exact details of what needs to be included in a cookie policy depends on the data privacy law that applies to you.
Keep in mind that having a this policy is a legal requirement under various privacy laws like the GDPR, ePrivacy and even US laws like the CCPA/CPRA.
Most likely yes. If your site uses cookies or trackers that you’ll likely need a policy as cookie and tracking related disclosures are required under several global privacy laws like the ePrivacy, GDPR, CCPA/CPRA and more.
We’ve provided a few detail about the main laws below.
When it comes to cookies, trackers and similar technologies, you can think of the ePrivacy and the GDPR as complementing and working alongside each other.
Under the law, you’re required to inform users that you’re using cookies on your site and obtain their consent before doing so. In practice, you’ll need to:
👉 Learn more about the legal requirements concerning cookies here.
While the wording and requirements are not exactly the same as the European laws, some US laws like the CPRA (CCPA amendment) require you to inform users of your site’s use of trackers, and to give them the opportunity to easily opt-out. This differs from European laws, which instead require to get the user’s consent before running cookies and trackers (aka opt-in).
⚠️ Remember, privacy laws can apply to you even if you’re not based in the region it comes from.
If you’re not sure about which privacy laws apply to you, do this 1-min quiz →
Here are the key elements typically included in a comprehensive cookie policy (Keep in mind that specific requirements may vary depending on jurisdiction):
It’s important to note that the specific requirements for a cookie policy may vary depending on the applicable laws and regulations in different countries or regions. Therefore, it’s recommended to consult with legal professionals or seek guidance specific to your jurisdiction to ensure compliance.
There are some elements that every generic policy has to include:
Also, consider that your policy should be available in all the languages in which your services are provided.
You can create your cookies policy with online generators, like iubenda’s Privacy and Cookie Policy Generator.
iubenda can help you create a comprehensive cookie policy, with clauses written by actual lawyers.
All you need to do is:
To help you have a better idea of how it should look, here’s a template. Just click the button below to open it 👇
💡 Remember: This is a sample use this template as a guide, but don’t just copy and paste!
It’s against your best interests as, legally, cookie policies need to be specific to the cookies and scripts running on YOUR site.
Try iubenda’s Generator instead
Creating your cookie policy has never been so easy!
Moreover, our Generator is supported by an international legal team, which takes care of updating your documents when the laws change. So, you have just one thing left to do: focus on your business.
The simple but elegant cookie banner that pops up on the footer of the Maxmara site is a good example of persistent visibility without interrupting the user’s browsing experience. The inclusion of a “Continue without accepting” option respects user preferences and provides an alternative for those who may choose not to consent to cookies, promoting user choice and privacy.
The Adidas cookie banner ha a floating banner on their website that adheres to GDPR. The banner features ‘accept,’ and ‘reject,’ buttons placed at an equal levels, with the same color and level of visual prominance. Ensureing that it’s not just in line with laws like the GDPR and ePrivacy, but also with the French DPA’s (the CNIL) guidelines.
The publication la Republica is a good example of how transparency can boost conversion. The publication explains their purposes for running personalized ads and gives users the option to subscribe to their paid publication for an ad-free experience. You can read more about paywalls for publishers here →
🚀 Check out more examples here!
Regularly updating your document is necessary to stay complaint with evolving regulations and to provide accurate information to your website visitors.
In general, to update your cookie policy, you’ll need to:
Luckily, if you’re using iubenda, we regularly monitor and automatically handle these updates for you. Our free site scanner also regularly scans your site to alert you of any compliance issues. Learn more here.
