Iubenda logo
Start generating

Documentation

Table of Contents

Cookie Policy – Everything you need to know

If your website is using any type of cookies, you’ll likely need a cookie policy. But what is it? What should it include? And how can you tell if your site uses cookies?

In this post, we’ll explain everything you need to know about cookies, cookie policies and even show you a sample template. Keep reading!

What are cookies?

Let’s start from the basics. To understand if you need a cookie policy, you need to know what cookies are first.

Cookies are small data files generally stored on a user’s computer/browser. Every time you go back to a website you’ve already visited, cookies remember your preferences (such as your password or language).
Cookies can have different purposes:

  • Some of them are meant to give you a more enhanced experience of the website you’re visiting. For example, trackers can remember your username and password or the items you’ve added to your cart during online shopping. These are the so-called technical cookies.
  • Others can track your online behavior to give you targeted advice: have you ever looked for something to buy online, and then ads for that same thing would pop up everywhere? Well, that’s because of profiling cookies, or trackers.

If your website uses cookies – even just technical cookies – you’ll need a cookie policy.

✅ Craft Your Cookie Policy Effortlessly: Start Using Our Generator Today!

In short, a cookie policy is a document that gives information about the cookies and trackers used on a website including details about the types of cookies used, the function, purpose and storage duration of the cookie on the user’s computer. 

The exact details of what needs to be included in a cookie policy depends on the data privacy law that applies to you.

Keep in mind that having a this policy is a legal requirement under various privacy laws like the GDPR, ePrivacy and even US laws like the CCPA/CPRA.

Most likely yes. If your site uses cookies or trackers that you’ll likely need a policy as cookie and tracking related disclosures are required under several global privacy laws like the ePrivacy, GDPR, CCPA/CPRA and more.

We’ve provided a few detail about the main laws below.

When it comes to cookies, trackers and similar technologies, you can think of the ePrivacy and the GDPR as complementing and working alongside each other.

Under the law, you’re required to inform users that you’re using cookies on your site and obtain their consent before doing so. In practice, you’ll need to:

  • show a cookie banner on the user’s first visit;
  • implement a cookie policy that provides further details about your use of cookies; and
  • block non-exempt cookie scripts from running prior to consent.

👉 Learn more about the legal requirements concerning cookies here.

While the wording and requirements are not exactly the same as the European laws, some US laws like the CPRA (CCPA amendment) require you to inform users of your site’s use of trackers, and to give them the opportunity to easily opt-out. This differs from European laws, which instead require to get the user’s consent before running cookies and trackers (aka opt-in).

⚠️ Remember, privacy laws can apply to you even if you’re not based in the region it comes from.
If you’re not sure about which privacy laws apply to you, do this 1-min quiz → 

Here are the key elements typically included in a comprehensive cookie policy (Keep in mind that specific requirements may vary depending on jurisdiction):

  • Overview: Begin with a brief introduction explaining the purpose of the policy and its relation to the website’s privacy practices.
  • Types of Cookies: Provide an explanation of the different types of cookies used on the website, such as essential cookies, functional cookies, analytical cookies, and advertising or targeting cookies. Describe each type and its purpose.
  • Cookie Details: Present a list or table of the specific cookies used on the website, including their names, purposes, expiration dates, and any third parties involved in placing or accessing those cookies.
  • Consent: Explain how the website obtains user consent for the use of cookies. Describe the methods used, such as explicit consent through a cookie banner or implied consent through browser settings. If applicable, mention the possibility of withdrawing consent.
  • Third-Party Cookies: If the website allows third-party cookies, disclose the third-party services or partners involved and provide links to their respective cookie policies or opt-out mechanisms.
  • Cookie Management: Explain how users can manage or disable cookies through browser settings or other mechanisms. Provide instructions or links to relevant resources if available.
  • Data Protection and Privacy: Address how the website handles personal data collected through cookies. Describe the data protection measures in place and link to the website’s privacy policy for more detailed information.
  • Updates to the Policy: Clarify that the cookie policy may be subject to periodic updates and provide the date of the most recent update.
  • Contact Information: Include contact details for visitors to reach out with questions, concerns, or requests regarding the cookie policy or their personal data.

It’s important to note that the specific requirements for a cookie policy may vary depending on the applicable laws and regulations in different countries or regions. Therefore, it’s recommended to consult with legal professionals or seek guidance specific to your jurisdiction to ensure compliance.

There are some elements that every generic policy has to include:

  • the types of cookies that you’re installing, for example, tracking cookies, advertising, ect.;
  • any third parties that run cookies on your site/app;
  • the purposes for why each category of cookies is used;
  • the details on how users can exercise their legal rights in regard to cookies. For example, how they can manage their preferences or withdraw consent.

Also, consider that your policy should be available in all the languages in which your services are provided.

You can create your cookies policy with online generators, like iubenda’s Privacy and Cookie Policy Generator.
iubenda can help you create a comprehensive cookie policy, with clauses written by actual lawyers.
All you need to do is:

  • Scan your website and to see what kind of cookies you’re running.
  • Create your documents in a few clicks.
  • Add it to your website.

Generate your Cookie Policy risk-free!

To help you have a better idea of how it should look, here’s a template. Just click the button below to open it 👇


Cookie Policy Example

💡 Remember: This is a sample use this template as a guide, but don’t just copy and paste!

It’s against your best interests as, legally, cookie policies need to be specific to the cookies and scripts running on YOUR site.

Try iubenda’s Generator instead
Creating your cookie policy has never been so easy!

Moreover, our Generator is supported by an international legal team, which takes care of updating your documents when the laws change. So, you have just one thing left to do: focus on your business.

Max Mara

The simple but elegant cookie banner that pops up on the footer of the Maxmara site is a good example of persistent visibility without interrupting the user’s browsing experience. The inclusion of a “Continue without accepting” option respects user preferences and provides an alternative for those who may choose not to consent to cookies, promoting user choice and privacy.

Cookie policy example from the MaxMara site

Adidas 

The Adidas cookie banner ha a floating banner on their website that adheres to GDPR. The banner features ‘accept,’ and ‘reject,’ buttons placed at an equal levels, with the same color and level of visual prominance. Ensureing that it’s not just in line with laws like the GDPR and ePrivacy, but also with the French DPA’s (the CNIL) guidelines.

Cookie policy example from Adidas site

 la Repubblica

The publication la Republica is a good example of how transparency can boost conversion. The publication explains their purposes for running personalized ads and gives users the option to subscribe to their paid publication for an ad-free experience. You can read more about paywalls for publishers here → 

Example of publisher cookie policy

🚀 Check out more examples here!

Regularly updating your document is necessary to stay complaint with evolving regulations and to provide accurate information to your website visitors.

In general, to update your cookie policy, you’ll need to:

  1. Add info about any new cookies or similar technologies running on your site. So for example, if you added new social buttons to your site, you’d need to update your privacy and cookie policies to include disclosures about the new cookies, their purposes, and duration.
  2. Add disclosures related to any updated laws that may apply to you or your users. For example, if you’re based in California USA and decide to expand your audience to include users from Virginia, or from the UK, you’ll need to update your policies to include the disclosures required under those privacy laws. Alternatively, if the laws that apply to you change, for example, the German Data Protection Authority issues new requirements for cookie policies – then you’ll need to update your cookie policy to include the new information.

Luckily, if you’re using iubenda, we regularly monitor and automatically handle these updates for you. Our free site scanner also regularly scans your site to alert you of any compliance issues. Learn more here.

How iubenda can help

Stay Compliant Effortlessly

  • Let iubenda handle the hassle of updating your cookie policy.
  • We constantly monitor evolving laws and keep your policy up-to-date.
  • Focus on your business while we take care of the legalities.

Proactive Updates for Peace of Mind

  • Trust iubenda to proactively update necessary clauses on our end.
  • Rest assured that your cookie policy will always be current.
  • Stay compliant without the stress of manual updates.

Website Scans for Informed Compliance

  • Our regular website scans keep you informed about new services.
  • Ensure all required elements are included in your policy.
  • Be ready for any changes while we handle the monitoring.

Your Business, Our Priority

  • Experience a seamless solution tailored to your needs.
  • Let iubenda manage legal aspects so you can focus on your core business.
  • Join thousands of satisfied customers and enjoy peace of mind

Get a Cookie Policy for your website

Try our Generator risk-free