The law regarding cookies
Last updated: 25/05/2018
- Cookie usage is governed by the ePrivacy Directive (Cookie law) and not the GDPR, please see our separate GDPR compliance statement
- Cookie law requires users’ informed consent before storing cookies on a user’s device and/or tracking them.
- Consent to cookies must be informed and based on an explicit affirmative action; subject to the local authority, these actions may include continued browsing, clicking, scrolling the page or some method that requires the user to actively proceed.
- The Cookie Law does not require that records of consent be kept but instead indicates that you should be able to prove that consent occurred —even if that consent has been withdrawn.
- The cookie law does not require that you provide users with the means to toggle cookie preferences directly on your site/app, only that you conspicuously provide the option for obtaining informed consent, provide a means for the withdrawal of consent and guarantee via prior blocking that no tracking is performed before consent is obtained.
- The cookie law does not require that you individually list third-party cookies, only that you state their category and purpose.
- While the Cookie Law does not require that you manage consent for third-party cookies directly on your site/app, you are required to inform users of third-party cookie usage, the purpose of the cookies and link to the relevant third-party privacy/cookie policies.
The ePrivacy Directive 2002/58/EC (or Cookie Law) was established to put guidelines and expectations in place for electronic privacy, including email marketing and cookie usage, and it still applies today. You can think of the ePrivacy Directive as currently “working alongside” the GDPR in a sense, rather than being repealed by it.
What are cookies
A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device. The Regulations apply to cookies
and also to similar technologies for storing information. Cookies we use can be both “persistent” or “session” cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the Service, deliver advertisements on and through the Service. These are listed below.
Live Chat – To allow us to record online conversations between user and site owner
Google Analytics – Used to determine new sessions and visits, we also store these cookies for Google’s ReMarketing, Adwords and Double Click AdExchange Buyer services.
CRM – Allows us to coordinate and manage customer data. Helps to improve the website and your shopping experience, and to make our marketing campaigns relevant. Our CRM, Pipedrive uses technology that provides search engine optimization, business blogging, competitor analysis, our contact forms also record cookie use
WooCommerce – To keep track of cart data, WooCommerce makes use of 3 cookies: woocommerce_cart_hash | woocommerce_items_in_cart | wp_woocommerce_session_
The first two cookies contain information about the cart as a whole and help WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
WordPress – When you log into WordPress from http://example.com/wp-login.php, WordPress stores the following two cookies: Your user name | A double-hashed copy of your password. The cookies are set to expire two weeks from the time they are set.
Social Media –Some pages load content from 3rd party social media platforms like Facebook, Google+, LinkedIn, Twitter and YouTube. In some cases, we use a software called AddThis to manage page sharing.
SagePay – Our Payment Service Provider is Sage Pay. They provide a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range of secure methods such as fraud screening, I.P. address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards. In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So when buying through our site, you can be sure that you are completely protected.
What are your choices regarding cookies
Where can you find more information about cookies
You can learn more about cookies and download the ICO guidance and cookie law, here
Please see our general terms & conditions pages for our policy on data protection.
Managing cookies using your browser
Internet browsers will usually provide an option to disallow the setting of all or some cookies. You can find more about using your browsers cookie settings either via the help menu for your browser or on the browser’s own website. Cookies can also be deleted by using your internet browser, but you must disallow them otherwise they will be reapplied the next time you visit a website. If you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Cookies usually fit into one or more of the following four categories.
Category 1: Strictly Necessary Cookies
These cookies are essential in order to enable you to move around the website and use its features. These cookies do not gather any information about you that could be used for marketing or remembering where you’ve been on the internet. We are not required to get your consent to the use of Strictly Necessary Cookies. They last for one “session” and expire when you leave our website or close the browser. Cookies that fall into this category are:
i. Shopping cart cookies
ii. Access to protected areas of a website
iii. Remembering previously entered text so it’s not lost if the page refreshes
Category 2: Performance Cookies
Performance Cookies store anonymous information only and therefore cannot be used to identify you. We are required to get your consent to the use of Performance Cookies. By using our website, you agree that we can place these types of cookies on your device. Performance Cookies can be deleted from your browser history at any point before their expiry time. Cookies that fall into this category are:
iii. Pay Per Click
Category 3: Functionality Cookies
These cookies remember your preferences to personalise your experience on our website. We are required to get your consent to the use of Functionality Cookies. By using our website, you agree that we can place these types of cookies on your device. Functionality Cookies can be deleted from your browser history at any point before their expiry time. Cookies that fall into this category are:
i. Detecting if you have already seen a pop-up to ensure it doesn’t get shown to you again
ii. Submitting comments
iii. Remembering colours, font sizes and page backgrounds
Category 4: Targeted Advertising Cookies
Targeted Advertising Cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. The information they store is not anonymous. We are required to get your consent to Target Advertising Cookies. We will ask for consent from you to store these cookies on your device using a pop-up, overlay, splash page or header/footer bar. Cookies that fall into this category are:
i. Collecting information about browser habits to target advertising;
ii. Collecting information about browser habits to target website content.
We will inform you about cookies in these ways:
The cookies we have on our website:
Below we have provided a table detailing all the cookies we use on our website for your information.
|Name, Publisher and Functionality||Description||Category|
|Stores user-specific preferences for browser plugins and searches via google.co.uk(etc). Example preferences are language, safe search etc.||3|
|WooCommerce||Stores cart ID, keeps buyer or cart personal information relevant to purchase and is required for the website to function correctly, to send payment notices, shipping updates and for users to log in and checkout account or order status||1|
Identifying unique visitors
|Each unique browser that visits a page on your site is provided with a unique ID via the __utma cookie. In this way, subsequent visits to your website via the same browser are recorded as belonging to the same (unique) visitor. Thus, if a person interacted with your website using both Firefox and Internet Explorer, the Analytics reports would track this activity under two unique visitors. Similarly, if the same browser were used by two different visitors, but with a separate computer account for each, the activity would be recorded under two unique visitor IDs. On the other hand, if the browser happens to be used by two different people sharing the same computer account, one unique visitor ID is recorded, even though two unique individuals accessed the site.||2|
Determining visitor session
|Google Analytics tracking for ga.js uses two cookies to establish a session. If either of these two cookies are absent, further activity by the user initiates the start of a new session. See the Session article in the Help Centre for a detailed definition and a list of scenarios that end a session. You can customise the length of the default session time using the _setSessionCookieTimeout() method.||2|
Determining visitor session
|Google Analytics tracking for ga.js uses two cookies to establish a session. If either of these two cookies is absent, further activity by the user initiates the start of a new session. See the Session article in the Help Centre for a detailed definition and a list of scenarios that end a session. You can customise the length of the default session time using the _setSessionCookieTimeout() method.||2|
Tracking traffic sources & navigation
|When visitors reach your site via a search engine result, a direct link, or an ad that links to your page, Google Analytics stores the type of referral information in a cookie. The parameters in the cookie value string are parsed and sent in the GIF Request (in the utmcc variable). The expiration date for the cookie is set as 6 months into the future. This cookie gets updated with each subsequent page view to your site; thus it is used to determine visitor navigation within your site.||2|
Google analytics tracking beacon script
|This code is commonly used on websites to track anonymous visitor data. It connects to the Google Analytics service to send data about visitor behaviour Google analytics tracking beacon script and history (on the current site only) to the site owner’s Google Analytics account. No personal data is gathered or shared.||2|
Last updated: 25/05/2018