Cookie policy

Cookie policy

• Note that by some definitions (potentially including legal definitions), a cookie is a piece of data used by a browser in which some state is stored. We do not limit ourselves to this definition. By our definition, a cookie is any piece of data (browser cookie, image, DNS reply, etc.) or any program which can be used to save a visitor's state, track the visitor, or otherwise identify the visitor. In other words, we are only concerned with the moral definition of cookie, not any strict technical or legal definition.

• We define a first-party cookie as a cookie (per the above definition) for which all of the following criteria apply:

  • it is hosted on, or set by, one of our own sites or applications;
  • it is not shared, either wholly or in part, with any third party or third-party service;
  • it does not transmit any data, of any kind, to a third party or third-party service.

• Note that according to our definition of first-party cookie, it's irrelevant where a third party or third-party service is hosted, or what domain name it uses. For example, if a third-party service that we use is available at a DNS CNAME of tracker.hackworthltd.uk, and one or more cookies on one of our sites is set by, or transmits data to, that service, then that cookie is not a first-party cookie.

• We define a third-party cookie as any cookie that does not meet our criteria for what constitutes a first-party cookie.

• Regardless of whether we're collecting personal data or not, and regardless of the lawful basis for the collection of that information, if a web site we own sets one or more cookies, it must display a cookie banner.

• The banner should describe each cookie that the site wants to set on that site. Cookies other than those that are mandatory for the site to function must be opt-out by default.

• The cookie banner must, for each individual cookie, provide the following information, either in the banner or by pointing to a site-specific cookie policy page:

  • who owns or sets the cookie (i.e., either Hackworth Ltd, or a third party);
  • the cookie's domain;
  • the purpose of the cookie;
  • what information the cookie collects;
  • if the cookie is collecting information by consent, an option to enable or disable the cookie, which must be opt-out by default;

• The DPO must approve the content of every cookie banner, the specific cookies that each site sets, and the lawful basis for each cookie.

• All of our sites must contain a link to our privacy policy.

• Both our privacy policy and our site-specific cookie policies must be kept up-to-date at all times. This is the responsibility of the team or member who maintains each individual site.

• All third-party cookies that we deploy on our sites must be approved by the DPO. The current list of approved third-party cookies is maintained here.

• Once approved, the DPO must be promptly informed of any changes to the privacy & cookie policies by these third parties.

• It is the responsibility of the member(s) who are maintaining the site (and/or who are in charge of the relationship with/usage of the third-party service) to stay up-to-date on these policies and to inform the DPO.

References

• Article 29 Data Protection Working Party (EU GDPR): Opinion 04/2012 on Cookie Consent Exemption
• European Data Protection Board Guidelines 05/2020 on consent under Regulation 2016/679 Version 1.1