Sample Cookies Policy Template
Cookies are small files that are sent from websites to users' computers and store the user's information to optimize a company's site, make visiting the site again easier, and sending ads.
If you do not include a notification to users of your policy, it could open your company up to liability in the future.
But what exactly is a Cookies Policy?
- 1. What is a Cookies Policy?
- 2. Do You Legally Need a Cookies Policy?
- 2.1. United States
- 2.2. European Union
- 3. What Should be Included in Your Cookies Policy?
- 3.1. Definition of Cookies
- 3.2. What Cookies You Use
- 3.3. What You Use the Cookies For
- 3.4. How Users can Opt Out or Adjust Settings
- 4. Where to Display Your Cookies Policy
- 4.1. Cookies Notice When Asking for Consent
- 4.2. Website Footer
- 4.3. App Legal/About Menu
- 5. How to Get Consent for Your Cookies Policy
- 6. Create Compliant Cookie Consent
What is a Cookies Policy?
A Cookies Policy is a disclosure by a website of:
- What cookies are used by the company
- How those cookies are used to collect the private information of visitors
- How the user can control the disclosure of information and use of the cookies for collection
A Cookies Policy allows the company to have full disclosure with its users and creates a transparency of the collection of private information.
Do You Legally Need a Cookies Policy?
It all depends on where your audience is located. The US and the European Union (EU) have different requirements about the inclusion of a Cookies Policy.
Figuring out what exact laws apply to you is extremely important in how you display your Cookies Policy.
- What information is being collected and how it is stored
- How the data is used
- Who data is disclosed to
- How you can adjust disclosure of your information
The EU Cookie Law, or the ePrivacy Directive, was put in place in 2011 to control how personal information is collected and processed. Additionally, the GDPR (General Data Protection Regulation) requires that users must consent to the use of the cookies before they're used.
Your Cookies Policy will need to disclose to users:
- What cookies are used
- How your users can accept or reject the use of the cookies
However, EU companies are not alone in falling under this rule. US companies who have EU customers also must include a separate Cookies Policy that is available to users.
What Should be Included in Your Cookies Policy?
While each company will need to create its own unique Cookies Policy based on business practices, there are some basics that must be included in every policy. Additionally, each of these basic requirements must be clear and in plain language.
You must include:
- A definition of cookies
- What cookies you use
- What you use the cookies for
- How users can opt out or adjust settings
Let's take a look at each of these sections with examples.
Definition of Cookies
Not everyone is well-versed in digital lingo. It is important to use plain language and to clearly state what cookies are so that any of your users may understand and can freely consent or reject the use of them.
Long-winded legalese and roundabout explanations are no longer acceptable for legal policies.
Additionally, another way to direct users to learn about what cookies are is to include bold links that direct users to this separate clause.
The BBC uses an easy outline with links to take the users to exact clauses relating to cookies. It also gives a clear and simple statement as to what cookies are:
This type of format makes it really easy for a reader to navigate and find out specific information in an easy way.
What Cookies You Use
There are multiple types of cookies that can be used by a company to collect personal information. You can have session, persistent, secure, etc. Companies must clearly denote what types of cookies are used in a simple, but informative way.
The use of tables, bold titles, or a defined outline will help clearly inform your users and comply with the privacy laws.
Apple is a good example of how to simply and easily describe the use of their cookies. Apple is a global company and they are required by the EU to follow their Cookie Law.
Included in its Cookies Policy, Apple clearly lays out the three types of cookies it uses to collect information and how the information collected is used by the company:
This format makes it really easy for readers to understand that multiple types of cookies are used and see exactly what each type does. This information is important so that users can adjust settings or opt in and out of different cookies with knowledge and awareness.
What You Use the Cookies For
One of the most important pieces of your Cookies Policy is including what your cookies are used for and how you use the information that is stored and collected from the cookies.
Transparency in policy statements is important both under the FTC and the EU laws. Clearly informing customers of how you handle their personal information will protect you later on if any future issues arise.
Additionally, if your company allows third parties, such as Google Analytics, to have access to your users' information, that must also be disclosed. Third parties use the data as a way to:
- Research search history
- Analyze the dynamics of a website
LinkedIn includes a simple table clearly stating the reasons for why the cookies are used and how the cookies affect those uses with simple, plain language:
Again, this breakdown and format makes it easy for readers to understand and really comprehend the different categories of cookies being used, and for what.
How Users can Opt Out or Adjust Settings
Another important clause to include in your Cookies Policy is how users can accept, reject, or adjust their cookies settings.
Additionally companies need to provide accessible links to their settings and tips for how users can change them.
The travel booking website Priceline includes its own cookie section with tips for how you can accept or reject cookies and how you can opt out of specific types of cookies the company uses:
Note how multiple links are provided for different opt-out resources, getting further information and adjusting settings.
Where to Display Your Cookies Policy
Three common places you should display a link to your Cookies Policy are:
- In a cookies notice when asking for consent
- Your website's footer
- Your mobile app's Legal/About menu
Cookies Notice When Asking for Consent
One of the best ways to display your Cookies Policy is in consent notices. Consent notices usually are included in sign-up forms or pop-up banners that appear when a user visits the site for the first time.
Later in this article we'll help you create your own consent solution with our free and easy-to-use Cookie Consent generator.
The most common place to include a link to your Cookies Policy is in your website footer. Most people know to scroll to the bottom to find the link and expect a link to be included there.
A prime example of clearly displaying a link to your Cookies Policy can be found in Amazon UK's footer. The white lettering stands out from the black background drawing attention to the links:
The French retail and grocery company Carrefour includes a separate link to its Cookies Policy from its overall "Legal Information" in the footer of the website.
App Legal/About Menu
If a user has to continually scroll down the page to get to the footer such as on a news outlet or a media source, including a drop down menu and having a link to your policy under your About section makes accessing your policy easy.
BuzzFeed has a very long landing page that as you scroll down keeps refreshing additional stories without reaching the footer of the page. To counteract that, it has included a dropdown menu on the side that allows you to access links to statements and policies:
Feel free to link your Cookies Policy anywhere else where you think your users might need or want to know about your cookie practices. The more informed your users are, the better.
How to Get Consent for Your Cookies Policy
Consent is one of the top requirements by both the FTC and the GDPR. Pre-checked boxes or pre-filled forms are no longer acceptable.
Express consent needs to be given by the users.
The banners typically include a short description of the cookies being used on the site with links for further information to the policies. There needs to be enough information on the banner to inform the user and provide additional avenues for them to reject or research more.
eBay UK includes a bold blue pop-up to alert the user about the disclaimer and provides an accept button and additional links for adjusting settings on the cookies.
Under Armour UK displays a pop-up notice to users as soon as they arrive on the landing page. The notice includes a button for accepting and proceeding to the website along with a link to where to find out more information:
Create Compliant Cookie Consent
Here's how you can use our Cookie Consent to implement a cookie management solution for your website.
- Click on Cookie Consent at the top of our website.
- Choose your compliance preference: ePrivacy Directive only, or ePrivacy plus GDPR compliance.
- You can customize your Cookie Consent widget to best fit your website. Add your website name and select your banner notice type and color palette.
- Copy your Cookie Consent code and append it to your website page before the closing of the
- What should be included in your Cookies Policy?
- Definition of cookies
- What cookies are used
- What you use the cookies for
- How users can opt out or adjust settings
- Where to display your Policy?
- In a cookie notice when asking for consent
- Pop-up or banner
- App Legal/About Menu
- How to get agreement for Cookies Policy/Consent to place cookies
- Through pop-ups on first time visits to site
- Use of "I Accept" buttons