Some laws such as the ePrivacy and the General Data Protection Regulation (GDPR) require websites to detail their use of cookies to users. In this short post, we’ll share with you a free cookie policy template and go through what you need in order to create a compliant cookie policy.
💡 Download our free cookie policy template right away or keep reading for a deep dive into crafting a perfect privacy policy, including why you need one for your website and examples.
Unlike a privacy policy, which makes legally required disclosures about your data processing activities in general, the cookie policy deals specifically with your use of cookies and contains those particular legally required disclosures – which we will exaplain below.
Keep in mind that, often, the cookie policy is a dedicated section of the main privacy policy of a website or an app.
First thing first, under the law, you’ll need to show a cookie banner (also called cookie notice) to inform site visitors and allow your users to provide or deny consent. In your cookie banner, you must link your cookie policy and make details of cookies’ purposes, usage, and related third-party activities available to the user.
This article is a part of our series on cookies and cookie consent. Read also:
Disclosures related to cookies and tracking are indeed required by data protection laws across the world such as Europe’s GDPR, ePrivacy/ Cookie Law, and the US’ CCPA/CPRA and VCDPA.
In Europe, businesses that target Europe-based users are subject to laws such as the General Data Protection Regulation (GDPR) and the Cookie Law. These laws mandate that businesses provide clear information about their use of cookies and obtain appropriate consent from users.
Similarly, in the United States, there are privacy laws at both the state and federal levels that regulate the use of cookies and require businesses to provide transparency and obtain consent.
Having a comprehensive and informative cookie policy is therefore critical for compliance. It not only helps meet the legal requirements set forth by the GDPR and Cookie Law but also demonstrates a proactive approach to transparency and consent, which can be beneficial in anticipating and complying with future changes in state, federal, and international laws.
Although having a separate cookie policy is not strictly required, laws such as the GDPR and ePrivacy Directive do mandate that you provide comprehensive information about your use of cookies in a document that is easily accessible to all users. As a common practice, many website owners choose to either create a dedicated cookie policy page, or dedicate a section of their privacy policies to mandatory cookie disclosures. This page or section is then is linked to from the cookie banner or cookie notice. This approach allows for clear and transparent communication of their cookie practices while ensuring compliance with applicable regulations.
The cookie policy should at least contain:
*Also consider that your policy should be available in all the languages in which your services are provided.
The good news is yes, you absolutely can!
But it would be best if you were careful. Choose a high-quality cookie policy generator that, at the very least, contains clauses written by actual legal professionals and that allows you to customize your document based on your individual needs entirely.
Use our generator today to build and install a customizable and professional Cookie Policy for your website. Clauses have been pre-drafted by our international legal team.
See it in action (0:37)
To comply with consent requirements for your cookies policy, users must actively indicate their agreement.
This can be done through actions such as:
👉 We strongly recommend using a Cookie Policy Generator for generating your own professional document. You can try ours for free!
Copy and paste the Cookie Policy Template HTML directly into your website.
<h1><strong>Cookie Policy of [<a href="http://www.testsite.com/">www.testsite.com</a>]</strong></h1>
<p>Last updated: [date]</p>
<p>We are [Company Name]. This cookie policy outlines how we collect, use, and manage cookies, and we outline your rights and choices regarding cookie usage.</p>
<p>You can contact us at [email address].</p>
<hr>
<h2>Table of contents</h2>
<ul>
<li>Introduction</li>
<li>Contact information</li>
<li>Activities strictly necessary for the operation of this website and delivery of the service</li>
<li>How to manage preferences and provide or withdraw consent</li>
<li>Definitions and legal references</li>
</ul>
<hr>
<h2><strong>Introduction</strong></h2>
<p><strong>What is this policy about?</strong><br>
This document tells you about tracking technologies (“trackers”) that help this website achieve the purposes outlined in this document.</p>
<p><strong>What are trackers?</strong><br>
For simplicity, all such technologies are defined as "trackers" within this document – unless there is a reason to differentiate. For example, while cookies can be used on both web and mobile browsers, it would be inaccurate to talk about cookies in the context of mobile apps as they are a browser-based tracker. For this reason, within this document, the term cookies is only used where it is specifically meant to indicate that particular type of tracker.</p>
<p>Some of the purposes for which trackers are used may also require your consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.</p>
<p>This website uses trackers managed directly by us (so-called “first-party” trackers) and trackers that enable services provided by a third-party (so-called “third-party” trackers). Unless otherwise specified within this document, third-party providers may access the trackers managed by them.</p>
<p>The validity and expiration periods of cookies and other similar trackers may vary depending on the lifetime set by us or the relevant provider. Some of them expire upon termination of your browsing session. In addition to what’s specified in the descriptions within each of the categories below, you may find more precise and updated information regarding lifetime specification as well as any other relevant information — such as the presence of other trackers— in the linked privacy policies of the respective third-party providers or by contacting us.</p>
<p>This document was generated with the use of the <a href="https://www.iubenda.com/en/help/54673-cookie-policy-template">cookie policy template</a>.</p>
<hr>
<h2>Contact Information</h2>
<p>Since the use of third-party trackers through this website cannot be fully controlled by us, any specific references to third-party trackers are to be considered indicative. In order to obtain complete information, you are kindly requested to consult the privacy policies of the respective third-party services listed in this document.</p>
<p>Given the objective complexity surrounding tracking technologies, you are encouraged to contact us should you wish to receive any further information on the use of such technologies by this website.</p>
<p><strong>Address:</strong><br>
[Street Address]<br>
[City, State ZIP Code]<br>
[Country]</p>
<p><strong>Email:</strong> [email address]</p>
<p><strong>Phone:</strong> [phone number]</p>
<hr>
<h2><strong>Activities strictly necessary for the operation of this website and delivery of the service</strong></h2>
<p>This website uses so-called “technical” cookies and other similar trackers to carry out activities that are strictly necessary for the operation or delivery of the service.</p>
<h3><strong>Other activities involving the use of trackers</strong></h3>
<h3><strong>Experience</strong></h3>
<p>This website uses trackers to improve the quality of the user experience and enable interactions with external content, networks and platforms.</p>
<p><strong>Displaying content from external platforms</strong><br>
This type of service allows you to view content hosted on external platforms directly from the pages of this website and interact with them. Such services are often referred to as widgets, which are small elements placed on a website or app. They provide specific information or perform a particular function and often allow for user interaction. This type of service might still collect web traffic data for the pages where the service is installed, even when you do not use it.</p>
<p><strong>Google Fonts (Google LLC)</strong><br>
Google Fonts is a typeface visualization service provided by Google LLC that allows this website to incorporate content of this kind on its pages.</p>
<p>To understand Google's use of data, consult Google's <a href="https://policies.google.com/technologies/partner-sites">partner policy</a> and their <a href="https://business.safety.google/privacy/">Business data page</a>.</p>
<p><strong>Personal data processed:</strong> Trackers; Usage data <br>
<strong>Place of processing:</strong> United States<br>
<strong>Privacy policy:</strong><a href="https://business.safety.google/privacy/">https://business.safety.google/privacy/</a><br>
<strong>Opt-out link:</strong><a href="https://tools.google.com/dlpage/gaoptout">https://tools.google.com/dlpage/gaoptout</a></p>
<h3><strong>Measurement</strong></h3>
<p>This website uses trackers to measure traffic and analyze user behavior to improve the service.</p>
<p><strong>Analytics</strong><br>
The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of user behavior.</p>
<p><strong>Google Analytics (Universal Analytics) (Google LLC)</strong><br>
Google Analytics (Universal Analytics) is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.</p>
<p>To understand Google's use of data, consult Google's <a href="https://policies.google.com/technologies/partner-sites">partner policy</a> and their <a href="https://business.safety.google/privacy/">Business data page</a>.</p>
<p><strong>Personal data processed:</strong> Trackers; Usage data <br>
<strong>Place of processing:</strong> United States<br>
<strong>Privacy policy:</strong><a href="https://business.safety.google/privacy/">https://business.safety.google/privacy/</a><br>
<strong>Opt-out link:</strong><a href="https://tools.google.com/dlpage/gaoptout">https://tools.google.com/dlpage/gaoptout</a></p>
<p><strong>Storage duration:</strong><br>
AMP_TOKEN: 1 hour<br>
_ga: 2 years<br>
_gac*: 3 months<br>
_gat: 1 minute<br>
_gid: 1 day</p>
<hr>
<h2><strong>How to manage preferences and provide or withdraw consent</strong></h2>
<p>There are various ways to manage tracker related preferences and to provide and withdraw consent, where relevant:</p>
<p>You can manage preferences related to trackers from directly within your own device settings, for example, by preventing the use or storage of trackers.</p>
<p>Additionally, whenever the use of trackers is based on consent, you can provide or withdraw such consent by setting your preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences privacy widget, if available.</p>
<p>It is also possible, via relevant browser or device features, to delete previously stored trackers, including those used to remember your initial consent preferences.</p>
<p>Other trackers in the browser’s local memory may be cleared by deleting the browsing history.</p>
<p>With regard to any third-party trackers, you can manage your preferences via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.</p>
<h3><strong>Locating tracker settings</strong></h3>
<p>You can, for example, find information about how to manage cookies in the most commonly used browsers at the following addresses:</p>
<ul>
<li><a href="https://support.google.com/chrome/answer/95647?hl=en&p=cpn_cookies">Google Chrome</a></li>
<li><a href="https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US">Mozilla Firefox</a></li>
<li><a href="https://support.apple.com/en-za/guide/safari/sfri11471/mac">Apple Safari</a></li>
<li><a href="https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d">Microsoft Internet Explorer</a></li>
<li><a href="https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d">Microsoft Edge</a></li>
<li><a href="https://support.brave.com/hc/en-us/articles/360022806212-How-do-I-use-Shields-while-browsing">Brave</a></li>
<li><a href="https://help.opera.com/en/latest/web-preferences/#cookies">Opera</a></li>
</ul>
<p>You may also manage certain categories of trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (you may open the device settings and look for the relevant setting).</p>
<h3><strong>Consequences of denying the use of trackers</strong></h3>
<p>You are free to decide whether or not to allow the use of trackers. However, please note that trackers help this website to provide a better experience and advanced functionalities to you (in line with the purposes outlined in this document). Therefore, if you choose to block the use of trackers, we may be unable to provide related features.</p>
<hr>
<h2><strong>Definitions and legal references</strong></h2>
<p><strong>Personal data (or data)</strong><br>
Any information that directly, indirectly, or in connection with other information — including a personal identification number— allows for the identification or identifiability of a natural person (in other words, you).</p>
<p><strong>Usage data</strong><br>
Usage data is information automatically collected through this website or third-party services, including your IP address, browser type, operating system, time and method of requests, response status, visit duration, page sequence, and device-specific details.</p>
<p><strong>This website</strong><br>
The means by which your personal data is collected and processed.</p>
<p><strong>Service</strong><br>
The service provided by this website as described in the Terms of Service and on this site.</p>
<p><strong>European Union (or EU)</strong><br>
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.</p>
<p><strong>Cookie</strong><br>
Cookies are trackers consisting of small sets of data stored in your browser.</p>
<p><strong>Tracker</strong><br>
Tracker indicates any technology - e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of you, for example by accessing or storing information on your device.</p>
<p><strong>Legal information</strong><br>
This privacy statement has been prepared based on provisions of multiple legislations. This privacy policy relates solely to this website, if not stated otherwise within this document.</p>Click on the button to view the cookie policy page:
The image below shows both Tesco’s cookie banner at the top (that links to the policy) and their privacy and cookies policy. It’s quite condensed, but Tesco uses sections in a question format to make it more understandable to users. See it for yourself at this link.
Meta’s cookie policy page is accessible from their “Privacy Center”, with other legal documents. To make the page more readable, they included clickable sections that open a modal window for the user to learn more. It also allows to view a printable version or the previous versions. Overall the page is quite short.
The Vodafone website cookie policy example below shows a single menu without any extra text. Visitors can just click on the section that they wish to check. Under “How we use cookies”, Vodafone added a table to list the cookies they use and details like name and duration.
Displaying your cookie policy prominently on your website is essential to comply with privacy regulations and ensure transparency with your visitors. It’s always best practice to link to it whenever you’re talking about cookies or asking for/managing cookie consent.
That’s why your website’s footer is a recommended place where to display your document since it makes it accessible from any page.
You’re also required to link to your cookie policy in your cookie banner, which you should display at the user’s first visit on your site in order to ask for their consent.
Sometimes, it also common practice to include your cookie policy page within your privacy policy page. Overall, it’s best to have all your legal documents together under “Legal” or “Privacy”, as you can see from the cookies policies examples above.
With iubenda’s Privacy Controls and Cookie Solution you can easily manage all aspects of the GDPR, and Cookie Law, in particular: