|Policy Owner||Director of Information Protection and Compliance|
|Policy Lead||Data Protection Officer|
|Date effective from||01/11/2022|
|Review date||01/11/2023 (or sooner if required)|
This policy sets out the principles applied by Age UK in relation to how cookies are collected and used in conjunction with the Age UK national website (www.ageuk.org.uk) and by its partner organisations Age Scotland, Age Cymru, Age NI and local brand partners.
Cookies are tiny pieces of information that are placed on a computer or mobile device when a user visits a website via a browser, such as Microsoft Edge, Apple Safari or Google Chrome. Cookies are a very common part of using almost all websites.
Cookies can save some information about a user for when they access the site again in the future, however, they do not usually directly identify that user.
The scope of this policy is limited to the Age UK national website (www.ageuk.org.uk) ,the following nation sub-sites and their local brand partners:
- Age Scotland www.ageuk.org.uk/scotland
- Age Cymru www.ageuk.org.uk/cymru
- Age NI www.ageuk.org.uk/northern-ireland
- 130 sub-sites for local brand partners in England
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 enshrines the fundamental right to privacy for individuals, and on a more practical level, building trust between recognising their right to have control over their own identity and their interactions with others, and striking a balance with the wider interests of society.
The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the UK GDPR. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
Marketing calls, emails, texts and faxes
Cookies (and similar technologies). Keeping communications services secure such as customer privacy as regards traffic and location data, itemised billing, line identification, and directory listing
5. Website and Brand Partner Cookies
Generally, cookies fall into one of two categories - essential and non-essential.
Essential cookies are cookies that are strictly necessary for a website to function correctly. Whilst these cookies are not mandatory, refusal to accept them may result in poor performance and reduced functionality of a website. A user can set their browser to block or alert them about these cookies, but some parts of any information that directly identifies a user.
Non-essential cookies are cookies that will improve functionality, monitor performance and target advertising at an individual based on browsing behaviour. Like essential cookies they are not mandatory to accept but may reduce performance and functionality of a website. These cookies store information based on browser and device type, not personal data about an individual.
Age UK has specified four types of cookies and a brief description of what they are required for:
- Performance cookies. These cookies collect anonymous information about users for the purpose of assessing the performance of a website. Common uses include well-known web analytics tools such as Google Analytics.
Functionality cookies. These are cookies that automatically remember choices that users have previously made in order to improve their experience next time they visit a website.
- For example, where users select their preferred settings and layout.
Targeting or Advertising cookies. These cookies are similar to performance cookies, in that they collect information about user individual user level to advertise products and services to users based on the behavioural
- A list of all approved cookies in each area can be found in here 5.1 Change Control
- Cookies are typically set by applications to the parent domain (e.g., ageuk.org.uk), meaning the data it holds could be accessible to third party developers and imbedded technology on any page on the domain with no distinction between whether it is a national or brand partner site. This could
introduce unwanted functionality and as such technology risk. All cookies, both essential and nonessential, regardless of whether they are set at the parent domain or on a brand partner site are their use and the method for setting them, must be approved by Age UK's central Digital and Technology team.
6. Third party cookies
Unapproved third-party cookies are not permitted to be installed on the parent domain of the national website. Age UK acts as the data controller for the national website (www.ageuk.org.uk) and both the nation and brand partner sub-sites and as such would be held liable for any third-party cookies installed on the national website and sites of the other nations and local brand partners.
Consent to the use of all non-essential approved cookies is captured and recorded in a third-party is required under the Privacy and Electronic Communications Regulations (PECR) for all cookies that are not strictly necessary. A cookie banner will be presented to all users who visit the website (www.ageuk.org.uk) and their preferences will be set for all pages on this parent domain irrespective of them being on a national or brand partner site.