Profile information Account settings
Sign up Log in

MAKE YOUR FREE Cookie policy

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document

How to make a Cookie policy

Create a cookie policy to make website users aware of the types of cookies your website uses, what they do and why they are being used.

Recently reviewed by Lauren Delin, Solicitor

This cookie policy was last reviewed on 9 November 2021.

A  cookie policy sets out what type of cookies a website uses, why these cookies are used and what they do. It should also outline how users can consent (or not consent) to the use of cookies and how cookies can be enabled or disabled at a later date. Use this cookie policy template for any e-commerce, blog or other website that uses cookies. The cookie policy aims to make your website compliant with the Privacy and Electronic Communications Regulations (PECR) - also known as the ‘Cookie Law’.

Use this cookie policy:

  • when you operate a website that uses cookies

  • to inform website visitors about the cookies your website uses

  • if you are based in England, Wales or Scotland

This cookie policy covers:

  • your website’s details

  • what cookies your website uses and for what purposes

  • how to enable and disable cookies

  • how you will ask users to consent to cookies

  • your contact details

Under the PECR and the UK General Data Protection Regulations (GDPR), you must provide certain information regarding cookies to your website users. The basic rule is that you must tell people the cookies your website uses, explain what the cookies are doing and why, and get the user’s consent to store cookies on their device. Having a cookie policy in place helps communicate these things to website users.

Cookies are small text files placed on a user’s computer (or smartphone), which are commonly used to collect personal data. Most website operators place cookies on the browser or hard drive of their user's computer. Cookies can gather information about the use of a website or enable the website to recognise the user as an existing customer when they return to the website at a later date. This file is neither a virus nor spyware.

This cookies policy allows you to specify the types of cookies and their purpose. The cookies covered in this policy are:

  • strictly necessary cookies - these cookies are needed by your website in order to perform its basic functions and will generally be first-party session cookies.

  • analytical cookies - these cookies analyse how users use a website (eg which pages they visited and which links they clicked on).

  • functionality cookies - these cookies help enhance a website’s performance and functionality by, for example, allowing websites to remember the user’s site preferences, region and language.

  • targeting cookies - these cookies are specifically designed to gather information from the user to display advertisements to them based on relevant topics that interest them.

Read Types of cookies for more information.

You can identify which cookies your website used from any of the browsers that you are viewing the website on. You check for cookies, and find out their names, by: 

  • manually checking for cookies on the website from the developer console (how to do this will depend on the specific browser you are using).

  • by using a website cookie checker tool.

The PECR does not set out exactly what information you must provide to website users. However, the PECR sets out that ‘clear and comprehensive’ information must be provided about the purpose. You must explain the way the cookies work and what your website uses them for, and the explanation must be clear and easily available. In other words, users must be able to understand the potential consequences of allowing the cookies. You must also make sure that the language and level of detail are appropriate for their intended audience.

For more information, read the Information Commissioner’s Office (ICO) guidance.

Under the PECR, websites cannot use 'non-essential' cookies unless the consent of the user is expressly given - in other words, users must first opt-in before such cookies can be deployed. Non-essential cookies are those which are used for analytical purposes or to assist with advertising. Even cookies that customise a website (such as providing a greeting message) are deemed to be non-essential.

Essential cookies are generally those which enable an online checkout process to work properly - or if required for technical or security purposes. For example, strictly necessary cookies are essential cookies. Consent must not typically be given for essential cookies, however, you should clearly explain to website users what these cookies do and why they are necessary. 

For more information, read Data privacy and cookies and the ICO’s guidance.

To be valid, consent must be freely given, specific and informed. It must involve some form of unambiguous positive action – for example, ticking a box or clicking a link. The user must also fully understand that they are giving you consent. Clear positive action must be more than the user continuing to use your website. 

Further, to ensure that consent to cookies is freely given, you should provide users with the means to easily enable and disable non-essential cookies (eg through a preference centre).

Generally, for functionality cookies to be placed on a user’s computer, implied consent will generally suffice as long as your website clearly sets out what constitutes consent (ie continuing to use the website). However, if the functionality cookies enable your website to provide enhanced functionality and personalisation, express user consent (ie through ticking a box) will be required.

For more information, read Data privacy and cookies.

A privacy policy sets out the purpose of data collection on your website, the types of information collected and the scope and limitation of data processing on the website. The collection and use of personal data by online businesses in the UK must comply with the UK data protection laws and the GDPR - having a privacy policy in place allows website operators to comply with their obligations under the law.

How your website handles cookies can be set out in a privacy policy (such as the consolidated Privacy policy available on Rocket Lawyer) or you can have separate privacy and cookies policies.

You should add a link to the cookies policy on every page of your website which collects personal information. Ideally, you should make the website cookies policy available to the users of your website by placing a link in the footer section of every page that users can access.

Ask a lawyer for advice if:

  • your website collects sensitive personal data

  • this document doesn’t meet your specific needs

This policy is governed by the law of England, Wales and Scotland.

Other names for Cookie policy

Website cookie policy, Cookies policy, Online cookie policy.