The main obligations with regard to cookies are established below, including: information for users about the type of cookies used by the website, the purpose of these cookies, user consent, how consent is requested, legal notice, cookies policy, etc.
Cookies are files that are stored on a user’s computer when they browse the Internet. They contain a number that is used to uniquely identify the user’s computer, even if they change location or IP address.
Cookies are installed during Internet browsing, either by the websites that the user visits or by third parties related to the website. They inform the website about user activity on this website or on others that are related to it, for example: the access point, connection time, device used (fixed or mobile), operating system, browser, most visited pages, number of clicks and data related to the user’s behaviour on the Internet.
This website is accessible without cookies, although deactivation may prevent the proper operation of such site.
Cookies can be classified according to the company that manages them, the time they remain activated on the terminal equipment and their purpose.
The main obligation for companies or information society service or Internet providers with regard to websites, platforms or IT applications, is established by article 22.2 of the Law on the Information Society and E-Commerce Services:
“Service providers may use storage and data recovery devices on user terminal equipment provided that the user has given their consent after having been provided with clear, full information regarding their use, specifically, the purposes of data processing, in accordance with Organic Law 03/2018 of 5 December on Personal Data Protection.”
These cookies are not within the scope of article 22.2 of the Law on the Information Society and E-Commerce and therefore it shall not be necessary to inform users or obtain their consent for their use. However, it shall be necessary to inform users and obtain their consent for the installation and use of any other type of cookies (own or third party, session, persistent) as they are subject to article 22.2 of the Law on the Information Society and E-Commerce and the guidelines stated in this document will be useful for their application.
Any cookies that will be installed or used must be identified and they should be analysed to determine whether they are own, third party, session or permanent cookies. Their function must be determined to decide whether or not they fall within the scope of article 22.2.
The second section of article 22 of the Law on the Information Society and E-Commerce establishes that users must be provided with clear and full information about the use of storage and data gathering devices and, specifically, the purposes of data processing, in accordance with Organic Law 15/1999 of 13 December on Personal Data Protection.
Therefore, the information given about cookies when consent is requested must be sufficiently thorough to ensure that users can understand why they are being installed and what they are used for.
This compulsory information should be offered for several different systems. As shall be seen below, in general, consent to install the devices is requested from users when providing the necessary information. The most common methods for providing the information are:
Acceptance may be withdrawn by modifying browser content and privacy configuration options. The Owner recommends that users check their browser’s help menu or visit the help websites of the main browsers: