Introduction
Note: This advice relates to UK compliance and may also be relevant to EU compliance given that much of the UK legislation in these areas derives from EU legislation. However, different laws do apply within the EU despite these similarities and different laws apply outside the EU and UK. We recommend that if you are selling in countries outside the UK, consideration of each relevant country’s laws is done to ensure compliance and local law advice is taken. Do not rely on this advice to ensure compliance with laws that apply outside the UK.
In the UK, the use of cookies, as well as marketing directly to individuals using electronic means (such as email, SMS etc.) is governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), which sit alongside the UK GDPR.
Broadly, PECR provides that the consent of the recipient / user is required:
- to store a cookie on a user’s ‘terminal equipment’ (e.g. a computer or smartphone), unless that cookie is “strictly necessary” to provide a service requested by the user; and
- to send that person marketing materials through electronic means, unless the ‘soft opt-in’ applies.
WiBT will therefore need to obtain consent to make use of cookies which are not “strictly necessary”, and to send promotional materials to individuals.
Consent under the UK GDPR must:
- be freely given, specific and informed;
- be clear, concise and provide a specific statement of consent;
- be capable of being evidenced, showing a clear, affirmative act from the data subject providing the consent;
- be provided in an intelligible and easily accessible form, using clear and plain language and without unfair terms;
- be provided with a positive opt-in. Pre-ticked boxes or any other method of default consent should not be used;
- be separate from other terms and conditions;
- be specific and ‘granular’ so that WIBT collects separate consent for separate activities. Vague or blanket consent is not usually sufficient;
- provide detail of any third party controllers who will rely on the consent;
- be easy for people to withdraw, and individuals must be provided with clear information to tell them how to do so;
- be under regular review, and consent should be re-sought if anything changes; and
- must not be a precondition of a service.
Where processing is based on the data subject’s consent, WIBT should be able to demonstrate that the data subject has given consent to the processing operation, with safeguards in place to ensure that the data subject is aware not only that they are providing consent, but also to the extent to which it is given.
We recommend that WiBT keep all records of consent they receive in their CRM system or equivalent, including who, when, how and what the data subjects have agreed to.
There are also certain disclosure requirements for companies under the Company, Limited Liability Partnership and Business (Names and Trading Disclosures) Regulations 2015 which will apply to WiBT in relation to its website generally.
General information to be provided
The E-Commerce Regulations require that the providers (in this case, WiBT) must:
- provide certain information about themselves and about how contracts concluded through electronic means will be made; and
- ensure commercial communications are clearly identifiable as such; and
- ensure information is made easily, directly and permanently accessible.
Consent to Cookies
We have prepared the following cookie consent capture language (set out in blue) for use on WiBT’s website. In order to comply with the relevant laws under PECR and the UK GDPR, it is customary for a banner to appear when a user first lands on the website which provides initial consent language. WiBT’s website should also include functionality enabling a user to adjust the cookie consent settings.
As previously discussed, the EU/UK has strict rules about the use of cookies/analytics tools, including that users must consent to the placement of all non-essential cookies. Continued use of the website alone (i.e. essentially “implied consent”) does not constitute consent to place cookies, so we have drafted the cookie capture banner language as a cookie consent collection mechanism that is compliant with EU and UK requirements (to the extent there is currently a difference following Brexit).
Cookie Banner Language
Instructions: This banner should appear when individuals visit the WiBT website.
We Care About Your Privacy
We store and/or access information on a device, such as unique IDs in cookies. These are used to help operate our site, as well as to select, provide and measure personalised ads and content, audience insights and product development. You may accept or manage your choices below, and may change your choices or exercise your rights (including withdrawing consent or objecting to our use of data at any time). Our Privacy and Cookies Policy [LINK] provides information and shows you how to contact us.
[Accept All Cookies] [Necessary Cookies Only] [Manage My Cookies]
Cookie Management Language
Instructions: If the user clicks on “Manage My Cookies” in the Cookie Banner, they should be taken to a section which allows them to choose whether or not they accept cookies that are not strictly necessary. Ideally users would also have this choice (e.g. if they wish to change their preferences at any time) via the user’s account settings (online).
Manage My Cookies
Use this page to learn about our cookies and to choose your settings. For more information, see our Privacy and Cookies Policy [LINK].
Strictly Necessary Cookies
These cookies are necessary for our website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
View Strictly Necessary Cookies
Analytics and Performance Cookies [
I Accept]
These cookies tell us how visitors use our website. This may include allowing us to count visits and traffic sources so we can measure and improve the performance of our website. This helps us to know which pages are the most and least popular and to see how visitors move around the website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
View Analytics and Performance Cookies
Functionality Cookies [
I Accept]
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
View Functional Cookies
Marketing and Targeting Cookies [
I Accept]
These cookies may be set through our website. They may be used by third parties to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.
View Marketing and Targeting Cookies
Account related cookies [I Accept]
If you create an account with us then we will use these cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.
View Account related Cookies
Email newsletters related cookies [I Accept]
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users
View Email newsletters related Cookies
Surveys related cookies [I Accept]
From time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages.
View Surveys related Cookies
Forms related cookies [I Accept]
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
View Forms related Cookies
Social media buttons and/or plugins [I Accept]
We use these on our website to allow you to connect with your social network in various ways. For these to work, the following social media sites including; Facebook and Google [PLEASE SPECIFY] will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for purposes outlined in their privacy policies.
View Social media buttons and/or plugins Cookies
[Accept All Cookies]
The Company, Limited Liability Partnership and Business (Names and Trading Disclosures) Regulations 2015 require WiBT to display its registered name on its website. Although it does not need to be on every page of the website it should be placed where it can be easily read.
In addition, WiBT must display on its website:
- The part of the UK in which it is registered (i.e. England & Wales);
- Its registered number; and
- Its registered office address.
Date: 15 June 2022
PENNINGTONS MANCHES COOPER LLP