Information for COMPLIANCE with the GDPR and LSSI regarding cookies
With the entry into force of the GDPR, cookies face two types of obligations, those established by Law 34/2002, of 11 July, on information society services and electronic commerce (LSSI, national legislation), and those established by Regulation (EU) 679/2016 (General Data Protection Regulation or GDPR, European directly applicable regulations). In addition, the future Organic Data Protection Law (LOPD, national GDPR development regulations) will apply.
The instructions contained in this document allow the use of cookies in accordance with the regulations in force, complying with the different obligations established, in particular as regards the processing of personal data collected through cookies. Information on cookies should be structured into two levels:
- Top-level information (cookie banner):
-
- The first level information must be included as a banner and must appear at the time when a user who is detected that has not previously accepted cookies, accesses the website.
-
- The banner will be maintained as long as the user does not close it or accepts the corresponding cookies (all or only some).
-
- The user must be able to accept all cookies at once (green button – I accept all cookies), or only certain cookies (consent could be marked for each of the cookies, or a consent for each category of cookies) may be marked). It would be advisable to include a red button to reject them all.
-
- The boxes by which we will obtain consent may NEVER be premarked. A button indicating a phrase equivalent to “I accept all cookies” may also be used to obtain consent.
-
- Cookies should not be uploaded to the user’s computer, except for the techniques or necessary for the operation of the basic features of the website (those that do not collect personal data, nor IPs, etc.).
-
- The consents obtained must be recorded in logs, so that they can be accessed later.
- Second-level information (Cookies Policy):
-
- It should be included in a specific section of the website, to which it is redirected from all mentions to “Cookies Policy”.
-
- The different cookies used must be specified in each of the tables, depending on their typology.
-
- A mechanism should be implemented within the second layer to revoke the consents given regarding the use of cookies.