Cookies are bits of data that are placed in a person's browser by a website. The most common uses of cookies are to make the online experience easier, by remembering recent activity or user preferences. However, cookies are also responsible for the fact that the ad for those shoes is following you around the web.
Why Care About Cookies?
The European Union’s ePrivacy Directive (amended in 2009) set requirements that online users need to be informed of cookies before they are set. This is commonly referred to as the EU “Cookie Law”. The subsequent EU General Data Protection Regulation (effective in 2018) asserts that cookies are used to identify users, qualify as personal data, and are subject to GDPR. Therefore, cookies are governed by both the EU’s General Data Protection Regulation (GDPR) and the ePrivacy Directive.
The EU is currently working on the ePrivacy Regulation to replace the ePrivacy Directive - stay tuned for more changes.
Who is Subject to GDPR and the Cookie Law?
The GDPR protects EU residents and citizens from losing control of their personal information. The GDPR applies if your business:
- Offers services and goods to EU citizens or residents
- Monitors visitor behavior and attracts EU citizens or residents
As an example, if your country business is based in the United States or Australia but anyone from countries such as Italy, France, or Germany visits your website, you're technically responsible for data captured about them.
How To Comply
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
- Receive users’ consent before you use any cookies except strictly necessary cookies*.
- Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
- Document and store consent received from users.
- Allow users to access your service even if they refuse to allow the use of certain cookies
- Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
* Strictly necessary cookies are essential for you to browse a website and use its features, such as accessing secure areas of the site. While it is not required to obtain consent for these cookies, what they do and why they are necessary need to be explained to the user.
How to Address Cookies in Your Crowdstack
For Crowdstack, the ToS can be configured at Manage > Settings > Registration Settings (Under the General category). You have the option of linking to a URL or creating the ToS directly in this setting area. You can require the ToS to be reviewed and accepted at registration, re-agree upon any updates, and allow users to revoke their agreement.
In order to support our Crowdstack customers who need to comply with this directive, we are offering some sample text that can be included in your Terms of Service.
Note: This wording is offered as an explanation of how Crowdstack handles cookies, to support your compliance efforts. If you're concerned about complying with the EU ePrivacy Directive and GDPR, we strongly recommend that you consult a solicitor or lawyer who is familiar with it.
Cookies Associated with the Crowdstack Platform
Our website uses the Crowdstack platform. Crowdstack, in order to enhance your experience with the site, may use any or all of the following types of cookies: session cookies used for load balancing purposes, a “remember me” cookie which must be proactively enabled by the user, authentication cookies that support session timeout recovery, a user ID cookie, a time-of-visit cookie, and a last authentication cookie. None of these cookies contain any personally identifiable information, and do not track user’s activities beyond this specific Crowdstack site.
Additionally, Crowdstack sites may place Google Analytics cookies, which provide aggregated user data to the administrator. These cookies do not contain any personally identifiable information either.
By registering with our site, you are agreeing that you are aware of, and accept the possible placement of, these cookies.
If you are running third-party ads on your Crowdstack site, you should include wording that covers the cookies that may be set by those as well. If you include cookies that are not deemed strictly necessary and by a third party (e.g. ads), you may also be required to provide a cookie consent and store the related information.