Cookie Policy
INFORMATION ABOUT THE USE OF COOKIES ON THE WEBSITE: WWW.LATUE.COM
The use of cookies involves the processing of personal data. Therefore, compliance with data protection regulations must be ensured. According to the second section of Article 22 of the LSSI:
“Service providers may use data storage and retrieval devices on the end devices of recipients, provided that they have consent from the recipients after being provided with clear and complete information about their use, in particular, about the purposes of data processing, in accordance with Organic Law 15/1999, of December 13, on Personal Data Protection. When technically possible and effective, the recipient’s consent to accept the processing of data may be provided through the appropriate browser settings or other applications. This will not prevent possible technical storage or access solely for the purpose of transmitting a communication over an electronic communications network or, as strictly necessary, for the provision of an information society service expressly requested by the recipient.”
Therefore, cookies used for one of the following purposes are exempt from these obligations:
Allowing communication between the user’s device and the network.
Strictly providing a service explicitly requested by the user.
According to Opinion 4/2012 of the GT29, it is interpreted that the following cookies are exempt:
User input cookies.
Authentication or user identification cookies (session-only).
User security cookies.
Multimedia player session cookies.
Load balancing session cookies.
User interface customization cookies.
Certain plug-in cookies for sharing social content.
For these types of cookies, user consent is not required. For transparency, it is recommended to inform users about them in the cookie policy (e.g., “this website uses cookies that allow the functioning and provision of the services offered”).
On the other hand, it is necessary to inform and obtain consent for the use of any other type of cookies, whether first-party or third-party, session or persistent cookies. This article refers to the use of cookies and similar technologies used to store and retrieve data from a terminal device. The mentioned regulation is also applicable to the use of fingerprinting techniques, i.e., techniques for taking a digital fingerprint.
Similarly, it should be noted that a single cookie may serve more than one purpose (multipurpose cookies), meaning that it is possible for a cookie to be exempt from the application of Article 22.2 of the LSSI for one or more of its purposes and not for others, with the latter remaining subject to the scope of this provision.
TYPE OF COOKIES ACCORDING TO THE ENTITY THAT MANAGES THEM
First-party cookies: These are cookies for which the editor is responsible and are typically sent to the user’s device from a system or domain managed by the editor, from which the service requested by the user is provided.
Third-party cookies: These are cookies for which an entity other than the editor is responsible and are typically sent to the user’s device from a system or domain not managed by the editor but by another entity that processes the data obtained through the cookies.
TYPES OF COOKIES BASED ON THEIR PURPOSE
Based on the purpose for which the data obtained through cookies is processed, some of the purposes may include:
Technical cookies: These cookies allow the user to navigate a website, platform, or application and use the various options or services available, including those used by the editor to manage the website and enable its functions and services, such as controlling data traffic and communication, identifying the session, accessing restricted areas, remembering items in an order, completing the order process, managing payments, preventing fraud linked to service security, registering for an event, counting visits for software license billing, using security features during navigation, storing content for video or audio distribution, enabling dynamic content (e.g., text or image loading animation), or sharing content on social networks.
These cookies are also part of this category due to their technical nature, those that allow the most effective management of advertising spaces included in the website, application, or platform, based on criteria such as edited content, without gathering information for other purposes such as personalizing that advertising content.
Preference or personalization cookies: These cookies allow the user to access a service with specific characteristics that differentiate their experience from others, such as the language, number of results to display when the user performs a search, appearance, or content of the service based on the browser or region from which the user accesses the service.
If the user selects these features (e.g., choosing the language of a website by clicking on the appropriate flag icon), the cookies will be exempt from the obligations of Article 22.2 of the LSSI because they are considered a service explicitly requested by the user, provided the cookies are used exclusively for the selected purpose.
Analysis or measurement cookies: These cookies allow the responsible party to track and analyze user behavior on the linked websites, including measuring the impact of ads. The data collected through these cookies is used to measure website activity and improve services based on user data analysis.
Behavioral advertising cookies: These cookies store information about user behavior obtained through continuous observation of browsing habits, which allows creating a specific profile to display ads accordingly.
TYPES OF COOKIES ACCORDING TO THE TIME THEY REMAIN ACTIVE
Session cookies: These are designed to collect and store data while the user accesses a website. They are typically used to store information that is only relevant for a single session (e.g., a list of purchased items) and disappear when the session ends.
Persistent cookies: These cookies store data on the device and can be accessed and processed during a defined period set by the cookie’s responsible party, ranging from a few minutes to several years.
When installing persistent cookies, it is recommended to limit their duration to the minimum necessary for their intended purpose.
WHAT INFORMATION SHOULD BE PROVIDED TO THE USER
The information should be clear and complete, allowing users to understand the purposes and use of cookies when requesting consent. It should also identify who uses the cookies, whether they are processed solely by the editor and/or third parties, with identification of the latter.
EXAMPLE:
What types of cookies are used on this website?
Analysis cookies: These are cookies that, processed by us or third parties, allow us to quantify the number of users and perform statistical measurement and analysis of how users use the offered service. To do this, we analyze your navigation on our website in order to improve the range of products or services we offer.
Behavioral advertising cookies: These are cookies that, processed by us or third parties, allow us to analyze your browsing habits on the internet so that we can show you advertisements related to your browsing profile.
In the case that the editor cannot offer a sufficient explanation about the purpose of the cookies used by third parties or how to delete them, they may provide this information by including a link to the third party’s website.
If the editor’s cookie management or configuration system does not allow the use of third-party cookies to be avoided once accepted by the user, information should be provided about the tools available from the browser and third parties, and it should be warned that, if the user accepts third-party cookies and later wishes to delete them, they must do so through their own browser or the system provided by third parties for that purpose. To this end, and without prejudice to the need to have the corresponding cookie management or configuration system as indicated in the previous paragraph, the following additional information may be provided: “Please note that if you accept third-party cookies, you must delete them from the browser options or from the system provided by the third party.”
Similarly, if data transfers to third countries occur, it should be informed, and in such cases, the article of the GDPR that permits the transfer must be specified.
Clear and simple language must be used. For example, phrases like “we use cookies to personalize your content and create a better experience for you” or “to improve your browsing” or phrases like “we may use your personal data to offer personalized services” should be avoided when referring to behavioral advertising cookies. Terms like “may,” “could,” “some,” “often,” and “possible” should also be avoided.
The information must be easily accessible; the user should not have to search for the information. It should be evident where and how to access it. A clearly visible link should be provided, leading to the information under a common term such as “cookie policy” or “cookies.”
Moreover, in the case that a user provides consent for the use of cookies, the information should still be easily accessible on the page or application. It is advisable that the information regarding how to manage cookies (including how to revoke consent and delete cookies) be available in an accessible and permanent manner at all times through the relevant website, application, or online service.
LAYERED INFORMATION
Essential information should be displayed in a first layer when accessing the page or application and completed in a second layer via a page offering more detailed information.
The first layer can be identified under a common term (e.g., “cookies”) and should include the following information:
Identification of the editor responsible for the website. The company name is not necessary.
Identification of the purposes of the cookies.
Information on whether the cookies are first-party (responsible for the website) or third-party, without the need to identify third parties in this first layer.
Information about the types of data to be collected in the case of user profiling (e.g., behavioral advertising cookies).
The method by which the user can accept, configure, or reject the use of cookies.
A clearly visible link directing to a second layer, using terms such as “more information, click here,” “cookie policy,” or similar. The configuration panel may be integrated into this second layer, provided that, when accessing it, the user can directly access it, i.e., the user should not have to navigate through the second layer to locate it.
This information should be provided before the use of cookies, including, where appropriate, their installation, in a format that is visible to the user and should remain until the user takes the required action to give consent or reject it.
Thus, the first layer should contain:
A button or equivalent mechanism to accept the use of cookies.
A button or equivalent mechanism, similar to the above, to reject the use of cookies.
A button or equivalent mechanism (it does not have to be identical to the previous ones) that leads to a configuration panel allowing the user to accept or reject cookies in a granular way, at least based on their purpose.
Regarding these mechanisms, they should not give the user the impression that they must accept cookies in order to browse the website. The color or contrast of the text and buttons should not be misleading to users, leading to involuntary consent (for example, “accept” in bright green and “reject” and “configure” in softer colors).
Example 2:
Cookies
We use first-party and third-party cookies to analyze the use of the website and show you ads related to your preferences based on a profile created from your browsing habits (e.g., pages visited). More information. Do you accept cookies?
NO YES
If the “Yes” button is not clicked, the user is not authorizing the use of cookies (therefore, the use of cookies is not legitimate if the user does not click the button to accept cookies and simply continues browsing).
The configuration panel should clearly indicate how to save the selection made by the user. For this purpose, a button with text such as “Save selection,” “Save settings,” or similar would be valid. To facilitate the selection, the panel may also include two buttons: one to select all cookie categories and another to reject all if the user has previously selected them. This option is recommended, especially when the number of categories the cookies are classified into is large. If the user saves their choice without selecting any cookies, it will be considered as rejecting all cookies. It should be noted that pre-checked options to accept cookies are never acceptable for valid consent.
In this configuration panel, the following issues should be considered:
Cookies should be grouped at least by their purpose.
Within each purpose, they may also be grouped according to the third-party responsible for them.
For third-party cookies, it is sufficient to identify them by their trade name.
The selection of cookies one by one should be avoided, as an excess of information may hinder decision-making.
CONSENT UPDATE
It is considered good practice that the validity of the consent given by a user for the use of a particular cookie does not exceed two years, and during this time, the selection made by the user regarding their preferences should be kept, without requiring new consent each time they visit the page.
WITHDRAWAL OF CONSENT
Users should be able to withdraw their consent at any time. For this, users must have easy and permanent access to the cookie configuration system.
POSSIBILITY OF DENYING ACCESS TO THE SERVICE IN CASE OF COOKIE REJECTION
For consent to be free, access to services and functionalities should not be conditional on the user’s acceptance of cookie usage. There may be certain situations where not accepting the use of cookies prevents access to the website or the full or partial use of the service, as long as the user is adequately informed and an alternative (not necessarily free) method of accessing the service without accepting the use of cookies is offered.
1 Guide on the Use of Cookies. JULY 2023. AEPD. https://www.aepd.es/es/documento/guiacookies.pdf
