Form Cookies & Privacy

Being transparent in relation to the information collected and what that data will be used for is a legal requirement for owners of websites and Forms.

To ensure compliance with data processing legislation it is important to consider the details of how the information will be explained to visitors of Forms.

Cookie Usage

Forms use two types of cookies, one for identifying the User / tracking interaction and the other to support the current session.

For Landing Pages, cookies are dropped on the Tracking Domain used in the URL and for Embedded Forms and Popups they are dropped on the domain of the website where they are implemented.

Encrypted User ID Cookie

This cookie has a structured naming convention, starting with the prefix of 'IAT', so that it can be easily identified.

The prefix is followed by a unique ID that identifies the Form within the application and has a suffix of 'euid' to specify that the cookie contains an encrypted User ID.

Each piece of information is separated with a hyphen like this IAT-UNIQUE ID-euid e.g. IAT-5ea9d7664855c8-17489459-euid

No personal data is stored in this Cookie and expiry is 365 days.

Session Cookie

This cookie has a structured naming convention, starting with the prefix of 'IFB', so that it can be easily identified.

The prefix is followed by a unique session ID and has a suffix of 'session' to specify that the cookie contains session information.

Each piece of information is separated with a hyphen like this IFB-UNIQUE SESSION ID-euid e.g. IFB-5eed3aecb68758-41288020-session

No personal data is stored in this Cookie and expiry is 20 minutes.

Popup Cookies

Two variations of IAT cookies are used to track popup submission and dismissal.

The naming convention is the same as the Encrypted User ID cookie above but the suffix changes based on the tracked interaction i.e.

  • dismissed
  • submitted

No personal data is stored in these Cookies and expiry is controlled by the popup display options set in the Preview page of the popup.

Privacy & Consent

It is the Form owners responsibility for obtaining consent and for ensuring visitors are aware, and are in acceptance, of related Terms of Service and Privacy Policy.

Ideas for obtaining consent:

  • Use a Data Processing and / or Marketing consent checkbox
  • Display clear information e.g. "By clicking 'Submit' I accept the Privacy Policy."
  • Include links to Terms of Service & Privacy Policy on the Form

Well written privacy notices clearly define the scope of data processing and some of the things that need to be considered are:

  • The type of data being collected - email address, first name, last name etc.
  • Planned usage of the information once collected
  • How people can get in touch to ask questions about data processing

More details of how data is processed by the application once collected can be found in the Privacy Notice.

Related Pages