By themselves, cookies do not collect personal data, but they do collect a lot of information regarding the behavior of a user on the network, so the user should always be informed about it. They are regulated in article 22.2 of the LSSI, which does not refer to cookies inherent to the operation of the web and that serve to remember, for example, the language of web browsing, but to those used to provide other types of information. through programs such as Google Analytics, Disqus, Optimizely or Doubleclick.
Specifically, we use the following cookies:
- _utma, _utmc, _utmz, _utmb: Google Analytics cookies for web analysis. The information collected is completely anonymous, it does not allow visitors to be identified in any way. You can find more detailed information about Google Analytics cookies; https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
- _utma: counts how many times a user visits the website. It also records when it was the first and last time you visited the web. It is a cookie with a permanence of 2 years.
- _utmc, _utmb: Calculate when a session has ended. _utmb records the page arrival time while _utmc checks whether to keep the session open or create a new session. _utmb expires 30 minutes from the last page view record while _utmc is a session variable, so it is automatically deleted when changing websites or closing the browser.
- _utmz: registers the origin of the user, as well as the keywords. It has an expiration of 6 months, although it is renewed each time the website is visited as long as it is not a direct visit.
- wpml: third-party cookie (wpml.org) used to translate the content into the language selected by the user.
Blocking all cookies helps protect privacy, but it can also limit your experience on some websites. If you want to know how to disable cookies in the most popular web browsers, access the following tutorials:
• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Safari para IOS (iPhone y iPad)
• Chrome para Android
If you have any questions or concerns about this Cookies Policy, you can contact us at firstname.lastname@example.org.
Legal consequences in case of infringement
The consequences of publishing an incomplete legal notice, failure to comply with current regulations, or even not publishing it can mean a considerable outlay. According to the section on Violations and Sanctions of the LSSI, infractions are classified as minor, serious and very serious, and can entail a fine of between €600 and €600,000. A minor infraction could be, for example, not informing about the NIF or the codes of conduct to which a website adheres. On the other hand, not making the terms of contests and promotions clear can generate a fine of up to €30,000.
Serious infractions include the massive sending of unauthorized spam, resistance or refusal to inspections by the administration or failure to provide users with the general conditions before starting the contracting of a computer service. The fine for this type of offense can be up to 150,000 euros.
Very serious infringements can be penalized with a fine of up to 600,000 euros. These include non-compliance with the requirements of an administrative body as a consequence of any of the offenses mentioned above.
On the other hand, the infringements of the Data Protection Law, included in article 83 of the GDPR and specified in the new LOPDGDD in arts. 71 to 74, can also cause drawbacks.
The aforementioned article of the GDPR articulates the conditions that determine the imposition of administrative sanctions and their maximum amount, established based on the article infringed:
- 10,000-000 euros maximum or 2% maximum of the total annual global business volume of the previous year if it is a company for the offenses included in art. 83.4.
- A maximum of 20,000,000 euros or a maximum of 4% of the total annual turnover of the previous year if it is a company for violations of the provisions contained in art. 83.5.
It is interesting to note that the LOPD specifies and expands the cases that will be considered infringements, which are distinguished as very serious (or substantial breaches), serious (substantial violations) and minor (formal violations). The sanctions are quantified according to the individual case and taking into account the provisions of art. 83.2 of the GDPR.
It is necessary to underline that these infractions and their corresponding sanctions affect not only the pocket of the administrator of a website, but also the public image of a brand or company –particularly, towards its clients. Today it is common for various web pages to share their legal notices and, although this may work in a few cases, it is not entirely recommended. If you are thinking of creating a web page, it will never hurt to dedicate the necessary time to an element of such relevance to the health of the web page and the reputation of your project.
Fortunately, it is possible to find free models that can be downloaded online, as well as automatic generators of legal notices that save investment and future problems. Likewise, the National Institute of Cybersecurity makes valuable resources and tools available to companies. With all this, it is recommended once again to go to a competent authority to review the final text before its publication, given the large number of variables that influence its wording and the seriousness of the consequences that a poorly written or erroneous text could cause.