Cookies are small text files (containing letters and digits) stored on your device by a web server. Cookies are used by the web server when you are back on that web site) to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
A cookie is not a virus (because it contains no executable code) and doesn't nu affect your device. A cookie does not includes identification informations
A cookie has a name, a content &and a life time. For example Google Analytics cookie named __ga expire after 2 years. A cookie can be removed (deleted) by you any time using your browser's settings.
You can block the storage of cookies on your device using the browser's setting, but if you do this you may not use all the functions of a web site.
Also, you can prevent the tracking cookies (includind IP address) and the pesonal data processing by Google.
To find out more info about cookies go to the web site https://www.allaboutcookies.org/
Google Analytics is a web analytics service offered by Google Inc., what creates and stores in cookies (when you access a web page) the next informations:
Google Analytics cookies info are stored on a server from United States and it creates statistics on these data. These data will be deleted after 14 months. There are no connection between IP addresses and other Google's data and Google Analytics reports contain no mention about individuals.
Find out more about what cookies creates Google on your device and how it uses them, accessing:
If you access the subsequent web address you'll find out about how cookies are used in online publicity: https://www.youronlinechoices.com/en/
What is the GDPR?
The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data. It is the most significant initiative on data protection in 20 years and has major implications for any organization in the world, serving individuals from the European Union.
To give people control over how their data is used and to protect "fundamental rights and freedoms of natural persons", the legislation sets out strict requirements on data handling procedures, transparency, documentation and user consent.
Any organization must keep record of and monitor personal data processing activities. As data controller, any organization must keep record of and monitor personal data processing activities. This includes personal data handled within the organization, but also by third parties - so called data processors.
Data processors can be anything from Software-as-a-Service providers to embedded third party services, tracking and profiling visitors on the organization's website.
Both data controllers and processors must be able to account for what kind of data is being processed, the purpose of the processing and to which countries and third parties the data is transmitted.
If personal data is being sent to organizations or jurisdictions beyond the reach of the GDPR or that are not deemed 'adequate' by the GDPR, one must inform the user specifically about this and the risks involved. All consents must be recorded as evidence that consent has been given.
No processing of sensitive personal data is allowed without a person's explicit consent. For non-sensitive data, implied consent will do. In either case the consent must be freely given on basis of clear and specific information about data types and purpose - and always before any processing takes place, also known as "prior" consent. All consents must be recorded as evidence that consent has been given.
Individuals now have the "right of data portability", the "right of data access" along with the "right to be forgotten" and can withdraw their consent whenever they want. In such case the data controller must delete the individual's personal data if it's no longer necessary to the purpose for which it was collected. In case of a data breach, the company must be able to notify data protection authorities and affected individuals within 72 hours.
GDPR imposes an obligation on public authorities, organizations with more than 250 employees and companies processing sensitive personal data at a large scale to employ or train a data protection officer (DPO).
The DPO must take measures to ensure GDPR compliance throughout the organization.
What is the definition of personal data?
The GDPR defines personal data as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." Online identifiers such as IP addresses now qualify as personal data, unless anonymized. Pseudonymized personal data is also subject to the GDPR, if it by reverse engineering is possible to identify whose data it is.
What does the GDPR mean for my website?
You must also make available en easy way for the visitor to change or withdraw consent. All consents must be logged as proof and all tracking of personal data, also by embedded third party services, must be documented, hereunder to which countries data is transmitted.
GDPR enforcement date: 25th of May 2018
The EU data protection reform was adopted by the European Parliament and the European Council on April 27th, 2016. The European Data Protection Regulation is applicable as of May 25th, 2018, and replaces the Data Protection Directive.
The rights of person (user, visitor)
Besides the right to withdraw consent, the person has the subsequent rights:
The right to privacy
Personal data of the user must not to be revealed to others.
The right to information (right to access)
The person has the right to be informed, for free, on demand, about the personal data stored.
The right to rectify inaccurate data
The person has the right to ask the correction of inaccurate personal data or the filling in incomplete personal data.
The right to be forgotten
The person has the right to demand imediate removal of his stored personal data.
The right to restrict the processing of personal data
The person has the right to restrict the processing of his personal data.
The right to data portability
The person has the right to transfer his personal data to another data operator.