About cookies

What is a cookie?
A cookie is a small file, usually made up of letters and numbers, that is downloaded into the memory of a computer (or other equipment used for online browsing - mobile phone, tablet, etc.), when the user accesses a certain website.

Cookies are created when the browser used by a user displays a specific website. The website transmits information to the browser, and it creates a text file. Each time the user accesses the website again, the browser accesses and transmits this file to the website server. In other words, the cookie can be seen as an identification card of the Internet user, which announces the website every time the user returns to that site.

The purpose of cookies

Cookies can provide faster and easier interaction between users and websites. For example, when authenticating a user on a particular website, the authentication data is stored in a cookie; later, the user can access that site without having to log in again.

In other cases, cookies may be used to store information about the activities carried out by the user on a particular web page, so that he can easily resume those activities at a later access to the site. Cookies tell the server what pages to show the user so that they do not have to remember this or navigate the entire site from the beginning. Thus, cookies can be assimilated to "bookmarks" that tell the user exactly where he stayed on a website.

Similarly, cookies can store information about products ordered by the user on an e-commerce site, thus making the concept of "shopping cart" possible.

Cookies may also give websites the ability to monitor users' online activities and to establish user profiles, which may then be used for marketing purposes. For example, based on cookies, the products and services agreed by a user can be identified, this information being subsequently used to send appropriate advertising messages to that user.

It is important to mention that Romanian websites have the obligation to publicly specify whether they use cookies and for what purpose

Cookie types

Online session-specific cookies

Web pages have no memory. A user who navigates from one web page to another will be considered by the website as a new user. Session-specific cookies usually store an identifier that allows the user to move from one web page to another without having to enter identifying information each time (username, password, etc.). Such cookies are widely used by commercial sites, for example, to keep track of products added by a user in the shopping cart. When the user visits a certain page of a product catalog and selects certain products, the cookie retains the selected products and adds them to the shopping cart, which will contain all the selected products when the user wants to leave the page. >

Session-specific cookies are stored in the user's computer memory only during an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period of time (usually 20 minutes).

Permanent, persistent or stored cookies

Persistent cookies are stored on the user's computer and are not deleted when the browsing session is closed. These cookies may retain the user's preferences for a particular website, so that they can be used in other Internet browsing sessions.

In addition to authentication information, persistent cookies may also retain details about the language and theme selected on a particular website, site menu preferences, favorite pages within a site, etc. When the user accesses a site for the first time, it is presented in the default mode. Subsequently, the user selects a series of preferences, which are then retained by cookies and used when the user accesses the site again. For example, a website offers its content in several languages. On the first visit, the user selects the English language, and the site retains this preference in a cookie. When the user visits the site again, the content will be automatically displayed in English.

Persistent cookies can be used to identify individual users and thus to analyze online user behavior. They can provide information about the number of visitors to a website, the time (on average) spent on a given page, and, in general, the performance of a website. These cookies are configured to track users' activities for a long period of time, in some cases even years.

Flash cookies

If the user has Adobe Flash installed on their computer, small files can be stored in that computer's memory by websites that contain Flash items (such as videos). These files are known as "local shared objects" or "flash cookies" and may be used for the same purposes as regular cookies.

When regular cookies are deleted via browser functions, flash cookies are not affected. Thus, a website that uses flash cookies may recognize a user on a new visit, if the data specific to the deleted cookies have also been retained in a flash cookie.

Because flash cookies are not stored on the user's computer in the same way that regular cookies are stored, they are more difficult to identify and delete. Banks and financial sites use such cookies for this very reason. Because they are difficult to identify, these cookies are stored on users' computers to allow users to authenticate and prevent fraud, as potential offenders may have the username and password to authenticate, but do not have access to the user's computer. Thus, cookies act as a second level of authentication, in addition to the username and password.

First party cookies vs. third party cookies

Each cookie has an "owner" - the website / Internet domain that places that cookie.

First party cookies are placed by the Internet domain / website accessed by the user (whose address appears in the browser's address bar). For example, if the user visits www.apti.ro, and the domain of the cookie placed on his computer is www.apti.ro, then it is a first party cookie.

A third party cookie is placed by a different Internet domain / website than the one accessed by the user; this means that the accessed website also contains information from a third party website - for example, an advertising banner that appears on the accessed website. Thus, if the user visits www.apti.ro but the cookie placed on his computer has the domain www.trafic.ro, then it is a third party cookie.

Working Party Article 29 (composed of the national data protection authorities of the Member States of the European Union) considers that, from a legal point of view, and taking into account European legislation, the notion of "third party cookie" refers to a cookie placed by an operator [1] distinct from the one who operates the website visited by the user. Third party cookies are not strictly necessary for the user who accesses a website, as they are usually associated with a service distinct from that which has been explicitly "requested" by the user (by accessing the website) .

Cookie access

The cookies used on our site, as well as their use, are presented in the table below:

Google Analytics script cookies that monitor and report traffic to this site.

The cookie needed to display and use the site's chat module, the mode displayed in the lower right corner of each page accessed by the customer.

Google Remarketing script cookies that store information about site visitors in order to display ads after they visit the site

Delete cookies

Detailed information on how to manage, disable and delete cookies using the settings of the browser used for browsing the Internet is available at the following addresses:

Internet Explorer (IE 8, 9 si 10):

Internet Explorer 8
Internet Explorer 9
Internet Explorer 10

Mozilla Firefox
Cookie settings and cookie troubleshooting (enabling and disabling cookies, deleting cookies, blocking certain sites from placing cookies, unblocking the placement of cookies, etc.)

Delete cookies to remove information stored on your computer from other web pages

Google Chrome
Cookie management (deletion, blocking, allowing, setting exceptions, etc.)

Management of cookies and site data

Safari
Manage cookies - Manage cookies (English only)
Safari 6 (OS X Mountain Lion): Manage cookies

Remove cookies - Delete cookies (English only)
Safari 6 (OS X Mountain Lion): Remove cookies and other data

Opera
Cookie management and deletion (English only)

Management of cookies and site data

Useful information

Cookies from the perspective of computer security and privacy

Although cookies are stored in the memory of the Internet user's computer, they cannot access / read other information contained in that computer. Cookies are not viruses. They are just small text files; they are not compiled in code form and cannot be executed. Thus, they cannot auto-copy, spread to other networks to generate actions, and cannot be used to spread viruses.

Cookies cannot search for information on the user's computer, but they do store personal information. This information is not generated by cookies, but by the user, when he completes online forms, registers on certain websites, uses electronic payment systems, etc. Although, as a rule, sensitive information is protected from being accessed by unauthorized persons, it is possible for such persons to intercept the information transmitted between the browser and the website. Although quite rare, such situations can occur when the browser connects to the server using an unencrypted network, such as an unsecured WiFi channel.

To reduce the risk of cookie interception, so-called "secure cookies" or "HttpOnly cookies" can be used. "Secure" cookies are meant to limit the communication of information stored in cookies to encrypted transmission, indicating to the browser to use cookies only through secure / encrypted connections. Thus, if the website uses HTTPS, the cookies related to the site are marked with the "secure" attribute, this preventing their transmission to a non-HTTPS page, even if it is located at the same URL. For example, if google.ro uses a "secure cookie", that cookie can only be obtained by google.ro and only from an https connection (which certifies that the person requesting the cookie is Google Inc and not someone else) . The "HttpOnly" attribute instructs the browser to use cookies only through the HTTP protocol (which also includes HTTPS). An HttpOnly cookie is not accessible through non-HTTP methods, such as JavaScript, and cannot be the target of cross-site scripting attacks. [2]

Another source of concern is the use of cookies for behaviorally targeted advertising purposes. Thus, cookies can be used by online advertising companies to monitor the user's online behavior and preferences, in order to identify and deliver to the user the most relevant advertising messages. But these preferences are not expressed explicitly or consciously by the user, but are modeled according to the user's online browsing history, the pages viewed by him, the advertising messages accessed. For example, when the user reads a web page about cars and then moves to another page, car ads will be displayed on the new page, even if it is not related to cars. As the user is not informed that their online actions are being monitored, this raises privacy concerns.

Thus, the use of cookies raises concerns about the use of information retained by these cookies in order to monitor users and use spyware technologies, especially in cases where the information is stored in users' computers and used for their recognition. , without the users' knowledge or consent.

5. Regulating the use of cookies

The use of cookies and the obligations of suppliers are regulated both in the legislation of the European Union and in the national legislation.

Thus, Directive 2002/58 / EC (PDF) on the processing of personal data and the protection of privacy in the electronic communications sector, as amended by Directive 2009/136 / EC (PDF), provides that:

"Art.5 - (3) Member States shall ensure that the storage of information or the acquisition of access to information already stored in the terminal equipment of a subscriber or user is permitted only on condition that the subscriber or user concerned has given his consent. , after receiving clear and complete information in accordance with Directive 95/46 / EC, inter alia, on the purposes of processing, which does not prevent the storage or technical access for the sole purpose of transmitting the communication through a communications network. electronic communications or if this is strictly necessary in order for the provider to provide an information society service expressly requested by the subscriber or user. "

These provisions have been transposed into national legislation in Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, with subsequent amendments and completions:

"Art.4 -

(5) The storage of information or the obtaining of access to the information stored in the terminal equipment of a subscriber or user is allowed only with the cumulative fulfillment of the following conditions:

- the subscriber or user in question has expressed his agreement;

- the subscriber or user in question was provided, prior to the expression of the agreement, in accordance with the provisions of art. 12 of Law no. 677/2001, with subsequent amendments and completions, clear and complete information that:

- be presented in easy-to-understand language and be easily accessible to the subscriber or user;

- to include mentions regarding the purpose of processing the information stored by the subscriber or user or the information to which he has access.

If the provider allows third parties to store or access information stored in the subscriber's or user's terminal equipment, the information in accordance with points (i) and (ii) will include the general purpose of the processing of this information by third parties and how the subscriber or user can use the settings of the internet browsing application or other similar technologies to delete the stored information or to deny third parties access to this information.

- (51) The agreement provided in par. (5) lit. a) may also be given by using the settings of the Internet browsing application or other similar technologies through which it can be considered that the subscriber or user has expressed his agreement.

- (6) The provisions of par. (5) are without prejudice to the possibility of storing or technically accessing the information stored in the following cases:

- when these operations are performed exclusively for the purpose of transmitting a communication through an electronic communications network;

- when these operations are strictly necessary in order to provide an information society service, expressly requested by the subscriber or user. "

According to these provisions, the use of third party cookies is allowed under the following conditions:

- informing users, in a clear, complete and easily accessible manner, about:

- placing, by a certain website, cookies in the memory of the user's computer;

- the purpose of using cookies (the information stored in cookies and the purpose for which this information is used);

- the ways in which the user can delete cookies or refuse access to third parties to the information stored by those cookies;

- obtaining the user's consent for the placement of cookies and for the use of the information contained therein.

- although the user's consent can be expressed by using the settings of the browser used for browsing the Internet, it is necessary that in this case there is a prior information of the user about the placement of cookies and their purpose.

The exceptions provided in the European and national legislation allow the use of first party cookies without respecting the obligation to obtain the user's consent. In addition, in June 2012, the Article 29 Working Party issued an opinion (PDF) clarifying these exceptions:

- some cookies may be exempted from the obligation to obtain the informed consent of the user under certain conditions and if they are not used for additional purposes. Such cookies include: cookies used to store information entered by a user when filling out an online form, cookies used to store technical data needed to run video and audio content and cookies used to personalize web pages (for example, those that retain preferences for the language in which a website's content is displayed).

- first party cookies do not pose risks to users' privacy if the website provides users with clear information regarding the use of cookies, as well as guarantees regarding the protection of privacy (for example, putting available an easy mechanism by which the user can request that his data not be collected) and if the anonymization of the authentication information is ensured.

Do Not Track Mechanism

As we have shown in point 5, at European level there are regulations regarding the monitoring of online activities of users for marketing purposes, being necessary, in general, to obtain the consent of users for such practices. But in other parts of the world such situations are less regulated. Under these conditions, the World Wide Web Consortium (W3C) is currently working on a technical (and technology neutral) standard - "Do Not Track". This standard can be used by users to tell browsers to signal to advertisers that they do not want their online activities to be monitored.

W3C states that "users have the right to know what data will be collected and for what purpose it will be used. With this information, they can decide whether or not to monitor online activities and collect personal data. Many companies The Internet uses the data collected in connection with users' online activities to personalize the content provided to users and to direct relevant advertising messages to them, based on the interests identified based on the information collected. contexts, others are concerned about what they perceive to be an intrusion into their private lives.

Under these conditions, users need a mechanism that allows them to express their preferences regarding the monitoring of online activities; this mechanism must be easy to configure and efficient. In addition, websites that cannot or do not want to provide content without also offering behavioral advertising or collecting data about users need a mechanism to point these things out to users and allow them to make an informed decision. "

The purpose of the "Do Not Track" standard is "to give the user the opportunity to express their personal choices regarding the monitoring of online activities and to communicate these options to each server or web application they interact with, thus enabling each service accessed either to adjust its practices according to the user's options, or to reach a separate agreement with the user, which is convenient to both parties.The basic principle is that the expression of monitoring preferences is transmitted only when it reflects a deliberate choice of the user In the absence of a user option, it is considered that the preference for monitoring online activities is not expressed. "

Do Not Track Search Engine Features

Options to prevent monitoring the user's online activity are implemented today in Persian. From Internet Explorer 8 which gives you the ability to block third-party sites that leave content when you visit a website, to new extensions, add-ons and options introduced even in search engine preferences. In the absence of the standard mentioned above, in some search engines it is more obvious how you activate this functionality, in others it is more hidden. Instructions for setting up the Do Not Track mechanism for Safari, Internet Explorer 9, Firefox and Chrome can be found here

Being among the last to introduce this functionality, version number 23 Google Chrome offers the possibility to install Do Not Track Me, AVG Do Not Track or Keep My Opt-Outs extensions that block cookies and prevent (currently) only companies American advertising to customize ads based on the online behavior of the Internet user.

Firefox, in addition to the Do Not Track Me add-on, also offers the "Tell web sites I don't want to be tracked" option that can be configured in the privacy menu. Moreover, Internet Explorer 10 comes with Do Not Track as the default option. Microsoft's decision provoked a strong backlash, with companies such as Yahoo and Apache responding that they would ignore Internet Explorer 10's Do Not Track signals.

Another tool you can install on most search engines (and even as an iOS application) is Ghostery. Ghostery scans the page you visit and notifies you of the existence of elements installed by third party sites to track your activity. You can then set your preferences according to the menu categories: advertising, analytics, beacons, privacy, widgets. More information here.

It should be noted that not all Do Not Track features block cookies. So it's a good idea to check what's in each Do Not Track extension and choose the one that best represents the limitations you want to pass on to sites that monitor your Internet activity.

Complaints and notifications

If you have certain complaints or want to notify us of certain irregularities in the use of cookies related to this site, please do so through the contact form.

Thank you!