Veralto Corporation

Cookie Guidance

Effective 13 November 2020

Overview

Data privacy laws in various jurisdictions regulate the use of “cookies” (defined below) on websites. Veralto OpCos are responsible for complying with all applicable cookie requirements in their maintenance of external-facing websites.1 This policy sets forth specific requirements and recommendations to assist OpCos in complying with law, data protection authority guidance, and commercial expectations.

For the purposes of this policy, “cookies” are small bits of text or other information that a web-site may store on computer browsers or other devices when accessing the site, which may collect online identifiers provided by natural persons’ devices, applications, tools and protocols, such as internet protocol addresses or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them. Cookies include pixel tags, web beacons, MAC addresses, advertising IDs, device finger-printing, and account handles.

In countries covered by the General Data Protection Regulation, cookie requirements are especially stringent and detailed. This document distinguishes between general cookie expectations and those specifically applicable under GDPR. OpCos may choose to follow the GDPR rules globally, but should make sure to follow them in websites directed at customers in the European Union, European Economic Area (EU plus Iceland, Norway and Liechtenstein) and the United Kingdom (“European Websites”).

Information We Collect

Some cookies are necessary for a website to work properly, while others are optional to enhance the user experience and for other purposes. OpCo marketing teams should maintain a list of all websites under their responsibility, the types of cookies that those websites use, what the cookies collect, and the purpose of using those cookies. OpCos should categorize website cookies into the groups listed below.

  • Necessary cookies: Necessary cookies (also known as essential cookies) enable core functionality of a website such as security, network management and accessibility. These cookies may be disabled through individual browser settings, but doing so may impact the functionality and usability of the website.
  • Personalization cookies: Personalization cookies allow the website to identify prior users and tailor the website experience to match user needs and preferences.

1 For purposes of this guidance, the term “website” also includes any application or other technology that employs cookies on a user’s device.

  • Analytical cookies: Analytical cookies aid in improving the website by collecting information on how users interact with the site. This includes third party analytical tools, such as Google Analytics and LinkedIn Analytics.
  • Advertising/marketing cookies. These cookies track user activity and sessions so that the website can deliver a more personalized service and provide relevant advertisements.
  • Social media cookies. These cookies enable the user to allow you to share certain content form the website on social media like Facebook and Twitter

It is important to note that for European Websites, only necessary cookies can be deployed without explicit user consent. Other cookies may be used only where the use has given affirmative consent, and the user should be offered the opportunity to grant or withdraw consent separately for each category of cookies. Each OpCo is responsible for ensuring that cookies are used only with user consent where that is required. Contact the Privacy Pivot if you are unsure whether a specific non-EU country has requirements for cookies.

Cookie Consent Interface and Use of Cookies

Every external-facing website should meet these requirements at a minimum:

  • Banner:An easily noticed banner should greet the user when a new device/user accesses the page.
  • Explanation:The banner should include a button for the user to accept the notice and dismiss the banner.
  • No cookies without acceptance:No cookies other than necessary cookies may be deployed as to a user until the user has accepted the notice.

The following requirements should be followed for European Websites (see above for definition), and are recommended as leading practices for broader use:

  • Prominent banner: The cookie banner should be prominent. A good rule of thumb is that the banner should cover at least ¼ of the page.
  • Fair, informative banner: The banner should explain that the website uses cookies and should include buttons or links for accepting and customizing cookies. It may also include a button for rejecting all cookies. To meet expectations of data protection authorities, the design should not drive users toward accepting the cookies – thus, an “accept” button should not be the most prominent choice in size, style, color or placement. Selecting the customization button should pull up the full consent interface for the user to adjust the settings as desired.
  • Detailed consent interface: The full consent interface should provide a statement about the use of cookies, a general description of cookies, and descriptions of the different categories used. If third-party cookies (e.g. Google Analytics) are used for a particular category, this should be noted.
  • Non-necessary cookies “off” by default: Non-necessary cookies should not be placed on a user’s device unless the user specifically activates them.
  • Category-specific consent: The interface should provide the user the option to turn on or off categories of non-necessary cookies on a category-by-category basis (i.e., analytics cookies and advertising/marketing cookies should have separate “on/off” buttons).
  • Save and close: A button should be provided to save the user’s cookie choices and close the interface.
  • Ready accessibility: The cookie consent interface should remain easily accessible at all times. This may be done via a “cookie preferences” link at the bottom of the web page, or through a persistent cookie icon (described further below under “Additional practices to consider”). Upon clicking the link or icon, the original consent interface shall appear with the same specifications and selections previously made by the user.
  • One year consent limit: Any permissions granted by the user are to remain for no more than 1 year since the last time the user selected “save and close” or the cookie icon; after this period of time has elapsed, the user must be prompted to make selections in the consent interface again. (Note that data protection authorities in some countries may recommend a shorter period; currently, Ireland and the Netherlands recommend six months.)
  • Consent to changes: The banner and pop-up interface must also resurface immediately before the placement of any new non-necessary cookies that were not previously accepted by the user.

Additional practices to consider:

  • Include a brief description of cookie categories in the banner. This requires more text, but underscores that a user choosing to accept cookies has given informed consent. Brief text similar to the category descriptions above could be used.
  • Provide more granular cookie information. If a user selects a cookie category, this would allow the user to access more information about each cookie in the category – i.e., name, description, provider (for cookies provided by third parties like Google) and duration.
  • Link to the privacy policy. The banner and/or interface may provide a link to the privacy policy, to allow users to read about cookies and the privacy policy without any cookies having yet been activated on the site.
  • Use a persistent icon. In place of a link, a distinct and noticeable icon for cookie settings may be set on all webpages in the domain. The icon should be static so that it remains in place regardless of scrolling or any alteration of the browser text size or similar settings. The website of the UK Information Commissioner’s Office (ICO) uses a persistent icon (see www.ico.org.uk) and Cepheid has also adopted this practice (www.cepheid.com).
  • Include a “reject” button on the banner. This allows the user to easily reject all non-necessary cookies. This has been suggested by some data protection authorities, but is not widely seen in commercial practice.

USP Technologies

5640 Cox Rd.

Glen Allen, VA 23060

Toll-free (800) 851-8527

Phone (804) 404-7696

 View a Map

USP - Canada

3020 Gore Road

London, Ontario N5V 4T7

Toll-free (800) 851-8527

Phone (804) 404-7696

 View a Map

Version WPE

Contact Us

Our sales engineers are ready to help you find the right solution. Fill out the form to connect with your local USP Technologies representative.
  • This field is for validation purposes and should be left unchanged.

Sign Up For Our Newsletter

Subscribe for exclusive news, products, innovations, events and educational resources sent right to your inbox.

  • This field is for validation purposes and should be left unchanged.