Cookie & Storage Policy

How we use cookies and browser storage to manage your privacy.

Back to Demo

Important Demo Notice

This is a demonstration website for the UCL Consent Management Library.

The tracking scripts included on this site are for testing purposes only and use non-functional demo IDs. No actual user data is collected, stored, or transmitted to third-party services. This policy explains the consent management system itself and the limited data it stores locally on your device.

Data Controller

University College London (UCL)
Gower Street, London WC1E 6BT, United Kingdom
Data Protection Officer: data-protection@ucl.ac.uk
Privacy Enquiries: data-protection@ucl.ac.uk

Our Use of Cookies & Storage

Lawful Basis: We process your consent preferences under Article 6(1)(f) GDPR (legitimate interests) to provide essential website functionality and comply with privacy regulations.

The UCL Consent Management Library stores minimal data locally on your device solely to remember your privacy preferences and ensure compliance with your choices.

Local Storage

The UCL Consent Manager uses your browser's LocalStorage to remember your privacy preferences. This is essential for ensuring your choices are respected on subsequent visits without repeatedly asking for your consent.

Key: ucl_privacy_consent
  • Purpose: Stores your detailed consent choices for each cookie category (e.g., analytics, marketing).
  • Data Stored: A JSON object with true/false values for each category and a timestamp.
  • Example: {"necessary":true,"analytics":false,"marketing":true,"timestamp":1678886400}
  • Retention: Stored indefinitely until you clear your browser data, change your settings, or request deletion.
Key: ucl_privacy_has_consented
  • Purpose: A simple flag to check if you have made a consent decision.
  • Data Stored: A boolean value ("true").
  • Use Case: Prevents the consent banner from appearing on every page load after you've made a choice.
  • Retention: Stored indefinitely until you clear your browser data, change your settings, or request deletion.

CDN Security / Performance Cookies

Cookie: _cf_bm
  • Provider: Cloudflare (our Content Delivery Network)
  • Purpose: This is a strictly necessary security cookie used to distinguish between humans and bots and to protect our service from malicious traffic.
  • Data Stored: An encrypted value containing no personally identifiable information.
  • Retention: Expires after 30 minutes.
  • Consent: As this is essential for security, it cannot be disabled.
Cookie: AWSALB
  • Provider: Amazon Web Services (our hosting infrastructure)
  • Purpose: This is a strictly necessary cookie used by our Application Load Balancer to ensure your requests are routed to the same server during your session, maintaining session consistency and improving performance.
  • Data Stored: An encrypted identifier for load balancing purposes containing no personally identifiable information.
  • Retention: Expires after 7 days.
  • Consent: As this is essential for the proper functioning of the website, it cannot be disabled.
Cookie: AWSALBCORS
  • Provider: Amazon Web Services (our hosting infrastructure)
  • Purpose: This is a strictly necessary cookie that works alongside AWSALB to enable cross-origin resource sharing whilst maintaining session consistency across our services.
  • Data Stored: An encrypted identifier for load balancing purposes containing no personally identifiable information.
  • Retention: Expires after 7 days.
  • Consent: As this is essential for the proper functioning of the website, it cannot be disabled.

Cookie Categories

Important: The categories below describe how the consent management system would classify cookies if they were present. On this demo site, the tracking scripts use non-functional demo IDs and do not actually set cookies or collect data.

We classify cookies into the following categories. You have granular control over each category through our privacy settings.

Necessary Cookies

These are essential for the website to function correctly. They typically handle session state, security, and core features. They cannot be disabled.

Examples of patterns we identify as necessary:

  • Session identifiers (e.g., PHPSESSID, session_id)
  • Security tokens (e.g., csrf_token)
  • Language preferences (e.g., lang)

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. This allows us to improve our services.

Services that use these cookies include:

  • Google Analytics: (e.g., _ga, _gid)
  • Hotjar: (e.g., _hjid)
  • Matomo/Piwik: (e.g., _pk_ref)

Marketing Cookies

These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Services that use these cookies include:

  • Facebook/Meta: (e.g., _fbp)
  • LinkedIn: (e.g., li_sugr, bscookie)
  • Twitter/X: (e.g., personalization_id)
  • TikTok: Used by the TikTok pixel for campaign measurement.
  • Marketo: (e.g., _mkto_trk)
  • DoubleClick/Google Ads: (e.g., IDE, DSID)

Embed Cookies

These cookies are set by third-party services when you interact with embedded content such as videos or audio players. Disabling them will prevent this content from loading.

Services that use these cookies include:

  • YouTube: Sets cookies when you play an embedded video to track views and preferences.
  • SoundCloud: Sets cookies to enable the audio player and track usage.

Your Rights

Under GDPR and UK data protection law, you have the following rights regarding your personal data:

  • Access: Request a copy of any personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data (subject to legal obligations)
  • Restriction: Request limitation of how we process your data
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: For this demo site, you can withdraw consent at any time using the privacy settings

To exercise these rights, contact our Data Protection Officer at data-protection@ucl.ac.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

Updates to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we may provide additional notice.

Last Updated: [Date to be added when policy is finalized]