Cookie Policy
Last updated 7 July 2026
This Cookie Policy explains how Datalaw Ltd (“Datalaw”, “we”, “us”, “our”) uses cookies and similar technologies on https://datalawonline.co.uk and our related websites, including pages.datalawonline.co.uk and datalaw.org (together, the “Website”). It explains what each cookie does, how long it lasts, and how you can control it.
This policy should be read alongside our Privacy Policy, which explains how we process personal information generally.
This policy is governed by the Privacy and Electronic Communications Regulations 2003 (PECR), as amended by the Data (Use and Access) Act 2025, and the UK GDPR.
1. What are cookies and similar technologies?
Cookies are small text files placed on your device when you visit a website. Similar technologies include web beacons (1×1 tracking pixels), tracking scripts, and local-storage entries placed by JavaScript. This policy uses “cookies” to cover all of these.
Cookies set by us are first-party cookies. Cookies set by other organisations through our Website (for example Google Analytics) are third-party cookies.
Some cookies are essential for the Website to work – your browser cannot use the site at all without them. Other cookies are optional and require your consent before they are placed on your device.
2. How we ask for your consent
When you first visit the Website, our cookie banner (provided by Cookiebot) gives you options of equal prominence:
- Allow all – places all categories of cookies described in this policy;
- Reject all – places only the necessary cookies needed for the Website to function;
- Show details – lets you see every cookie and choose, by category, which to accept.
You can change or withdraw your choice at any time through the cookie settings link on the Website. Changes take effect immediately.
We do not pre-tick any consent boxes, we do not infer consent from continued browsing, and no optional cookies are set until you make a choice. The “Show details” view of the banner contains a complete list of every cookie in use, kept up to date automatically by a monthly scan.
3. Categories of cookies we use
The categories below match the choices offered in the cookie banner. The tables list the cookies identified by our most recent scan (7 July 2026); the banner’s own declaration is always the current, complete list.
3.1 Necessary cookies
These cookies are necessary for the Website to function and are exempt from the consent requirement under PECR Regulation 6(4). They cannot be switched off. They include security cookies that protect the site and our users from attacks and spam.
| Cookie(s) | Purpose | Provider | Duration |
| laravel_session | Maintains your session while you are logged in or completing a checkout. | datalawonline.co.uk | 1 day |
| XSRF-TOKEN | Security – protects forms against cross-site request forgery. | datalawonline.co.uk | 1 day |
| CookieConsent | Stores the cookie consent choices you make in our banner. | Cookiebot | 1 year |
| __cf_bm | Cloudflare bot protection on third-party content we load. | cloudflare.com / linkedin.com | 1 day |
| aws-waf-token / awswaf_* | AWS web application firewall tokens that protect the site against malicious traffic. | AWS (eu-west-1) | Session / persistent |
| rc::a / rc::c | Google reCAPTCHA – distinguishes humans from bots on forms. | gstatic.com | Persistent / session |
| li_gc | Stores consent state for LinkedIn cookies. | linkedin.com | 180 days |
| crisp-client/socket/* | Maintains the live-chat connection. | datalawonline.co.uk | 2 days |
| cookietest / cookies.js | Checks whether your browser accepts cookies. | datalawonline.co.uk | Session |
3.2 Preference cookies
These remember choices you make (such as a live-chat conversation in progress) to personalise your experience. Non-essential – set only with your consent.
| Cookie(s) | Purpose | Provider | Duration |
| crisp-client/session/* and domain-detect | Remembers your live-chat session so a conversation can continue across pages and visits. | client.crisp.chat | Persistent |
3.3 Statistics cookies
These help us understand how visitors use the Website so we can improve it. Non-essential – set only with your consent.
| Cookie(s) | Purpose | Provider | Duration |
| _ga | Google Analytics 4 – distinguishes individual users. | 2 years | |
| _ga_# | Google Analytics 4 – persists session state. | 2 years | |
| _gid | Google Analytics – distinguishes users for 24 hours. | 24 hours | |
| _gat | Google Analytics – throttles the request rate. | 1 minute | |
| NRBA_SESSION and New Relic entries | New Relic – page performance and error monitoring. | js-agent.newrelic.com | Session / persistent |
| crisp-client/trigger/visit:last | Live-chat analytics – records your last visit. | client.crisp.chat | Persistent |
| bugsnag-anonymous-id | Pseudonymous identifier for front-end error monitoring. | Bugsnag (via Produktly) | Persistent |
Note on the Data (Use and Access) Act 2025: certain low-risk first-party analytics cookies may now be placed without consent under the statistical-purposes exemption. We currently ask for consent for all statistics cookies and are keeping this under review.
3.4 Marketing cookies
These are used to deliver and measure advertising and to build audiences for retargeting. Non-essential – set only with your consent.
| Cookie(s) | Purpose | Provider | Duration |
| _gcl_au / _gcl_ls | Google Ads – stores and links ad-click information. | 3 months | |
| IDE | Google DoubleClick – measures ad conversions and retargeting. | .doubleclick.net | ~12 months |
| test_cookie | Google DoubleClick – checks whether the browser supports cookies. | .doubleclick.net | 15 minutes |
| pagead/1p-user-list and conversion pixels | Google Ads – conversion measurement and audience lists. | google.com / googleadservices.com | Session |
| _fbp | Meta (Facebook) Pixel – distinguishes browsers for advertising measurement. | Meta | 3 months |
| fr / lastExternalReferrerTime | Meta – advertising delivery, measurement and referrer tracking. | facebook.com / connect.facebook.net | 3 months / persistent |
| bcookie | LinkedIn – browser identifier for advertising. | linkedin.com | ~12 months |
| lidc | LinkedIn – data-centre routing for advertising. | linkedin.com | 1 day |
| km_ai / km_lv / km_vs / kvcd | Kissmetrics – behavioural analytics and marketing attribution. | Kissmetrics | Up to 13 months |
| VISITOR_INFO1_LIVE, YSC, __Secure-YEC, TESTCOOKIESENABLED, YtIdbMeta, LogsDatabaseV2 | YouTube – set by embedded videos to estimate bandwidth and track views across sites. | youtube.com | Session to 180 days |
| optinly_* | Optinly – stores pop-up campaign state and view counts. | datalawonline.co.uk | Up to 3 months |
| produktly_user_id | Produktly – identifies a returning user for in-product tours. | produktly.com | Persistent |
4. Cookies and AI features
Some of our pages include AI-powered assistants (clearly labelled in the relevant interface). These features may set short-lived session cookies used solely to maintain the conversation while you are on the page. They are not used for tracking or advertising.
5. Controlling cookies in your browser
Most browsers let you control cookies through their settings. The links below take you to the cookie management documentation for the major browsers:
- Chrome – https://support.google.com/chrome/answer/95647
- Edge – https://support.microsoft.com/en-us/microsoft-edge/
- Firefox – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Safari (macOS) – https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Safari (iOS) – https://support.apple.com/en-gb/HT201265
- Brave – https://brave.com/privacy-features/
- Opera – https://help.opera.com/en/latest/web-preferences/
Blocking necessary cookies will prevent the Website from working properly. Blocking other cookies has no functional impact beyond losing personalisation and analytics.
6. Targeted advertising and opt-out networks
Where we use advertising cookies, you can additionally opt out at the network level through:
- Your Online Choices (Europe) – https://www.youronlinechoices.com
- Digital Advertising Alliance (US) – https://www.aboutads.info/choices/
7. Other tracking technologies
In addition to cookies, we may use web beacons (sometimes called tracking pixels or clear gifs) in marketing emails and on the Website. These let us know whether an email has been opened or a page has been visited, and help us measure the effectiveness of campaigns.
We do not use Flash cookies or device fingerprinting.
8. Do-Not-Track signals
Some browsers send a “Do Not Track” signal. There is no agreed industry standard for how websites should respond to it. We treat a “Do Not Track” signal in the same way as our cookie banner choices: if you have not consented to optional cookies, they are not set.
9. Updates to this Cookie Policy
We update this policy when we add or remove cookies or when the law changes. The “Last updated” date at the top reflects the current version. The banner’s cookie declaration is refreshed automatically by a monthly scan, so it may occasionally list cookies ahead of this policy being revised.
10. Contact us
If you have any questions about how we use cookies, contact our Data Protection Officer:
Email: dpo@datalaw.org
Phone: 0151 236 2024
Post: Datalaw Ltd, 3A Bridgewater Street, Liverpool, Merseyside L1 0AR, United Kingdom