Cookie Policy

Last updated 7 July 2026

This Cookie Policy explains how Datalaw Ltd (“Datalaw”, “we”, “us”, “our”) uses cookies and similar technologies on https://datalawonline.co.uk and our related websites, including pages.datalawonline.co.uk and datalaw.org (together, the “Website”). It explains what each cookie does, how long it lasts, and how you can control it.

This policy should be read alongside our Privacy Policy, which explains how we process personal information generally.

This policy is governed by the Privacy and Electronic Communications Regulations 2003 (PECR), as amended by the Data (Use and Access) Act 2025, and the UK GDPR.

1. What are cookies and similar technologies?

Cookies are small text files placed on your device when you visit a website. Similar technologies include web beacons (1×1 tracking pixels), tracking scripts, and local-storage entries placed by JavaScript. This policy uses “cookies” to cover all of these.

Cookies set by us are first-party cookies. Cookies set by other organisations through our Website (for example Google Analytics) are third-party cookies.

Some cookies are essential for the Website to work – your browser cannot use the site at all without them. Other cookies are optional and require your consent before they are placed on your device.

2. How we ask for your consent

When you first visit the Website, our cookie banner (provided by Cookiebot) gives you options of equal prominence:

  • Allow all – places all categories of cookies described in this policy;
  • Reject all – places only the necessary cookies needed for the Website to function;
  • Show details – lets you see every cookie and choose, by category, which to accept.

You can change or withdraw your choice at any time through the cookie settings link on the Website. Changes take effect immediately.

We do not pre-tick any consent boxes, we do not infer consent from continued browsing, and no optional cookies are set until you make a choice. The “Show details” view of the banner contains a complete list of every cookie in use, kept up to date automatically by a monthly scan.

3. Categories of cookies we use

The categories below match the choices offered in the cookie banner. The tables list the cookies identified by our most recent scan (7 July 2026); the banner’s own declaration is always the current, complete list.

3.1 Necessary cookies

These cookies are necessary for the Website to function and are exempt from the consent requirement under PECR Regulation 6(4). They cannot be switched off. They include security cookies that protect the site and our users from attacks and spam.

Cookie(s) Purpose Provider Duration
laravel_session Maintains your session while you are logged in or completing a checkout. datalawonline.co.uk 1 day
XSRF-TOKEN Security – protects forms against cross-site request forgery. datalawonline.co.uk 1 day
CookieConsent Stores the cookie consent choices you make in our banner. Cookiebot 1 year
__cf_bm Cloudflare bot protection on third-party content we load. cloudflare.com / linkedin.com 1 day
aws-waf-token / awswaf_* AWS web application firewall tokens that protect the site against malicious traffic. AWS (eu-west-1) Session / persistent
rc::a / rc::c Google reCAPTCHA – distinguishes humans from bots on forms. gstatic.com Persistent / session
li_gc Stores consent state for LinkedIn cookies. linkedin.com 180 days
crisp-client/socket/* Maintains the live-chat connection. datalawonline.co.uk 2 days
cookietest / cookies.js Checks whether your browser accepts cookies. datalawonline.co.uk Session

3.2 Preference cookies

These remember choices you make (such as a live-chat conversation in progress) to personalise your experience. Non-essential – set only with your consent.

Cookie(s) Purpose Provider Duration
crisp-client/session/* and domain-detect Remembers your live-chat session so a conversation can continue across pages and visits. client.crisp.chat Persistent

3.3 Statistics cookies

These help us understand how visitors use the Website so we can improve it. Non-essential – set only with your consent.

Cookie(s) Purpose Provider Duration
_ga Google Analytics 4 – distinguishes individual users. Google 2 years
_ga_# Google Analytics 4 – persists session state. Google 2 years
_gid Google Analytics – distinguishes users for 24 hours. Google 24 hours
_gat Google Analytics – throttles the request rate. Google 1 minute
NRBA_SESSION and New Relic entries New Relic – page performance and error monitoring. js-agent.newrelic.com Session / persistent
crisp-client/trigger/visit:last Live-chat analytics – records your last visit. client.crisp.chat Persistent
bugsnag-anonymous-id Pseudonymous identifier for front-end error monitoring. Bugsnag (via Produktly) Persistent

Note on the Data (Use and Access) Act 2025: certain low-risk first-party analytics cookies may now be placed without consent under the statistical-purposes exemption. We currently ask for consent for all statistics cookies and are keeping this under review.

3.4 Marketing cookies

These are used to deliver and measure advertising and to build audiences for retargeting. Non-essential – set only with your consent.

Cookie(s) Purpose Provider Duration
_gcl_au / _gcl_ls Google Ads – stores and links ad-click information. Google 3 months
IDE Google DoubleClick – measures ad conversions and retargeting. .doubleclick.net ~12 months
test_cookie Google DoubleClick – checks whether the browser supports cookies. .doubleclick.net 15 minutes
pagead/1p-user-list and conversion pixels Google Ads – conversion measurement and audience lists. google.com / googleadservices.com Session
_fbp Meta (Facebook) Pixel – distinguishes browsers for advertising measurement. Meta 3 months
fr / lastExternalReferrerTime Meta – advertising delivery, measurement and referrer tracking. facebook.com / connect.facebook.net 3 months / persistent
bcookie LinkedIn – browser identifier for advertising. linkedin.com ~12 months
lidc LinkedIn – data-centre routing for advertising. linkedin.com 1 day
km_ai / km_lv / km_vs / kvcd Kissmetrics – behavioural analytics and marketing attribution. Kissmetrics Up to 13 months
VISITOR_INFO1_LIVE, YSC, __Secure-YEC, TESTCOOKIESENABLED, YtIdbMeta, LogsDatabaseV2 YouTube – set by embedded videos to estimate bandwidth and track views across sites. youtube.com Session to 180 days
optinly_* Optinly – stores pop-up campaign state and view counts. datalawonline.co.uk Up to 3 months
produktly_user_id Produktly – identifies a returning user for in-product tours. produktly.com Persistent

 

4. Cookies and AI features

Some of our pages include AI-powered assistants (clearly labelled in the relevant interface). These features may set short-lived session cookies used solely to maintain the conversation while you are on the page. They are not used for tracking or advertising.

5. Controlling cookies in your browser

Most browsers let you control cookies through their settings. The links below take you to the cookie management documentation for the major browsers:

  • Chrome – https://support.google.com/chrome/answer/95647
  • Edge – https://support.microsoft.com/en-us/microsoft-edge/
  • Firefox – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Safari (macOS) – https://support.apple.com/en-gb/guide/safari/sfri11471/mac
  • Safari (iOS) – https://support.apple.com/en-gb/HT201265
  • Brave – https://brave.com/privacy-features/
  • Opera – https://help.opera.com/en/latest/web-preferences/

Blocking necessary cookies will prevent the Website from working properly. Blocking other cookies has no functional impact beyond losing personalisation and analytics.

6. Targeted advertising and opt-out networks

Where we use advertising cookies, you can additionally opt out at the network level through:

  • Your Online Choices (Europe) – https://www.youronlinechoices.com
  • Digital Advertising Alliance (US) – https://www.aboutads.info/choices/

7. Other tracking technologies

In addition to cookies, we may use web beacons (sometimes called tracking pixels or clear gifs) in marketing emails and on the Website. These let us know whether an email has been opened or a page has been visited, and help us measure the effectiveness of campaigns.

We do not use Flash cookies or device fingerprinting.

8. Do-Not-Track signals

Some browsers send a “Do Not Track” signal. There is no agreed industry standard for how websites should respond to it. We treat a “Do Not Track” signal in the same way as our cookie banner choices: if you have not consented to optional cookies, they are not set.

9. Updates to this Cookie Policy

We update this policy when we add or remove cookies or when the law changes. The “Last updated” date at the top reflects the current version. The banner’s cookie declaration is refreshed automatically by a monthly scan, so it may occasionally list cookies ahead of this policy being revised.

10. Contact us

If you have any questions about how we use cookies, contact our Data Protection Officer:

Email: dpo@datalaw.org

Phone: 0151 236 2024

Post: Datalaw Ltd, 3A Bridgewater Street, Liverpool, Merseyside L1 0AR, United Kingdom