1.- INTRODUCTION
In accordance with Article 22.2 of Law 34/2002, as amended by Section Five of the Second Final Provision of Law 9/2014 of 9 May, General Telecommunications Law (“B.O.E.” 10 May; Errata “B.O.E.” 17 May) and in force since 11 May 2014:
“Service providers may use data storage and retrieval devices (so-called cookies) on recipients’ terminal equipment, provided that they have given their consent after being provided with clear and comprehensive information on their use, in particular, on the purposes of the data processing, in accordance with Organic Law 3/2018 on the protection of personal data.”
However, and pursuant to the third paragraph of Article 22.2:
“The foregoing shall not prevent the possible storage or technical access for the sole purpose of carrying out the transmission of a communication over an electronic communications network or, insofar as strictly necessary, for the provision of an information society service expressly requested by the recipient.” This last point refers to what are known as technical cookies.
The procedure for complying with the legal obligations on cookies is as follows:
a) Carry out an inventory of the cookies used by the website, gathering: the cookie name, its origin (first-party or third-party), its purpose, and the storage period. To do this, you can use the developer tools included in web browsers or contact the company that designed and programmed the website.
b) Define a short description of the purposes to be included in the so-called “first layer”. Installing this first layer requires IT and programming knowledge or the use of third-party tools, always bearing in mind that users must be given the option to refuse the installation of cookies, except for technical cookies, which cannot be refused.
c) Place a link to a web page containing the cookie policy (the so-called “second layer”). This page must be accessible from any page that forms part of the website.
2.- HOW TO INFORM AND OBTAIN INFORMED CONSENT
In its guidelines on transparency, the Article 29 Working Party (WP29) recommends the use of layered privacy statements or notices, that is, information provided in layers which allows users to access those aspects that are of greatest interest to them, thus avoiding information fatigue, without prejudice to the fact that all information must be available in a single place or full document that can be easily accessed if the data subject wishes to consult it in full.
This system consists of showing the essential information in a first layer together with three buttons: ACCEPT, REJECT (only technical cookies are authorised) and MORE INFORMATION. This first layer is usually displayed in practice as a banner or bar when accessing the website or web application, and is then complemented by a second layer, which is a page offering more detailed and specific information about cookies (usually called the cookies policy page).
In the first layer, which for clarity may be identified with a commonly used term (for example, “cookies”), the following information should be included:
a) Identification of the publisher responsible for the website. The full corporate name is not required as long as the complete identification details appear in other sections of the website (legal notice, privacy policy, etc.) and its identity is obvious from the website itself (for example, when the domain corresponds to the publisher’s name or public brand, or that name or brand is clearly displayed on the website).
b) Identification of the purposes of the cookies that will be used.
c) Information on whether the cookies are first-party (of the website owner) or also third-party cookies associated with it, without needing to identify those third parties in this first layer.
d) Generic information about the type of data that will be collected and used in case user profiles are created (for example, when behavioural advertising cookies are used).
e) How the user can accept, configure, and reject the use of cookies.
f) A clearly visible link to the second information layer, which includes more detailed information, using, for example, the terms “Cookies”, “Cookie Policy” or “More information, click here”.
This information shall be provided before the use of cookies, including, where appropriate, before their installation, through a format visible to the user which must remain until the user carries out the action required to give consent or refusal (in the meantime, technical cookies may be installed on the user’s device, e.g. PHPSESSID, ASPNET_SESSION and similar).
3.- TEXT FOR THE “COOKIE POLICY” PAGE
1.- BACKGROUND
In accordance with Spanish regulations governing the use of cookies in relation to the provision of electronic communications services, contained in Article 22.2 of Law 34/2002 of 11 July on information society services and electronic commerce, we inform you about the cookies used on the website of MEDITERRA ALMERIMAR S.L. and the reason for their use.
2.- WHAT ARE COOKIES?
A cookie is a file that is downloaded to your computer when accessing certain web pages. Among other things, cookies allow a website to store and retrieve information about a user’s browsing habits or those of their device and, depending on the information they contain and the way the device is used, they can be used to recognise the user. Cookies are associated only with an anonymous user and their computer or device and do not provide references that allow access to personal data.
3.- TYPES OF COOKIES
3.1.- According to the entity that manages them
a) First-party cookies: These are sent to the user’s terminal from a computer or domain managed by the website editor itself and from which the service requested by the user is provided.
b) Third-party cookies: These are sent to the user’s terminal from a computer or domain that is not managed by the editor, but by another entity that processes the data obtained through the cookies.
3.2.- According to their purpose
There are many purposes for using cookies. Depending on the purpose for which data obtained through cookies are processed, some of the main types are:
a) Technical cookies: These allow users to navigate through a website, platform or application and to use the different options or services available, including those used by the editor to manage and operate the website and to enable its functions and services, such as controlling traffic and data communication, identifying the session, accessing restricted areas, remembering the items in an order, carrying out the purchasing process, managing payment, controlling fraud linked to service security, registering for or participating in an event, counting visits for software licence billing (website, platform or application), using security elements during browsing, storing content for video or sound broadcasting, enabling dynamic content (for example, loading animation of a text or image) or sharing content via social networks.
Technical cookies are exempt from the obligations established in Article 22.2 of the LSSI when they enable the provision of the service requested by the user, as in the case of the cookies listed above. However, if these cookies are also used for non-exempt purposes (for example, behavioural advertising), they will be subject to those obligations.
b) Preference or customisation cookies: These store information so that the user can access the service with certain features that may differentiate their experience from that of other users, such as language, number of results displayed when performing a search, the appearance or content of the service depending on the type of browser used or the region from which the service is accessed, etc.
If it is the user themselves who chooses these features (for example, selecting the language of a website by clicking on the relevant flag icon), such cookies will be exempt from the obligations of Article 22.2 of the LSSI as they are considered a service expressly requested by the user, provided that the cookies are used solely for the selected purpose.
c) Analytics or measurement cookies: These allow their owner to monitor and analyse the behaviour of users of the websites to which they are linked, including quantifying the impact of advertisements. The information collected through this type of cookie is used to measure the activity of websites, applications or platforms in order to introduce improvements based on the analysis of usage data.
d) Behavioural advertising cookies: These store information on users’ behaviour obtained through continuous observation of their browsing habits, which makes it possible to develop a specific profile to show advertising based on it.
3.3.- According to the length of time they remain active
a) Session cookies: These are designed to collect and store data while the user is accessing a website. They are usually used to store information that only needs to be retained for the provision of the service requested by the user on a single occasion (for example, a list of purchased products) and disappear at the end of the session.
b) Persistent cookies: With these, data remain stored on the device and can be accessed and processed for a period defined by the cookie controller, which can range from a few minutes to several years.
4.- LIST OF COOKIES USED ON THIS WEBSITE
The use of cookies offers advantages in the provision of services within the information society, as it facilitates user navigation and access to the different services offered by this website; it saves the user from having to configure the general preferences every time they access the site; and it helps to improve the functioning and services provided through this site after analysing the information obtained through installed cookies.
Specifically, this website uses the following cookies:
| Name | Provider | Expiry | Purpose |
|---|---|---|---|
| __utma | Third-party (Google Analytics) | 2 years | Used to distinguish users and sessions. |
| __utmb | Third-party (Google Analytics) | 30 minutes | Used to determine new sessions or visits. |
| __utmc | Third-party (Google Analytics) | End of session | Configured for use with Urchin. |
IMPORTANT NOTE: The table above is an EXAMPLE. It is necessary to analyse the website in order to determine the cookies actually used and their purpose, or consult the web developer so they can indicate which cookies are used.
5.- WITHDRAWAL AND DELETION OF COOKIES
You can access your browser settings at any time to accept or reject all cookies, or to select which cookies you allow to be installed and which you do not, following the specific procedures of the browser you use.
6.- THIRD-PARTY SERVICE PROVIDERS
The third-party service providers with whom we have contracted services that require the use of cookies are listed below:
| Provider | Purpose of the service and cookie | Provider information |
|---|---|---|
| GOOGLE Inc. | Statistical analysis of the website: counting visitors, pages visited, keywords… | http://www.google.es/intl/es/policies/privacy/ |
IMPORTANT NOTE: The table above is an EXAMPLE.