Free Sample Cookie Policy Template

Home
Blog
by 4 min read

We have already discussed the cookie policy guide that informs your website visitors that you are using cookies and of requesting their affirmative consent before collecting any information about them.

It is essential both from a business transparency perspective, as it will allow you to build trust with your users, and from a legal perspective, as some privacy laws and directives, such as the GDPR and the ePrivacy Directive, just to name these two, require it.

PRO TIP: Don’t waste your time and take the guesswork out of the legal jargon with this personalized cookie policy generator trusted by over 200,000 businesses.

Sample Free Cookie Policy Template

When it comes to how you should be wording your cookie policy, there is no standard formula or language, but this generic template below is a good starting point that you can adapt to your business and the cookies that you use.

Sample of "Generic Cookie Policy Template" clause in a website on white background
Download PDF Download DOCX

As you can see, some elements need to be included. Namely, warning your users that you are using cookies, explaining what cookies are and which ones you are using, why you are using these cookies (the purpose), and finally how users can opt out or change their cookie preferences.

Cookie Policy Examples

The Guardian

British newspaper The Guardian is bold when it comes to letting its website visitors know that it is using cookies:

"It's your choice" clause in The Guardian's website Cookie Policy with continue button on a dark blue background

This is the cookie banner that pop-ups when you first land on the .com version of its website while it is in line with the newspaper’s brand colors, it is impossible to miss as it takes up almost half the screen, especially on mobile.

You will note, however, that while it quickly summarizes the purpose of collecting information from its users, it does not use a checkbox to require active consent nor does it offer the possibility to refuse cookies. It instead directs users to their privacy settings tab where they can manage their preferences.

When it comes to The Guardian’s actual cookie policy, it can be accessed either through the cookie banner or through a hyperlink in the website footer which redirects the user to a separate page of the website. Here are the main sections of the policy:

"Cookie Policy" and list of Contents links in The Guardian's website footer on white background

The newspaper does a great job of vulgarizing a complicated subject and, while its policy is wordy, it is effective in letting users know exactly what types of cookies are used and for what purposes.

Mailchimp

Email marketing service Mailchimp is used by customers across the globe. Here is the cookie consent pop-up that appears when you land on www.mailchimp.com:

Cookie consent pop-up message with "Cookie Settings" and "Accept All Cookies" black button in Mailchimp's website on black background

You will note that one has the option to “accept all cookies” or to click on “cookie settings” – if selecting the latter, a column pop-ups on the left-hand side of the screen:

"Manage Consent Preferences" clause with black buttons in Mailchimp's Cookie Settings on white and light gray background

This is an easy way to allow website visitors to manage their cookie preferences without them having to navigate to a separate page of the website. It also provides succinct and easy-to-understand summaries of the cookies used.

The cookie banner links to Mailchimp’s Cookie Statement which is a separate page under the Legal section of its website.

It covers the basics, such as what cookies are, why they are used, the types of first and third-party cookies as well as other tracking technologies used on Mailchimp’s sites, a section about targeted advertising, and one about how to control cookies.

The cookie statement also contains elements that are more specific to the service that it offers (email marketing automation tool) namely the cookies served to end-users through the use of its email marketing platform by Mailchimp customers or “Members” as the company calls them.

This is important to keep in mind when drafting your cookie policy. Do not copy and paste from another website as it may not be appropriate to the particularities of your business and the services that you offer.

Mailchimp lists out the cookies used in clear tables which provides transparency to its users and makes it easy for them to have a quick scroll through the page:

"Advertising (Targeting) Cookies" clause with 2 table columns in Mailchimp's website on white background

European Commission

The website of the European Commission, the executive branch of the European Union, is the perfect example of requesting affirmative consent from users. When users land on the homepage, they are served with this cookie banner:

Cookie consent message in European Commission cookie banner on blue background

As you can see, the user has to click on either “I accept cookies” or “I refuse cookies” – there are two clear options and the European Commission makes it easy for someone to refuse.

The European Commission’s cookies policy has its own page and covers in layman’s terms what types of cookies are used on the website as well as their purposes and duration:

"Authentication cookies" information in European Commission cookie policy on white background

It also links to the policies of the third-party services used on the website, such as YouTube and Soundcloud:

"Third-party cookies" clause and list of website links in European Commission cookie policy on white background

Accenture

Professional services company Accenture uses a different approach and relies on users’ implied consent:

Users' cookie implied consent clause with Cookies Settings link in Accenture website on gray background

There is no clear option to allow or refuse cookies, therefore if someone ignores this notice and doesn’t actively click on “Cookies Settings”, Accenture seems to interpret this as implied consent to the use of cookies.

If one chooses to click on “Cookies Settings” they are faced with an overview and short explanation of the cookies used on the website as well as the option to change the default settings, which is to allow all cookies, by sliding the toggle switches to the left.

"First Party Analytics Cookies" information and settings with blue save button in Accenture's Privacy Preference Center on gray background

This is a different approach from the one used by the European Commission above.

Depending on where your website users are located you may want to request active, affirmative consent from your website visitors by using a cookie banner with a checkbox that has to be ticked or an “I agree” button that has to be clicked instead of relying on implied consent, as some countries’ privacy regulations are stricter than others and prohibit the use of pre-ticked boxes, instead of requiring clear and positive action from website users.

Accenture’s cookie policy is otherwise pretty standard, defining first and third-party cookies, their purpose, the types of cookies and tracking technologies used on the website, and how one can manage their preferences through the cookie consent manager.

"What if I don't want cookies or similar tracking technologies?" and "Types of cookies does the site use" clause and information with 2 column table in Accenture Cookie Policy on white background

How to Draft a Cookie Policy for Your Website

After determining which laws you have to comply with, especially if the GDPR and ePrivacy Directive apply to you, drafting a compliant cookie policy should not seem insurmountable. You can draft your own or use our cookie policy generator for peace of mind, knowing that it is regularly updated to keep track of the latest and ever-changing global privacy laws and regulations.

And remember, if you make significant changes to your cookie policy, such as by adding new third-party cookies, you will want to request new consent from your users as they may not be comfortable with the changes made. And be specific, name the third parties and explain why and how the information collected is used by them.

Olivia Adams
Olivia Adams
CIPP/E, CIPM, CIPT
Olivia is an experienced data privacy compliance consultant with years of experience. Throughout her career, she helped hundreds of small to mid-size businesses with comprehensive advice on compliance with privacy laws.
PRODUCTS
RESOURCES
COMPANY
WebsitePolicies logo
Facebook
Twitter