Blog

Free Sample Cookie Policy Template

We have already discussed the cookie policy guide that informs your website visitors that you are using cookies and of requesting their affirmative consent before collecting any information about them.

It is essential both from a business transparency perspective, as it will allow you to build trust with your users, and from a legal perspective, as some privacy laws and directives, such as the GDPR and the ePrivacy Directive, just to name these two, require it.

When it comes to how you should be wording your cookie policy, there is no standard formula or language, but this generic template below is a good starting point that you can adapt to your business and the cookies that you use.

Sample cookie policy template

Download PDF Download DOCX

As you can see, some elements need to be included. Namely, warning your users that you are using cookies, explaining what cookies are and which ones you are using, why you are using these cookies (the purpose), and finally how users can opt-out or change their cookie preferences.

Expert tip: Take the hassle of writing your own cookie policy away with our cookie policy generator. It will save you hours of work and possible costly legal mistakes.

British newspaper The Guardian is bold when it comes to letting its website visitors know that it is using cookies:

British newspaper The Guardian is bold when it comes to letting its website visitors know that it is using cookies

This is the cookie banner that pop-ups when you first land on the .com version of its website while it is in line with the newspaper’s brand colors, it is impossible to miss as it takes up almost half the screen, especially on mobile.

You will note, however, that while it quickly summarizes the purpose of collecting information from its users, it does not use a checkbox to require active consent nor does it offer the possibility to refuse cookies. It instead directs users to their privacy settings tab where they can manage their preferences.

When it comes to The Guardian’s actual cookie policy, it can be accessed either through the cookie banner or through a hyperlink in the website footer which redirects the user to a separate page of the website. Here are the main sections of the policy:

Main sections of The Guardian’s actual cookie policy

The newspaper does a great job of vulgarizing a complicated subject and, while its policy is wordy, it is effective in letting users know exactly what types of cookies are used and for what purposes.

Email marketing service Mailchimp is used by customers across the globe. Here is the cookie consent pop-up that appears when you land on www.mailchimp.com:

Here is the cookie consent pop-up that appears when you land on www.mailchimp.com

You will note that one has the option to “accept all cookies” or to click on “cookie settings” - if selecting the latter, a column pop-ups on the left-hand side of the screen:

Note that one has the option to “accept all cookies” or to click on “cookie settings” - if selecting the latter, a column pop-ups on the left-hand side of the screen

This is an easy way to allow website visitors to manage their cookie preferences without them having to navigate to a separate page of the website. It also provides succinct and easy-to-understand summaries of the cookies used.

The cookie banner links to Mailchimp’s Cookie Statement which is a separate page under the Legal section of its website.

It covers the basics, such as what cookies are, why they are used, the types of first and third-party cookies as well as other tracking technologies used on Mailchimp’s sites, a section about targeted advertising, and one about how to control cookies.

The cookie statement also contains elements that are more specific to the service that it offers (email marketing automation tool) namely the cookies served to end-users through the use of its email marketing platform by Mailchimp customers or “Members” as the company calls them.

This is important to keep in mind when drafting your cookie policy. Do not copy and paste from another website as it may not be appropriate to the particularities of your business and the services that you offer.

Mailchimp lists out the cookies used in clear tables which provides transparency to its users and makes it easy for them to have a quick scroll through the page:

Mailchimp lists out the cookies used in clear tables which provides transparency to its users and makes it easy for them to have a quick scroll through the page

The website of the European Commission, the executive branch of the European Union, is the perfect example of requesting affirmative consent from users. When users land on the homepage, they are served with this cookie banner:

The website of the European Commission, the executive branch of the European Union, is the perfect example of requesting affirmative consent from users. When users land on the homepage, they are served with this cookie banner

As you can see, the user has to click on either “I accept cookies” or “I refuse cookies” - there are two clear options and the European Commission makes it easy for someone to refuse.

The European Commission’s cookies policy has its own page and covers in layman’s terms what types of cookies are used on the website as well as their purposes and duration:

The European Commission’s cookies policy has its own page and covers in layman’s terms what types of cookies are used on the website as well as their purposes and duration

It also links to the policies of the third-party services used on the website, such as YouTube and Soundcloud:

It also links to the policies of the third-party services used on the website, such as YouTube and Soundcloud

Professional services company Accenture uses a different approach and relies on users’ implied consent:

Professional services company Accenture uses a different approach and relies on users’ implied consent

There is no clear option to allow or refuse cookies, therefore if someone ignores this notice and doesn’t actively click on “Cookies Settings”, Accenture seems to interpret this as implied consent to the use of cookies.

If one chooses to click on “Cookies Settings” they are faced with an overview and short explanation of the cookies used on the website as well as the option to change the default settings, which is to allow all cookies, by sliding the toggle switches to the left.

If one chooses to click on “Cookies Settings” they are faced with an overview and short explanation of the cookies used on the website as well as the option to change the default settings, which is to allow all cookies, by sliding the toggle switches to the left.

This is a different approach from the one used by the European Commission above.

Depending on where your website users are located you may want to request active, affirmative consent from your website visitors by using a cookie banner with a checkbox that has to be ticked or an “I agree” button that has to be clicked instead of relying on implied consent, as some countries’ privacy regulations are stricter than others and prohibit the use of pre-ticked boxes, instead of requiring clear and positive action from website users.

Accenture’s cookie policy is otherwise pretty standard, defining first and third-party cookies, their purpose, the types of cookies and tracking technologies used on the website, and how one can manage their preferences through the cookie consent manager.

Accenture’s cookie policy is otherwise pretty standard, defining first and third-party cookies, their purpose, the types of cookies and tracking technologies used on the website, and how one can manage their preferences through the cookie consent manager.

After determining which laws you have to comply with, especially if the GDPR and ePrivacy Directive apply to you, drafting a compliant cookie policy should not seem insurmountable. You can draft your own or use our cookie policy generator for peace of mind, knowing that it is regularly updated to keep track of the latest and ever-changing global privacy laws and regulations.

And remember, if you make significant changes to your cookie policy, such as by adding new third-party cookies, you will want to request new consent from your users as they may not be comfortable with the changes made. And be specific, name the third-parties and explain why and how the information collected is used by them.