3.1 Navigation and Function

CILEX uses Cookies for navigational and functional purposes. When a User accesses a CILEX website, encrypted session Cookies are used to validate the Users access to different parts of the Website. For example, for CILEX Members this relates to items, such as keeping a record of log-in details, so that they do not have to type in their Username and Password every time they visit the myCILEX section.

3.2 Analytics

CILEX collects information about how people access and use its Websites using an Analytics Tool. The CILEX Websites use Google Analytics. This is an analytics service provided by Google, Inc. Google Analytics uses Cookies to help CILEX to understand how users use its websites. This ensures that CILEX can optimise and improve the User experience of the Websites. Read more about how Google uses cookies here.

3.3 Cookies used by Analytics Platforms

This category comprises of Cookies used to evaluate Site Performance, in terms of the number of visits, unique visitors, the drop-off rate for transactions and so on:

Name	Expiration	Description
_ga	2 Years	This Cookie is installed by Google Analytics. The Cookie is used to calculate visitor, Session and Campaign Data and to keep track of the Site Usage for the Site’s Analytics Report. The Cookies store information anonymously and assign a randomly generated number to identify unique Visitors.
_gid	1 Day	_This Cookie is installed by Google Analytics. The Cookie is used to store information of how Visitors use a Website and helps in creating an Analytics Report of how the Website is performing. The data collected, including the number of Visitors, the source of where they have come from and the pages visited in an anonymous form.
_gat_*	1 Year	Used by Google Analytics to throttle the request rate (to limit the collection of data on high traffic sites).
__utma	2 Years from set / update	Helps to calculate Unique Visitor Numbers.
__utmb	30 Minutes from set / update	Helps to calculate Visitor Session Length.
__utmc	Not set	Helps to calculate Visitor Session Length and whether a session has expired.
__utmz	6 Months from set / update	Works out referrals from other Domains.
_hjid	1 Year	This Cookie is set by Hotjar. This Cookie is set, when the customer first lands on a page with the Hotjar script. It is used to persist with the random User ID, which is unique to that site on the Browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same User ID.
_hjFirstSeen	30 Minutes	This is set by Hotjar to identify a new User’s first session. It stores a true or false value indicating, whether this was the first time Hotjar has seen this User. It is used by Recording filters to identify new User sessions.
_hjIncludedInPageviewSample	1 Year	This Cookie is set to let Hotjar know, whether that visitor is included in the data sampling defined by your Site’s Page View Limit.
_hjAbsoluteSessionInProgress	1 Year	The Cookie is set, so that Hotjar can track the beginning of the user’s journey for a total session count. It does not contain any identifiable information.
_hjIncludedInSessionSample	1 Year	This Cookie is set to let Hotjar know, whether that visitor is included in the data sampling defined by your site’s daily session limit.
_hjRecordingLastActivity	End of Session	This should be found in Session Storage (as opposed to Cookies). This gets updated, when a Visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).
_hjRecordingEnabled	End of Session	This is added when a Recording starts and is read, when the recording module is initialised to see, if the User is already in a recording, in a particular session.
bscookie	2 Years	This Cookie is a Browser ID Cookie set by LinkedIn Share Buttons and Ad Tags.
bcookie	2 Years	This Cookie is set by LinkedIn. The purpose of the Cookie is to enable LinkedIn functionalities on the page.
__hstc (*)	13 Months	The main Cookie for tracking Visitors. It contains the domain “utk”, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit) and session number (increments for each subsequent session).
Hubspotutk (*)	13 Months	This Cookie keeps track of a Visitor’s identity. It is passed to HubSpot on form submission and used, when deduplicating contacts. It contains an opaque GUID to represent the current visitor.
__hssc (*)	30 Minutes	This Cookie keeps track of sessions. This is used to determine, if HubSpot should increment the Session Number and timestamps in the __hstc Cookie. It contains the Domain, View Count (increments each page view in a session) and Session Start Timestamp.
__hssrc (*)	End of Session	Whenever HubSpot changes the Session Cookie, this Cookie is also set to determine, if the visitor has restarted their browser. If this Cookie does not exist, when HubSpot manages Cookies, it is considered a new session. It contains the value “1” when present.

(*) These Analytics Cookies are dropped by HubSpot, which is our platform to host the CPQ (CILEX Professional Qualification) landing pages and blog posts.

Considerations about Third-Party Cookies

Whilst CILEX takes all reasonable precautions to make sure that other organisations, who it deals with have good security practices, CILEX is not responsible for the privacy practices of other organisations, whose websites may be linked to its services or whose contact details it may provide on the Website. CILEX is not responsible for the Privacy Policies of Social Media or other Third-Party Providers with whom it has pages or accounts.

4. The Cookies That We Use

The following list gives the details of the Cookies that we use across our CILEX Website.

4.1 Strictly Necessary Cookies

These Cookies are necessary for the Website to function and they cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for Services, such as Log-In, saving Language Preferences, Privacy Preferences, filling in forms, Performance Measurement and Improvement, routing traffic between Web Servers, detection of the size of the screen, measuring page load times, improving User Experience, including relevance, Audience Measurement, detecting fraud and Abuse, securing our Product, personalisation essential to the User experience, First Party measurement and analytics of Site Usage. You can set your Web Browser to block or alert you to these Cookies, but some parts of the site will not function, if these are blocked. These Cookies do not store any personally identifiable information.

First Party Strictly Necessary Cookies

Cookie Name	Description	Expiry Duration
__cf_bm	The __cf_bm Cookie is a Cookie that is necessary to support Cloudflare Bot Management, currently in private beta. As part of our Bot Management Service, this Cookie helps to manage incoming traffic that matches the criteria associated with bots. This is a CloudFoundry Cookie.	0 Days
_OptanonConsent	This Cookie is set by the Cookie Compliance Solution from OneTrust. It stores information about the categories of Cookies that the site uses and whether Visitors have given or withdrawn their consent for the use of each category. This enables Site Owners to prevent Cookies in each category from being set in the User’s Browser, when their consent is not given. The Cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the Site Visitor.	1 Year
OptanonAlertBoxClosed	This Cookie is set by Websites using certain versions of the Cookie Law Compliance Solution from OneTrust. It is set, after Visitors have seen a Cookies Information Notice and in some cases, only when they actively close the notice down. It enables the Website not to show the message more than once to a User. The Cookie has a one-year lifespan and contains no personal information.	364 Days
_conv_s	Convert AB Testing	0 Days
_conv_v	This Cookie is the Visitor-Centric Cookie that has a lifetime of a maximum of 6 Months, from the last update time.	6 Months
_conv_sptest	Convert AB Testing	0 Days
_cfuvid	The _cfuvid Cookie is used by Cloudflare to distinguish individual Users, who share the same IP address for the purpose of enforcing Rate Limiting Rules.	0 Days

Third Party Strictly Necessary Cookies

Cookie Name	Description	Expiry Duration
ANONCHK	Testing	0 Days
SM	Testing	0 Days
MR	Testing	6 Days

4.2 Performance Cookies

These Cookies allow us to count visits and traffic sources, so that we can measure and improve the performance of our site. They help us to know, which pages are the most and least popular and to see how visitors move around the site. All information that these Cookies collect is aggregated and therefore it is anonymous. If you do not allow these Cookies, we will not know, when you have visited our site and we will not be able to monitor its Performance. There are no Third-Party Performance Cookies on our Website.

First Party Performance Cookies

Cookie Name	Description	Expiry Duration
_hjTLDTest	When the Hotjar script executes, we try to determine the most generic Cookie path that we should use, instead of the page hostname. This is done, so that Cookies can be shared across subdomains (where applicable). To determine this, we try to store the hjTLDTest Cookie for different URL substring alternatives until it fails. After this check, the Cookie is removed.	0 Days
_ga_xxxxxxxxxx	To generate Statistical Data on how the Visitor uses the Service.	0 Days
_ga_xxxxxxxxxx	NAUsed by Google Analytics to identify and track an individual session with your Device.	0 Days
__hssc	This Cookie name is associated with Websites built on the HubSpot Platform. It is reported by them as being used for Website Analytics.	0 Days
__hstc	This Cookie name is associated with Websites built on the HubSpot Platform. It is reported by them, as being used for Website Analytics.	5 Months
_hjSessionUser_2505882	Hotjar Cookie that is set, when a User first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the Browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.	1 Year
__hssrc	This Cookie name is associated with Websites built on the HubSpot Platform. It is reported by them as being used for Website Analytics.	0 Days
_hjSession_2505882	A Cookie that holds the current session data. This ensures that subsequent requests within the session window will be attributed to the same Hotjar session.	0 Days
_gclxxxx	Google Conversion Tracking Cookie.	2 Months
_gax	This Cookie is used to distinguish unique Users by assigning a randomly generated number, as a Client Identifier.	1 Year
_conv_r	his Cookie Name is used to hold the referral data for the current Visitor, including Source Name, Referral Medium and Referrer Search Terms. It is overwritten each time the Visitor comes from a new Referrer.	0 Days

4.3 Functional Cookies

These Cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by a Third-Party Provider, whose services we have added to our pages. If you do not allow these Cookies, then some or all of these services may not function properly.

First Party Functional Cookies

Cookie Name	Description	Expiry Duration
hubspotutk	This Cookie name is associated with Websites built on the HubSpot Platform. HubSpot report that its purpose is User authentication. As a persistent rather than a session Cookie, it cannot be classified as Strictly Necessary.	5 Months
Survey-Started-x	This domain is owned by the UK company Dot Mailer and it is used to deliver Customer Survey Services and functionality.	0 Days
cf_clearance	Used to verify that the User is not a bot and that a User/System has solved a challenge successfully.	0 Days

Third-Party Functional Cookies

Cookie Name	Description	Expiry Duration
__cf_bm	This is a CloudFoundry Cookie.	0 Days
__RequestVerificationToken	Testing	0 Days
MUID	Testing	1 Year
FormsWebSessionId	Testing	1 Month
_cfuvid	This domain is owned by Vimeo. The main business activity is: Video Hosting/Sharing.	1 Month

4.4 Targeting Cookies

These Cookies may be set through our Website by our Advertising Partners. They may be used by those companies to build a profile of your interests and to show you relevant adverts on other sites. They do not store directly personal information, but they are based on uniquely identifying your Browser and Internet Device. If you do not allow these Cookies, you will experience less targeted Advertising.

First Party Functional Cookies

Cookie Name	Description	Expiry Duration
_fbp	Used by Facebook to deliver a series of Advertisement Products, such as real time bidding from Third-Party Advertisers.	2 Months
ln_or	This is a LinkedIn Cookie used to determine, if Oribi Analytics can be carried out on a specific domain.	0 Days

Third-Party Functional Cookies

Cookie Name	Description	Expiry Duration
_GRECAPTCHA	This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of Products and Services. Its main source of revenue, however, is Advertising. Google tracks Users extensively both through its own Products, Sites and the numerous technologies embedded into many millions of Websites around the world. It uses the data gathered from most of these services to profile the interests of Web Users and to sell advertising space to organisations based on such interest profiles, as well as aligning adverts to the content on the pages, where its Customer’s Adverts appear.	5 Months
VISITOR_INFO1_LIVE	This Cookie is used, as a Unique Identifier to track the viewing of videos.	5 Months
MUID	This domain is owned by Microsoft and it is the site for the search engine Bing.	1 Year
__cf_bm	This is a CloudFoundry Cookie.	0 Days
MR	This domain is owned by Microsoft – it is the site for the search engine Bing.	6 Days
SRM_B	This domain is owned by Microsoft and it is the site for the search engine Bing.	1 Year
YSC	YouTube is a Google owned Platform for hosting and sharing videos. YouTube collects User Data through videos embedded in Websites, which is aggregated with profile data from other Google Services, in order to display targeted Advertising to Web Visitors across a broad range of their own and other Websites.	0 Days
_cfuvid	This domain is owned by Hubspot. The company provides a range of online Marketing and Sales Technology and Services.	0 Days
VISITOR_PRIVACY_METADATA	YouTube is a Google owned Platform for hosting and sharing videos. YouTube collects User Data through videos embedded in Websites, which is aggregated with Profile Data from other Google Services, in order to display Targeted Advertising to Web Visitors across a broad range of their own and other Websites.	5 Months
__Secure-ROLLOUT_TOKEN	YouTube is a Google owned Platform for hosting and sharing videos. YouTube collects User Data through videos embedded in Websites, which is aggregated with Profile Data from other Google Services, in order to display Targeted Advertising to Web Visitors across a broad range of their own and other Websites.	5 Months

4.5 Social Media Cookies (LinkedIn.com)

Social Media Third-Party Cookies

Cookie Name	Description	Expiry Duration
li_gc	This domain is owned by LinkedIn, the Business Networking Platform. It typically acts as a Third-Party Host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the Website that they are on, the Cookies are set regardless of whether or not the Visitor has an active LinkedIn Profile or agreed to their Terms and Conditions. For this reason, it is classified as a primarily Tracking/Targeting Domain.	5 Months
bcookie	This domain is owned by LinkedIn, the Business Networking Platform. It typically acts as a Third-Party Host, where Website Owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the Website that they are on, the Cookies are set regardless of whether or not the Visitor has an active LinkedIn Profile or agreed to their Terms and Conditions. For this reason, it is classified as a primarily Tracking/Targeting domain.	1 Year
lidc	This domain is owned by LinkedIn, the Business Networking Platform. It typically acts as a Third-Party Host, where Website Owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the Website that they are on, the Cookies are set regardless of whether or not the Visitor has an active LinkedIn Profile or agreed to their Terms and Conditions. For this reason, it is classified as a primarily Tracking/Targeting domain.	0 Days

Social Media Plugins

We use Services, such as Social Sharing and these are offered by different companies. These companies may drop Cookies onto your computer, when you use them on our Website or if you are already logged in to them.

These Social Media Cookies are set by a range of Social Media Services that we have added to the site to enable you to share our content with your friends and networks. They can track your Browser across other sites and build up a profile of your interests. This may impact the content and messages that you see on the other Websites that you visit. If you do not allow these Cookies, you may not be able to use or see these Sharing Tools.

Here is a list of places, where you can find out more about specific Services that we may use and their use of Cookies:

• – Google Privacy Policy
• – Meta Privacy Policy
• – Twitter Privacy Policy
• – Hivebrite Privacy Policy

If you would like to disable “Third-Party” Cookies generated by these Providers, you can turn them off by going to the Third-Party’s Website and getting them to generate a one-time “Decline All/No Thanks” Cookie that will stop any further Cookies being written to your machine.

4.6 Other Cookies

First-Party Cookies

Host	Cookie Name	Expiry Duration
email.cilex.org.uk	respondentid4X7F-E2Fcount	0 Days
email.cilex.org.uk	LP-x	1 Month
email.cilex.org.uk	respondentid4X7F-E2F	1 Month
email.cilex.org.uk	responder-4X7F-E2F	0 Days
cilex.org.uk	_conv_check_cookies	4 Years

Third-Party Cookies

Host	Cookie Name	Description	Expiry Duration
hubspotusercontent.com	_cf_bm	This is a Cloud Foundry Cookie.	0 Days
forms.cloud.microsoft	MUID	This Domain is owned by Microsoft and it is the site for the Search Engine Bing. Testing.	1 Year
hubspotusercontent-eu1.net	__cf_bm	This is a Cloud Foundry Cookie.	0 Days

Other Third Party Cookies (cilexcpqtransitiontool.org.uk/)

Name	Purpose	Description
Laravel XSRF	Security	Used on the page hosting our CPQ Transition Tool prevent cross-site scripting attacks.
Laravel Session	Security	Used on the page hosting our CPQ Transition Tool to keep the session of the user stable (no data is stored in the session).

5. Disabling/Enabling Cookies

You have the ability to Accept All, Decline All or Manage Preferences for the use of Cookies from the Cookies Notice that appears, when you view the website. However, we would like you to have the best experience of our Website and it is likely that disabling cookies will limit the functionality of the CILEX Website.

In the Manage Preferences section, there is an explanation of each of the Cookies’ functions and you can choose to opt in or remain opted out of each Cookie Type listed, except for the Strictly Necessary Cookies. The other Cookies are Performance Cookies, Functional Cookies, Targeting Cookies and Social Media Cookies. Please see the Cookies Banner Notice for further information.

If you are concerned about the use of Cookies, in relation to “Spyware” you can use anti-spyware software to delete Cookies that may be considered invasive, rather than disabling the Cookies altogether.

6. Consent

By accepting Cookies with your Browser Settings and using the CILEX Website, you consent to the processing of data about you by CILEX, its subsidiaries and Google in the manner and for the purposes set out above.

As long as CILEX does obtain consent the first time that Cookies are set, CILEX does not have to repeat it every time the same person visits the Website. However, it is good to keep in mind that devices may be used by different people. If there is likely to be more than one User, so CILEX repeats this process at suitable intervals. You can also clear Cookies from your Web Browser Settings prompting all Websites to initiate their Cookie Notice consent with a view to actioning your Cookies Preferences and this can be done at any time.

7. Further information

We will not use Cookies to collect personally identifiable information about you. However, if you wish to restrict or block the Cookies, which are set by our Websites or indeed any other Website, you can do this through your Web Browser Settings. The ‘Help’ function within your browser, should tell you how to do this. Alternatively, you may wish to visit the About Cookies website. The website contains comprehensive information on how to manage Cookies across a wide variety of Browsers. You will also find details on how to delete Cookies from your Device, as well as more general information about Cookies.

A comprehensive set of Guidelines for the use of Cookies can be accessed from the UK’s Information Commissioner’s Office.

You can also find information on How to Clear Cookies, as well as information from the ICO on Cookies.

If you wish to view your Cookie Code, just click on a Cookie to open it. You will see a short string of text and numbers. The numbers are your identification card, which can only be seen by the Server that provided the Cookie.

For information on how to do this within the Web Browser of your Mobile Phone, you will need to refer to your Mobile Handset Manual or visit the help section of your Mobile Provider’s Website.

To opt-out of Third-Parties collecting any data regarding your interaction on our Website, please refer to their Websites for further information.

8. Withdrawing Consent for Cookies

Once consent has been obtained by CILEX, Users or Subscribers may choose to withdraw that consent at any time. They can withdraw the consent by clearing the Cookies via the Internet Browser Settings. (Please see the above ICO link for the instructions on how to clear the Cookies). However, if a user decides to disable the Cookies, this may detrimentally affect the general functionality of the CILEX Website experience.

9. Contact CILEX

If users have any questions about how CILEX process their Personal Data, they should log in to MYCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on ‘My Query Relates to’ section. If users do not have access to the MYCILEX Portal or they do not wish to log their details on the system, they can contact us by email at [email protected].

10. Contact the ICO (Information Commissioner’s Office)

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office. Their contact details are:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Website: www.ico.org.uk

Legal Obligations

The Statutory and/or Regulatory Directives and Legislation on which this Policy is based upon is the current UK Data Protection Legislation.

This is all applicable UK Data Protection and Privacy Legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding Legislation and all other applicable Laws, Regulations, Statutory Instruments and/or any Codes, Practice or Guidelines issued by the relevant Data Protection or Supervisory Authority in force from time to time and applicable to a Party, relating to the processing of Personal Data and/or governing individual’s rights to privacy.

From 28th June 2021, the UK has been granted an adequacy decision by the EU, which covers data transfers between the UK and the EU and this adequacy decision is due to be reviewed on 28th June 2025 with a view to this safeguard remaining in place for UK/EU Data Transfers.

CILEX complies with its obligations set up in Privacy and Electronic Communications Regulations (PECR) related to the use of Cookies by:

• – Informing people that its Cookies are there;
• – Explaining what the Cookies are doing and why; and
• – Obtaining the person’s consent to store a Cookie on their device.

For further information on Data Protection, please see our Privacy Policy. Our Cookies Policy is reviewed and updated regularly.

—

Correct as of: January 2025

Next Formal Review Date: January 2026