Privacy and cookies
On May 25, 2018, the General Data Protection Regulation (GDPR) came into force and the cookie law differ from country to country. It is up to the owner of a website to ensure the site is compliant to the rules of the country your visitors come from. You need to check this with a reliable lawyer.
Under the GDPR act, EU citizens got the power to control the personal information they wish to share online but there is much discussion about what is really necessary and what is compliant to the law.
Cookies are nothing but a text file supplied by the server to your browser whenever a user access the site. The main purpose of a cookie is to profile user activity and send this information back to the server so the web page can be customised for the user based on his activity. Cookies can also be used for many other things like:
• Keep a user Logged-in
• Save the shopping cart items
• Product recommendations
• Custom user interfaces
Every time a user visits a web site the browser will establish a new connection with the sever but without any knowledge about the previous connections. The only way for the browser to track the user is by using a cookie provided by the web server.
For example: If you login to a shopping site and open a product in a new tab the browser will establish a new connection without any knowledge about the previous tab in which the user is already logged in but for the browser to retain your information such as logged in status, cart items etc it uses the cookie supplied by the server.
You can manually clear cookies from your browser and verify the same.
Cookie Handling and Cookie Consent Messages
According to the EU cookie law the users should have the choice to accept or refuse the cookies. Lets take a look at different scenarios:
If user accepts cookies
• You can decide if he must opt-in for nonessential cookies.
• If the user decides to refuse essential cookies only 2 cookies are kept to save this selection and to hide the message bar and another one if he must opt-in – all other cookies will be removed.
• Silent accept is enabled by default which will accept all cookies and services on page load.
If user do NOT accepts cookies
- A customizable popup message appears to inform the user that some crucial functions of the site like e.g. sessions, shopping cart,… will not work properly.
- We also try to remove all cookies set in the site domain, but this is not guaranteed because of browser security or WP or plugins (e.g. WooCommerce) may continue to add cookies after removing.
- Third-party plugins might add their cookies to a specific path. To remove these cookies you need to add the cookie path manually to custom cookies in theme options (case sensitive, path must be exactly the same as seen in developer tools).
- Cross-domain cookies from external services are only loaded when needed and it cannot be removed at all by a script. Enfold offers the possibility to opt-in/opt-out of services provided by our theme to solve this.
In order to offer your users a better experience you can use the shortcodes listed below, these shortcodes can also be found in the Enfold theme options > Privacy and Cookies > Shortcode tab:
Please note: To change the default text in the shortcodes please use the shortcode in the below format
[av_shortcode_name] Your text here
Enable cookie consent message bar or modal window
Enfold theme is GDPR ready! To access the GDPR Settings go to Enfold > Privacy and Cookies here you can change the settings for the
Enable cookie consent message bar
Enable cookie consent modal window
Use as a simple notification bar
If for some reason you do not wish to use the cookie concent option. If required, you can enable the simple message bar option to display a message or a notification on your site from Endold > Privacy and Cookies > Cookie Handling and Cookie Consent Messages > Enable cookie consent messages
After the cookie concent options is activated please scroll down and enable the Advanced Options > Select use of the message bar > Use as a simple message bar without cookie logic
To use the cookie logic without displaying the cookie message bar to your users please add the below code to your functions.php file:
// Use cookie logic but hide the cookie message bar add_theme_support( "avia_gdpr_permanent_hide_message_bar" );
Note: If the cookie settings are updated (changes to the message bar buttons, labels, message etc) users will be prompted again for confirmation accepting essential cookies will be enabled.
Cookie consent buttons
Cookie consent buttons can be accessed from Enfold > Cookies and privacy when you enable the cookie consent option. The buttons can have the below options:
- Accept settings and dismiss notification.
- Accept all cookies and services, dismiss notification.
- Do not accept and hide notification.
- Open info modal on privacy and cookies.
- Link to another page.
A cookie badge can be displayed at the bottom of your site so that users who alreadt accepted the cookies can access the cookien options again if they like to change any settings after accepting them.
Enable the cookie badge from Endold > Privacy & Cookie > Advanced Options > Show reopen badge after the cookie concent options is activated.
Default Cookie and Services Option Settings
All cookies and services accepted on page load, user can opt out
All cookies are selected, user can opt out, all services are already active (implicit acceptance of cookies – not DSGVO compilant). When the user click the ok button all cookies and services are accepted.
User must accept and can opt out, all selected by default
All selected, user can opt out, cookies and services blocked until user accepts settings.
User must accept and must opt in, only essential cookies selected
Only the 2 toggles “permanent hiding message bar” and “enable essential cookies”
If a user does not address the settings and only accepts cookies the site will have all basic functions excluding external services – this is an intuitive behaviour and what a user would expect.
As everything is blocked until user clicks the accept button this is GDPR compliant (there are discussions, but many people interpret the rules that a user cannot refuse essential website cookies).To allow website owners to be on the safe side using
add_theme_support('avia_privacy_basic_cookies_unchecked'); will also uncheck the 2 toggles.
Essential cookies are accepted on first page load, user must opt in
Essential cookies are expected to be accepted by user by default – cookies needed by Enfold are stored and cookies from 3rd party like WooCommerce, WPML, …. are not removed. External services provided by Enfold are blocked until user opts in.
Please remember that it is the responsibility of the website owner to fulfill the local rules for data privacy. We added this option because some user requested it. If you are in doubt recheck with a lawyer if you can use this option.
In case you use plugins and you want to allow visitors to opt in for these specific cookies you have to find out what cookies are set by the plugin and use Additional Custom Cookies section (located in advanced options section) to add checkboxes for these cookies.
Note: Essential cookies are all cookies needed by the site to work properly e.g. Enfold cookies for WooCommerce the cart, for WPML etc. aviaCookieConsent and aviaPrivacyRefuseCookiesHideBar are the 2 basic cookies needed to hide the message bar permanently on returning visits to the site but blocks all services and other cookies.
How to style the message bar?
To style your Cookie consent message bar, go to Enfold options > Advanced styling and select the Cookie Consent Message Bar from the drop-down list.
Can users update the cookie settings?
You can find this option in Endold > Privacy & Cookie > Advanced Options > Show reopen badge
User have the possibility to opt out or opt in with toggles. These toggles are shortcodes you can add to the modal popup widow and additionally to a privacy page. See theme options page or scroll to the shortcode section on this page for shortcodes.
- Then go to Appearance > Menus and create a new footer menu.
- Select the newly created pages from the list of pages, check “Enfold footer menu” under Menu settings and save your menu.
For step by step instructions to add a menu item to the menu please check Menu Setup.
Manually clear the cookies from the browser
- Open Chrome developer tools from Settings > More Tools > Developer Tools or by using the keyboard shortcode Ctrl + Shift + I
- Go to Application tab
- On the sidebar under Storage expand the Cookies
- A list of visited sites will appear. To clear all the cookies you can right-click the domain name and select “Clear” or individually delete the cookies from the result tab.
If you clear the cookies and refresh the page the browser will treat this as a new connection without any reference to your previous session in case you were already logged in you will be asked to log in again.
How to check for enabled cookies?
We provide a shortcode
to display a list of cookies that can be read by Enfold. Due to browser and js security only the name and value of cookies are available. To remove/manipulate them also the path would be necessary – Enfold only uses path “/”. If you have cookies with a path you must define them in Additional Custom Cookies – then Enfold can try to remove them (but this cannot be guaranteed).
For basic cookies enfold already provides a description. You can alter or extend the description text using filter avf_privacy_cookie_infos. An example how to use the filter: https://github.com/KriesiMedia/enfold-library/blob/master/actions%20and%20filters/Privacy%20and%20Cookies/avf_privacy_cookie_infos.php
To display this list in an own tab in default privacy modal popup you must add
add_theme_support( 'avia_privacy_show_cookie_info' );
Additional Custom Cookies
There are 5 fields in this section:
- Cookie Name: Name of the cookie you would like to define
- Cookie Path: Path of the cookie
- Description For Toggle: Description displayed next to enable/disable toggle
- Description for Cookie Info List: Description in cookie list displayed using “av_privacy_cookie_info” shortcode
- Compare Action:
- Cookie Equals Cookie Name: Only cookies with “plugin_cookie” name would be removed
- Cookie Starts With Cookie Name: Cookies that start with “plugin_cookie” would be removed (E.g.: “plugin_cookie-one”, “plugin_cookie-two”)
- Cookie Contains Cookie Name: Cookies that have “plugin_cookie” in their name would be removed (E.g.: “my_plugin_cookie_cookie”, “custom_plugin_cookie”)
To define custom cookies, you would need to know cookie name and cookie path. You can find them in developer tools of your browser:
Let us take “tk_ai” WooCommerce cookie for example (more information on WooCommerce cookies can be found here).
Cookies from enfold start with avia. aviaCookieConsent is set when user has clicked the accept button, if this is missing it is a new visitor or he refused cookies at all.
Enfold saves opt out cookies for services (corresponding to the toggles):
aviaPrivacyMustOptInSetting is used to store if you selected option “User must opt in” in backend.
aviaCookieSilentConsent is used when you selected option “All cookies and services accepted” in backend.
Samesite cookie message
you can solve the samesite cookie message by adding this to your wp-config.php:
define( 'WP_SAMESITE_COOKIE', 'Lax' );
“Lax” is default, you can try “strict” or “none” as well.