Why do you need a cookie policy?

The ePrivacy Directive requires website operators and other online providers that set cookies on their users' devices to provide visitors with clear and comprehensive information about the purposes for which the cookie is stored and accessed.

This cookie policy forms part of a layered approach to comply with this obligation. An organisation can either link to the cookie policy directly from a prominent place on their website (for example, the website header or footer), or they can link to it from a short-form notice or the relevant place in their privacy policy. However, it is important to bring the policy to the attention of the user and seek their consent before placing cookies.

The GDPR specifically refers to cookies and states that:

“Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.” (Recital 30)

In other words, where a cookie is used to uniquely identify a device, or in combination with other data, the individual associated with or using that device, then it should be treated as personal data. The use of pseudonymisation, for example, random strings of numbers or letters, which is what cookies typically contain to give them uniqueness, still makes them personal data.

As a result of this wide-reaching definition the GDPR and the ePrivacy Directive together are likely to cover nearly all forms of advertising/targeting cookies; web analytics; and functional services such as online chat or login credentials.

Because the GDPR moves away from implied consent and introduces the idea that consent should be given by a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of agreement to personal data processing then it should come as no surprise that cookies, which may capture personal data, will also require an opt-in style consent.

Falling back on a concept such as legitimate interest is also not recommended. Legitimate interest is not a “free pass” to get around consent and the first port of call should always be an attempt to get fully informed explicit consent in a recorded format. The GDPR sets out conditions for using legitimate interest, for example, considering whether the relationship between the organisation (as data controller) and the data subject is such that, on balance, the interests of the organisation out weight that of the data subject. In the context of a website and, in particular, where the organisation uses third-party cookies for profiling and analytics then it would be difficult to argue that the organisation has a legitimate interest that out weights the rights and freedoms of a data subject. If an organisation were to rely on legitimate interest for the purposes of placing cookies then this would not trump the right of the data subject to object to that processing taking place – so even if the organisation could rely on legitimate interest and set cookies without consent then it would still need to provide the data subject with the ability to opt-out at which point you may as well incorporate opt-in style consent.

It is important to keep in mind that the purpose of the GDPR is to give the data subject greater control over their personal data – the legislation is not drafted with the commercial interests of the organisation in mind. Rather than focusing on legitimate interest or other means that are less optimal, the organisation should focus on ensuring that the website has the requisite functionality and features to handle cookie compliance.

This is not new law and has been around, in some shape or form, since 2011.

How to use this policy

The cookie policy should, ideally, be a standalone page that is easily accessible on the organisations website. This can, for example, include inserting a link to the policy in the header or footer of the website and including a link in the sitemap. It can then be cross-linked with other policies, for example, the privacy policy and website retention policy.


Last Updated: 13:06.2018

Thank you for visiting the Circulation Foundation

We hope that you enjoy using our site. We’ve prepared this Cookie Policy to help you better understand and to feel more confident about how we use cookies on our site located at: www.circulationfoundation.org.uk. We have tried to keep this document as short as we legally can. However, the full text wording is important and legally binding.

Please read the following carefully to understand our views and practices regarding cookies and how we use them when you visit our site.

For convenience, we have divided our data protection policies into three separate pages:

  1. Our Privacy Policy

You can find our privacy policy which explains generally how we collect, use, store, and protect your personal information.

   2. Our Cookie Policy

This policy explains more about how we may collect personal information about you via cookies (it also explains what cookies are).

   3. Our Retention Policy

You can find out how long we may hold onto your personal information.

If you have any questions please do not hesitate to contact our appointed Data Privacy Officers, Fitwise Management Limited, at privacyofficers@fitwise.co.uk or, if you prefer to call or write to us, then you can find our contact details at the bottom of this page.


The Circulation Foundation is the charitable foundation of the Vascular Society. Charity Number: 1102769. We are the Vascular Society. We are registered in England as a limited liability company. Our registered number is 05060866 and our registered office is at 146 New London Road, Chelmsford, Essex, England, CM2 0AW.

But, for the purposes of this Privacy Policy, it’s just easier if we refer to ourselves as “we”.


We use various technologies on our site to collect information that helps us improve your online experience. We refer to these technologies which include cookies, collectively as “cookies”. This Cookie Policy explains the different types of cookies used on our site and how you can control them.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device. Cookies are widely used throughout the Internet in order to make sites or other online services work or to be better or more efficient. They can do this because sites and other online services can read and write to the cookies stored on your device, enabling them to recognise you and remember important information that will make your use of them more convenience, for example, by remembering your preferences, username, or showing you pages that you seemed to have a particular interest in.

If you consent to us storing cookies on your computer or other electronic device then you agree that we can store and access cookies as described in this policy.


When you visit our site you should see an overlay at the bottom of your screen directing you to this Cookie Policy and our Privacy Policy.

By clicking or selecting the “ok” button that appears in the overlay then you are demonstrating to us that you are freely giving us informed and specific consent for us to place cookies on your device for the purposes specified in this Cookie Policy and you are accepting and consenting to the practices described.

If you do not click or select the “ok” button that appears in the overlay then we will not place cookies on your device.

The duration of each cookie that we may place on your computer can be found in our Retention Policy [HERE].

If you do not see an overlay at the bottom of your screen then you may have already accepted our Cookie Policy and our Privacy Policy. You may also be using a pop-up blocker or similar tools that may prevent this policy from being brought to your attention. Please ensure that any pop-up blockers are disabled when you use our site. If you’re unsure then scroll down to the bottom of this page where we explain how you can manage your cookies.


Our site uses cookies to distinguish you from other users of our site and to save and retain certain parameters about you and your usage of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.

There four different categories of cookies that we may use on our site:

Essential cookies: These are cookies that are essential for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site or make use of e-billing services. We also use cookies to prevent fraudulent use of your login credentials. These cookies are essential for using our site and, therefore, if disabled can severely affect your use of our site.

Analytical/performance cookies: Performance cookies allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. These cookies also allow us to see overall patterns of usage on our site and help us record any difficulties you may have with our site.

Functionality cookies: In some circumstances we may use functionality cookies. These are used to recognise you when you return to our site or provide enhanced and more personalised features, for example, to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies: We and our service providers and partners may use targeting or advertising cookies to record your visit to our site, the pages you have visited and the links you have followed. For example, we may use targeting or advertising cookies to limit the number of times you see the same ad and to help measure the effectiveness of any campaigns. We may also use this information to make our site and any advertising (if applicable) displayed on it more relevant to your interests.

If you would like more information about cookies and how you can manage the settings on your computer, you can visit http://www.allaboutcookies.org/manage-cookies/.


You can find more information about the individual cookies we use on our site and the purposes for which we use them in the table below:

Cookie Name

Purpose and Content

[Example Cookie 1]

Analytics/performance cookie

Used to distinguish users and sessions when they connect to our site


Randomly generated number



[Google Analytics]

[Example Cookie 2]

Analytics/performance cookie

Used to determine new sessions/visits

Randomly generated number



[Google Analytics]


Google Analytics

The cookies used by Google Analytics are used to collect information about how you use our site. We use this information to compile reports and to help us improve our site. The cookie collects information in an anonymous form, including the number of visitors to our site, where visitors have come to the site from and the pages that they visited.

You can read more about Google’s overview of privacy and safeguarding your data at https://support.google.com/analytics/answer/6004245.

Third Parties

Please note that third parties (including, for example, web traffic analysis services such as Google Analytics) may also use cookies, over which we have no control.


You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. You may also delete any cookies stored on your computer at any time.

You can find out more about changing cookie settings on your computer by visiting http://www.allaboutcookies.org/manage-cookies/.


Different cookies may be stored for different periods of time. In many cases these cookies are updated automatically each time you visit our site or may expire and be deleted by your computer automatically. It is important to understand that when a cookie is placed on your computer it will reside on your hard drive until it expires and is deleted or it may reside on your hard drive until you manually delete it – this entirely depends on your individual browser settings and we do not have control over this.

The duration of each cookie that we may place on your computer can be found in our Retention Policy.

Please remember that you can delete or change the way in which you store cookies on your computer at any time.


We may need to change this Cookie Policy if it’s necessary for legal reasons or to reflect changes to our services or the purpose for which we use cookies. In any case, the provisions of this Cookie Policy may be changed without prejudice to your rights. When we change our Cookie Policy we will make the updated Cookie Policy available on our site and we will also update the “Last Updated” date at the top of this page.

Any changes to our Cookie Policy will come into effect 30 days after we post it on our site. During that period you’re welcome to contact us if you have questions about the changes. If you have an account for our site then we may reset your login and seek new consent if there is a change in the purpose for which we may use cookies.


Please also check out our Privacy Policy, which gives more information about how we protect your privacy.


This Cookie Policy was prepared with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of how cookies may be used to collect and/or process your personal information. However, we are happy to provide additional information or explanation needed.

If you have any questions, comments or requests regarding our Cookie Policy then please do not hesitate to get in touch with us. To make things easier for both of us we would appreciate it if your queries were addressed to:

Data Privacy Officers

Fitwise Management Limited

Blackburn House

Redhouse Road

Seafield, Bathgate

West Lothian

United Kingdom




Telephone: +44 (0)1506 811077