Cookies Policy

CILEX (The Chartered Institute of Legal Executives) Cookies Policy

1. Introduction

This Cookies Policy is to help members of the public and our members to understand how we use Cookies on our CILEX website, including the CILEX Foundation Portal linked to this website. Our Cookies Banner Provider is One Trust. For the Cookies Policies, relating to the CILEX Law School, CILEX Regulation, IoP (Institute of Paralegals) and PPR (Professional Paralegal Register) websites, please follow the link to the Cookies Policy via their website.

2. About Cookies

A Cookie is a small file, typically of letters and numbers and downloaded onto a device, when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit. Cookies are useful, because they allow a website to recognise a user’s device.

In relation with Cookies, CILEX is committed to ensuring that we:

  • Notify people that the Cookies are there,
  • Explain what the Cookies are doing, and
  • Obtain their consent to store a Cookie on their device.

For administration of its website, CILEX may use Session Cookies; a Session Cookie is a temporary file stored in a web browser that is deleted, when either it expires or the browser is closed. No personal information is stored permanently within a Cookie from this website.

3. The CILEX Cookies Policy

The main purpose of our use of Cookies is to provide you with the most optimised user experience possible.

3.1 Navigation and Function

CILEX uses Cookies for navigational and functional purposes. When a user accesses a CILEX website, encrypted session Cookies are used to validate the Users access to different parts of the website. For example, for CILEX Members this relates to items, such as keeping a record of log-in details, so that they do not have to type in their username and password every time they visit the myCILEX section.

3.2 Analytics

CILEX collects information about how people access and use its websites using an analytics tool. The CILEX websites use Google Analytics. This is an analytics service provided by Google, Inc. Google Analytics uses Cookies to help CILEX to understand how users use its websites. This ensures that CILEX can optimise and improve the user experience of the websites. Read more about how Google uses cookies here.

3.3 Cookies used by Analytics Platforms

This category comprises of Cookies used to evaluate site performance, in terms of number of visits, unique visitors, drop-off rate for transactions and so on:

Name Expiration Description
_ga 2 Years This Cookie is installed by Google Analytics. The Cookie is used to calculate visitor, session and campaign data and to keep track of the site usage for the site’s analytics report. The Cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid 1 Day _This Cookie is installed by Google Analytics. The Cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is performing. The data collected, including the number of visitors, the source of where they have come from and the pages visited in an anonymous form.
_gat_* 1 Year Used by Google Analytics to throttle the request rate (to limit the collection of data on high traffic sites).
__utma 2 Years from set / update Helps to calculate unique visitor numbers.
__utmb 30 Minutes from set / update Helps to calculate visitor session length.
__utmc Not set Helps to calculate visitor session length and whether a session has expired.
__utmz 6 Months from set / update Works out referrals from other domains.
_hjid 1 Year This Cookie is set by Hotjar. This Cookie is set, when the customer first lands on a page with the Hotjar script. It is used to persist with the random user ID, which is unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
_hjFirstSeen 30 Minutes This is set by Hotjar to identify a new user’s first session. It stores a true or false value indicating, whether this was the first time Hotjar has seen this user. It is used by Recording filters to identify new user sessions.
_hjIncludedInPageviewSample 1 Year This Cookie is set to let Hotjar know, whether that visitor is included in the data sampling defined by your site’s page view limit.
_hjAbsoluteSessionInProgress 1 Year The Cookie is set, so that Hotjar can track the beginning of the user’s journey for a total session count. It does not contain any identifiable information.
_hjIncludedInSessionSample 1 Year This Cookie is set to let Hotjar know, whether that visitor is included in the data sampling defined by your site’s daily session limit.
_hjRecordingLastActivity End of Session This should be found in Session storage (as opposed to Cookies). This gets updated, when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records).
_hjRecordingEnabled End of Session This is added when a Recording starts and is read, when the recording module is initialized to see, if the user is already in a recording, in a particular session.
bscookie 2 Years This Cookie is a browser ID Cookie set by LinkedIn share Buttons and ad tags.
bcookie 2 Years This Cookie is set by LinkedIn. The purpose of the Cookie is to enable LinkedIn functionalities on the page.
__hstc (*) 13 Months The main Cookie for tracking visitors. It contains the domain “utk”, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit) and session number (increments for each subsequent session).
Hubspotutk (*) 13 Months This Cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used, when deduplicating contacts. It contains an opaque GUID to represent the current visitor.
__hssc (*) 30 Minutes This Cookie keeps track of sessions. This is used to determine, if HubSpot should increment the session number and timestamps in the __hstc Cookie. It contains the domain, view count (increments each page view in a session) and session start timestamp.
__hssrc (*) End of Session Whenever HubSpot changes the session Cookie, this Cookie is also set to determine, if the visitor has restarted their browser. If this Cookie does not exist, when HubSpot manages Cookies, it is considered a new session. It contains the value “1” when present.

(*) These Analytics Cookies are dropped by HubSpot, which is our platform to host the CPQ (CILEX Professional Qualification) landing pages and blog posts.

Considerations about Third-Party Cookies

Whilst CILEX takes all reasonable precautions to make sure that other organisations, who it deals with have good security practices, CILEX is not responsible for the privacy practices of other organisations, whose websites may be linked to its services or whose contact details it may provide on the website. CILEX is not responsible for the Privacy Policies of social media or other Third-Party providers with whom it has pages or accounts.

4. The Cookies That We Use

The following list gives the details of the Cookies that we use across our CILEX website.

4.1 Strictly Necessary Cookies

These Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as log-in, saving language preferences, privacy preferences, filling in forms, performance measurement and improvement, routing traffic between web servers, detection of the size of the screen, measuring page load times, improving user experience, including relevance, audience measurement, detecting fraud and abuse, securing our product, personalisation essential to the user experience, first party measurement and analytics of site usage. You can set your browser to block or alert you to these Cookies, but some parts of the site will not function, if these are blocked. These Cookies do not store any personally identifiable information.

Cookie Name Description Expiry Duration
__cf_bm The __cf_bm Cookie is a Cookie that is necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this Cookie helps to manage incoming traffic that matches the criteria associated with bots. This is a CloudFoundry Cookie. 0 Days
_OptanonConsent This Cookie is set by the Cookie Compliance Solution from OneTrust. It stores information about the categories of Cookies the site uses and whether visitors have given or withdrawn their consent for the use of each category. This enables site owners to prevent Cookies in each category from being set in the user’s browser, when their consent is not given. The Cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. 364 Days
OptanonAlertBoxClosed This Cookie is set by websites using certain versions of the Cookie Law Compliance solution from OneTrust. It is set, after visitors have seen a Cookies Information Notice and in some cases, only when they actively close the notice down. It enables the website not to show the message more than once to a user. The Cookie has a one-year lifespan and contains no personal information. 364 Days

4.2 Performance Cookies

These Cookies allow us to count visits and traffic sources, so that we can measure and improve the performance of our site. They help us to know, which pages are the most and least popular and see how visitors move around the site. All information that these Cookies collect is aggregated and therefore it is anonymous. If you do not allow these Cookies, we will not know, when you have visited our site and we will not be able to monitor its performance. There are no Third-Party Performance Cookies on our website.

First Party Performance Cookies

Cookie Name Description Expiry Duration
_hjTLDTest When the Hotjar script executes, we try to determine the most generic Cookie path that we should use, instead of the page hostname. This is done, so that Cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest Cookie for different URL substring alternatives until it fails. After this check, the Cookie is removed. 0 Days
__hssc This Cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics. 0 Days
_hjFirstSeen Identifies a new user’s first session on a website, indicating whether or not Hotjar is seeing this user for the first time. 0 Days
_ga_2XB2ELFVFH _ga 730 Days
_ga This Cookie name is associated with Google Universal Analytics, which is a significant update to Google’s more commonly used analytics service. This Cookie is used to distinguish unique users by assigning a randomly generated number, as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s analytics reports. By default, it is set to expire, after 2 years, although this is customisable by website owners. 730 Days
_gat_UA-3461391-1 This is a pattern type Cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat Cookie, which is used to limit the amount of data recorded by Google on high traffic volume websites. 0 Days
_hjAbsoluteSessionInProgress This Cookie is used by HotJar to detect the first pageview session of a user. This is a True/False flag set by the Cookie. 0 Days
_gid This Cookie name is associated with Google Universal Analytics. This appears to be a new Cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited. 1 Day
__hstc This Cookie name is associated with websites built on the HubSpot platform. It is reported by them, as being used for website analytics. 389 Days
_hjSessionUser_2505882 Hotjar Cookie that is set, when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID. 364 Days
__hssrc This Cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics. 0 Days
_hjTLDTest When the Hotjar script executes, we try to determine the most generic Cookie path that we should use, instead of the page hostname. This is done, so that Cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest Cookie for different URL substring alternatives until it fails. After this check, the Cookie is removed. 0 Days
_hjSession_2505882 A Cookie that holds the current session data. This ensures that subsequent requests within the session window will be attributed to the same Hotjar session. 0 Days
_gaexp Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. 51 Days
_gclxxxx Google Conversion Tracking Cookie. 89 Days

4.3 Functional Cookies

These Cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by a Third-Party provider, whose services we have added to our pages. If you do not allow these Cookies, then some or all of these services may not function properly.

First Party Functional Cookies

Cookie Name Description Expiry Duration
hubspotutk This Cookie name is associated with websites built on the HubSpot platform. HubSpot report that its purpose is user authentication. As a persistent rather than a session Cookie, it cannot be classified as Strictly Necessary. 389 Days

Third Party Functional Cookies

Cookie Name Description Expiry Duration
__cf_bm This is a CloudFoundry Cookie. 0 Days
vuid This domain is owned by Vimeo. The main business activity is Video Hosting/Sharing. 729 Days

4.4 Targeting Cookies

These Cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and to show you relevant adverts on other sites. They do not store directly personal information, but they are based on uniquely identifying your browser and internet device. If you do not allow these Cookies, you will experience less targeted advertising.

First Party Functional Cookies

Cookie Name Description Expiry Duration
_fbp This Cookie name is associated with websites built on the HubSpot platform. HubSpot report that its purpose is user authentication. As a persistent rather than a session Cookie, it cannot be classified as Strictly Necessary. 389 Days
ln_or This is a LinkedIn Cookie used to determine, if Oribi Analytics can be carried out on a specific domain. 0 Days

Third Party Functional Cookies

Cookie Name Description Expiry Duration
li_sugr This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or they have agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 89 Days
test_cookie This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange. 0 Days
_GRECAPTCHA This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue, however, is advertising. Google tracks users extensively both through its own products, sites and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and to sell advertising space to organisations based on such interest profiles, as well as aligning adverts to the content on the pages, where its customer’s adverts appear. 173 Days
MS0 This domain is owned by Microsoft. The main business activity is: Advertising/Tracking. 0 Days
VISITOR_INFO1_LIVE This Cookie is used, as a unique identifier to track the viewing of videos. 180 Days
MUID This domain is owned by Microsoft – it is the site for the search engine Bing. 389 Days
__cf_bm This is a CloudFoundry Cookie. 0 Days
MC1 This domain is owned by Microsoft. The main business activity is: Advertising/Tracking. 364 Days
MR This domain is owned by Microsoft – it is the site for the search engine Bing. 6 Days
www.facebook.com This domain is owned by Facebook, which is the world’s largest social networking service. As a third-party host provider, it mostly collects data on the interests of users via widgets, such as the ‘Like’ button found on many websites. This is used to serve targeted advertising to its users, when logged into its services. In 2014, it also started serving up behaviourally targeted advertising on other websites, that is similar to most dedicated online marketing companies. 0 Days
SRM_B This domain is owned by Microsoft – it is the site for the search engine Bing. 389 Days
IDE This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Google’s real time bidding advertising exchange. 389 Days
YSC YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services, in order to display targeted advertising to web visitors across a broad range of their own and other websites. 0 Days
CONSENT YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services, in order to display targeted advertising to web visitors across a broad range of their own and other websites. 6073 Days

4.5 Social Media Cookies (LinkedIn.com)

Social Media Third-Party Cookies

Cookie Name Description Expiry Duration
li_gc This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 711 Days
bcookie This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 730 Days
AnalyticsSyncHistory This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 30 Days
UserMatchHistory This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 30 Days
lidc This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 1 Day
bscookie This domain is owned by LinkedIn, the business networking platform. It typically acts as a third-party host, where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, the Cookies are set regardless of whether or not the visitor has an active LinkedIn profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. 730 Days

Social Media Plugins

We use services, such as social sharing and these are offered by different companies. These companies may drop Cookies onto your computer, when you use them on our website or if you are already logged in to them.

These Social Media Cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and build up a profile of your interests. This may impact the content and messages you see on the other websites that you visit. If you do not allow these Cookies, you may not be able to use or see these sharing tools.

Here is a list of places where you can find out more about specific services that we may use and their use of Cookies:


If you would like to disable “Third-Party” Cookies generated by these providers, you can turn them off by going to the Third-Party’s website and getting them to generate a one-time “Decline All/No Thanks” Cookie that will stop any further Cookies being written to your machine.

If you would like to disable “Third-Party” Cookies generated by these providers, you can turn them off by going to the Third-Party’s website and getting them to generate a one-time “Decline All/No Thanks” Cookie that will stop any further Cookies being written to your machine.

4.6 Other Cookies

First-Party Cookies

Cookie Name Description Expiry Duration
cilex.org.uk _hjIncludedInSessionSample_2505882 0 Days

Third-Party Cookies

Cookie Name Description Expiry Duration
forms.office.com __RequestVerificationToken 0 Days
office.com MUID 389 Days
c.office.com ANONCHK 0 Days
c.office.com SM 0 Days
forms.office.com MSFPC 364 Days
forms.office.com MicrosoftApplicationsTelemetryDeviceId 364 Days
forms.office.com RpsAuthNonce 0 Days
c.office.com MR 6 Days
c.office.com ai_session 0 Days

Other Third Party Cookies (cilexcpqtransitiontool.org.uk/)

Name Purpose Description
Laravel XSRF Security Used on the page hosting our CPQ Transition Tool prevent cross-site scripting attacks.
Laravel Session Security Used on the page hosting our CPQ Transition Tool to keep the session of the user stable (no data is stored in the session).

5. Disabling/Enabling Cookies

You have the ability to Accept All, Decline All or Manage Preferences for the use of Cookies from the Cookies Notice that appears, when you view the website. However, we would like you to have the best experience of our website and it is likely that disabling cookies will limit the functionality of the CILEX website.

In the Manage Preferences section, there is an explanation of each of the Cookies’ functions and you can choose to opt in or remain opted out of each Cookie Type listed, except for the Strictly Necessary Cookies. The other Cookies are Performance Cookies, Functional Cookies, Targeting Cookies and Social Media Cookies. Please see the Cookies Banner Notice for further information.

If you are concerned about the use of Cookies, in relation to “spyware” you can use anti-spyware software to delete Cookies that may be considered invasive, rather than disabling the Cookies altogether.


6. Consent

By accepting Cookies with your browser settings and using the CILEX website, you consent to the processing of data about you by CILEX, its subsidiaries and Google in the manner and for the purposes set out above.

As long as CILEX does obtain consent the first time that Cookies are set, CILEX does not have to repeat it every time the same person visits the website. However, it is good to keep in mind that devices may be used by different people. If there is likely to be more than one user, so CILEX repeats this process at suitable intervals. You can also clear Cookies from your web browser settings prompting all websites to initiate their Cookie Notice consent with a view to actioning your Cookies Preferences and this can be done at any time.


7. Further information

We will not use Cookies to collect personally identifiable information about you. However, if you wish to restrict or block the Cookies, which are set by our websites or indeed any other website, you can do this through your web browser settings. The ‘Help’ function within your browser, should tell you how to do this. Alternatively, you may wish to visit the About Cookies website. The website contains comprehensive information on how to manage Cookies across a wide variety of browsers. You will also find details on how to delete Cookies from your device, as well as more general information about Cookies.

A comprehensive set of guidelines for the use of Cookies can be accessed from the UK’s Information Commissioner’s Office.

You can also find information on to clear Cookies are provided by the ICO, as well as information about Cookies can be found on the ICO website.

If you wish to view your Cookie Code, just click on a Cookie to open it. You will see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that provided the Cookie.

For information on how to do this within the web browser of your mobile phone, you will need to refer to your mobile handset manual or visit the help section of your mobile provider’s website.

To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.


8. Withdrawing Consent for Cookies

Once consent has been obtained by CILEX, users or subscribers may choose to withdraw that consent at any time. They can withdraw the consent by clearing the Cookies via the Internet Browser settings. (Please see the above ICO link for the instructions on how to clear the Cookies). However, if a user decides to disable the Cookies, this may detrimentally affect the general functionality of the CILEX website experience.


9. Contact CILEX

If users have any questions about how CILEX process their Personal Data, they should log in to MYCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on ‘My Query Relates to’ section. If users do not have access to the MYCILEX Portal or they do not wish to log their details on the system, they can contact us by email at [email protected].


10. Contact the ICO (Information Commissioner’s Office)

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office. Their contact details are:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Website: www.ico.org.uk

Legal Obligations

The statutory and/or regulatory directives and legislation on which this Policy is based upon is the current UK Data Protection Legislation.

This is all applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant Data Protection or Supervisory Authority in force from time to time and applicable to a Party, relating to the processing of personal data and/or governing individual’s rights to privacy.

From 28th June 2021, the UK has been granted an adequacy decision by the EU, which covers data transfers between the UK and the EU and this adequacy decision is due to be reviewed on 28th June 2025 with a view to this safeguard remaining in place for UK/EU Data Transfers.

CILEX complies with its obligations set up in Privacy and Electronic Communications Regulations (PECR) related to the use of Cookies by:

  • – Informing people that its Cookies are there;
  • – Explaining what the Cookies are doing and why; and
  • – Obtaining the person’s consent to store a Cookie on their device.

For further information on Data Protection, please see our Privacy Policy. Our Cookies Policy is reviewed and updated regularly.

Correct as of: June 2023

Next Formal Review Date: December 2024