A cookie is a small-sized file, generally composed of letters and numbers, which is downloaded to a computer's memory (or other device used for online browsing - mobile phone, tablet, etc.) when the user accesses a certain website.

Cookies are created when the browser displays our website.www.cupiocosmetics.com sends information to the browser, and it creates a text file. Every time the user accesses the website again, the browser transmits this file to the website's server. In other words, the cookie can be seen as an ID card of the Internet user, which notifies the website every time the user returns to that website.

Example:

For a Windows XP user and Mozilla Firefox, the cookies stored on his computer are found at the following location:

C: \Documente și Setări\[nume_de_utilizator]\Datele Aplicațiilor\Mozilla\Firefox\Profiluri\[nume_profil].default\cookies.sqlite

A cookie may look like this:

SNID50=eR0azHquz-E32l1B7uLIasD63_ZWxrS9fkAc37Z4CQ=Q4levhdDnydqiJGNgoogle.ro/verify 9728 2076339328 30210107 446809680 30173295 *

Cookies ensure a faster and easier interaction between users and websites. For example, when a user authenticates on a certain website, the authentication data is stored in a cookie; subsequently, the user can access that website without having to log in again.

In other cases, cookies can be used to store information about the activities carried out by the user on a certain web page, so that he can easily resume these activities when accessing the website again. Cookies tell the server what pages to show the user, so they don't have to remember this or browse the entire site from the beginning. Thus, cookies can be seen as "bookmarks" that tell the user exactly where he left off within a website.

Similarly, cookies can store information about the products ordered by the user on an e-commerce store, making possible the concept of "shopping carts".

Also, cookies can give websites the ability to monitor the online activities of users and to establish user profiles, which can then be used for marketing purposes. For example, based on cookies, the products and services approved by a user can be identified, this information being subsequently used to transmit appropriate advertising messages to that user.

It is important to mention that websites in Romania have the obligation to publicly specify if they use cookies and what are their purposes.

Web pages do not have memory. A user who navigates from one web page to another will be considered by the website as a new user. Cookies specific to a session usually store an identifier that allows the user to switch from one web page to another without having to enter identification information (username, password, etc.) each time. Such cookies are widely used by online stores, for example to keep track of the products added by a user to the shopping cart. When the user visits a certain product catalogue page and selects certain products, the cookie remembers the selected products and adds them to the shopping cart, which will contain all the selected products when the user wants to leave the page.

Session-specific cookies are stored in the user's computer memory only for an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period of time (usually 20 minutes).

Persistent cookies are stored at computer level and are not deleted when the user closes the browsing session. These cookies can remember the user's preferences for a certain website, so they can be used in other Internet browsing sessions.

In addition to authentication information, persistent cookies can also retain details about the language and theme selected on a certain website, preferences about the menu, favourite pages, etc. When the user accesses a website for the first time, it is presented with its default mode. Subsequently, the user selects a series of preferences, which are then remembered by the cookies and used when the visitor accesses the website again. For example, a website offers its content in several languages. When visiting for the first time, the user selects the English language, and the website remembers this preference in a cookie. When the user visits the website again, the content will automatically be displayed in English.

Persistent cookies can be used to identify individual users and to analyse their online behaviour. They can provide information about the number of visitors to a website, the average time spent on a certain page, and, generally, the performance of a website. These cookies are set to track user activities for a long period of time, in some cases even years.

If the user has Adobe Flash installed on his computer, small files can be stored in the computer’s memory by websites that contain Flash elements (such as video clips). These files are known as "local shared objects" or "flash cookies" and can be used for the same purposes as regular cookies.

When regular cookies are deleted using the browser's functions, flash cookies are not affected. Thus, a website that uses flash cookies can recognize a user on a new visit, if the specific data of the deleted cookies has been retained in a flash cookie.

Because flash cookies are not stored in the user's computer in the same way as the regular ones, they are more difficult to identify and delete. Banks and financial platforms use such cookies for this very reason. Being difficult to identify, these cookies are stored in users' computers to enable user authentication and prevent fraud, as potential offenders may have the username and password for authentication, but do not have access to the user's computer. This way, cookies act as a second level of authentication, in addition to the username and password.

Each cookie has an "owner" - the website/domain that places that cookie.

First-party cookies are placed by the domain/website accessed by the user (whose address appears in the browser's address bar). For example, if the user visits www.cupiocosmetics.com, and the domain of the cookie placed on his computer is www.cupiocosmetics.com, then it is a first party cookie.

A third-party cookie is placed by another domain/website than the one accessed by the user; this means that the accessed website also contains information from a third party website - for example, an advertising banner that appears on the accessed site. Thus, if the user visits www.cupiocosmetics.com but the cookie placed on his computer has the domain www.trafic.ro, then it is a third party cookie.

Article 29 Data Protection Working Party (made up of national data protection authorities from the member states of the European Union) considers that, from a legal point of view, and in light of European legislation, the notion of "third-party cookie" refers to a cookie placed by an operator distinct from the one who operates the website visited by the user. Third-party cookies are not strictly necessary for a user accessing a website, as they are usually associated with a service different from the one that was "explicitly requested" by the user (by accessing the website).

Although cookies are stored in the Internet user's computer, they cannot access/read other information on that computer. Cookies are not viruses. They are just small text files; they are not compiled as code and cannot be executed. Thus, they cannot self-replicate, they cannot spread to other networks to generate actions, and they cannot be used to spread viruses.

Cookies cannot search for information on the user's computer, but they store information of personal nature. This information is not generated by cookies, but by the user, when they fill in online forms, register on certain websites, use electronic payment systems, etc. Although, as a rule, sensitive information is protected from being accessed by unauthorised persons, it is possible that such persons may intercept the information transmitted between the browser and the website. Even though they are quite rare, such situations can occur when the browser connects to the server using an un-encrypted network, such as an unsecured WiFi channel.

To reduce the risks of intercepting cookies, so-called "secure cookies" or ‘http-only cookies’ can be used. ‘Secure’ cookies are intended to limit the communication of information stored in cookies to encrypted transmission, instructing the browser to use cookies only through secure/encrypted connections. Thus, if the website uses HTTPS, the cookies that belong to the website are marked with the ‘secure’ attribute, which prevents their transmission to a non-HTTPS page, even if it is located at the same URL. For example, if google.ro uses a ‘secure cookie’, that cookie can only be obtained by google.ro and only over an https connection (which certifies that the one requesting the cookie is Google Inc and not someone else). The ‘http-only’ attribute tells the browser to use cookies only via the HTTP protocol (which also includes HTTPS). An ‘http-only’ cookie is not accessible through non-HTTP methods, such as JavaScript, and cannot be the target of cross-site scripting attacks.

Another concern is the use of cookies for behavioural-targeted advertising purposes. Cookies can be used by online advertising companies to monitor the behaviour and online preferences of users, in order to identify and deliver them the most relevant advertising messages. However, these preferences are not explicitly or consciously expressed by the user, but are shaped by the user's online browsing history, the pages viewed by the user, or the advertisements accessed. For example, when the user reads a web page about cars and later moves to another page, advertisements about cars will be displayed on the new page, even if it has nothing to do with cars. As the user is not informed that their online actions are being monitored, this raises concerns about privacy protection.

Thus, the use of cookies causes worry when it comes to information retained by these cookies to monitor users, especially in cases where information is stored on users' computers and used to recognize them, without the users being aware of this or having given their consent to it.

Detailed information about the methods used for managing, deactivating and deleting cookies through the browser used for Internet navigation is available at the following addresses: