În perioada 01.08.2022 - 14.08.2022, echipa Cristea Lumânări va fi plecată în concediu. Ultima comandă o preluăm pe data de 28.07
Comenzile vor fi preluate incepând cu 15.08.2022.


What is a cookie?

A cookie is a small file, usually made up of letters and numbers, that is downloaded into the memory of a computer (or other equipment used for online browsing - mobile phone, tablet, etc.) when the user accesses a particular website. Cookies are created when the browser used by a user displays a specific website. The website transmits information to the browser, which creates a text file. Each time the user accesses the website again, the browser accesses and transmits this file to the website server. In other words, the cookie can be seen as an identification card of the Internet user, which notifies the website every time the user returns to that site


For a Windows XP and Mozilla Firefox user, cookies stored on his computer are located at the following location: C: \ Documents and Settings \ [username] \ Application Data \ Mozilla \ Firefox \ Profiles \ [profile_name] .default \ cookies .sqlite
A cookie may look like this: SNID50 = eR0azHquz- E32l1B7uLIasD63_ZWxrS9fkAc37Z4CQ = Q4levhdDnydqiJGNgoogle.com / verify 9728 2076339328 30210107 446809680 30173295 *

The purpose of cookies

Cookies can provide faster and easier interaction between users and websites. For example, when a user authenticates on a particular website, the authentication data is stored in a cookie; later, the user can access that site without having to log in again. In other cases, cookies may be used to store information about the activities carried out by the user on a specific web page, so that he can easily resume those activities on a subsequent access to the site. Cookies tell the server which pages to show the user so that they do not have to remember this or browse the entire site from the beginning. Thus, cookies can be assimilated to "bookmarks" that tell the user exactly where he stayed on a website.
Similarly, cookies can store information about products ordered by the user on an e-commerce site, thus making possible the concept of "shopping cart". Cookies can also give websites the opportunity to monitor users' online activities and set user profiles, which can then be used for marketing purposes. For example, based on cookies, the products and services agreed by a user can be identified, this information being subsequently used to send appropriate advertising messages to that user.

It is important to mention that Romanian websites have the obligation to publicly specify whether they use cookies and for what purpose.

Types of cookies

• Cookies specific to an online session

Web pages have no memory. A user navigating from one web page to another will be considered by the website as a new user. Session-specific cookies usually store an identifier that allows the user to move from one web page to another without having to enter identifying information each time (username, password, etc.). Such cookies are widely used by commercial sites, for example, to keep track of products added by a user in the shopping cart. When the user visits a specific page in a product catalog and selects certain products, the cookie retains the selected products and adds them to the shopping cart, which will contain all the selected products when the user wants to leave the page.
Session-specific cookies are stored in the user's computer memory only during an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period of time (usually 20 minutes).

• Permanent, persistent or stored cookies

Persistent cookies are stored on the user's computer and are not deleted when the browsing session is closed. These cookies may remember the user's preferences for a particular website, so that they can be used in other Internet browsing sessions. In addition to authentication information, persistent cookies may also retain details about the language and theme selected on a particular website, site menu preferences, favorite pages within a site, and so on. When the user first accesses a site, it is presented in the default mode. Subsequently, the user selects a series of preferences, which are then retained by cookies and used when the user accesses the site again. For example, a website offers its content in several languages. On the first visit, the user selects the English language, and the site retains this preference in a cookie. When the user visits the site again, the content will be automatically displayed in English. Persistent cookies can be used to identify individual users and thus analyze the online behavior of users. They can provide information about the number of visitors to a website, the time (on average) spent on a given page, and, in general, the performance of a website. These cookies are configured to be able to track the activities of users for a long period of time, in some cases even years.

• Flash cookies

If the user has Adobe Flash installed on their computer, small files can be stored in that computer's memory by websites that contain Flash items (such as videos). These files are known as "local shared objects" or "flash cookies" and may be used for the same purposes as regular cookies. When regular cookies are deleted through the functions of a browser, flash cookies are not affected. Thus, a website that uses flash cookies may recognize a user on a new visit, if the data specific to the deleted cookies were also retained in a flash cookie. Because flash cookies are not stored on the user's computer in the same way that regular cookies are stored, they are more difficult to identify and delete. Banks and financial sites use such cookies for this very reason. Because they are difficult to identify, these cookies are stored on users' computers to allow users to authenticate and prevent fraud, as potential offenders may have the username and password to authenticate, but do not have access to the user's computer. Thus, cookies act as a second level of authentication, in addition to username and password.

• First party cookies vs third party cookies

Each cookie has an "owner" - the website / Internet domain that places that cookie. First party cookies are placed by the Internet domain / website accessed by the user (whose address appears in the browser's address bar). For example, if the user visits www.numesite.ro, and the domain of the cookie placed on his computer is www.numesite.ro, then it is a first party cookie. A third party cookie is placed by a different Internet domain / website than the one accessed by the user; this means that the accessed website also contains information from a third party website - for example, an advertising banner that appears on the accessed website. Thus, if the user visits www.numesite.ro but the cookie placed on his computer has as domain www.altsite.ro, then it is a third party cookie. Article 29 Working Party (composed of the national data protection authorities of the Member States of the European Union) considers that, from a legal point of view, and in view of European legislation, the notion of "third party cookie" refers to a cookie placed by to an operator [1] distinct from the one operating the website visited by the user. Third party cookies are not strictly necessary for the user who accesses a website, as they are usually associated with a service distinct from that which has been explicitly "requested" by the user (by accessing the website) .

• Cookies from the perspective of computer security and privacy

Although cookies are stored in the memory of the Internet user's computer, they cannot access / read other information contained in that computer. Cookies are not viruses. They are just small text files; they are not compiled in code form and cannot be executed. Thus, they cannot auto-copy, spread to other networks to generate actions, and cannot be used to spread viruses. Cookies cannot search for information on the user's computer, but they store personal information. This information is not generated by cookies, but by the user, when he completes online forms, registers on certain websites, uses electronic payment systems, etc. Although sensitive information is usually protected from being accessed by unauthorized persons, it is possible for such persons to intercept information transmitted between the browser and the website. Although quite rare, such situations can occur when the browser connects to the server using an unencrypted network, such as an unsecured WiFi channel. To reduce the risk of cookie interception, so-called "secure cookies" or "HttpOnly cookies" can be used. "Secure" cookies are intended to limit the communication of information stored in cookies to the encrypted transmission, indicating to the browser to use cookies only through secure / encrypted connections. Thus, if the website uses HTTPS, the cookies related to the site are marked with the attribute "secure", this prevents their transmission to a non-HTTPS page, even if it is located at the same URL. For example, if google.ro uses a "secure cookie", that cookie can only be obtained by google.ro and only from an https connection (which certifies that the person requesting the cookie is Google Inc and not someone else) . The "HttpOnly" attribute tells the browser to use cookies only through the HTTP protocol (which also includes HTTPS). An HttpOnly cookie is not accessible through non-HTTP methods, such as JavaScript, and cannot be the target of cross-site scripting attacks. [2] Another source of concern is the use of cookies for behaviorally targeted advertising purposes. Thus, cookies can be used by online advertising companies to monitor the user's online behavior and preferences, in order to identify and deliver to the user the most relevant advertising messages. But these preferences are not expressed explicitly or consciously by the user, but are modeled according to the user's online browsing history, the pages viewed by him, the advertising messages accessed. For example, when the user reads a web page about cars and then moves to another page, car ads will be displayed on the new page, even if it is not related to cars. As the user is not informed that his online actions are being monitored, this raises privacy concerns. Thus, the use of cookies raises concerns about the use of information retained by these cookies for the purpose of monitoring users and the use of spyware, especially in cases where the information is stored in users' computers and used for their recognition, without users should be aware of this or have given their consent.

Regulation of the use of cookies

The use of cookies and the obligations of suppliers are regulated in both European Union and national law. So, Directive 2002/58/CE (PDF) on the processing of personal data and the protection of confidentiality in the electronic communications sector, as amended by Directive 2009/136/CE (PDF) , because :

“Art.5 - 3. Member States shall ensure that the storage of information or the acquisition of access to information already stored in the terminal equipment of a subscriber or user is permitted only on condition that the subscriber or user concerned has given his consent. received clear and complete information in accordance with Directive 95/46 / EC, inter alia, on the purposes of the processing. It shall not impede the storage or technical access for the sole purpose of transmitting the communication over an electronic communications network or where this is strictly necessary for the provision by the provider of an information society service expressly requested by subscriber or user. " These provisions have been transposed into national law in Law nr.506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as subsequently amended and supplemented:

“Art.4 - The storage of information or obtaining access to the information stored in the terminal equipment of a subscriber or user is allowed only with the cumulative fulfillment of the following conditions: the subscriber or user in question has expressed his consent; the subscriber or user in question were provided, prior to the expression of the agreement, in accordance with the provisions of art. 12 of Law no. 677/2001, with subsequent amendments and completions, clear and complete information that:
- to be presented in a language that is easy to understand and to be easily accessible to the subscriber or user;
- to include mentions regarding the purpose of processing the information stored by the subscriber or user or the information to which he has access.

If the provider allows third parties to store or access information stored in the subscriber's or user's terminal equipment, the information in accordance with points (i) and (ii) will include the general purpose of the processing of this information by third parties and how the subscriber or user may use the settings of the internet browser or other similar technologies to delete the stored information or to deny third parties access to this information.

(5 1) The agreement provided in par. (5) lit. a) may also be given by using the settings of the Internet browsing application or other similar technologies through which it can be considered that the subscriber or user has expressed his agreement. (6) The provisions of par. (5) are without prejudice to the possibility of storing or technically accessing the information stored in the following cases:
- when these operations are carried out exclusively for the purpose of transmitting a communication via an electronic communications network;
- when these operations are strictly necessary in order to provide an information society service, expressly requested by the subscriber or user.”

According to these provisions, the use of third party cookies is allowed under the following conditions:
Inform users, in a clear, complete and easily accessible manner, about:
- placing, by a certain website, cookies in the memory of the user's computer;
- the purpose of the use of cookies (the information stored in cookies and the purpose for which this information is used);
- the ways in which the user may delete cookies or refuse access to third parties to the information stored by those cookies;
- obtaining the user's consent for the placement of cookies and for the use of the information contained therein.
- Although user consent can also be expressed by using the settings of the browser used for browsing the Internet, it is necessary that in this case there is prior information of the user about the placement of cookies and their purpose.

The exceptions provided for in European and national legislation allow the use of first party cookies without complying with the obligation to obtain the user's consent. In addition, in June 2012, the Article 29 Working Party issued a notice (PDF) clarifying these exceptions:
- some cookies may be exempted from the obligation to obtain the informed consent of the user under certain conditions and if they are not used for additional purposes. Such cookies include: cookies used to store information entered by a user when filling out an online form, cookies used to store technical data needed to run video and audio content and cookies used to personalize web pages (for example, those that hold preferences for the language in which the content of a website is displayed).
- first party cookies do not pose a risk to users' privacy if the website provides users with clear information regarding the use of cookies, as well as privacy guarantees (for example, the provision of a easy mechanism by which the user can request that his data not be collected) and whether the anonymisation of authentication information is ensured.

The mechanism „Do Not Track”

As we have shown in point 5, at European level there are regulations regarding the monitoring of online activities of users for marketing purposes, being generally necessary to obtain the consent of users for such practices. But in other parts of the world such situations are less regulated. Under these conditions, the World Wide Web Consortium (W3C) is currently working on a technical (and technology-neutral) standard. – „Do Not Track” cookie-policy.text8-1-1

Under these conditions, users need a mechanism that allows them to express their preferences regarding the monitoring of online activities; this mechanism must be easy to configure and efficient. In addition, the sites web sites that cannot or do not want to provide content without providing behavioral advertising at the same time or without collecting user data need a mechanism to point this out to users and allow them to make an informed decision. Cause.”

Under these conditions, users need a mechanism that allows them to express their preferences regarding the monitoring of online activities; this mechanism must be easy to configure and efficient. In addition, the sites web sites that cannot or do not want to provide content without also providing behavioral advertising or without collecting user data need a mechanism through carThe purpose of the "Do Not Track" standard is "to give the user the opportunity to express personal choices regarding the monitoring of online activities and communicate these options to each server or web application they interact with, thus allowing each service accessed to either adjust its practices according to user options or reach a separate agreement with the user, which is convenient for both parties. The basic principle is that the expression of monitoring preferences is transmitted only when it reflects a deliberate choice of the user. In the absence of a user option, it is considered that the preference for monitoring online activities is not expressed. It should indicate these things to users and allow them to make an informed decision.”

Do Not Track features for search engines

Options to prevent monitoring the user's online activity are implemented today in various forms. From Internet Explorer 8 which gives you the ability to block third-party sites that leave content when you visit a website, to new extensions, add-ons and options introduced right in your search engine preferences. In the absence of the standard mentioned above, in some search engines it is more obvious how you activate this functionality, in others it is more hidden. Instructions for setting up the Do Not Track mechanism for Safari, Internet Explorer 9, Firefox and Chrome can be found  here.

As one of the last to introduce this feature, version number 23 of Google Chrome offers the possibility to install extensions  Do Not Track Me  , AVG Do Not Track  or Keep My Opt-Outs which block cookies and prevent (currently) only US advertising companies from personalizing ads based on the internet user's online behavior. 

Firefox, in addition to the add-on Do Not Track Me , also offers the option „Tell web sites I do not want to be tracked” which can be configured in the privacy menu. Moreover, Internet Explorer 10 comes with Do Not Track as the default option. Microsoft's decision provoked a series of strong reactions, the response of companies such as Yahoo and Apache being that they will ignore Internet Explorer 10's Do Not Track signals Another tool you can install on most search engines (and even as an iOS app) is Ghostery . . Ghostery scans the page you visit and notifies you of the existence of elements installed by third-party sites to track your activity. You can then set your preferences according to the menu categories: advertising, analytics, beacons, privacy, widgets. More information here. It should be noted that not all Do Not Track features block cookies. So it is good to check what is part of each Do Not Track extension and choose the one that best represents the limitations you want to transmit to sites that monitor your activity on the Internet.

Interesting overview here .

IAB Romania recommendations for website administrators regarding cookies

In June 2012, IAB Romania published a series of recommendations on the use of cookies by websites. These recommendations have been grouped into two categories:

• User information

When a website uses cookies, either in its own interest or on behalf of third parties, it must provide the user, in a visible and clear manner, with at least the following information: that the site uses cookies - in particular, if they are placed by third parties (for the purposes of targeted advertising, for example) and a clear indication of the purposes for which the site uses cookies;

- what are cookies;
- what is their role;
- why they are used by third parties;
- what kind of information is accessed with the help of cookies;
- cookies, security and privacy of personal data;
- cookie management through browser settings;
- why cookies are important for the Internet;
- uninstalling cookies from third parties;
- what happens if the user refuses cookies.

• How this information is presented

- information on cookies must be presented on the site in a way that is visible and accessible to users;
- there must be a separate link to "terms and conditions" or "privacy policy";
- this link must be easy to spot or the user must be informed of the existence of this link and of the information relating to cookies;
- the user must be visibly advised to read this information and instructions;
- recommendations: either through a banner placed on the first screen, or through a sticky ribbon, or through a widget placed visibly - the user must be informed that the site uses cookies and be recommended additional information relating to them.

• Managing, disabling and deleting cookies

Detailed information on how to manage, disable and delete cookies using the settings of the browser used to browse the Internet is available at the following addresses:

• Internet Explorer

Deleting and managing cookies (IE 8, 9 and 10): Internet Explorer 8 Internet Explorer 9 Internet Explorer 10

• Mozilla Firefox

Cookie settings and cookie troubleshooting (enabling and disabling cookies, deleting cookies, blocking certain sites from placing cookies, unblocking the placement of cookies, etc.) Delete cookies to remove information stored on your computer from other web pages.

• Google Chrome

Cookie management (deletion, blocking, allowing, setting exceptions, etc.) Management of cookies and site data.

• Safari

Manage cookies - Manage cookies (English only) Safari 6 (OS X Mountain Lion): Manage cookies. Remove cookies - Delete cookies (English only) Safari 6 (OS X Mountain Lion): Remove cookies and other data.

• Opera

Cookie management and deletion (English only) Management of cookies and site data. .

• Additional sources and information:

Directive 2009/136 / EC amending Directive 2002/22 / EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58 / EC on the processing of personal data and the protection of confidentiality in the field of public communications, and of Regulation (EC) no. 2006/2004 on cooperation between national authorities responsible for enforcing consumer protection legislation (PDF), Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, as subsequently amended and supplemented, Opinion no. 4/2012 of the Working Group Article 29 on cookies exempted from obtaining the agreement, June 2012 (PDF), IAB Romania Recommendations on informing users about the use of cookies on a website, World Wide Web Consortium , Tracking Preferences Expression (DNT), W3C Working Draft, October 2, 2012, Secure Cookies, Wikipedia - HTTP Cookie According to Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, an operator is “any natural or legal person, private or public law, including public authorities, instituted and their territorial structures, which establishes the purpose and means of processing personal data […]”

If you use Firefox, you can find out if the site you are using uses "secure" cookies by following the instructions in https://httpsnow.org/help/securecookies


Subscribe to our Newsletter

Find out the latest news. Exclusive offers valid only for subscribers.