Cookie Usage Policy
The following information aims to inform users about the placement, usage, and administration of cookies used by the website https://online.smith.com.ro or other sites operated by S.C Smith&Smith S.R.L, headquartered in Bucharest, Str. Justitiei no.54.
Our site uses both first-party and third-party cookies to provide visitors with a better browsing experience.
To ensure the proper functioning of this site, we place small data files, known as cookies, on your computer.
You have the option to allow or disallow cookies, but if you choose not to allow the storage of cookies, you will need to make the appropriate settings in your browser.
Continuing to browse this site represents your acceptance of the use of cookies.
What is a cookie?
A cookie is a small file, generally composed of letters and numbers, which is downloaded to a computer's memory (or another device used for online browsing – mobile phone, tablet, etc.) when the user accesses a particular website.
Cookies are created when the browser used by a user displays a certain website. The website sends information to the browser, which then creates a text file. Every time the user accesses that website again, the browser retrieves and sends this file to the website's server. In other words, a cookie can be seen as an Internet user's identification card, notifying the website whenever the user returns to that site.
Purpose of cookies
We use cookies to ensure a faster and easier interaction between users and the website. For example, when a user logs into a website, the login data is stored in a cookie; subsequently, the user can access that site without needing to log in again. In other cases, cookies can be used to store information about the activities performed by the user on a particular web page, so that they can easily resume those activities on a subsequent visit to the site. Cookies tell the server which pages to show the user, so they don't have to remember this or navigate the entire site from the beginning. Thus, cookies can be compared to "bookmarks" that tell the user exactly where they left off on a website. Similarly, cookies can store information about products ordered by the user on an e-commerce site, making the concept of a "shopping cart" possible.
Additionally, cookies can provide websites with the ability to monitor users' online activities and create user profiles, which can then be used for marketing purposes. For example, based on cookies, the products and services preferred by a user can be identified, and this information can be used to send appropriate advertising messages to that user.
Cookies do not require personal information to be used and, in most cases, do not personally identify Internet users.
Types of Cookies
1. Session Cookies
Web pages do not have memory. A user navigating from one web page to another will be considered a new user by the website.
Session cookies typically store an identifier that allows the user to move from one web page to another without needing to re-enter identification information (username, password, etc.). Such cookies are widely used by commercial sites, for example, to keep track of products added by a user to the shopping cart. When the user visits a certain product catalog page and selects items, the cookie remembers the selected products and adds them to the shopping cart, which will contain all selected items when the user wants to leave the page.
Session cookies are stored in the user's computer memory only during an Internet browsing session and are automatically deleted when the browser is closed. They can also become inaccessible if the session has been inactive for a certain period (usually 20 minutes).
2. Persistent, Permanent, or Stored Cookies
Persistent cookies are stored on the user's computer and are not deleted when the browsing session is closed.
These cookies can retain user preferences for a specific website so that they can be used in other Internet browsing sessions. In addition to login information, persistent cookies can store details regarding the selected language and theme on a specific website, menu preferences, favorite pages within a site, etc. When the user accesses a site for the first time, it is presented in default mode. Later, the user selects a series of preferences, which are then retained by the cookies and used when the user accesses the site again. For example, a website offers its content in multiple languages. On the first visit, the user selects English, and the site retains this preference in a cookie. When the user visits the site again, the content will be displayed automatically in English. Persistent cookies can be used to identify individual users and thus analyze their online behavior. They can provide information about the number of visitors to a website, the average time spent on a particular page, and overall site performance. These cookies are set to track user activities for an extended period, sometimes even years.
3. Flash Cookies
If the user has Adobe Flash installed on their computer, small files can be stored in the memory of that computer by websites containing Flash elements (such as video clips). These files are known as "local shared objects" or "flash cookies" and can be used for the same purposes as regular cookies. When regular cookies are deleted through browser functions, flash cookies are not affected. Thus, a website that uses flash cookies can recognize a user on a new visit if the specific data of the deleted cookies has also been retained in a flash cookie. Since flash cookies are not stored on the user's computer in the same manner as regular cookies, they are harder to identify and delete. Banks and financial websites use such cookies precisely for this reason. Because they are hard to identify, these cookies are stored on users' computers to allow user authentication and prevent fraud, as potential offenders may have the username and password for authentication but do not have access to the user's computer. Thus, cookies act as a second level of authentication, in addition to the username and password.
4. First-party Cookies vs. Third-party Cookies
Each cookie has an "owner" – the website/Internet domain that places the cookie. First-party cookies are placed by the Internet domain/website accessed by the user (whose address appears in the browser's address bar). A third-party cookie is placed by another Internet domain/website other than the one accessed by the user; this means the accessed website contains information from a third-party website – for example, an advertising banner that appears on the accessed site. The Article 29 Working Party (composed of national data protection authorities from EU member states) considers that, legally and in light of European legislation, the notion of "third-party cookie" refers to a cookie placed by an operator distinct from the one operating the website visited by the user. Third-party cookies are not strictly necessary for the user accessing a website since they are usually associated with a service distinct from the one "requested" explicitly by the user (by accessing the website).
Cookies from an Information Security and Privacy Perspective
Cookies are not viruses. Although cookies are stored in the Internet user's computer memory, they cannot access/read other information stored on that computer. They are just small text files; they are not compiled as code and cannot be executed. Thus, they cannot self-replicate, cannot spread to other networks to generate actions, and cannot be used to spread viruses. Cookies cannot search for information on the user's computer, but they store personal information. This information is not generated by cookies but by the user when filling out online forms, registering on certain websites, using electronic payment systems, etc. Although sensitive information is usually protected to prevent unauthorized access, it is possible for such information to be intercepted when transmitted between the browser and the website. Such situations are rare but can occur when the browser connects to the server using an unencrypted network, such as an unsecured WiFi channel.
To reduce the risks of cookie interception, "secure cookies" or "HttpOnly cookies" can be used. Secure cookies are meant to limit the transmission of information stored in cookies to encrypted communication, instructing the browser to use cookies only through secure/encrypted connections. Thus, if the website uses HTTPS, the cookies associated with the site are marked with the "secure" attribute, preventing their transmission to a non-HTTPS page, even if it is located at the same URL. For example, if google.ro uses a "secure cookie," that cookie can only be obtained by google.ro and only from an HTTPS connection (which certifies that the entity requesting the cookie is Google Inc and not someone else). The "HttpOnly" attribute instructs the browser to use cookies only via the HTTP protocol (which includes HTTPS). An HttpOnly cookie is not accessible through non-HTTP methods, such as JavaScript, and cannot be targeted by cross-site scripting attacks.
Another concern is the use of cookies for targeted behavioral advertising. Cookies can be used by online advertising companies to monitor and identify user behavior and preferences to deliver the most relevant advertising messages. However, these preferences are not explicitly or consciously expressed by the user but are modeled based on the user's online browsing history, the pages they view, and the advertising messages they access. For example, when a user reads a web page about cars and then moves to another page, advertising messages related to cars will be displayed on the new page, even if it has nothing to do with cars. Since the user is not informed that their online actions are being monitored, this raises privacy concerns.
Thus, the use of cookies raises concerns about using the information retained by these cookies for monitoring users and deploying spyware technologies, especially when the information is stored on users' computers and used to recognize them without their knowledge or consent.
The "Do Not Track" Mechanism
The W3C states that "users have the right to know what data will be collected and for what purpose it will be used." With this information, they can decide whether to allow online activity monitoring and the collection of personal data. Many Internet companies use the data collected about users' online activities to customize the content provided to them and target relevant advertising messages based on the interests identified from the collected information. While some users appreciate this customization of content and advertising messages in certain contexts, others are concerned about what they perceive as an intrusion into their privacy.
In this context, users need a mechanism that allows them to express their preferences regarding online activity monitoring; this mechanism must be easy to configure and effective. Additionally, websites that cannot or do not want to provide content without also delivering behavioral advertising or collecting user data need a mechanism to indicate this to users and allow them to make an informed decision.
The purpose of the "Do Not Track" standard is "to give the user the ability to express their personal preferences regarding the monitoring of online activities and to communicate these preferences to every server or web application they interact with, allowing each accessed service to adjust its practices according to the user's preferences or reach a separate agreement with the user that is convenient for both parties. The basic principle is that the expression of monitoring preferences is only transmitted when it reflects a deliberate user choice. In the absence of a user choice, it is assumed that the preference regarding the monitoring of online activities is not expressed."
Managing, Disabling, and Deleting Cookies
Detailed information on how to manage, disable, and delete cookies using the settings of the browser used for Internet browsing is available at the following addresses:
Cookie Settings for Internet Explorer
Sources and Additional Information:
The source of the information presented above is the Association for Technology and the Internet ApTI.
Certain details and information have been removed or modified by S.C Smith&Smith S.R.L.
For more information about cookies, please visit: