All Collections
GDPR & data processing
Cookie policy
Setting up a cookie policy in Full Fabric
Setting up a cookie policy in Full Fabric

Learn how to set up a cookie policy in Full Fabric and the options that you have

Cláudia Duarte avatar
Written by Cláudia Duarte
Updated over a week ago

Almost every website has cookies, but not all cookies have the same privacy implications. With recent regulations requiring affirmative consent, automated marketing solutions need to keep up. 🍪 Discover how Full Fabric handles cookies and safeguards the privacy of your users! 👋

💁🏾‍♂️ TIP: Along with this article, you might want to have a look at our General Data Protection Regulation (GDPR) Glossary and our article on What is the General Data Protection Regulation (GDPR)?

What are cookies and why must cookie consent be obtained?

Cookies are small text files that are placed on a user's computer or mobile device through the user's web browser when the user lands on a website. These files contain data that allows the website to recognise and remember the user's actions or preferences over time. Cookies serve various purposes, such as enabling website functionality, improving the user experience, analysing website performance, and delivering targeted advertising. They can be either session-based (temporary and deleted when the user closes the browser) or persistent (remain on the device until manually deleted or expired). Cookies are specific to the browser and device combination used, meaning that if a user accesses the same website from different browsers or devices, separate cookies will be created and stored for each one.

While cookies play a critical role in enhancing website usability and personalization, they also pose security threats. Stored in a designated folder for browser data on a computer's hard drive and in the device's storage on mobile devices, compromised devices could grant hackers access to cookies, potentially exposing sensitive information about the user's online presence.

In light of this, the GDPR made it a legal requirement in 2018 to solicit cookie consent. Quoting from the GDPR's Recital 30: "Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them."

Put simply, whenever cookies can identify an individual, they're considered personal data, and most cookies do collect such personal data. It is thus indispensable to explain the purpose of the cookies employed in your application portal and provide users with the option to opt in or opt out.

In summary:

  • Users must have the choice to agree to all cookies.

  • User consent needs to be explicit and be a clear affirmative action.

  • Users should be able to easily revoke or change their consent.

Please be aware that non-compliance with GDPR regulations can lead to heavy fines and other severe penalties.

When and how is the cookie policy displayed to data subjects?

Your cookie policy consists of two texts: an initial prompt that requests permission to store and install cookies, and a detailed notice that describes your terms of use. Both texts must be published in order to seek consent.

There are two choices for how the initial prompt is displayed.

  • As a footer:

  • Or as a modal (pop-up box):

The initial prompt is automatically displayed when users first visit the portal following the publication of the policy, which can occur when accessing any page, such as a portal page, an application form, an offer form, a form landing page, an event landing page, or the user settings page. It will persist until users submit their preferences, at which point it will no longer appear.

Users will be directed to a cookie policy preferences page upon clicking on the link in the prompt, where they can review the terms of use for cookies and manage which cookies track their activities:

Even if a user logs out after submitting their preferences, the browser will remember them for future sign-ins. The only exceptions are when site visitors switch to a different browser, clear their browser cookies, or enable private browsing.

For ease and convenience, we offer standard texts in English that are ready to use, but they're entirely customisable to reflect your school's own voice. 💬

Where can I set up a cookie banner or pop-up as well as a cookie declaration page?

As previously stated, Full Fabric offers two complementary approaches to cookie control. The first method involves the implementation of a cookie banner or pop-up that informs users about the usage of cookies and gives them the choice to accept or reject them. The second approach entails providing a dedicated cookie policy page with comprehensive information about the types of cookies used as well as instructions for managing them, accessible via a link on the cookie banner or pop-up. To manage them:

1) Click the gear on the upper right-hand corner and choose General settings

2) Jump to the tab Policies

3) Select Cookie polity

How can data subjects change their cookie preferences?

Data subjects have the flexibility to modify their cookie preferences by going to their user settings page (SettingsAdvancedManage my cookie preferences).

Strictly necessary cookies can't be turned off, as their absence would cause the sessions to fail, but Functional cookies and Analytical cookies can be disabled (more on this below).

Staff can't modify the cookie settings of applicants, students and so on, although they can be easily consulted (profile Advanced tab ➝ Policies). Staff edits would be futile because as soon as the data subject signed in, the preferences stored in their browsers would automatically override the staff-inputted settings.

Who's asked for consent?

Everyone but staff users and lecturers, since their professional link to the school already implies an agreement to basic tracking and data processing in order to perform their work duties and freely use the portal. Even if personnel rejects functional and/or analytical cookies when signed out, the system will automatically override this from the moment they log in.

Which types of cookies can I track using Full Fabric, and what happens if users decide to opt out of them?

Three types of cookies are available for tracking users in Full Fabric:

Strictly necessary cookies

Strictly necessary cookies are essential for websites to run properly, as they support core features such as session management, user authentication, and language preferences—all without collecting private information. They are therefore exempt from the need for user consent under the GDPR and cannot be opted out of in Full Fabric.

Functional cookies

Functional cookies are responsible for enhancing the performance of specific resources and services and facilitating a higher level of personalisation. Although not crucial for general navigation, they have the potential to restrict or impede the usage of certain non-essential functionalities. Presently, none of Full Fabric's features rely on functional cookies, but proactive consent is still sought to accommodate future developments.

Analytical cookies

Analytical cookies are intended to monitor various aspects of user interaction with the application portal, including the number of visitors, where they originated from, the pages they viewed, the duration of their stay, the links they clicked, and other similar metrics. This information is then employed to evaluate and optimise the efficacy of the school's marketing strategies. Users who explicitly customise their Cookie preferences and untick Analytical cookies, cannot be tracked by Google Tag Manager. All other users, who confirm their Cookie acceptance will have these automatically accepted. Please read this article if you would like to add your Google Tag Manager contained ID to Full Fabric.

By the way, Full Fabric only sends personal identifiable information to your Google Tag Manager account if you have the following setting activated:

The behaviours outlined above merely follow the mandates of the GDPR. Should there be any uncertainties regarding this matter, we recommend consulting your Data Protection Officer (DPO) for clarification and guidance.

How can I track users with cookies from my institution's main website to Full Fabric?

In order to use cookies between different website domains, such as your institution's main website and your Full Fabric portal, cross-domain cookie tracking is required, which isn't currently supported with Full Fabric.


You have reached the end of this article. Thanks for reading! 🤓 If you have any questions or comments on the topic at hand, or if you enjoy reads like this and have article requests, feel free to start a chat or email us at Also, please leave a rating below. Your feedback is highly appreciated! 💖

PUBLISHED: September 24, 2019
LAST UPDATED: May 29, 2023 at 8:32 a.m.

Did this answer your question?