Cookies

The site alert banner appears at the top of our website pages when we need to alert users to important information. It may cover the entire site, or a section of it.

To implement this we've used a session cookie that is written when the newsflash is closed. This cookie cannot have a unique name, as there may be more than one newsflash displaying on the website at any particular time.

The cookie name will always be in the format 'newsflash--XXX', where the XXX will be a number based on the page the newsflash is recorded against e.g. siteAlert1865. The number will be different for each newsflash on the website.

Our eStore uses cookies and will not work if you have them disabled. The system runs three cookies:

• Session: 'ASP.NET_SessionId'
• Forms authentication: '.ASPXAUTH'
• Cookies accepted: 'CookieAccepted'

We do not store personal information in cookies - we only store session identifiers and information used to maintain the client state. Doitonline will not work correctly if you have cookies disabled as they are needed to hold information you add on each page of the form.

Server generated cookies

• AWSELB - "Amazon Web Services Elastic Load Balancer" - Used to direct your request to the appropriate server. No personal information is contained or used.
• firmstep2server - Used to direct your request to the appropriate server. No personal information is stored.
• firmstep2session - A unique identifier given to you for the duration of your site visit. It is used to ensure that you and only you are shown information relevant to you. It contains no personally identifiable information, but is temporarily linked to your user account when you log in.
• ASP.NET_SessionId - A unique identifier given to you for the duration of your site visit. It is used to ensure that you and only you are shown information relevant to you. It contains no personally identifiable information, but is temporarily linked to your user account if you log in.

Cookies set by javascript

• 0.js:
• fs2logevents: Only set by explicit user action. Increases the level of internal debug information kept by the browser.
• fs2debug: Only set by explicit user action. Causes the display of a button to allow the user to submit browser debug information for diagnostics.
• fs2diag: Only set by explicit user action. Causes the display of a toolbar that can submit or display browser debug information.
• NoAJAT: Used to disable AJAX. Only appears in redundant code. No longer actually set/used.
• combined.js:
• ui-tabs: Used by the client to maintain tabs state when the user moves between pages.

For authenticated CMS users, a session cookie is used to keep the user logged in to the site. The session cookie contains simply a random alphanumeric string to identify the user, it does not contain user information. The session cookie is required strictly for correct operation of the website. Users will not be able to log in to the site if the cookie is blocked.

Google Analytics is the program we use to collect statistics from our website to show us how visitors use our site. We use the information to create reports and to help us to constantly improve the site. The cookies collect information in an anonymous form, information like the number of visitors to the site, where visitors have come to the site from and which pages they visited, but we don't get personal information, and can't track who you are. Google Analytics creates four cookies:

• _utma (lasts for two years)
• _utmb (lasts for 30 minutes)
• _utmc (lasts until you close your browser)
• _utmz (lasts for six months)

There is more information available about Google Analytics cookies, and Google offer a Google 'opt-out' plugin if you don't want their cookies to be used on your browser.

We use YouTube to run our videos, and then add them to our site in 'privacy-enhanced mode'. If you play the video, it will add a cookie to your computer. YouTube provides more information about privacy on its website.