How the University makes use of cookies and similar technologies

The University of St Andrews (‘the University’) uses cookies and similar technologies to support the effective operation of University websites. The cookies that we use helps the University to understand how people engage with our websites and to provide personalised services. The University websites also use services provided by third-parties such as Twitter, which can also be supported by cookies. This notice explains what cookies are used and to what extent individuals have control over their use.

What are 'cookies'

Cookies are small text files that are downloaded on to a device when a website is accessed. Those cookies are then used to recognise and remember the device. This helps to understand how best to provide services, in general terms, or to remind people of the choices they have made online such as what items were ordered and placed into a ‘shopping cart’.

What are 'similar technologies'

Functions usually performed by a cookie can also be achieved by other means - where information is stored on an individual’s device for access at a later date. This could include, for example, HTML5 local storage, Local Shared Objects and fingerprinting techniques.

Cookies used by the University

What type of information is contained within the University’s cookies and is this aligned to individuals?

Cookies usually contain the unique address of a website (the URL), the ‘shelf-life’ of the cookie (after what point in time does a website not need to recognise a device) and a random number. This information is minimal; the University cannot identify individual users from cookie data as there are no means of linking a cookie to a person.

Categories of cookies

The University makes use of the following types of cookies.

  • Strictly necessary cookies
    These are essential in order to enable people to move around and make use of our websites. Without these cookies some essential features, such as password protected content would fail.
  • Performance cookies
    These collect information about how people use our websites, such as which pages are used most often. These cookies do not pass any information that identifies an individual.

How are these cookies used?

Strictly necessary cookies

Cookie preferences
Name Data stored Purpose Expires
CookieControl True or false choices for cookie category retention preferences. Without this cookie the University cannot manage an individual's cookie preferences. This cookie is mandatory to allow for the choices that people have made to be exercised and made available to them. Three months.
Google Tag Manager
Name Data stored Purpose Expires
GTM-KW2XNGZ

GTM-MPR436
Unique random identifiers. We use Google Tag Manager to manage Google Analytics and other tracking cookies that may be used for marketing purposes or evaluating the effectiveness of our website. Ten minutes to the longest expiry period of 60 days.
IT Services
Name Data stored Purpose Expires
_EAREPORESULTS A URL of the results page following a search of the enterprise architecture repository This is used to aid navigation back to the results page. When the web browser is closed.
Load balancer
Name Data stored Purpose Expires
HAP_UNI_SERVERID,
HP_USR_SERVERID
The identity of the University web server being used for this session. This cookie helps to ensure that the content of a web page loads quickly and effectively by distributing the workload across numerous computers. When the web browser is closed.
Library and Museum
Name Data stored Purpose Expires
_COLLECTIONSCART,
_COLLECTIONSCART_CC
List of identifiers and titles of photographs you have added to your selection/cart in the photographic collection. Without this cookie, you cannot save selections of photographs, or order prints of the photographs. Seven days.
_COLLECTIONSRESULTS A URL of the results page following a search of the photographic collection. This is used to aid navigation back to the results page. When the web browser is closed.
IMu API version number, unique selection ID, API language code(“en”) university identifier (“saul”), and true/false whether javascript is enabled. Used to create a unique selection ID when adding photographs to your cart/selection. Seven days.
PDMS (Personal Development Management System)
Name Data stored Purpose Expires
PHPSESSID Course selection and form input values. Allows users to request places on courses and keep track of their course attendance. When the web browser is closed
Single sign-on
Name Data stored Purpose Expires
_shibsession* Unique random number identifying a successful login. This cookie is to determine whether the user is logged in via Single sign-on. When the web browser is closed.


Performance cookies

Google Analytics

The University uses Google Analytics to measure how our websites are being used. This cookie data is anonymous with no information that can connect a person to a cookie collected.

Name Data stored Purpose Expires
_ga
_gid,
_gat*
Unique random identifiers. Distinguish each unique visit to the website and what pages are visited as well as being used to reduce data collection from high traffic pages. The longest expiry period is two years.
Hotjar

The University uses Hotjar to measure how our websites are being used. This cookie data is anonymous with no information that can connect a person to a cookie collected.

Name Description Expires
_hjClosedSurveyInvites Hotjar cookie that is set once a visitor interacts with a Survey invitation modal pop-up. It is used to ensure that the same invite does not reappear if it has already been shown. The longest expiry period is one year.
_hjDonePolls Hotjar cookie that is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in. The longest expiry period is one year.
_hjMinimizedPolls Hotjar cookie that is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimized when the visitor navigates through your site. The longest expiry period is one year.
_hjShownFeedbackMessage Hotjar cookie that is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the visitor navigates to another page where it is set to show. The longest expiry period is one year.
_hjid Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. The longest expiry period is one year.
_hjRecordingLastActivity This should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). When the browser is closed.
_hjTLDTest When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. When the browser is closed.
_hjUserAttributesHash User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. When the browser is closed.
_hjCachedUserAttributes This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. When the browser is closed.
_hjLocalStorageTest This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. The longest expiry period is under 100ms.
_hjIncludedInSample This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Funnels. This is a session cookie which is destroyed when the user leaves the site. When the browser is closed.
_hjAbsoluteSessionInProgress This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. The longest expiry period is 30 minutes.
Microsoft Clarity

Clarity works with Google Analytics to measure how our websites are being used. This cookie data is anonymous with no information that can connect a person to a cookie collected.

Name Description Value passed
_clck Persists the Clarity User ID and preferences, unique to that site, on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. String
_clsk Connects multiple page views by a user into a single Clarity session recording. String
CLID Identifies the first-time Clarity saw this user on any site using Clarity. String
ANONCHK Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0. Flag
MR Indicates whether to refresh MUID. Flag
MUID Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. GUID
SM Used in synchronizing the MUID across Microsoft domains. Character flags

 

Siteimprove

The University uses Siteimprove to measure how our websites are being used. This cookie data is anonymous with no information that can connect a person to a cookie collected.

Name Data stored Purpose Expires
nmstat Unique random identifier. This cookie is used to help record the visitor’s use of the website. It is used to collect statistics about site usage such as when the visitor last visited the site. This information is then used to improve the user experience on the website. This Siteimprove Analytics cookie contains a randomly generated ID used to recognize the browser when a visitor reads a page. The cookie contains no personal information and is used only for web analytics. The longest expiry period is 1000 days.

 

How you can control cookies when using University websites

Other than the strictly necessary cookies, which must be removed directly within your browser, you can 'switch on' cookies that fall under the performance category. When you first visit the University website, performance cookies will be switched off.

To accept or refuse performance cookies simply toggle the corresponding option in the provided cookie preferences tool - a link to open this is found in the footer of the website.

The cookie preferences tool is only available to users from within the EU. Other visitors should control their cookie preferences directly in the web browser.

Third-party cookies

The University also makes use of software and services provided by third-parties on some of our web pages such as an embedded social media feed. This third-party provider then may use cookies for that service.

You cannot delete third-party cookies via the University website cookie preferences tool. However, you can control these by altering the cookie preferences directly in your web browser.

Most browsers can be configured to refuse cookies, or to provide a warning before they are accepted by your device. The help function within your browser should tell you how to configure it to refuse cookies or to alert you to their use.

Third-party cookies in use on University websites

The University, as introduced above, makes use of software and services provided by third-parties, who in turn make use of cookies. The categories of cookies used by third-parties via University websites are:

  • Performance cookies
    These collect information about how people use our websites, such as which pages are used most often. These cookies do not pass any information that identifies an individual.
  • Functionality cookies
    These allow the website to remember choices that a person has made in a given point in time, such as language or location preferences, and provide enhanced personalised features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide website features which you wish to use, such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
  • Targeting cookies or advertising cookies
    These cookies are used to deliver adverts more relevant to you and your interests on other websites. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. This kind of cookie remembers that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

How are these cookies used?

Gecko Engage

We use Gecko Engage to embed interactive forms on certain web pages to collect user’s submitted information - such as applying for a visiting day.

Name Type Purpose Expires
_gat,
_gid,
_ga
Performance Google Analytics used by the software provider to measure usage of its service. All data collected is anonymised with no personal information stored. The longest expiry period is two years.
AWSALB,
AWSALBCORS
Functionality Ensures requests go to the same server on AWS. The longest expiry period is seven days.

For information on how GecKo make use of their cookies, please see the Gecko Engage privacy policy.

Meta Pixel

Name Data stored Purpose Expires
ID: 115868994842088 Unique random identifiers. We use the Meta Pixel to track conversions and effectiveness of our marketing campaigns.  Consent for the Meta Pixel cannot be automatically revoked. Please follow the link below to opt-out. Meta Pixel The longest expiry period is 180 days.

Radius

We use Radius by Campus Management to embed interactive forms on certain web pages to collect user’s submitted information - such as applying for a visiting day.

Name Type Purpose Expires
_utmaba,
_utmabb,
_utmabc,
_utmabz,
_gat_RadiusEnterpriseRollup,
_ga,
_gid,
JSESSIONID
Performance Google Analytics used by the software provider to measure usage of its service. All data collected is anonymised with no personal information stored. The longest expiry period is two years.

For information on how Radius make use of their cookies, please see the Campus Management privacy policy

SoundCloud

We embed SoundCloud on some web pages to show content from that service.

Name Type Purpose Expires
_gat_insided,
_gat,
_ga,
_gid
Performance Google Analytics used by the software provider to measure usage of its service. All data collected is anonymised with no personal information stored. The longest expiry period is two years.
sc_anonymous_id,
sclocale
Functionality Used to remember user preferences. The longest expiry period is ten years.
__qca,
_fbp
Targeting Used to track advertising for marketing purposes. The longest expiry is one year.

For information on how SoundCloud make use of their cookies, please see the SoundCloud cookie policy

YouTube

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This may set cookies on a device once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.

Name Type Purpose Expires
VISITOR_INFO_LIVE,
YSC,
PREF,
GPS
Functionality Used to remember user preferences such as language settings as well as measure viewing statistics of videos. The longest expiry period is eight months.

For information on how YouTube make use of their cookies, please see the Google privacy policy

Advertising cookies

We sometimes use tracking pixels to assist with our marketing and delivery of online advertising.

By better understanding what our audiences are interested in, we can more efficiently promote the University. For example if you have looked at certain pages on our website we might want to highlight our open days or give information about a particular course to you.

The technology to do this is made possible by cookies and as such we may place a ‘remarketing cookie’ during your visit. We are unable to proactively reach out to you personally as the process is anonymized, but you can opt out of these cookies at any time.

How to control advertising cookies

The tracking pixels we currently use are for Facebook, Twitter and Google Remarketing.

Opt out of advertising cookies

You can opt out of almost all advertising cookies by updating your preferences on the ‘Your Online Choices’ website. It is worth noting that opting out of advertising cookies won't stop you seeing adverts, just that they won't be tailored specifically to you.

Opt out of advertising cookies on Your Online Choices website

Similar technologies in use on the University’s websites

The provided cookie preferences tool is also used to manage user preferences for HTML5 local data storage. A link to open this tool is found in the footer of the website. The categorisation works in the same way as it does with cookies, with only strictly necessary data being stored on initial visit to the website. All other categories require user opt in before the data is saved in the browser.

The cookie preferences tool is only available to users from within the EU. Other visitors should control their HTML5 local data storage preferences directly in the web browser.

Third-party use of HTML5 local data storage

The University makes use of software and services provided by third-parties, who in turn make use of the following HTML5 local data storage.

Cues.ai

We use this tool to provide visitors with intelligent prompts that link to additional information they may find useful. The information stored on a visitor’s device is only ever accessed by the browser and is not sent to a server.

Name Type Purpose Expires
ttl-dci Functionality A list of pages previously visited on st-andrews.ac.uk and how many times each page has been visited.
A list of cues displayed and the number of impressions each cue has had.
A list of the user's cue interactions (button and link clicks within Cues).
No expiry date.

Page last updated: 20 December 2023