Privacy Policy

You have the right to request a copy of any data VerseOne holds or processes about you.

It is important to us to ensure any information we hold about you is accurate and up to date. You may ask us to correct or amend the information we hold about you at any time.

Customer Privacy Policy

[Customer's Privacy Policy should be inserted here.]

Last updated

This policy was updated: 17 July 2023

Cookie Policy

VerseOne's software platforms power hundreds of websites, intranets and other digital solutions across the Social Housing and Healthcare sectors, and customers naturally want to know that they are compliant with Data Protection laws.

The article below outlines how cookies work within VerseOne CMS, and how the application makes provision for third party cookies.

What are cookies?

Cookies are small identification tokens placed on a user's web browser that provide a web application with some basic information about the current visitor's browsing session.

As the web has grown, some companies have used these tokens to track user behaviour across multiple websites — often used for the purposes of serving targeted advertising or other services — in a way that many think is abusive and contrary to a user's privacy online.

As a consequence, a number of legal instruments have been passed in order to make people more aware of the existence of cookies, how they can be misused, and to provide users with mechanisms for making an informed choice as to whether they wish to accept these terms.

Essential Cookies

However, cookies also serve useful purposes, such as:

  • maintaining a "session key" which is required in order to allow users to log in to websites and portals;
  • assigning unique security keys that protect user privacy by ensuring that users' form submissions are not hijacked by hackers;
  • maintaining a server key so that, in multi-server environments, users are not randomly jumped between servers such that they are forced to repeatedly login.

These kinds of cookies are broadly known as "Essential Cookies", i.e. they are absolutely required in order to allow the operation of the application and to protect the privacy and data of users, and these have a special meaning with the UK GDPR.

VerseOne CMS Cookies

By default, VerseOne CMS uses only one Essential Cookie, which is called JSESSIONID: this cookie is destroyed at the end of a user's session, i.e. when a user logs out and leaves the site, or after 20 minutes of inactivity on a VerseOne CMS-powered site.

VerseOne CMS does not track users across sites, and JSESSIONID does not enable any functionality except the three items listed above.

JSESSIONID is an Essential Cookie — it is absolutely required for the operation of the solution and for the protection of users' data and security. For this reason, it cannot be switched off and users cannot opt out.

VerseOne CMS also uses VOPECRA, a long-term non-tracking cookie that is only placed on the user's browser if the user accepts cookies: VOPECRA is the cookie that remembers that the user has accepted cookies.

If the option is switched on, VerseOne CMS also uses KMLI, a medium-term non-tracking cookie that is only placed on the user's browser if the user selects the Remember Me login feature.

Finally, solutions hosted within VerseOne's high-availability Managed Cloud Services environment also use a session management cookie that maintains the user's context across multiple servers: this has the format TS0xxxxxxx.

So, by default, all sites hosted on VerseOne's environment will have JSESSIONID and TS0xxxxxxx. Depending on configuration and user choices, they may also see VOPECRA or KMLI.

VerseOne CMS Cookies
Name Duration Function Size
JSESSIONID Session Essential cookie for software functionality including session management for authentication, form submission validation, load-balancer configuration. Secured and does not track across websites (domain-specific). Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 44B
VOPECRA 'Permanent' (multi-year duration) Remembers that a user has accepted cookies from a specific VerseOne CMS-powered website, enabling cookies from GA and Code Droplets (where configured). Secured and does not track across websites (domain-specific). 8B
KMLI_FRONTEND Configurable duration Remembers the user so that they do not have to explicitly login to the CMS or front-end features. Secured and does not track across websites (domain-specific). Duration is configurable in VerseOne CMS (default is 2 weeks). 141B
TS0xxxxxxx Session Essential cookie for maintaining context across VerseOne 's multiple high-availability application servers and secure Web Application Firewall (WAF). Secured and does not track across websites (domain-specific).  Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 116B

VerseOne CMS does not explicitly enable users to reject cookies: in order for this to work in a user-friendly manner, a cookie would have to be placed in the user's browser that would remember that the user had rejected cookies.

Third Party Cookies

Many organisations do legitimately seek information on how people use their websites and digital solutions, so that they can genuinely improve their service to their users — and VerseOne makes this possible through two mechanisms:

  • the ability to enter a Google Analytics (GA) ID at site level;
  • the ability to enter any other third party code (which may or may not include cookies) through the Code Droplets Module.
  • [detail any third party cookies and functions as per the above outline]

VerseOne provides these features but the decision whether or not to use them rests with the VerseOne customer — they can add or remove such services at any time.

Cookie Acceptance Features

VerseOne does, of course, provide its customers with a number of methods for ensuring legal compliance, which were originally put in place to comply with the European Union Privacy and Electronic Communications Regulations (PECR) Amendment, popularly known as the "cookie law".

These features were reviewed with the release of the EU General Data Protection Regulations (GDPR) and the subsequent Data Protection Act 2018 (which comprises the current UK legislation, including the "Frozen GDPR" or "UK GDPR").

VerseOne CMS does not provide any method for users to opt out of the JSESSIONID or other essential cookies listed above because otherwise, under the legal definition, it would not be essential. As such, if the user accepts cookies via the Cookie Acceptance Banner, it is always any third party (potentially tracking) cookies that they are accepting.

Further information

If you have further questions above VerseOne's use of cookies in its software: compliance@verseone.com

Last updated

This policy was updated: 17 July 2023