This cookie statement explains how NICE ('NICE', 'us', 'our' or 'we') uses cookies when you visit our websites at:
- www.nice.org.uk
- www.healthtechconnect.org.uk
- www.ukpharmascan.org.uk
- www.digitalregulations.innovation.nhs.uk.
It explains what cookies are, how we use them and how you can manage them.
What are cookies?
Cookies are files saved on your phone, tablet, or computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The information stored in cookies is used to make websites work or contains things about how you use the website. For example, that you have acknowledged a pop-up or the pages you visit.
Cookies are not viruses or computer programs. They are very small, so they do not take up much space.
This statement refers to ‘cookies’ but covers similar browser storage technologies, such as HTML local storage.
How we use cookies
We use cookies to:
- make our website work, for example by keeping it secure
- remember your preferences, for example which pop-ups or banners you have seen
- measure how you use our website, for example which links you click on.
These 3 types of cookies are described and listed below. Each cookie listed shows the cookie name, type, duration, and purpose. We use cookies only for the purpose described.
Essential cookies
These essential, or ‘strictly necessary’, cookies enable basic functions like page navigation and access to secure areas of the website.
Our website and services cannot function properly without these cookies, so we do not provide a way to manage them. They can only be blocked or deleted by changing your browser preferences, as described in the Managing cookies section in this statement.
| Cookie | Service | Purpose | Expiration |
|---|---|---|---|
| csrftoken | AI Regulation service | Used to secure against CSRF attacks in form submissions. | 1 year |
| ASP.NET_SessionId | All | Used to maintain an anonymised user session. Set by .NET. | End of session |
| ASPXAUTH | All | Used to identify a logged-in user to enable access to secure areas. | End of session |
| auth0 | All | Handles user sessions. | 3 days |
| auth0_compat | All | Fallback cookie for auth0 in the event a legacy browser does not support sameSite being set to None. | 3 days |
| AWSELB AWSELBCORS AWSALBTG AWSALBTGCORS |
All | Manages sticky sessions in a load-balanced environment, to keep a user's session tied to a single server. | End of session |
| CookieControl | All | Stores a user’s preference about cookies on NICE websites. | 90 days |
| did | All | The identifier for a device or user agent. | 1 year |
| did_compat | All | Fallback cookie for did in the event a legacy browser does not support sameSite being set to None. | 1 year |
| History.store | All | Stores internal page state to aid navigation. | End of session |
| IdAM, IdAMC* | All | Stores a token related to the current logged-in user for services authenticated through identity.nice.org.uk. | End of session |
| __ngat_1.2 | All | Authentication ticket for services authenticated via accounts.nice.org.uk. | 1 hour |
| __nrpa_2.2 | All | Authorisation session cookie for services authenticated via accounts.nice.org.uk. | End of session |
| __RequestVerificationToken | All | Helps prevent cross-site request forgery (CSRF) attacks. | End of session |
| seen_cookie_message | All | Specifies if a user has been shown the cookie policy banner. | 1 year |
| ud | All | Stores internal page state, such as scroll position, to aid navigation. | End of session |
| resources:* | CKS | Stores page data to aid navigation. | Doesn't expire (IndexedDB) |
| @@scroll* | CKS | Stores scroll position to aid navigation. | End of session |
| ConsultationSession-* | Consultations | Session id for user login. | Consultation end date + 28 days |
| browser-warning-shown | EPPI | Stores whether a user has been shown warning regarding compatibility with Internet Explorer. | 2 weeks |
| compact | EPPI | Enables user to change view format to compact. | 2 weeks |
| data-extraction-fixed-tables | EPPI | Enable user to fix the width of data extraction tables. | 2 weeks |
| data-extraction-input-vertical | EPPI | Enable user to change the format of data-extraction input form. | 2 weeks |
| dedupe-show-details | EPPI | Enables user to see detailed study data when performing study deduplication. | 2 weeks |
| dedupe-view | EPPI | Enables user to set the format of the deduplication view. | 2 weeks |
| irrelevant-highlight | EPPI | Enables user to highlight irrelevant study text. | 2 weeks |
| relevant-highlight | EPPI | Enables user to highlight relevant study text. | 2 weeks |
| text-highlighter-hide | EPPI | Enables user to switch text highlighting on or off. | 2 weeks |
| lastupdated | HealthTech Connect | Prevents automatic time out, allows the user to have multiple tabs open, and activity on any one tab will ensure that the others don't time out through inactivity. | 24 hours |
| NICE_auth | HealthTech Connect | Authentication Cookie for HTC. | End of Session |
| Meteor.loginToken | META Tool | A unique token for the current logged-in user’s session for the META Tool. | Doesn't expire (local storage) |
| Meteor.loginTokenExpires | META Tool | The expiry date of the login token for the current logged-in user for the META Tool. | Doesn't expire (local storage) |
| Meteor.userId | META Tool | The unique ID of the current logged-in user for the META Tool. | Doesn't expire (local storage) |
| evercookie_cache | UK PharmaScan | Used to persist cookie for login. | 1 year |
| evercookie_etag | UK PharmaScan | Used to persist cookie for login. | 1 year |
| evercookie_png | UK PharmaScan | Used to persist cookie for login. | 1 year |
| .ukps | UK PharmaScan | For user login. | 1 year |
| .ukpsLease | UK PharmaScan | Grants machine lease permission for the user. | 31 Dec 2030 |
| csrftoken | digitalregulations.innovation | Used against CSRF attacks (e.g.: contact us form, search function). | Session duration |
Preference cookies
These cookies remember information that changes the way our website behaves, like your preferred layout, acknowledged pop-ups, or previously viewed pages.
Preference cookies can be managed on this website, as described in the Managing cookies section in this statement.
| Cookie | Service | Purpose | Expiration |
|---|---|---|---|
| seen_corona_message | All | Stores a user’s preference for hiding the COVID-19 banner. | 1 year |
| NICE_guidanceList_published NICE_guidanceList_indevelopment NICE_guidanceList_inconsultation NICE_guidanceList_proposed |
NICE website: guidance list pages | Stores applied filters on the guidance list pages to aid navigation. | End of session |
| TutorialVisible | Consultations | Stores a user’s preference to hide the ‘how to comment’ tutorial within Consultations. | End of session |
Website usage cookies
We use tools such as Google Analytics, Google Optimize and Hotjar to help us anonymously measure how you use our websites. This allows us to make improvements based on our users' needs.
These tools set cookies that store anonymised information about how you got to the site, and how you interact with the site. We do not allow these tools to use or share the data about how you use this site and all data stored is anonymised.
Website usage cookies can be managed on this website, as described in the Managing cookies section in this statement. Each of the services we use to record website usage provides a way to opt out of cookies.
Google Analytics
We use Google Analytics for usage analytics like page views and link clicks.
You can opt out of Google Analytics cookies. View Google's privacy policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| _ga | Used to distinguish users. | 2 years |
| _ga_ | Used to distinguish users in Google Analytics 4. If Google Analytics 4 is deployed via Google Tag Manager, this cookie will be named _ga_<property-id>. | 2 months |
| _gat | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. | 1 minute |
| _gid | Used to distinguish users. | 1 day |
| _gadatalayer | Used to remember behaviours performed in the user’s session, such as how many searches performed. | 1 day |
| _tempCid | Copy of _ga used to track successful sign-in from the server rather than client side. | 30 minutes |
Google Optimize
We use Google Optimize for A/B testing to improve our services.
You can opt out of Google cookies. View Google's privacy policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| _gaexp | Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. | Depends on the length of the experiment, but typically 90 days. |
| _opt_utmc | Stores the last utm_campaign query parameter. | 24 hours |
| _opt_awcid | Used for campaigns mapped to Google Ads Customer IDs. | 24 hours |
| _opt_awmid | Used for campaigns mapped to Google Ads Campaign IDs. | 24 hours |
| _opt_awgid | Used for campaigns mapped to Google Ads Ad Group IDs. | 24 hours |
| _opt_awkid | Used for campaigns mapped to Google Ads Criterion IDs. | 24 hours |
Hotjar
We use Hotjar for behaviour analysis, heatmaps, clickmaps, usage recordings, polls and surveys.
You can opt out of Hotjar cookies. View Hotjar's privacy policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| _hjAbsoluteSessionInProgress | This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie. | 30 minutes |
| _hjCachedUserAttributes | This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. | End of session |
| _hjClosedSurveyInvites | This cookie is set once a visitor interacts with an External Link Survey invitation modal. It is used to ensure that the same invite does not reappear if it has already been shown. | 1 year |
| _hjDonePolls | This cookie is set once a visitor completes a survey using the On-site Survey widget. It is used to ensure that the same survey does not reappear if it has already been filled in. | 1 year |
| _hjid | This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID. | 1 year |
| _hjIncludedInPageviewSample | This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by the site's pageview limit. | 30 minutes |
| _hjIncludedInSessionSample | This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by the site's daily session limit. | 30 minutes |
| _hjLocalStorageTest | This cookie is used to check if the Hotjar tracking script can use local storage. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. | Under 100ms |
| _hjMinimizedPolls | This cookie is set once a visitor minimises an On-site Survey widget. It is used to ensure that the widget stays minimised when the visitor navigates through your site. | 1 year |
| _hjRecordingLastActivity | This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). | End of session |
| _hjShownFeedbackMessage | This cookie is set when a visitor minimises or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimised immediately if the visitor navigates to another page where it is set to show. | 1 year |
| _hjTLDTest | When the script executes, Hotjar tries to determine the most generic cookie path to use instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, Hotjar tries to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. | End of session |
| _hjUserAttributesHash | User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. | End of session |
| _hjSessionResumed | Set when a session/recording is reconnected to Hotjar servers after a break in connection. Boolean true/false data type. | End of session |
| _hjSessionTooLarge | Causes Hotjar to stop collecting data if a session becomes too large. Determined automatically by a signal from the server if the session size exceeds the limit. Boolean true/false data type. | End of session |
| _hjSession_{site_id} | Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. JSON data type. | 30 minutes, extended on user activity |
| _hjFirstSeen | Identifies a new user’s first session. Used by Recording filters to identify new user sessions. Boolean true/false data type. | 30 minutes, extended on user activity |
| _hjSessionUser_{site_id} | Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID. JSON data type. | 1 year |
Third party cookies
We embed some content on our website from external providers. These providers may set cookies, known as ‘third party’ cookies.
We do not control these cookies and cannot prevent these sites or domains from collecting information on your use of this content. Check the relevant third party website for more information about them and how to opt out:
| Service | Usage | Information |
|---|---|---|
| Infogram | Embedding infographics | Infogram privacy policy (includes cookie statement) |
| SoundCloud | Embedding audio clips and podcasts | SoundCloud privacy policy SoundCloud cookie policy |
| Embedding tweets and timelines | Twitter's use of cookies Twitter privacy policy Twitter privacy controls for personalised ads |
|
| YouTube | Embedding videos | Google privacy policy Ad settings on Google |
Marketing and advertising cookies
We use Google Ads, LinkedIn and Facebook to show adverts that promote our services, events and content. These adverts are shown on external websites, which are not owned or operated by NICE.
Google Ads, LinkedIn and Facebook use cookies to:
- help measure how many times people click on adverts and interact with our website
- perform functions like preventing the same advert from continuously reappearing
- help show you relevant adverts, based on your interests and past visits to our website.
Marketing and advertising cookies can be managed on this website, as described in the Managing cookies section in this statement.
You can also control advert personalisation on other websites using YourOnlineChoices.
Google Ads
You can opt out of advert personalisation on Google. View Google’s advertising policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| _gcl_au _gcl_dc _gcl_aw |
Used to identify when a user visits our website from an advert on Google. | 90 days |
| IDE | Used to show relevant adverts by grouping user behaviour. This is a third party cookie, set on .doubleclick.net. | 390 days |
| NID | Contains a unique ID to remember your preferences and other information, such as your preferred language or your previous interactions with an advertiser’s ads or search results. This is a third party cookie, set on .google.com | 6 months |
| test_cookie | Used to determine if the user's browser supports cookies. This is a third party cookie, set on .doubleclick.net. | 15 minutes |
You can manage your advertising preferences on LinkedIn. View LinkedIn’s privacy policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| AnalyticsSyncHistory | Used to store information about the time a sync with the 'lms_analytics' cookie took place for users in the designated countries. This is a third party cookie, set on .linkedin.com. | 30 days |
| bcookie | Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform. This is a third party cookie, set on .linkedin.com. | 2 years |
| BizographicsOptOut | Determines opt-out status for third party tracking. This is a third party cookie, set on .linkedin.com. | 10 years |
| _guid | Used to identify a LinkedIn member for advertising through Google Ads. This is a third party cookie, set on .linkedin.com. | 90 days |
| lang | Used to remember a user's language setting. This is a third party cookie, set on .linkedin.com and .ads.linkedin.com. | End of session |
| lidc | To optimise data centre selection. This is a third party cookie, set on .linkedin.com. | 1 day |
| li_fat_id | Member indirect identifier for LinkedIn members for conversion tracking, retargeting and analytics. | 30 days |
| li_oatml | Used to identify LinkedIn members off LinkedIn for advertising and analytics outside the designated countries and, for a limited time, advertising in the designated countries. This is a third party cookie, set on .linkedin.com. | 30 days |
| lissc | Used to ensure there is correct SameSite attribute for all cookies in that browser. This is a third party cookie, set on .linkedin.com. | 1 year |
| li_sugr | Used to make a probabilistic match of a user's identity outside the designated countries. This is a third party cookie, set on .linkedin.com. | 90 days |
| lms_ads | Used to identify LinkedIn members off LinkedIn in the designated countries for advertising. This is a third party cookie, set on .linkedin.com. | 30 days |
| lms_analytics | Used to identify LinkedIn members in the designated countries for analytics. This is a third party cookie, set on .linkedin.com. | 30 days |
| U | Browser identifier for users outside the designated countries. This is a third party cookie, set on .adsymptotic.com. | 3 months |
| UserMatchHistory | LinkedIn Ads ID syncing. This is a third party cookie, set on .linkedin.com. | 30 days |
You can manage your advertising preferences on Facebook. View Facebook's privacy policy for more information.
| Cookie | Purpose | Expiration |
|---|---|---|
| _fbp | Used to identify users across webpages where Facebook pixel is installed. The pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist. | 3 months |
| _fbc | Used to identify the link users initially clicked across webpages where Facebook pixel is installed. The link ad on Facebook sometimes includes a fbclid query parameter. When the user lands the pixel automatically saves the fbclid query parameter to an _fbc cookie for that website domain. | 3 months |
Managing cookies
Manage preference and website usage cookies for websites on NICE’s domain through our cookie banner:
Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer's website.
Further information
If you have any questions about our use of cookies or other technologies, please contact us.
Statement updates
We may update this cookie statement from time to time to reflect changes to the cookies we use or for other operational, legal, or regulatory reasons. You will be prompted to re-consent to cookies when we update this statement.
This statement was first published on 9 October 2020. It was last updated on 3 March 2023.