Cookies under privacy laws
Last updated: September 15, 2025
For information on privacy laws, PCI Compliance, organizational security, and infrastructure, please check the FareHarbor Security and Privacy Overview, our Privacy Statement, and our Terms of Service for Providers.
Note: The information provided on this help page is for general informational purposes only and does not constitute legal advice. You remain responsible for ensuring that your website, including any integrations (e.g. cookie consent management solutions), complies with applicable laws.
Applicable countries
Regional data protection rules may apply to operators in the following countries:
Category 1: Opt-in consent management
View the regulations that apply to businesses that fall within Category 1.
- Europe, the Middle East, and Africa: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, South Africa, Spain, Sweden, Turkey, United Arab Emirates, United Kingdom.
- Asia-Pacific: Australia, Singapore, South Korea, Thailand.
- The Americas: Argentina, Brazil, Colombia, Peru.
Category 2: Opt-out controls for data processing
View the regulations that apply to businesses that fall within Category 2.
- The Americas: United States, Mexico, Canada
- Europe: Switzerland
Note: This list of affected countries is not exhaustive. You are responsible for ensuring that your website complies with local regulations.
Data privacy regulations
The following outlines expectations based on data privacy regulations in your region. To determine which requirements may apply to you, refer to the Applicable Countries section.
Category 1: Opt-in consent management
Businesses that fall under Category 1 should obtain consent from users before using non-essential cookies or similar tracking technologies. Users should have the option to modify or withdraw their consent at any time. The cookie banners that comply with data protection rules typically include:
- Options like “Accept All,” “Reject All,” and “Customize Settings”.
- A clear link to a full cookie policy for additional information.
- The ability to easily modify or withdraw consent at any time, typically through an accessible “Cookie Preferences” link on your website.
- Non-essential cookie categories should not be pre-selected on the cookie banner.
You may decide how the consent and withdrawal options are presented, depending on your website design and the capabilities of your consent management solution. We recommend reaching out to your consent solution provider for additional information. See cookie solutions supported by FareHarbor.
Category 2: Opt-out mechanism for data processing
Businesses that fall under Category 2 should provide users with a clear and accessible way to opt out of certain types of data processing, such as selling or sharing personal information, targeted advertising, or profiling. This data processing can be done with the use of non-essential cookies on your website. Users should be able to exercise and modify these preferences at any time. This is commonly done through a “Cookie Preferences” or “Do Not Sell My Personal Information” link, typically placed in your website’s footer or privacy policy. However, a cookie banner is not essential for compliance.
You may decide on the best way to present the opt-out mechanism, depending on your website design and your consent solution’s capabilities. By default, your solution should opt customers into all cookies. We recommend reaching out to your consent solution provider for additional information. See cookie solutions supported by FareHarbor.
Cookie solutions supported by FareHarbor
FareHarbor only integrates with the cookie consent solutions listed below. If you are not currently using a supported provider, we strongly encourage you to implement a FareHarbor-supported cookie management solution. At this time, other cookie consent providers are not supported.
Disclaimer: FareHarbor carefully selects industry-leading partners to provide our clients with best-in-class recommendations. FareHarbor does not provide any guarantees with respect to these partners. In the spirit of full transparency, FareHarbor may receive commissions or other forms of compensation from the links above.
- OneTrust (formerly CookiePro) (Use the redemption code
FareHarborat checkout to receive a discount.) - Complianz
- Cookiebot
- iubenda
Legacy cookie solutions
When using a cookie consent solution, ensure the integration is functioning correctly and that cookies are categorized by purpose. See Cookie Categorization section.
Note: FareHarbor supports integrations only with Cookie Law Info, not CookieYes, even though Cookie Law Info is owned by CookieYes. If you’re redirected to CookieYes during setup, please be aware that this integration is not supported. While existing Cookie Law Info integrations and banners are still supported, no new integrations with Cookie Law Info are possible.
Cookie categorization
Note: You are responsible for ensuring that your website and cookie banner comply with applicable laws. FareHarbor cannot assist with or verify your cookie setup.
Below are general recommendations on how to categorize cookies. Reach out to your cookie consent management solution provider for the setup that best suits your needs.
- If you are using CookieBot:
ga,_gid,statsig.*,mp_*_mixpanelcan be categorized as Statistics cookies.- All other cookies will fall under the Necessary category.
- If you are using CookiePro:
ga,_gid,statsig.*,mp_*_mixpanel— can be categorized as Performance cookies.- All other cookies will fall under the Strictly Necessary Cookies category.
- If you are using Complianz:
ga,_gid,statsig.*,mp_*_mixpanelcan be categorized as Statistics cookies.- All other cookies will fall under the Necessary category.
- If you are using iubenda:
ga,_gid,statsig.*,mp_*_mixpanelcan be categorized as Measurement cookies.- All other cookies will fall under the Necessary category.
- If you are using Cookie Law Info:
ga,_gid,statsig.*,mp_*_mixpanelcan be categorized as Analytics cookies.- All other cookies will fall under the Necessary category.
Data processing activities categorization (opt-out)
Note: You are responsible for ensuring that your website and opt-out setup comply with applicable laws. FareHarbor cannot assist with or verify your opt-out setup.
Below are general recommendations on how to categorize cookies to opt-out options. Reach out to your cookie consent management solution for the setup that best suits your needs.
- If you are using CookieBot:
ga,_gid,statsig.*,mp_*_mixpanelcan be attributed to “Opt-out from targeted advertising”, “Opt-out from profiling”, “Opt-out from selling/sharing of personal information”.- All the other cookies do not require opt-out.
- If you are using CookiePro:
ga,_gid,statsig.*,mp_*_mixpanelcan be attributed to “Opt-out from targeted advertising”, “Opt-out from profiling”.- All the other cookies do not require opt-out.
- If you are using Complianz:
ga,_gid,statsig.*,mp_*_mixpanelcan be attributed to “Opt-out from targeted advertising”, “Opt-out from profiling”, “Opt-out from selling/sharing of personal information”- All the other cookies do not require opt-out.
- If you are using iubenda:
ga,_gid,statsig.*,mp_*_mixpanelcan be attributed to “Opt-out from targeted advertising”, “Opt-out from profiling”.- All the other cookies do not require opt-out.
- All others cookies do not require opt-out.
Frequently asked questions
What are my data privacy responsibilities?
Your responsibilities depend on the data privacy regulations in the region where your business operates. To get started:
- Identify your region’s category. Check which regulatory category applies to your business based on your location.
- Review applicable requirements. Once you’ve identified your category, review the specific regulations and expectations to ensure your website meets the necessary compliance standards.
What happens to my analytics data if I use a FareHarbor-supported consent management solution?
For opt-in regions, if you use one of the cookie consent solutions that integrates with FareHarbor, analytics cookies (for example, Google Analytics 4) should only be loaded on the FareHarbor online booking system if your website user consents to it. This is a requirement under data protection regulations.
For opt-out regions, you may load analytics cookies on the FareHarbor online booking system unless your website user opts out. Refer to the Applicable countries section of this help page for more information.
What happens to my analytics data if I do not use a FareHarbor-supported consent management solution, or if I do not have a consent management solution on my website?
For opt-in regions, if you do not use one of the above-mentioned solutions or you do not have any cookie solution integrated on your website, end user consent or rejection (if any) regarding the use of cookies on your website/landing page will not be communicated to the FareHarbor online booking system. As a result, the FareHarbor online booking system cannot determine whether or not the end user consented to the use of non-functional cookies, such as analytics cookies. Accordingly, your cookies (such as GA4) may be loaded without the required end user consent, which may put you at risk of non-compliance with privacy law requirements.
For opt-out regions, if you do not use one of the FareHarbor-supported consent management solutions, your analytics data will not be affected but you may not be compliant with your local laws and regulations.
What happens if I don’t follow the data privacy regulations in my region?
Failing to provide users with the ability to manage their consent or opt out of certain types of data processing may put your business at risk of non-compliance with applicable privacy laws in your region. We recommend consulting your legal representative to determine the specific steps your business must take to comply with relevant regulations.