Cookie Consent GDPR (article)

Susana Moleón Moya
Susana Moleón Moya
  • Updated

Please be aware of the upcoming updates to the cookie consent functionality on your website to follow the European Union's regulations. 

To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

  • Receive users’ consent before you use any cookies except strictly necessary cookies.
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  • Document and store consent received from users.
  • Allow users to access your service even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

The strictly necessary cookies are as follows:

  • exchange_rate : used for multi-currency price evaluation, expires after 7 days
  • currency : used for multi-currency price evaluation, expires after 7 days
  • CONCRETE5 : CMS required, expires after browser session
  • cart_cookie: used for storing product selection to the cart, expires after 7 days
  • dojo_bKEY: used for processing bookings with TourCMS, expires after 24 hours
  • cookies_allowed: user preference for cookies, expires after 1 year for Allow Cookies, 24 hours for No
  • __cfduid: CloudFlare used for faster content delivery, expires after 1 month

The following items which store cookies on the browser are now no longer functional unless a user gives explicit cookie consent:

  • Feefo Reviews
  • Google Maps
  • YouTube videos via YouTube block or Tour Page videos
  • Tagible
  • VE Global
  • Google Tag Manager & anything injected through here
  • Google Analytics
  • Google E-commerce Tracking
  • Facebook Pixel
  • Any 3rd party plugin you've added via Concrete5's Tracking Codes area (e.g. FreshChat widget)

NB: as such this will affect your conversion tracking, feefo review collation, and 3rd party service provisions. 

To get further information about these third party cookies, please contact the vendor directly.

Note: to maintain compliance you must be careful about any 3rd party script you have added via the C5 CMS interface in the past / plan to add in the future that isn't covered by one of the items above. If you have doubts about it being compliant please get in touch. 

Important: it is your responsibility to keep your Privacy Policy up to date, and inform users about your cookies here.

Cookie consent overlay



Cookie preferences reset (lets the user clear their prior consent / denial).

Note: this won't remove previously set 3rd party cookies (the user must do that themselves), but it will allow / stop future ones depending upon what setting they choose after clearing.


Stacks > Cookies Disclosure


Editing the cookie accept text & allow button (Click on the stack, choose Edit to edit content)

We highly recommend keeping a link to your privacy policy in here, if you decide to change the wording of the rest of the text.




Default accept text:

Gray Line XXXX uses cookies to improve your site experience. <a href="/privacy">Learn more.</a>

Default button text:

Allow Cookies

Multi-lingual sites, customise text with your own translations


Note, if you want to change the "Don't allow" text, you must perform these steps:

1. Login to website

2. Search for 'Block Types'

3. Click on 'Cookie Disclosure'

4. Click on 'Refresh'

5. Go to Stacks 

6. Select Cookie Disclosure Stack

7. Edit stack contents

8. Enter text into 'Deny text' field

9. Save

10. Approve changes

11. (clear cache if necessary)




Tracking codes, where to add 3rd party scripts and Google Analytics / Google Tag Manager to be compliant. 



You should not have any 3rd party scripts injected via Page Properties 'Header Extra Content' anymore, this violates the rules. Move it to Tracking Codes.


Compliance Tested


Further Reading



The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing your users about the cookies your site is using and, when necessary, receiving their consent will keep your users happy and keep you GDPR-compliant.