Cookie Policy
Cookie Policy
About this policy
We use cookies across our website to improve user experience. This page explains:
- Who we are
- What cookies are
- Types of cookies we use
- How you can control the use of cookies from our website
- Further information and contacting us
- How to make a complaint
Who we are
The City of Birmingham Symphony Orchestra (CBSO) is a registered Arts Charity (number 506276) that processes data for purposes necessary to fulfil its aims and charitable objectives. For this policy “we“, “us,” and “our” refer to CBSO.
What are cookies?
Cookies are small text files of letters and numbers with an expiry date which are stored in your browser on your computer or mobile device. A cookie is created when the browser you use to look at web pages loads a particular website. The website sends information to the browser which then creates a text file (cookie). Every time you return to the same website, your browser retrieves and sends this file to the website's server. When the cookie reaches its expiry date, your browser discards it.
A cookie records information relating to your internet activity such as whether you have visited our website before. It stores the information on your device (your computer/tablet/phone). The cookies we use on our website don't collect personally identifiable information about you and we only disclose anonymised aggregated usage data to third parties.
A persistent cookie stays on your device even after you close your browser, remembering your settings and preferences for future visits. You can clear them by going into your browser settings and deleting your cookies.
The cookies we send to your device only relate to your use of our website; they don't have any other effect on your device.
The types of cookies we use
We collect five types of cookies. Below, we explain what these are, what they do, and how long we store them for – this can vary from a session to set of minutes, hours, or days. A session starts when you launch a website and ends when you leave it or close your browser window.
Necessary cookies
These cookies are necessary for our website to work properly, which is why they can’t be switched off. They are essential in helping you to move around our websites and using their features, such as accessing secure (password-protected) areas, for example, your user account.
We use:
Cookie | Purpose | Duration |
AEC | Ensures requests within a browsing session are made by the user, and not by other sites. This cookie prevents malicious sites from acting on behalf of a user without that user’s knowledge. | 6 months |
CRAFT_CSRF_TOKEN | Ensures visitor browsing-security by preventing cross-site request forgery. | Session |
rc::a | Used to distinguish between humans and bots. | Persistent |
rc::c | Used to distinguish between humans and bots. | Session |
SOCS | Stores the user's state regarding their cookies choices. | 13 months |
HSID | Provides fraud prevention. | 2 years |
SIDCC | Provides the identification of trusted web traffic. | 1 year |
TNEW | Manages and retains what actions a user has conducted during the session. | Session |
TNEWQA | Manages and retains what actions a user has conducted during the session. | Session |
OPG | Manages and retains what actions a user has conducted during the session and store encrypted session information for the One-Page Giving pages on live sites. | Session |
OPGQA | Manages and retains what actions a user has conducted during the session and store encrypted session information for the One-Page Giving pages on test sites. | Session |
Tneworder* | Permits users to return to the Receipt page after having completed an order and view the details of the order. | Session |
TN_SSO | Used to store encrypted session information for access to the TNEW Administration Site. This assists with validating authentication for Tessitura Staff to the Administration Site. | Session |
ASPXFORMSAUTH | Used to indicate a user’s site permissions including access to the TNEW Administration Site. This supports the security of the service. | 48 hours after last use |
ASP.NET_SessionID | Used to manage user sessions. This identifies the unique user using a random key. | Session |
__RequestVerificationToken | Used to verify form submissions and prevent cross-site request forgery attacks. | 48 hours |
nlbi_* | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | Session |
incap_ses_ * | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | Session |
reese84 | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 30 days |
reese84-resubmit-token | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 60 seconds |
visid_incap_ * | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 12 Months |
_ cf_bm | Used by a third-party service provider, Cloudflare, to filter out malicious requests and optimise page load times. | 30 Minutes |
QueueITAccepted-* | Used by Queue-it 2.5 to authenticate a user when a virtual waiting room is enabled. | Variable (based on the amount of time a user may access your TNEW site after exiting the waiting room) |
Queue-it* | Used by Queue-it to authenticate a user when a virtual waiting room is enabled. | Session |
_GRECAPTCHA | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | 6 months |
rc::a | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | Persistent |
rc::c | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | Session |
BIGipServereu.gateway.mastercard.int-asset-https-pool | Used when Mastercard Third Party Hosted Payments are enabled. | Session |
TS* | Used when Mastercard Third Party Hosted Payments are enabled. | Session |
ASP ASP.NET_SessionID | Used when Worldpay Third Party Hosted Payments are enabled. | Session |
JSESSIONID | Used when Tessitura Merchant Services are enabled. Maintains a unique user session for Tessitura Merchant Services server. | 5 days |
CRAFT_CSRF_TOKEN | Ensures visitor browsing-security by preventing cross-site request forgery. | Session |
rc::a | Used to distinguish between humans and bots. | Persistent |
rc::c | Used to distinguish between humans and bots. | Session |
SOCS | Stores the user's state regarding their cookies choices. | 13 months |
HSID | Provides fraud prevention. | 2 years |
SIDCC | Provides the identification of trusted web traffic. | 1 year |
TNEW | Used by TNEW to store encrypted session information for live sites. The cookie is used to manage and retain what actions a user has conducted during the session. | Session |
TNEWQA | Used by TNEW to store encrypted session information for test sites. The cookie is used to manage and retain what actions a user has conducted during the session. | Session |
OPG | Used by TNEW to store encrypted session information for the One-Page Giving pages on LIVE sites. | Session |
OPGQA | Used by TNEW to store encrypted session information for the One-Page Giving pages on TEST sites. | Session |
Tneworder* | Used by TNEW to permit users to return to the Receipt page after having completed an order and view the details of the order. | Session |
TN_SSO | Used by TNEW to store encrypted session information for access to the TNEW Administration Site. This assists with validating authentication for Tessitura Staff to the Administration Site. | Session |
ASPXFORMSAUTH | Used by TNEW to indicate a user’s site permissions including access to the TNEW Administration Site. This supports the security of the service. | 48 hours after last use |
ASP.NET_SessionID | Used by ASP.NET to manage user sessions. This identifies the unique user using a random key. | Session |
__RequestVerificationToken | Used by TNEW to verify form submissions and prevent cross-site request forgery attacks. | 48 hours |
nlbi_* | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | Session |
incap_ses_ * | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | Session |
reese84 | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 30 days |
reese84-resubmit-token | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 60 seconds |
visid_incap_ * | Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests. | 12 Months |
_ cf_bm | Used by a third-party service provider, Cloudflare, to filter out malicious requests and optimise page load times. | 30 Minutes |
QueueITAccepted-* | Used by Queue-it version 2.5 to authenticate a user when a virtual waiting room is enabled. | Variable (based on the amount of time a user may access your TNEW site after exiting the waiting room) |
Queue-it* | Used by all Queue-it versions when a virtual waiting room is enabled. | Session |
_GRECAPTCHA | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | 6 months |
rc::a | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | Persistent |
rc::c | Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments. | Session |
BIGipServereu.gateway.mastercard.int-asset-https-pool | Used when Mastercard Third Party Hosted Payments are enabled. | Session |
Analytical cookies
Analytical cookies play a vital role in helping us fulfil our charitable objectives. They enable us to gather the insights needed to apply for funding, sustain the activities we excel at, and continually improve our website. By collecting and reporting information on how you use our site, these cookies provide valuable insights into user behaviour and actions. This understanding helps us identify patterns and preferences, enabling us to make data-driven decisions that enhance the website's functionality and effectiveness.
We use:
We use Google Analytics to collect information about how visitors use our website. We use this information to report to our funders and to analyse website usage so that we can improve user experience. Google Analytics collects information such as the number of site visitors, which pages they visited, how they came to the site and their location. This information is anonymous and cannot be used to identify you personally. You can find out more about privacy at Google and opt out of being tracked by Google Analytics across all websites.
Cookie | Description | Duration |
_gcl_au | Google Tag Manager sets the cookie to experiment Marketing efficiency of websites using their services. | 3 months |
_ga | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | 1 year, 1 month, 4 days |
_gid | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. | 1 day |
_ga_* | Google Analytics sets this cookie to store and count page views. | 1 year, 1 month, 4 days |
_hjAbsoluteSessionInProgress | Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie. | 30 minutes |
__utma | Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics. | 2 years |
__utmb | Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit. | 1 day |
__utmc | Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit. | Session |
__utmd | Used to assign specific visitors into segments, this segmentation is based on visitor behaviour on the website - the segmentation can be used to target larger groups. | 1 day |
__utmv | Saves user-defined tracking parameters for use in Google Analytics. | Session |
__utmz | Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics. | 6 months |
collect | Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels. | Session |
td | Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. | Session |
_hjSessionUser_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 1 year |
Marketing cookies
We use marketing cookies to help us improve the relevancy of advertising campaigns you may receive.
Cookie | Description | Duration |
ads/ga-audiences | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. | Session |
ar_debug | Used by DoubleClick to debug ads. | 1 year |
NID | Provides ad delivery or retargeting, store user preferences. | 6 months from a user’s last use |
APISID | Used to personal Google ads on websites based on your recent searches. | 2 years |
SID | Provides ad delivery or retargeting, provide fraud prevention. | 2 years |
sp_landing | Set by the provider Spotify and is used to implement audio content on the Spotify website. It also helps in collecting information on user interaction with this audio content. | 1 day |
sp_t | Set by the provider Spotify and is used to implement audio content on the Spotify website. It also helps in collecting information on user interaction with this audio content. | 1 day |
ajs_user_id | Used to track visitor usage, events, and target marketing as well as measure website performance and stability. | 1 year |
lastExternalReferrer | Detects how the user reached the website by registering their last URL-address. | Persistent |
lastExternalReferrerTime | Detects how the user reached the website by registering their last URL-address. | Persistent |
muc_ads | Collects data on user behaviour and interaction to optimise the website and make advertisement on the website more relevant. | 400 days |
personalization_id | Set by X and allows the visitor to share content from the website on their X profile. | 400 days |
guest_id | Set by X when a visitor clicks to share website content on X | 400 days |
guest_id_ads | Collects information on user behaviour on multiple websites. This information is used to optimise the relevance of advertisement on the website. | 400 days |
guest_id_marketing | Collects information on user behaviour on multiple websites. This information is used to optimise the relevance of advertisement on the website. | 400 days |
LAST_RESULT_ENTRY_KEY | Used to track user’s interaction with embedded content. | Session |
LogsDatabaseV2:V#||LogsRequestsStore | Stores the user's video player preferences using embedded YouTube video | Persistent |
nextId | Used to track user’s interaction with embedded content. | Session |
remote_sid | Necessary for the implementation and functionality of YouTube video-content on the website. | Session |
requests | Used to track user’s interaction with embedded content. | Session |
ServiceWorkerLogsDatabase#SWHealthLog | Necessary for the implementation and functionality of YouTube video-content on the website. | Persistent |
TESTCOOKIESENABLED | Used to track user’s interaction with embedded content. | 1 day |
VISITOR_INFO1_LIVE | Estimates the users' bandwidth on pages with integrated YouTube videos. | 180 days |
VISITOR_PRIVACY_METADATA | Stores the user's cookie consent state for the current domain | 180 days |
Third party cookies
Our website includes links to other sites (such as Facebook, Instagram, X, TikTok, and YouTube). These third-party sites may set cookies on your device when you interact with their content on our site. We do not control these cookies and recommend you review the cookie policies of each third-party site for details on how they use cookies.
How you can control the use of cookies from our website
When you visit our website
If you don't want to opt-in to certain types of cookies when you use our website, you can adjust the selections you choose through our cookie consent mechanism when you first land on our website. Once selected, we keep a record of your cookie consent preferences for up to one year.
When you first visit our website, you are presented with a pop-up, which gives you the following options:
- I Accept Cookies
- I Do Not Accept Cookies
If you click on ‘I Accept Cookies’, all cookies will be applied.
If you only wish to accept certain types of cookies, you can turn them on or off before click ‘I Accept Cookies’.
If you click on the cross or ‘I Do Not Accept Cookies’, cookies will not be opted in to except for those that are strictly necessary.
Using browser settings
You can block cookies by changing settings in your browser. Bear in mind that if you block cookies then our website, and other sites you visit, may no longer work for you as intended.
Changes that you make to browser settings will only apply to that browser; if you use multiple browsers (e.g., Firefox, Google Chrome, Microsoft Edge, Safari) and wish to opt out of cookies then you will need to change settings in each browser that you use.
Changes to browser settings will only take effect on the device on which you make those changes unless your browsers are set up to share your settings across different devices. If your browsers are not set up in this way and you want to opt out of cookies then you will need to change the settings of each browser on each device that you use.
If you delete all cookies, then all site preferences stored on your device will be deleted. This means that if you opt out from cookies for a given site and then delete all cookies, your opt-out will not be saved and you will need to opt out again (which will store a strictly necessary cookie so that your device can remember that you have opted out).
Below are links to instructions for opting out of cookies for some of the most popular browsers:
Unfortunately, we can't help with issues caused by changes to your device settings. If you have problems, try resetting your browser settings and clearing your cache for our site.
Further information and contacting us
You can find out more about cookies at allaboutcookies.org and individual cookies on www.cookiepedia.co.uk
The ICO (Information Commissioner’s Office) provides more information on cookies, including how to see what cookies have been stored and how to manage and delete them.
To request information about yourself or to find out more about our privacy, data protection and records retention measures, please write to: Data Protection, CBSO, CBSO Centre, Berkley Street, Birmingham, B1 2LF
Email: mydata@cbso.co.uk. Specify in your communication the exact nature of the information you wish to request.
How to make a complaint
If you are unhappy with how we are processing your personal data and take the view that we are not complying with UK GDPR, you have the right to complaint to the Information Commissioner’s Office (ICO).
Visit: https://ico.org.uk/concerns/
Write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Changes to this policy
We may change or update this Cookie Policy from time to time. Any changes will be immediately posted on the website, and you are deemed to have accepted the terms of the Cookie Policy on your first use of the website following the alterations.
Last updated 08.04.25