Cookie Policy

About this policy

We use cookies across our website to improve user experience. This page explains:

  • Who we are
  • What cookies are
  • Types of cookies we use
  • How you can control the use of cookies from our website
  • Further information and contacting us
  • How to make a complaint

Who we are

The City of Birmingham Symphony Orchestra (CBSO) is a registered Arts Charity (number 506276) that processes data for purposes necessary to fulfil its aims and charitable objectives. For this policy “we“, “us,” and “our” refer to CBSO.

What are cookies?

Cookies are small text files of letters and numbers with an expiry date which are stored in your browser on your computer or mobile device. A cookie is created when the browser you use to look at web pages loads a particular website. The website sends information to the browser which then creates a text file (cookie). Every time you return to the same website, your browser retrieves and sends this file to the website's server. When the cookie reaches its expiry date, your browser discards it.

A cookie records information relating to your internet activity such as whether you have visited our website before. It stores the information on your device (your computer/tablet/phone). The cookies we use on our website don't collect personally identifiable information about you and we only disclose anonymised aggregated usage data to third parties.

A persistent cookie stays on your device even after you close your browser, remembering your settings and preferences for future visits. You can clear them by going into your browser settings and deleting your cookies.

The cookies we send to your device only relate to your use of our website; they don't have any other effect on your device.

The types of cookies we use

We collect five types of cookies. Below, we explain what these are, what they do, and how long we store them for – this can vary from a session to set of minutes, hours, or days. A session starts when you launch a website and ends when you leave it or close your browser window.

Necessary cookies

These cookies are necessary for our website to work properly, which is why they can’t be switched off. They are essential in helping you to move around our websites and using their features, such as accessing secure (password-protected) areas, for example, your user account.

We use:

Cookie

Purpose

Duration

AEC

Ensures requests within a browsing session are made by the user, and not by other sites. This cookie prevents malicious sites from acting on behalf of a user without that user’s knowledge.

6 months

CRAFT_CSRF_TOKEN

Ensures visitor browsing-security by preventing cross-site request forgery.

Session

rc::a

Used to distinguish between humans and bots.

Persistent

rc::c

Used to distinguish between humans and bots.

Session

SOCS

Stores the user's state regarding their cookies choices.

13 months

HSID

Provides fraud prevention.

2 years

SIDCC

Provides the identification of trusted web traffic.

1 year

TNEW

Manages and retains what actions a user has conducted during the session.

Session

TNEWQA

Manages and retains what actions a user has conducted during the session.

Session

OPG

Manages and retains what actions a user has conducted during the session and store encrypted session information for the One-Page Giving pages on live sites.

Session

OPGQA

Manages and retains what actions a user has conducted during the session and store encrypted session information for the One-Page Giving pages on test sites.

Session

Tneworder*

Permits users to return to the Receipt page after having completed an order and view the details of the order.

Session

TN_SSO

Used to store encrypted session information for access to the TNEW Administration Site. This assists with validating authentication for Tessitura Staff to the Administration Site.

Session

ASPXFORMSAUTH

Used to indicate a user’s site permissions including access to the TNEW Administration Site. This supports the security of the service.

48 hours after last use

ASP.NET_SessionID

Used to manage user sessions. This identifies the unique user using a random key.

Session

__RequestVerificationToken

Used to verify form submissions and prevent cross-site request forgery attacks.

48 hours

nlbi_*

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

Session

incap_ses_ *

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

Session

reese84

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

30 days

reese84-resubmit-token

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

60 seconds

visid_incap_ *

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

12 Months

_ cf_bm

Used by a third-party service provider, Cloudflare, to filter out malicious requests and optimise page load times.

30 Minutes

QueueITAccepted-*

Used by Queue-it 2.5 to authenticate a user when a virtual waiting room is enabled.

Variable (based on the amount of time a user may access your TNEW site after exiting the waiting room)

Queue-it*

Used by Queue-it to authenticate a user when a virtual waiting room is enabled.

Session

_GRECAPTCHA

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

6 months

rc::a

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

Persistent

rc::c

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

Session

BIGipServereu.gateway.mastercard.int-asset-https-pool

Used when Mastercard Third Party Hosted Payments are enabled.

Session

TS*

Used when Mastercard Third Party Hosted Payments are enabled.

Session

ASP ASP.NET_SessionID

Used when Worldpay Third Party Hosted Payments are enabled.

Session

JSESSIONID

Used when Tessitura Merchant Services are enabled. Maintains a unique user session for Tessitura Merchant Services server.

5 days

CRAFT_CSRF_TOKEN

Ensures visitor browsing-security by preventing cross-site request forgery.

Session

rc::a

Used to distinguish between humans and bots.

Persistent

rc::c

Used to distinguish between humans and bots.

Session

SOCS

Stores the user's state regarding their cookies choices.

13 months

HSID

Provides fraud prevention.

2 years

SIDCC

Provides the identification of trusted web traffic.

1 year

TNEW

Used by TNEW to store encrypted session information for live sites. The cookie is used to manage and retain what actions a user has conducted during the session.

Session

TNEWQA

Used by TNEW to store encrypted session information for test sites. The cookie is used to manage and retain what actions a user has conducted during the session.

Session

OPG

Used by TNEW to store encrypted session information for the One-Page Giving pages on LIVE sites.

Session

OPGQA

Used by TNEW to store encrypted session information for the One-Page Giving pages on TEST sites.

Session

Tneworder*

Used by TNEW to permit users to return to the Receipt page after having completed an order and view the details of the order.

Session

TN_SSO

Used by TNEW to store encrypted session information for access to the TNEW Administration Site. This assists with validating authentication for Tessitura Staff to the Administration Site.

Session

ASPXFORMSAUTH

Used by TNEW to indicate a user’s site permissions including access to the TNEW Administration Site. This supports the security of the service.

48 hours after last use

ASP.NET_SessionID

Used by ASP.NET to manage user sessions. This identifies the unique user using a random key.

Session

__RequestVerificationToken

Used by TNEW to verify form submissions and prevent cross-site request forgery attacks.

48 hours

nlbi_*

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

Session

incap_ses_ *

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

Session

reese84

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

30 days

reese84-resubmit-token

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

60 seconds

visid_incap_ *

Used by a third-party web security service, Imperva, which is built into the TNEW architecture to protect the application and infrastructure by filtering out malicious requests.

12 Months

_ cf_bm

Used by a third-party service provider, Cloudflare, to filter out malicious requests and optimise page load times.

30 Minutes

QueueITAccepted-*

Used by Queue-it version 2.5 to authenticate a user when a virtual waiting room is enabled.

Variable (based on the amount of time a user may access your TNEW site after exiting the waiting room)

Queue-it*

Used by all Queue-it versions when a virtual waiting room is enabled.

Session

_GRECAPTCHA

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

6 months

rc::a

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

Persistent

rc::c

Used on Create Account, Create Account Brief, Update Account, Guest Checkout, and One-Page Giving Pages when Google reCAPTCHA is enabled. reCAPTCHA is used to protect TNEW sites from fraudulent account creation and payments.

Session

BIGipServereu.gateway.mastercard.int-asset-https-pool

Used when Mastercard Third Party Hosted Payments are enabled.

Session

Analytical cookies

Analytical cookies play a vital role in helping us fulfil our charitable objectives. They enable us to gather the insights needed to apply for funding, sustain the activities we excel at, and continually improve our website. By collecting and reporting information on how you use our site, these cookies provide valuable insights into user behaviour and actions. This understanding helps us identify patterns and preferences, enabling us to make data-driven decisions that enhance the website's functionality and effectiveness.

We use:

We use Google Analytics to collect information about how visitors use our website. We use this information to report to our funders and to analyse website usage so that we can improve user experience. Google Analytics collects information such as the number of site visitors, which pages they visited, how they came to the site and their location. This information is anonymous and cannot be used to identify you personally. You can find out more about privacy at Google and opt out of being tracked by Google Analytics across all websites.

Cookie

Description

Duration

_gcl_au

Google Tag Manager sets the cookie to experiment Marketing efficiency of websites using their services.

3 months

_ga

Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.

1 year, 1 month, 4 days

_gid

Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

1 day

_ga_*

Google Analytics sets this cookie to store and count page views.

1 year, 1 month, 4 days

_hjAbsoluteSessionInProgress

Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.

30 minutes

__utma

Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics.

2 years

__utmb

Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit.

1 day

__utmc

Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.

Session

__utmd

Used to assign specific visitors into segments, this segmentation is based on visitor behaviour on the website - the segmentation can be used to target larger groups.

1 day

__utmv

Saves user-defined tracking parameters for use in Google Analytics.

Session

__utmz

Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics.

6 months

collect

Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.

Session

td

Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.

Session

_hjSessionUser_*

Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.

1 year

Marketing cookies

We use marketing cookies to help us improve the relevancy of advertising campaigns you may receive.

Cookie

Description

Duration

ads/ga-audiences

Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.

Session

ar_debug

Used by DoubleClick to debug ads.

1 year

NID

Provides ad delivery or retargeting, store user preferences.

6 months from a user’s last use

APISID

Used to personal Google ads on websites based on your recent searches.

2 years

SID

Provides ad delivery or retargeting, provide fraud prevention.

2 years

sp_landing

Set by the provider Spotify and is used to implement audio content on the Spotify website. It also helps in collecting information on user interaction with this audio content.

1 day

sp_t

Set by the provider Spotify and is used to implement audio content on the Spotify website. It also helps in collecting information on user interaction with this audio content.

1 day

ajs_user_id

Used to track visitor usage, events, and target marketing as well as measure website performance and stability.

1 year

lastExternalReferrer

Detects how the user reached the website by registering their last URL-address.

Persistent

lastExternalReferrerTime

Detects how the user reached the website by registering their last URL-address.

Persistent

muc_ads

Collects data on user behaviour and interaction to optimise the website and make advertisement on the website more relevant.

400 days

personalization_id

Set by X and allows the visitor to share content from the website on their X profile.

400 days

guest_id

Set by X when a visitor clicks to share website content on X

400 days

guest_id_ads

Collects information on user behaviour on multiple websites. This information is used to optimise the relevance of advertisement on the website.

400 days

guest_id_marketing

Collects information on user behaviour on multiple websites. This information is used to optimise the relevance of advertisement on the website.

400 days

LAST_RESULT_ENTRY_KEY

Used to track user’s interaction with embedded content.

Session

LogsDatabaseV2:V#||LogsRequestsStore

Stores the user's video player preferences using embedded YouTube video

Persistent

nextId

Used to track user’s interaction with embedded content.

Session

remote_sid

Necessary for the implementation and functionality of YouTube video-content on the website.

Session

requests

Used to track user’s interaction with embedded content.

Session

ServiceWorkerLogsDatabase#SWHealthLog

Necessary for the implementation and functionality of YouTube video-content on the website.

Persistent

TESTCOOKIESENABLED

Used to track user’s interaction with embedded content.

1 day

VISITOR_INFO1_LIVE

Estimates the users' bandwidth on pages with integrated YouTube videos.

180 days

VISITOR_PRIVACY_METADATA

Stores the user's cookie consent state for the current domain

180 days

Third party cookies

Our website includes links to other sites (such as Facebook, Instagram, X, TikTok, and YouTube). These third-party sites may set cookies on your device when you interact with their content on our site. We do not control these cookies and recommend you review the cookie policies of each third-party site for details on how they use cookies.

How you can control the use of cookies from our website

When you visit our website

If you don't want to opt-in to certain types of cookies when you use our website, you can adjust the selections you choose through our cookie consent mechanism when you first land on our website. Once selected, we keep a record of your cookie consent preferences for up to one year.

When you first visit our website, you are presented with a pop-up, which gives you the following options:

  • I Accept Cookies
  • I Do Not Accept Cookies

If you click on ‘I Accept Cookies’, all cookies will be applied.

If you only wish to accept certain types of cookies, you can turn them on or off before click ‘I Accept Cookies’.

If you click on the cross or ‘I Do Not Accept Cookies’, cookies will not be opted in to except for those that are strictly necessary.

Using browser settings

You can block cookies by changing settings in your browser. Bear in mind that if you block cookies then our website, and other sites you visit, may no longer work for you as intended.

Changes that you make to browser settings will only apply to that browser; if you use multiple browsers (e.g., Firefox, Google Chrome, Microsoft Edge, Safari) and wish to opt out of cookies then you will need to change settings in each browser that you use.

Changes to browser settings will only take effect on the device on which you make those changes unless your browsers are set up to share your settings across different devices. If your browsers are not set up in this way and you want to opt out of cookies then you will need to change the settings of each browser on each device that you use.

If you delete all cookies, then all site preferences stored on your device will be deleted. This means that if you opt out from cookies for a given site and then delete all cookies, your opt-out will not be saved and you will need to opt out again (which will store a strictly necessary cookie so that your device can remember that you have opted out).

Below are links to instructions for opting out of cookies for some of the most popular browsers:

Unfortunately, we can't help with issues caused by changes to your device settings. If you have problems, try resetting your browser settings and clearing your cache for our site.

Further information and contacting us

You can find out more about cookies at allaboutcookies.org and individual cookies on www.cookiepedia.co.uk

The ICO (Information Commissioner’s Office) provides more information on cookies, including how to see what cookies have been stored and how to manage and delete them.

To request information about yourself or to find out more about our privacy, data protection and records retention measures, please write to: Data Protection, CBSO, CBSO Centre, Berkley Street, Birmingham, B1 2LF

Email: mydata@cbso.co.uk. Specify in your communication the exact nature of the information you wish to request.

How to make a complaint

If you are unhappy with how we are processing your personal data and take the view that we are not complying with UK GDPR, you have the right to complaint to the Information Commissioner’s Office (ICO).

Visit: https://ico.org.uk/concerns/

Write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 123 1113

Changes to this policy

We may change or update this Cookie Policy from time to time. Any changes will be immediately posted on the website, and you are deemed to have accepted the terms of the Cookie Policy on your first use of the website following the alterations.

Last updated 08.04.25