First-party:
If a service is categorized as First-party, it means that the service is being used stand-alone and on the website itself, and does not share or need to share any received personal information from or about the website visitors with the vendor of the service. Any possible cookies placed by this service are placed on the own domain of the website. Because the vendor itself does not collect or receive that personal information, it is the website operator that is responsible for the use of the service and the data it collects. The website’s privacy statement should mention how the website operator handles the personal data of its visitors.
Second-party:
If a service is categorized as Second-party, it means that the service does share or needs to share any received personal information from or about the website visitors with the vendor of the service. The website’s privacy statement or cookiepolicy should mention that the data is being shared with the vendor. The website operator should have a data processing agreement, or alternatively a joint controller arrangement, with the vendors that are categorized as Second party. Possible cookies placed by this service are also placed on the own domain of the website.
Third-party:
A third-party service is a service on the website that is able to place cookies by a domain that the user did not directly visit. Once they are stored in the browser they can track visitors and their behavior across several websites. The website’s privacy statement or cookiepolicy should mention that the data is being shared with the vendor.
Miscellaneous:
Because browser support for third-party cookies will be phased out in the coming years, some third-party services are now also placing and reading cookies and other resources on the website’s own domain. If personal information gathered from the own domain is being shared with the vendor, who will also -until they are phased out- receive information from third-party cookies, we will categorize the service as a second party.