Professional Documents
Culture Documents
OneTrust Guide
VMware IT
Table of Contents
INTRODUCTION.....................................................................................................................................3
IMPLEMENTATION INSTRUCTIONS................................................................................................5
METHOD 1: IF THE SITE’S LOWER ENVIRONMENT (DEV, TEST, UAT, ETC.) IS NOT WITHIN THE
VMWARE FIREWALL OR WHEN A SITE GOES LIVE WITH ONETRUST CHANGES.................................17
METHOD 2: IF THE SITE’S LOWER ENVIRONMENT (DEV, TEST, UAT, ETC.) IS WITHIN THE VMWARE
FIREWALL..........................................................................................................................................18
SCENARIO 1: NON-EU REGION..........................................................................................................20
SCENARIO 2: EU REGION....................................................................................................................21
TOOLS REQUIRED...............................................................................................................................23
WALKTHROUGH VIDEOS..................................................................................................................23
1
Introduction
VMware is revising cookie notification and consent management capability in order to remain compliant
with changing GDPR, ePrivacy and other relevant regulations that cover the compliance of cookie
processing and management. The new regulations require that we make the consent more granular and
categorized. In order to achieve this, we are moving from our current Cookie Consent Management tool
provided by Evidon to a new Cookie Consent Management tool provided by OneTrust.
We are missing details in the cookie policy describing what kind of cookies are being used and
for what purposes
We only allow opt-out for third-party cookies when we should have opt-in for every category of
cookies
Some of the cookies for Adobe Technologies are dropped (even for EU users) before consent is
given
2
OneTrust UX for VMware
Once you’ve followed the instructions in this guide, you will see the new OneTrust user experience
rendered on your site.
The experience for a site visitor from a NON-EU country will include only a cookie settings button on the
screen (or a text link in the footer if preferred). From the button, site visitors can get to the cookie
preference center to modify their cookie settings if they wish.
The experience for a site visitor from an EU country will include the full cookie banner on the screen.
From the banner, site visitors can get to the cookie preference center to modify their cookie settings if
they wish.
3
Implementation Instructions
Below Instructions are assuming your site has Tealium as Tag Manager and
Evidon as Cookie Compliance Manager
Lower Environment:
<meta name="onetrust-data-domain" content="xxxxxxxxxxxxxxxx-test" > [make sure there are no blankspaces In this value]
Production:
Example:
**How to Identify Tealium Profile? Tealium Profile here Is equal to microsites In the following example path:
https://tags.tiqcdn.com/utag/vmware/microsites/prod/utag.js
**Please refer to the existing Tealium Profile on your page source, and append -privacy to it. Eg: If the Tealium Profile is
microsites, then New Tealium profile becomes microsites-privacy.
**xxxxxxxxxxxxx refers to data-domain script of OneTrust Site Notice Tag. To get this value please reach out to :
(For site owners/vendors outside VMware, you may Email your VMware business contact to ask them to
request this value through the internal DL above.)
4
2.Add Jquery, Demandbase Lib , Utag.sync.js & Data Layer In the page
source code
Please make sure following scripts are the first and the foremost javascript Inclusions on your page in the
<head> tag. Please keep the below order and priority of the scripts to avoid any racing conditions or
dependency Issues:
Lower Environment:
<script src="/<your-site-path>/jquery.min.js"></script> [ In case you have your own jquery version available ]
OR
<script src="https://www.vmware.com/content/dam/digitalmarketing/onetrust/assets/js/jquery-1.11.0.min.js"></script>
<script src="//www.vmware.com/files/templates/inc/utag_data.js"></script>
Production Environment:
<script src="/<your-site-path>/jquery.min.js"></script> [ In case you have your own jquery version available ]
OR
<script src="https://www.vmware.com/content/dam/digitalmarketing/onetrust/assets/js/jquery-1.11.0.min.js"></script>
<script src="//www.vmware.com/files/templates/inc/utag_data.js"></script>
Example:
<script src="https://www.vmware.com/content/dam/digitalmarketing/onetrust/assets/js/jquery-1.11.0.min.js"></script>
<script src="//www.vmware.com/files/templates/inc/utag_data.js"></script>
5
3.Add a Cookie Settings button or link in the page
We have two options for implementing the Cookie Settings feature :
Option 1: If you want the Cookie Settings to appear in the lower right corner as a floating button , place
the following code just anywhere In the <body> tag ( refer example -> vmworld.com)
Screenshot:
Option 2: If you want the Cookie Settings to appear in the footer as a link, place the following code in
your footer( refer example -> my.vmware.com)
Screenshot:
Look for window.evidon through the search option in DEV Tools in the browser to find the below code:
(function(id) {
function append(scriptid, url, async) {
6
var d = document,
sn = 'script',
f = d.getElementsByTagName(sn)[0];
if (!f) f = d.head;
var s = d.createElement(sn);
s.async = true;
s.id = scriptid;
s.src = url;
f.parentNode.insertBefore(s, f);
function getRootDomain() {
var parts = window.location.hostname.split('.');
if (parts.length === 2) rootDomain = parts[0];
else if (parts.length > 2) {
// see if the next to last value is a common tld
var part = parts[parts.length - 2];
if (part === 'com' || part === 'co') {
rootDomain = parts[parts.length - 3]; // go back one more
} else {
rootDomain = part;
}
}
return rootDomain;
}
window.evidon = {};
window.evidon.id = id;
var cdn = '//c.evidon.com/',
rootDomain = getRootDomain(),
noticecdn = cdn + 'sitenotice/';
append('evidon-notice', noticecdn + 'evidon-sitenotice-tag.js', false);
append('evidon-location', cdn + 'geo/country.js', true);
append('evidon-themes', noticecdn + id + '/snthemes.js', true);
if (rootDomain) append('evidon-settings', noticecdn + id + '/' + rootDomain + '/settings.js', true);
function isEU() {
var curr;
var euCountries = ["gb", "uk", "fr", "de", "at", "be", "bg", "hr", "cy", "cz", "dk", "ee", "fi", "lv", "gr", "hu", "ie", "it", "lt", "lu",
"mt", "nl", "pl", "pt", "ro", "sk", "si", "es", "se"];
var eu = false;
if (window.evidon) {
if (window.evidon.location !== undefined && window.evidon.location) {
curr = window.evidon.location.code;
} else if (window.evidon.notice !== undefined && window.evidon.notice.country) {
curr = window.evidon.notice.country.code;
}
}
for (i = 0; i < euCountries.length; i++) {
if (curr == euCountries[i]) {
7
console.log(("EU country"));
eu = true;
break;
}
}
console.log(curr);
return eu;
}
window.evidon.priorConsentCallback = function() {
// fire thirdparty trackers/ads/integrations/cookie-dropping-code ---> Do not remove this section under Evidon
Calback while removing Evidon Snippet as , this would be required to be wrapped in OneTrustCallback. Separate out
this section and use it in OneTrustCallback . How to use OneTrustCallback explained in upcoming section 8. Handle
Thirdparty Trackers outside Tealium in OneTrustCallback
}
})(4478);
**If the above Evidon Callback has any methods like loadTealium or methods that have references to files like
utag.sync.js or utag_data.js or utag.js , or if these files are directly getting called in the calback please remove
those references as they are already being handled in Step 1 & Step 2 of the document
main
store
magento
**Identify your Tealium Profile by typing window.utag.cfg.path in browser console of the site
**If the value returned has one of the above values then you can proceed with the below instructions:
Navigate to -privacy version of your identified Tealium Profile , by selecting the option in the
Profile Dropdown
8
Create a Data Layer Variable for OptanonConsent Cookie:
9
Open the Tags page, open the tag, then add the load rule to the tag:
Add the following OneTrust Site Notice Tag in utag.sync.js template by following steps shown in
the screenshot:
10
oneTrustScript.src = "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js";
oneTrustScript.type = "text/javascript";
oneTrustScript.charset = "UTF-8";
oneTrustScript.setAttribute('data-domain-script', ddscript);
document.head.appendChild(oneTrustScript);
function OptanonWrapper() {}
To add the load rule for Adobe Target, Visitor API and to handle Privacy Messages, please refer to
the below scripts path for reference:
https://tags.tiqcdn.com/utag/vmware/microsites-privacy/qa/utag.sync.js
Please click below Excel file Link for Tealium Tags Categorization:
https://www.vmware.com/content/dam/digitalmarketing/onetrust/assets/xls/TealiumTagsCategorizationL
egal.xlsx
6.Handle third party trackers outside the Tealium Tag Manager with
OneTrustCallback
Cookies themselves cannot be directly blocked; however, most cookies that fall under the legislation are
set through inserted scripts or tags, such as JavaScript or HTML iFrames. This includes most analytics
and third-party cookies, such as advertising cookies.
Therefore, to comply with the law, these scripts should be blocked, or substituted for non-cookie
alternatives whenever consent has been withheld or withdrawn. To achieve this, you can use one of
several custom JavaScript helper methods along with a OneTrust wrapper control function.
11
OneTrust Wrapper Control: There are 2 ways to do it . Explained as Solution #1 & Solution #2 below
Solution 1:
This is one of the most efficient methods of preventing cookies controlled by script tags from being
dropped before consent is given. This method requires the least amount of change to your site. It is
recommended that you use this approach whenever possible.
Using script type re-writing, you need to change the scripts to:
C000X Is the ID of the Cookie Category and that can have values like: C0002, C0003, C0004 , C0005
When the above code loads, JavaScript inside the tags will not run, and no cookies will be set. Then,
when the Cookie Consent code loads, if cookies for the associated group have consent, it will
dynamically change the tag to: script type=text/JavaScript – the code inside the tags will then be
recognized and run as normal.However sometimes there can be racing condition issues and cookies may
fire even without consent. In such cases you can switch to full proof Custom Approach below.
Using the Custom OneTrust Wrapper , you need to change the scripts to :
var waitForConsent;
function waitForConsentCookie() {
if (document.cookie.indexOf('OptanonConsent') > -1 && document.cookie.indexOf('groups=') > -1) {
clearTimeout(waitForConsent);
if (decodeURIComponent(document.cookie).indexOf('C000X:1') > -1 ) {
//Cookie Dropping Code
}
12
}
else{waitForConsent=setTimeout(waitForConsentCookie, 250);}
}
</script>
C000X Is the ID of the Cookie Category and that can have values like: C0002, C0003, C0004 , C0005
**Refer to the table below to deduce your interpretations of the category for the Cookie Dropping code/tag
**However please note the same will be have to be run by Legal for review and final confirmation
**Please reach out to below point of contacts to know more on the Legal Process:
(For site owners/vendors outside VMware, you may Email your VMware business contact to ask them to
request this value through the internal DL above.)
13
disabling this category of cookies.
Will NOT fire until Will fire Performance cookies are used to analyze the
opt-in “Accept All” immediately. user experience to improve our website by
action has been Will be blocked collecting and reporting information on how you
taken. once opt-out action use it. They allow us to know which pages are
has been taken and the most and least popular, see how visitors
Performance screen refresh has move around the site, optimize our website and
C0002 been done. make it easier to navigate.
Will NOT fire until Will fire Functional cookies help us keep track of your
opt-in “Accept All” immediately. past browsing choices so we can improve
action has been Will be blocked usability and customize your experience. These
taken. once opt-out action cookies enable the website to remember your
has been taken and preferred settings, language preferences,
Functional screen refresh has location and other customizable elements such
C0003 been done. as font or text size.
Will NOT fire until Will fire Advertising cookies are used to send you
opt-in “Accept All” immediately. relevant advertising and promotional
action has been Will be blocked information. They may be set through our site
taken. once opt-out action by third parties to build a profile of your
has been taken and interests and show you relevant advertisements
screen refresh has on other sites. These cookies do not directly
been done. store personal information but their function is
Advertising based on uniquely identifying your browser and
C0004 internet device.
Will NOT fire until Will fire Social media cookies are intended to facilitate
opt-in “Accept All” immediately. the sharing of content and to improve the user
action has been Will be blocked experience. We do not control social media
taken. once opt-out action cookies and they do not allow us to gain access
has been taken and to your social media accounts. Please refer to the
Social Media screen refresh has relevant social media platform’s privacy policies
C0005 been done. for more information.
To trigger this activity please send email with your site URL and request to scan to:
14
OneTrustHelp@vmware.com (Internal VMware Users)
(For site owners/vendors outside VMware, you may Email your VMware business contact to
ask them to kick off this review process through the internal DL above.)
Your site may include tags or cookies that have not been previously encountered by VMware
privacy. In this case, you will be given a list of these “new” items and asked to provide a
definition of what they are and how they function along with your best guess recommendation as
to the category in which they belong (see above). This will then be reviewed/modified/approved
by VMware privacy team.
Once your site is fully compliant, you will become NON-compliant any time you add a tag or
cookie that was not previously reviewed/categorized by VMware privacy. If you plan to make a
change to your site that results in new tags/cookies being added, you must kick off this review
process again.
To trigger this activity please send email with your site URL and request to review to:
OneTrustHelp@vmware.com (Internal VMware Users)
(For site owners/vendors outside VMware, you may Email your VMware business contact to
ask them to kick off this review process through the internal DL above.)
**Please clear browser cache & cookies every time you switch between EU and Non-EU regions
15
Select an EU country from list to test the EU experience
Method 2: If the Site’s lower environment (Dev, Test, UAT, etc.) is within the
VMware firewall
16
Configure Switcheroo to enable functionality in Incognito Mode
Redirection Rules (applies to all methods of redirection - using Chrome Switcheroo extension)
17
Fr
htt
tes
**Please clear browser cache & cookies every time you switch between EU and Non-EU regions
Examples:
EU Region : https://www.vmworld.com/en/index.html?countryCode=DE
Non-EU Region: https://www.vmworld.com/en/index.html?countryCode=US
By clicking the Cookie Settings button, the user will be able to turn tracking on or off for Performance
cookies, Advertising cookies, Social media cookies and Functional cookies (See Example Below)
18
Users should be able to see individual cookies listed under each category (See Example Below ).
By Default implicit consent is assumed for non-EU visitors and all cookies will drop with initial page
load.
If a user turns off consent for a certain cookie, the category tags related to that cookie will not fire from
that point forward. The cookie itself will remain as is.
If a user wants cookies deleted from his/her own device, he/she must go to the browser settings page and
clear cache and cookies from their browsers.
Scenario 2: EU Region
A user visits the site from an EU Country.
For such users the blue OneTrust cookie banner should be visible on the website as shown in the image
below.
No cookies should drop until a user engages with the Cookie Consent banner and makes a category
selection in the cookie preference center or clicks on the Accept All Cookies button.
19
By clicking the Cookie Settings button the user will be able to turn tracking on or off for Performance
cookies, Advertising cookies, Social media cookies and Functional cookies (see below image).
Users should be able to see individual cookies listed under each category (per below image).
20
Tools Required
Chrome - Switcheroo, Hola VPN Proxy
Walkthrough Videos
To come
(For site owners/vendors outside VMware, you may Email your VMware business contact to ask them to
make contact through the internal DL above.)
21
22