STATEMENT OF INTENT.
From time to time, you may be asked to submit personal information about yourself (e.g. name and email address etc.) in order to receive or use services on our website. Such services include newsletters, competitions, “Alert Email”, live chats, message boards and membership (e.g. for support services).
By entering your details in the fields requested, you enable Home Energy Model to provide you with the services you select. Whenever you provide such personal information, we will treat that information in accordance with this policy. Our services are designed to give you the information that you want to receive. Home Energy Model will act in accordance with current legislation and aim to meet current Internet best practice.
The following statement explains our policy regarding the personal information we collect about you.
INFORMATION ON VISITORS.
During the course of any visit Home Energy Model, the pages you see, along with something called a cookie, are downloaded to your computer (see point 3 for more on this). Most, if not all, websites do this, because cookies allow the website publisher to do useful things like find out whether the computer (and probably its user) has visited the site before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.
Any information that is supplied by cookies can help us to provide you with a better service and assists us to analyse the profile of our visitors. For example: if on a previous visit you went to, say, the Search Engine pages, then we might find this out from your cookie and highlight Search Engine information on a second visit. We also use cookies to provide functions such as Shopping Carts and the information held in the shopping cart is held in a cookie on your PC.
We do not gather or use personal information from our website other than to use for despatching goods and invoices or for making contact with you as the result of an enquiry or support request. We do not pass on any personal information to other companies unless we are specifically instructed to do so by you.
We do not use cookies or spyware to gather information for use in marketing or any other activity from that stated above.
WHAT IS A COOKIE?
When you visit a site, your computer may be issued a cookie. Cookies are text files that identify your computer to our server. They do not identify you personally, just the computer you are using. Many sites do this to track traffic flow.
Cookies record which areas of the site you’ve visited and for how long. You can set your computer to accept all cookies, to notify you when a cookie is issued, or to block cookies entirely. Blocking cookies may prevent certain personalized services from being available to you.
Note: Even if you haven’t set your computer to reject cookies, you can browse our site anonymously until you try to purchase products or register for services.
USE AND STORAGE OF YOUR PERSONAL INFORMATION.
When you supply any personal information to Home Energy Model (e.g. for purchase, services or support membership) we have legal obligations towards you in the way we deal with that data. We must collect the information fairly, that is, we must explain how we will use it (see the notices on particular webpages that let you know why we are requesting the information) and tell you if we want to pass the information on to anyone else. In general, any information you provide to us will only be used within Home Energy Model and by its service providers. It will never be supplied to anyone outside Home Energy Model without first obtaining your consent, unless we are obliged or permitted by law to disclose it. Also, if you post or send offensive or inappropriate content anywhere on or to Home Energy Model, or otherwise engage in any disruptive behaviour on our website, and we consider such behaviour to be serious and/or repeated, we can use whatever information that is available to us about you to stop such behaviour. This may include informing relevant third parties such as your employer, school or e-mail provider about the content and your behaviour.
We will hold your personal information on our systems for as long as you use the service you have requested, and remove it in the event that the purpose has been met, or, in the case of support membership you no longer wish to continue your registration as a member. For safety reasons, however, Home Energy Model may store messaging transcript data (including message content, member names, times and dates) arising from the use of services such as our forum for a period of six months. Where personal information is held for people who are not yet registered but have taken part in other services (e.g. competitions), that information will be held only as long as necessary to ensure that the service is run smoothly. We will ensure that all personal information supplied is held securely, in accordance with the Data Protection Act 1998.
If you are notified on Home Energy Model site that your information may be used to allow us to contact you for “service administration purposes”, this means that we may contact you for a number of purposes related to the service you have signed up for. For example, we may wish to provide you with password reminders or notify you that the particular service has been suspended for maintenance. We will not contact you for promotional purposes, such as notifying you of improvements to the service or new services on our website unless you specifically agree to be contacted for such purposes at the time you submit your information on the site, or at a later time if you sign up specifically to receive such promotional information.
USERS 16 AND UNDER.
If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to any of our websites. Users without this consent are not allowed to provide us with personal information.
HOW TO FIND AND CONTROL YOUR COOKIES.
If you’re using Netscape 6.0: On your taskbar, click Edit, then Preferences. Click Advanced, then Cookies.
If you’re using Internet Explorer 6.0: Choose Tools, then Internet Options. Click the Privacy tab. Click Custom Level. Click the Advanced button. Check the override automatic cookie handling box and select Accept, Block, or Prompt for action as appropriate.
If you’re using Internet Explorer 5.0 or 5.5: Choose Tools, then Internet Options. Click the Security tab. Click Custom Level. Scroll down to the sixth option to see how cookies are handled by IE5 and change to Accept, Disable, or Prompt for action as appropriate.
If you’re using Internet Explorer 4.0: Choose View, then Internet Options. Click the Advanced tab. Scroll down to the yellow exclamation icon under Security and choose one of the three options to regulate your use of cookies.
In Internet Explorer 3.0: You can View, Options, Advanced, then click the Warn before Accepting Cookies button.
If you’re using Netscape Communicator 4.0: On your taskbar, click Edit, then Preferences. Click Advanced. Set your options in the Cookies box.
HOW DO YOU KNOW WHICH OF THE SITES YOU’VE VISITED USE COOKIES?
Internet Options: On the General tab (the default), click Settings, then View Files.
Internet Explorer 3.0: On your taskbar, click View, Options, Advanced, View Files.
Netscape Communicator 4.0: Netscape stores all cookies in a single file on your hard drive. You’ll need to locate the file, which it calls Cookie.txt on Windows machines.
HOW DO YOU SEE YOUR COOKIE CODE?
Great question. Here’s how you can see and understand the cookies and the code that creates or uses them, from both client and server perspectives, in a friendly, easy-to-follow way.
Seeing cookies in your browser
– In Chrome or Edge:
– Open the site you’re testing.
– Open Developer Tools (F12 or right-click and choose Inspect).
– Go to the Application tab.
– In the left pane, expand Cookies and click the site’s domain. You’ll see a table with cookie name, value, domain, path, expiration, and flags like HttpOnly and Secure.
– You can inspect individual cookies, edit their values in place, or delete them to test how the site behaves when cookies change.
– In Firefox:
– Open the site and open Developer Tools (F12).
– Click on the Storage tab (or the Network tab and then Storage Inspector in newer versions).
– Under Cookies, select the site to view name, value, and metadata. Firefox also shows HttpOnly and Secure flags and helps you edit or delete cookies.
– What you’ll see:
– Name and value: the actual data stored.
– Domain and path: scope of the cookie.
– Expiration or max-age: when it expires.
– Secure and HttpOnly: whether it’s sent only over HTTPS or inaccessible to JavaScript.
– SameSite attribute: helps prevent some cross-site request forgery issues.
Seeing cookies set by the server
– In the browser’s Network tab:
– Open DevTools, go to the Network tab, reload the page.
– Click the first request to the site, look at Response Headers.
– Look for Set-Cookie headers. They show the cookie name, value, domain, path, and attributes like Expires, HttpOnly, Secure, SameSite.
– Why this matters:
– Set-Cookie headers are how servers tell the browser to create cookies. If you’re debugging login sessions, preferences, or tracking, this is usually where the cookie is being created or updated.
Reading cookie code in the client (JavaScript)
– If you want to see how cookies are read or written in the page’s code:
– In DevTools, go to the Console and type:
– document.cookie to see the raw cookie string for the current site.
– You might see helper functions in the page scripts that parse cookie strings into objects. Look for code that splits on semicolons and equal signs.
– Common patterns:
– Setting a cookie:
document.cookie = “name=value; expires=Fri, 31 Dec 9999 23:59:59 GMT; path=/”;
– Reading cookies (simple parser example):
function getCookie(name) {
return document.cookie.split(‘; ‘).reduce((r, v) => {
const parts = v.split(‘=’);
if (parts[0] === name) return decodeURIComponent(parts[1]);
return r;
}, ”);
}
Reading cookie code on the server
– If cookies are being set by a server, you’ll usually see:
– In HTTP responses: a Set-Cookie header, e.g., Set-Cookie: sessionId=abc123; Path=/; HttpOnly; Secure; SameSite=Lax
– In server code (examples):
– Node.js with Express:
res.cookie(‘sessionId’, ‘abc123’, { httpOnly: true, secure: true, sameSite: ‘lax’ });
– Python with Flask:
resp = make_response(render_template(…))
resp.set_cookie(‘sessionId’, ‘abc123′, httponly=True, secure=True, samesite=’Lax’)
– How to inspect in code:
– Look for where responses are built or headers are set.
– In request handling, search for Set-Cookie or cookie parsing logic (e.g., reading cookie header from requests like Cookie: name=value).
– If your framework has a cookie helper, it might abstract these details; you’ll see calls like response.set_cookie or request.cookies.
Understanding the difference between client and server cookies
– Client-side cookies (accessible via document.cookie, unless HttpOnly) are useful for simple state or preferences and can be manipulated by JavaScript.
– Server-side cookies (set via Set-Cookie headers, often with HttpOnly) are more secure for session identifiers and sensitive data, because they aren’t directly accessible from JavaScript.
– SameSite attribute helps protect against cross-site request forgery by controlling whether cookies are sent with cross-site requests.
Tips for practical debugging
– If a cookie isn’t appearing or changing as expected, check:
– The domain and path scoping: is the cookie being set for the correct domain and path?
– HttpOnly: if a cookie is HttpOnly, you won’t see or edit it in document.cookie—only the server can modify it.
– Secure: on non-HTTPS pages, Secure cookies won’t be sent.
– Expiration: ensure the expiration is in the future and matches your test.
– Use a clean slate:
– Clear existing cookies for the site in your browser’s storage inspector, then reload to see new cookies being created.
– If you’re building a site:
– Consider using a cookie helper library or a framework’s built-in cookie API to avoid errors and security pitfalls.
– Always set HttpOnly and, when appropriate, Secure and SameSite attributes for sensitive data.
