In compliance with article 22.2 of current Law 34/2002, of 11 July, on the services of the information society and electronic commerce (LSSI-CE), the FUNDACIÓ PRIVADA INSTITUT D’INVESTIGACIÓ ONCOLÒGICA DE VALL D’HEBRON (hereinafter VHIO) must comply with the obligation to provide information on the cookies it uses and their purposes.
This website uses cookies and/or similar technologies that store and retrieve information as you browse the website. Among other functions, cookies enable a website to store and retrieve information on a user’s browsing habits or their device and, depending on the information they contain and how the device is used, they can be used to recognise the user.
Cookies are essential to the functioning of the internet and provide numerous advantages in the delivery of interactive services, making it easier for the user to browse and use our website.
The user can modify their cookie preferences HERE.
The information provided below will help you understand the different types of cookies:
| TYPES OF COOKIES | ||
| BY MANAGING ENTITY | FIRST-PARTY COOKIES | Cookies that are sent to the user’s device from a device or domain managed by the website owner and from which the service requested by the user is provided. |
| THIRD-PARTY COOKIES | Cookies that are sent to the user’s terminal from a device or domain not managed by the website owner, but by another body that processes the data obtained through cookies. | |
| BY DURATION | SESSION COOKIES | Cookies designed to collect and store data while the user accesses a website. They are usually used to store information that is only worth keeping to provide the service requested by the user on a single occasion (e.g., a list of acquired products) and disappear when the session ends. |
| PERSISTENT COOKIES | Cookies in which the data remain stored on the user’s device and may be accessed and processed for a period ranging from a few minutes to several years, defined by the cookie controller. | |
| BY PURPOSE | TECHNICAL COOKIES | Cookies that enable the user to browse a website, platform or application and use the different options or services available on it. |
| PERSONALISATION COOKIES | Cookies that allow the application of user-specific features for browsing the website (e.g. language settings). | |
| ANALYTICS COOKIES | Cookies that enable the controller to monitor and analyse users’ behaviour on the websites to which they are linked, including quantifying advertising impacts. The information collected with these cookies is used to measure website, application or platform activity, in order to make improvements based on the analysis of how users use the service. | |
| ADVERTISING COOKIES | Cookies that allow the publisher to include advertising space on the website, based on its content. | |
| BEHAVIOURAL ADVERTISING COOKIES | Cookies that store information on users’ behaviour obtained through continuous observation of their browsing habits, enabling specific profiles to be drawn up to display advertising tailored to that profile. | |
VHIO also provides more detailed information regarding the cookies used by their respective providers, their specific use or purpose, retention periods and any potential international data transfers associated with each cookie used on our website:
| Type | Owner | Cookie | Purpose | Retention |
| Technical | Vhio.net | Consent cookie | Consent management. | 1 day |
| Technical | WooCommerce | woocommerce_cart_hash | Identifies changes in the shopping cart. Stores information about products and helps update the cart total without storing personal data. | Session |
| Technical | WooCommerce | woocommerce_items_in_cart | Allows the shopping cart to function correctly, keeping selected products while the user browses the store. | Session |
| Technical | WooCommerce | wp_woocommerce_session_db | Stores a unique identifier for each customer. This allows WooCommerce to determine which shopping cart belongs to which user, keeping products in the cart while the user browses the store without the need to sign in. | 2 days |
| Analytical | Google.com | _gat_gtag_UA | Limits request rates (throttling) and reduces the data load on high-traffic websites. | 1 minute |
| Technical and advertising | Google.com | __Secure-1PAPISID | Creates interest profiles on visitors, enabling Google to display relevant and personalised advertising. It is also used to interact with Google services. | 1 year |
| Technical and functional | Google.com | __Secure-1PSIDCC | Its main function is to protect user data against unauthorised access and malicious attacks. | 1 year |
| Personalised advertising | Google.com | __Secure-1PSIDTS | Registers a unique identifier to track interactions, measure advertising performance and personalise the user experience. | 1 year |
| Personalised advertising | Google.com | __Secure-1PSID | Identifies user sessions in Google services, enables ad personalisation and is transmitted over secure HTTPS connections only. | 1 year |
| Personalised advertising | Google.com | __Secure-3PAPISID | Its main function is to collect information on how users interact with Google services in order to personalise advertising, measure campaign effectiveness and deliver relevant adverts, often on third-party websites. | 1 year |
| Personalised advertising | Google.com | __Secure-3PSIDCC | Used to protect user data from unauthorised access, prevent fraud, personalise advertising and store preferences. | 1 year |
| Personalised advertising | Google.com | __Secure-3PSIDTS | Its main function is to record browsing data, interactions with adverts and Google services in order to build a user interest profile, which permits personalisation of advertising and measurement of campaign performance. | 1 year |
| Personalised advertising | Google.com | __Secure-3PSID | Interest segmentation, ad personalisation and fraud prevention. | 12 to 24 months |
| Technical and secure | Google.com | __Secure-BUCKET | Its main function is to protect user data, prevent abuse/spam and enable secure access to Google Cloud services and embedded content (such as YouTube). | 6 and 13 months |
| Technical and secure | Google.com | __Secure-ENID | Used mainly to improve website functionality, remember user preferences (such as language) and ensure security by preventing fraud and abuse in services. | 1 year |
| Session technical | Google.com | __Secure-STRP | Designed to ensure secure browsing and the proper functioning of its services. | Session |
| Session technical | Google.com | _GRECAPTCHA | Essential for the functioning of reCAPTCHA. Its main purpose is to distinguish between humans and bots, protecting website forms from spam and automated attacks. | 6 months |
| Functional | Google.com | AEC | Detects spam, fraud and abuse, ensuring valid and secure advertising interactions. | 6 months |
| Technical and advertising personalisation | Google.com | APISID | Used to store preferences, validate user authenticity, prevent fraud and personalise ads. It is associated with Google account sign-in and services such as Google Maps and YouTube. | 1 year |
| Advertising and personalisation | Google.com | DV | Used to collect anonymous information, measure user behaviour and tailor adverts to user interests. | 1 day |
| Technical and secure | Google.com | HSID | Stores encrypted records of the user account ID and sign-in times. Its main function is to validate users, prevent session hijacking attacks and protect forms. | 2 years |
| Advertising and personalisation | Google.com | NID | Used in services to personalise advertising and remember user preferences, such as language and the number of search results. | 6 months |
| Technical/functional and advertising | Google.com | SAPISID | Mainly used to improve user experience by remembering preferences, maintaining active sessions in services such as Google Maps and YouTube, and collecting information on how users interact with Google services. | 1 year |
| Technical/functional | Google.com | SEARCH_SAMESITE | Google Analytics | 4 months |
| Functional and secure | Google.com | SIDCC | Its main purpose is to verify user authenticity, prevent fraudulent use of credentials and protect data from unauthorised access, thereby improving the browsing experience. | 1 year |
| Technical | Google.com | SID | Its main function is to store encrypted information regarding the user’s Google account ID and the most recent sign-in time. It enables user authentication, maintains active sessions and personalises advertising on non-Google websites. | 2 years |
| Technical/functional | Google.com | SOCS | Stores the user’s cookie choices (Sign-Out Cookie State). | 13 months |
| Advertising and personalisation | Google.com | SSID | Stores information about recent searches, previous interactions with adverts, and user preferences in order to display relevant advertising. | 2 years |
| Functional/geolocation | Google.com | UULE | Sends precise geolocation information from the browser to its servers. | 6 hours |
Please note that if you accept third-party cookies, you will need to delete them via your browser settings or through the system provided by the third party itself.
Below are links for various browsers where you can modify your browser settings for the use of cookies:
- Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop?redirectslug=enable-and-disable-cookies-website-preferences&redirectlocale=en-US
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Internet Explorer: http://windows.microsoft.com/es-es/internet-explorer/delete-manage-cookies#ie=ie-10
- Microsoft Edge:
- Safari:
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
For more information on the processing of personal data, we recommend visiting our “Privacy Policy” section.
Last updated: May 2026.
