Cookies Cookies
AT.govt.nz puts small text files (known as ‘cookies’) onto your computer or device to improve your user experience by collecting information about how you use the site.
We don’t use cookies to identify you personally; we use cookies to:
- Measure how you use the website so we can improve it to meet your needs.
- Remember information, so you can complete tasks without having to re-enter data or repeat selections.
Find out more about what cookies are.
How we use cookies
Analysing website and app usage
We use Google Analytics, Google Tag Manager, Google Firebase and Hotjar to analyse how customers use our website and apps. This information helps us meet your needs and identify improvements to our digital services, content, and user experience.
Google Tag Manager is used to manage tags (snippet of JavaScript that sends information to a third party, such as Google) on our site and apps.
Tags we use are:
- Google Analytics.
- Google Firebase (currently only used in our AT Metro app).
- Hotjar
Google Tag Manager does not set cookies. See Google Tag Manager Terms of Service and Google privacy policy for more information.
Google Analytics stores information about:
- The pages you visit.
- How long you spend on each page.
- How you got to the site.
- What you click on while you’re visiting the site.
Google Analytics sets the following cookies:
Universal Analytics
| Name | Purpose | Expires |
|---|---|---|
| _ga | Unique identifier so we can distinguish and count unique visitors to the site | 2 years |
| _gat | Used to manage the rate at which page view requests are made | 10 minutes |
We use Google Firebase in our AT Mobile and AT Metro apps. Google Firebase is a collection of tools that help app owners add core features such as analytics, notifications, and crash reporting to their iOS and Android apps. The features we use are:
- Analytics – analyse user behaviour and demographics, so that we can improve content and user experience. The type of information collected, includes:
- The number of users and sessions.
- Session duration.
- Operating system.
- Device model.
- Geography.
- First launch.
- App open.
- App update.
- Remote config – push out minor app updates without users having to download a new version.
- Crash reporting – monitors our app for errors.
- Notifications – send notifications to app users.
- Dynamic links – create universal links that work across web, iOS and Android.
Google Firebase uses cookies, anonymous identifiers for mobile devices (eg Android Advertising Identifier or Advertising Identifier for iOS) or similar technology to collect data. Find out more about how Google uses data when you use their partners' sites or apps.
You can opt out of advertisement tracking on iOS and Android in your device settings. Notifications can be turned off in the AT Metro app settings. We currently do not have an option for users to disable Firebase analytics or crash reporting. Please think about any privacy implications before downloading and/or using our mobile app.
We don’t collect or store your personal information (eg your name or address), so this information can’t be used to identify who you are. We don’t allow Google to use or share our analytics data.
Remembering preferences and selections
Some cookies store your selections and settings so when you return to the site, we can present you with information customised to fit your needs.
| Name | Purpose | Expires |
|---|---|---|
| MyFavourites - AT | Remembers information during your visit so that you don't have to re-enter data or repeat selections | When you close your browser |
| Mystops | Records the recent stops that you checked in the Real Time Board | 1 year |
| FedAuth | Authentication cookie used to facilitate Single sign-on (SSO) for MyAT | When you close your browser |
| FedAuth1 | Authentication cookie used to facilitate SSO for MyAT | When you close your browser |
Forgery protection
We use cookies to protect you and our website from malicious activity.
| Name | Purpose | Expires |
|---|---|---|
| __RequestVerificationToken | Protection against cross-site request forgery (CSRF) | When you close your browser |
Hotjar
We use Hotjar to understand where we need to improve the website. Hotjar is not designed to track individual users.
| Name | Purpose | Expires |
|---|---|---|
| _hjClosedSurveyInvites | Set once a visitor interacts with a Survey invitation modal pop-up. It is used to ensure that the same invite does not reappear if it has already been shown. | 365 days |
| _hjDonePolls | Set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in. | 365 days |
| _hjMinimizedPolls | Set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimized when the visitor navigates through your site. | 365 days |
| _hjShownFeedbackMessage | Set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the visitor navigates to another page where it is set to show. | 365 days |
| _hjid | Set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365 days |
| _hjRecordingLastActivity | This should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). | Session |
| _hjTLDTest | When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. | Session |
| _hjUserAttributesHash | User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. | Session |
| _hjCachedUserAttributes | Stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. | Session |
| _hjLocalStorageTest | Used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. | Under 100ms (milliseconds) |
| _hjIncludedInPageviewSample | Used to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit. | 30 minutes |
| _hjIncludedInSessionSample | Used to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit. | 30 minutes |
| _hjAbsoluteSessionInProgress | Used to detect the first pageview session of a user. This is a True/False flag set by the cookie. | 30 minutes |
Hotjar does not track or record visitors who have cookies disabled.
For more information about Hotjar cookies and for details on setting Hotjar to not to track your visit.
iPerceptions survey tool
A survey tool that lets us create adhoc pop surveys eg was this useful.
| Name | Purpose | Expires |
|---|---|---|
| IPE_S_113688 | Makes sure that you only receive a single survey invitation when you visit the website | When you close your browser |
YouTube videos
We use YouTube to provide videos on some pages of the site. YouTube sets cookies when you visit one of these pages.
| Name | Purpose | Expires |
|---|---|---|
| _use_hitbox | Randomly generated number that identifies your browser | When you close your browser |
| VISITOR_INFO1_LIVE | Used by YouTube to count the views of embedded YouTube videos | 8 months |
| HSID | Security cookie used to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties | 2 years |
| SID | Security cookie used to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties | 2 years |
| PREF | Used on Google sites like YouTube to store user preferences such as preferred language | 8 months |
| SAPISID | Used on Google sites like YouTube to store user preferences such as preferred language | 2 years |
| SSID | Used on Google sites like YouTube to store user preferences such as preferred language | 2 years |
| YSC | Used on Google sites (YouTube) to store user preferences such as preferred language | When you close your browser |
| dkv | Used by Google services to display targeted advertising | 2 years |
| s_gl | Used by Google services to display targeted advertising | When you close your browser |
Controlling cookie settings on your computer
You can manually adjust the cookie settings on your internet browser so some or all of the cookies on our website won’t be downloaded onto your computer or device.
Some browsers also have an "incognito" mode, where cookies are deleted after you've closed all of your incognito windows and tabs.
Please be aware that by blocking some or all of the cookies on our website, parts of our website may not work correctly or at all.
To learn how to manage the cookie preferences on your internet browser, click on the 'Help' menu on your browser.