Cookie Policy

Working draft · last updated: 25 June 2026 · Effective from: —

This Cookie Policy explains what cookies and similar technologies are, the purposes for which and the legal basis on which they are used in the mobile applications, software, and websites published under the RIDOA brand, and how the User can manage their preferences and withdraw any consent granted.

Document in draft form. The specific cookie names, providers, retention periods, and the list of recipients will be supplemented once analytics and measurement tools are deployed. Until then, the lists below are illustrative and indicative only.

§ 1. Controller and contact details

The controller of personal data processed in connection with the use of cookies, and the entity placing and accessing information stored on the User's terminal device, is:

Capitalised terms not defined in this Policy have the meaning given to them in the Terms of Service and in the Privacy Policy (GDPR) available in the list of documents above.

§ 2. What cookies and similar technologies are

Cookies are small text files saved and stored on the User's terminal device (computer, smartphone, tablet) while using a website or application. Cookies usually contain the name of the domain they originate from, their retention time on the device, and a unique number (identifier).

According to their retention time, we distinguish:

• session cookies — temporary files, stored until the end of the session (logging out, leaving the website, or closing the browser);
• persistent cookies — files stored for the period specified in the cookie's parameters or until they are manually deleted by the User.

In addition to cookies, we use or may use similar technologies performing comparable functions, in particular:

• the browser's local and session storage (Local Storage, Session Storage) and browser-side databases (IndexedDB);
• identifiers and device storage in mobile applications (e.g. the IDFA / GAID advertising identifiers, application preference files, push notification tokens) — the scope of their use is further described by the rules of the Apple App Store and Google Play platforms;
• pixels, tags, and measurement scripts (web beacons, tags) used for analytics or effectiveness-measurement purposes.

Wherever this Policy refers to "cookies", this is also understood to include the similar technologies described above, to the extent that they perform an analogous function.

§ 3. Legal basis for the use of cookies

The use of cookies and access to information stored on the User's terminal device take place in accordance with:

• Article 173 of the Act of 16 July 2004 — Telecommunications Law, under which storing information or gaining access to information already stored on the User's terminal device is permitted provided that the User has given prior consent, except where this is necessary to carry out the transmission of a communication or to provide a service requested by the User (strictly necessary cookies);
• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) — to the extent that information collected by means of cookies constitutes personal data;
• the Act of 18 July 2002 on the provision of services by electronic means — with respect to the provision of services in the websites and applications.

To the extent that data collected by cookies constitutes personal data, the basis for its processing is:

• Article 6(1)(f) GDPR (the Controller's legitimate interest) — for cookies necessary for the proper operation of the website/application and for ensuring their security;
• Article 6(1)(a) GDPR (the User's consent) — for functional, analytics, and marketing cookies, including third-party cookies; consent is voluntary and may be withdrawn at any time with effect for the future.

Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Consent to cookies that are not required to provide the service is not a condition for using the website or application.

§ 4. Purposes for which cookies are used

Cookies and similar technologies are used in particular for the following purposes:

• ensuring the proper, secure, and stable operation of the website and application;
• maintaining the User's session (including after logging in) without the need to log in again on every subpage or screen;
• remembering the settings and preferences selected by the User (e.g. language, region, interface layout);
• remembering the User's decision regarding cookie consents;
• creating anonymous statistics and analyses of how the website/application is used, in order to develop and improve them;
• ensuring security, detecting abuse, and preventing fraud;
• possibly — presenting marketing content tailored to the User's interests (only after separate consent has been given).

§ 5. Types of cookies used

Within the RIDOA products we use or may use four categories of cookies. The lists below are illustrative — detailed names, providers, and retention periods will be supplemented once measurement tools are deployed and will be presented in the consent management panel.

5.1. Strictly necessary (technical) cookies

Necessary for the proper operation of the website or application and for the provision of services requested by the User. They do not require consent (Article 173(3) of the Telecommunications Law). Without them the website cannot function properly.

• Name (example): ridoa_session · Purpose: maintaining the User's session and authentication · Retention time: browser session.
• Name (example): ridoa_csrf · Purpose: protection against CSRF attacks, form security · Retention time: browser session.
• Name (example): ridoa_cookie_consent · Purpose: remembering the User's decision regarding cookie consents · Retention time: up to 12 months.

5.2. Functional cookies

They enable the settings selected by the User to be remembered and the interface to be personalised. Used on the basis of consent.

• Name (example): ridoa_lang · Purpose: remembering the preferred language · Retention time: up to 12 months.
• Name (example): ridoa_ui_prefs · Purpose: remembering view settings and interface preferences · Retention time: up to 12 months.

5.3. Analytics (statistical) cookies

Used to create statistics and to analyse how the website/application is used in order to improve them. Used solely on the basis of consent. They may originate from external providers (see § 6).

• Name (to be supplemented): e.g. cookies of a web analytics tool · Purpose: measuring traffic, the number and behaviour of Users, visit statistics · Retention time: to be supplemented after deployment (usually from a few days to about 24 months, depending on the tool).

The specific names of analytics cookies and the tools used (e.g. a web analytics system) will be indicated after the analytics tools are deployed.

5.4. Marketing cookies (potentially)

They may be used to present content and advertisements tailored to the User's interests and to measure their effectiveness. They are used solely after a separate, voluntary consent has been given and — if deployed at all — usually originate from third parties.

• Name (to be supplemented): e.g. cookies of advertising platforms · Purpose: marketing profiling, remarketing, conversion measurement · Retention time: to be supplemented after deployment.

As at the date on which this working draft was prepared, marketing cookies may not be used. If they are deployed, their details and providers will be indicated in this Policy and in the consent management panel.

§ 6. Third-party cookies

Some cookies may be placed and read by entities cooperating with the Controller (so-called third-party cookies), in particular providers of analytics tools, providers of infrastructure and security, payment operators, providers of embedded services (e.g. maps, video materials, fonts), and — possibly — providers of advertising services.

These entities may act as separate data controllers or as processors. The rules for the processing of data by these entities are set out in their own privacy policies and cookie policies. The Controller makes every effort to cooperate only with providers that ensure an adequate level of data protection.

With respect to mobile applications distributed through the Apple App Store and Google Play, the rules and transparency mechanisms of these platforms also apply (including the App Tracking Transparency mechanism on iOS and the advertising-identifier settings on Android).

A full list of providers and specific third-party cookies will be supplemented once analytics tools and any marketing tools are deployed.

§ 7. Managing consent and withdrawing it

On first use of the website or application, the User is asked to consent to the use of cookies other than strictly necessary ones — via the cookie consent banner / panel. The User may:

• accept all cookies;
• reject cookies other than strictly necessary ones;
• make a choice of cookies by category (selective consent).

The consent given is voluntary and may be withdrawn or changed at any time with effect for the future, in particular by:

• reopening the cookie settings panel (e.g. via a permanent "Cookie settings" link available on the website or in the application settings);
• changing the settings of the web browser or device (see § 8);
• deleting the saved cookies in the browser or in the application.

Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Regardless of the consent settings, strictly necessary cookies remain active because they are required for the operation of the website/application.

§ 8. Changing settings in popular browsers

The User may, on their own and at any time, change cookie settings, including blocking their storage or deleting cookies already saved, using the settings of the web browser. Below is an indication of where to find the relevant options in the most popular browsers:

• Google Chrome: Settings → Privacy and security → Cookies and other site data;
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data;
• Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data;
• Apple Safari (macOS): Safari → Settings → Privacy;
• Safari (iOS) / mobile applications: System Settings → Safari → Privacy & Security, and for the advertising identifier — Settings → Privacy & Security;
• Android (browser and advertising identifier): Browser settings → Privacy and System Settings → Privacy / Ads.

Detailed instructions are available in the help documentation of the individual browsers and operating systems. Please note that these settings are configured separately for each browser and each device.

§ 9. Consequences of disabling or restricting cookies

Restricting or disabling the use of cookies may affect how the website or application works. In particular, disabling strictly necessary cookies may:

• make it impossible to log in or to maintain a session after logging in;
• cause certain functions, forms, or security measures to malfunction;
• force the same settings to be made again on every visit.

Disabling functional, analytics, or marketing cookies does not prevent the use of the website/application, but it may limit personalisation and affect the comfort of use. The Controller is not liable for the improper operation of functions resulting from the User independently blocking cookies.

§ 10. Personal data and the User's rights

To the extent that information collected by means of cookies constitutes personal data, it is processed in accordance with the GDPR, and the detailed rules — including information about the recipients of the data, the retention periods, any transfer of data outside the European Economic Area, and the rights available (access, rectification, erasure, restriction of processing, objection, data portability, and the right to lodge a complaint with the President of the Personal Data Protection Office) — are set out in the Privacy Policy (GDPR).

§ 11. Changes to the Cookie Policy

The Controller reserves the right to make changes to this Policy, in particular in the event of changes to the law, the deployment of new tools or technologies, a change of cookie providers, or a change in the scope of the services provided. The current version of the Policy is published in the website and in the application each time, indicating the date of the last update and the effective date.

The Controller may inform Users of material changes in the manner adopted for the given product (e.g. by a notice in the website or application or by re-displaying the cookie consent panel). Continued use of the website or application after the changes take effect means that the User has reviewed the current content of the Policy; this does not relieve the Controller of the obligation to obtain consent where it is required.

In matters concerning cookies and the protection of personal data, you may contact the Controller at: kontakt@ridoa.house.

Reminder: this document is a working draft and has not yet been formally approved or implemented. The example cookie names and retention periods will be supplemented once analytics and measurement tools are deployed.