Effective Date: January 1, 2025
Last Updated: January 1, 2025
Company Information
MICRO DIGITAL ELECTRONICS CORP S.R.L.
Registration Number: 50047468
EUID: ROONRC.J2024009262405
Registered Address: Bucureşti Sectorul 4, Splaiul UNIRII, Nr. 16, office 705, Romania
Email: info@microdigitalcorp.com
Data Protection Officer: Peretyachenko Vitaly (CEO)
1. Legal Framework and Compliance
This Cookie Policy is established in strict compliance with:
- EU General Data Protection Regulation (GDPR) 2016/679
- ePrivacy Directive 2002/58/EC and planned ePrivacy Regulation
- Romanian Law 190/2018 implementing GDPR in Romania
- Romanian Emergency Ordinance 13/2022 on electronic communications
- Article 5(3) ePrivacy Directive requiring informed consent for cookies
- EDPB Guidelines 05/2020 on consent under GDPR
- Romanian ANSPDCP (National Supervisory Authority) guidelines
2. What Are Cookies
2.1 Technical Definition
Cookies are small text files placed on your device (computer, smartphone, tablet) by websites you visit. They contain information that is transferred to your device’s hard drive and allow websites to recognize your device and remember certain information about your preferences or past actions.
2.2 Legal Classification
Under EU and Romanian law, cookies are classified as:
- Strictly Necessary Cookies: Required for essential website functionality
- Functional Cookies: Enhance user experience but not essential
- Analytics Cookies: Collect usage statistics and performance data
- Marketing/Advertising Cookies: Track users for advertising purposes
- Third-Party Cookies: Set by external service providers
2.3 Data Processing Legal Basis
Cookie processing is based on:
- Article 6(1)(a) GDPR: Consent for non-essential cookies
- Article 6(1)(f) GDPR: Legitimate interest for essential website functionality
- Article 5(3) ePrivacy Directive: Specific cookie consent requirements
3. Cookies We Use
3.1 Strictly Necessary Cookies (No Consent Required)
Legal Basis: Legitimate interest under Article 6(1)(f) GDPR and ePrivacy Directive exemption
| Cookie Name | Purpose | Duration | Data Collected |
|---|---|---|---|
| PHPSESSID | Session management and security | Session only | Session identifier |
| csrf_token | Cross-site request forgery protection | Session only | Security token |
| cookie_consent | Records your cookie preferences | 12 months | Consent choices |
| security_session | Login session management | Session only | Authentication status |
Why No Consent Required: These cookies are strictly necessary for providing services explicitly requested by you (secure browsing, form submission, session management).
3.2 Analytics Cookies (Consent Required)
Legal Basis: Article 6(1)(a) GDPR – Explicit consent required
Google Analytics 4:
| Cookie Name | Purpose | Duration | Data Collected |
|---|---|---|---|
| _ga | Distinguishes unique users | 2 years | Anonymous user identifier |
| ga[ID] | Maintains session state | 2 years | Session and campaign data |
| _gid | Distinguishes unique users (short-term) | 24 hours | Anonymous user identifier |
Data Collected: Anonymized IP addresses, page views, session duration, device type, browser information, referral sources, geographic location (city level).
Third-Party Processing: Data is processed by Google LLC under EU-US Data Privacy Framework and Google’s Processor Terms.
3.3 Functional Cookies (Consent Required)
Legal Basis: Article 6(1)(a) GDPR – Explicit consent required
| Cookie Name | Purpose | Duration | Data Collected |
|---|---|---|---|
| language_preference | Remembers language settings | 6 months | Language code |
| display_preferences | UI customization settings | 3 months | Display options |
| form_progress | Saves form completion progress | 7 days | Form field data |
3.4 Marketing Cookies (Consent Required)
Legal Basis: Article 6(1)(a) GDPR – Explicit consent required
Current Status: We currently do NOT use marketing/advertising cookies.
Future Implementation: If marketing cookies are implemented, we will:
- Update this policy with 30 days advance notice
- Obtain explicit opt-in consent
- Provide detailed information about each marketing cookie
- Offer granular consent options
4. Consent Management
4.1 Consent Requirements (Strict GDPR Compliance)
Per EDPB Guidelines 05/2020, valid consent must be:
- Freely Given: No negative consequences for refusing consent
- Specific: Separate consent for different cookie categories
- Informed: Clear information about each cookie’s purpose
- Unambiguous: Positive action required (no pre-ticked boxes)
- Withdrawable: Easy withdrawal mechanism provided
4.2 Consent Collection Process
Initial Visit:
- Cookie banner displays before any non-essential cookies are set
- Explicit consent requested for each cookie category
- “Accept All,” “Reject All,” and “Customize” options provided
- No cookies set until explicit consent given
Consent Choices:
- Accept All: Consent to all cookie categories
- Reject All: Only strictly necessary cookies allowed
- Customize: Granular control over each category
- Settings: Accessible anytime via “Cookie Settings” link
4.3 Consent Documentation
We maintain detailed records of:
- When consent was given (timestamp with timezone)
- What specific consent was given (which cookie categories)
- How consent was given (banner interaction, settings page)
- IP address (for verification purposes only)
- Browser and device information (for consent validation)
Retention: Consent records retained for 3 years per Romanian data retention requirements.
5. Third-Party Cookies and Data Transfers
5.1 Google Analytics 4 (Current Implementation)
Data Controller: Google LLC
Legal Basis for Transfer: EU-US Data Privacy Framework
Data Processing Agreement: Google Analytics Processor Terms
Data Retention: 26 months (configurable, currently set to 14 months)
IP Anonymization: Enabled (last octet anonymized)
Data Sharing: Disabled for advertising features
User-ID: Not implemented
Enhanced Ecommerce: Not implemented
User Rights: You can opt-out via:
- Our cookie settings
- Google Analytics Opt-out Browser Add-on
- Browser cookie settings
5.2 Future Third-Party Services
Any future third-party services will require:
- Data Processing Agreements (DPAs) compliant with Article 28 GDPR
- Transfer Impact Assessments per EDPB recommendations
- Adequate protection measures for international transfers
- Prior consent before implementation
- Updated cookie policy with advance notice
6. Your Rights Under GDPR
6.1 Cookie-Specific Rights
Right to Withdraw Consent (Article 7 GDPR):
- Withdraw consent anytime via “Cookie Settings”
- Withdrawal does not affect prior lawful processing
- Withdrawal processed immediately (real-time)
Right to Object (Article 21 GDPR):
- Object to analytics cookies based on legitimate interest
- Right to object to direct marketing (if implemented)
6.2 Data Subject Rights
Right of Access (Article 15 GDPR):
- Request copy of data collected via cookies
- Information about processing purposes and recipients
Right to Rectification (Article 16 GDPR):
- Correct inaccurate data collected via cookies
Right to Erasure (Article 17 GDPR):
- Request deletion of cookie-collected data
- Automatic deletion when cookies expire
Right to Data Portability (Article 20 GDPR):
- Receive cookie data in structured, machine-readable format
6.3 Exercising Your Rights
Contact Methods:
- Email: info@microdigitalcorp.com
- Subject: “GDPR Data Subject Request – Cookies”
- Response Time: Maximum 30 days per Article 12 GDPR
Required Information:
- Clear identification of the right you wish to exercise
- Sufficient information to locate your data
- Proof of identity (if requested)
7. Cookie Management and Control
7.1 Browser-Level Controls
Chrome:
- Settings > Privacy and Security > Cookies and other site data
- Block third-party cookies
- Clear cookies and site data
Firefox:
- Settings > Privacy & Security > Cookies and Site Data
- Enhanced Tracking Protection options
- Clear Data functionality
Safari:
- Preferences > Privacy > Manage Website Data
- Prevent cross-site tracking
- Block all cookies option
Edge:
- Settings > Cookies and site permissions
- Block third-party cookies
- Clear browsing data
7.2 Mobile Device Controls
iOS Safari:
- Settings > Safari > Privacy & Security
- Block All Cookies or Allow from Websites I Visit
Android Chrome:
- Chrome app > Settings > Site settings > Cookies
- Allow/Block cookies toggle
7.3 Our Cookie Preference Center
Accessible via “Cookie Settings” link in footer:
- Real-time consent management
- Granular category controls
- Consent history display
- Easy withdrawal mechanism
- Immediate effect (no page reload required)
8. Data Security and Protection
8.1 Technical Measures
Encryption:
- All cookies transmitted via HTTPS only
- Secure flag set on all sensitive cookies
- SameSite attribute implemented
Access Controls:
- Cookie data accessible only to authorized personnel
- Role-based access to analytics data
- Regular access reviews and audits
Data Minimization:
- Shortest possible retention periods
- Anonymization where possible
- Regular data purging procedures
8.2 Organizational Measures
Staff Training:
- Regular GDPR compliance training
- Cookie handling procedures documentation
- Incident response protocols
Vendor Management:
- Due diligence on all third-party providers
- Data Processing Agreements for all processors
- Regular compliance assessments
9. International Data Transfers
9.1 Current Transfers
Google Analytics (US):
- Legal Basis: EU-US Data Privacy Framework
- Adequacy Decision: European Commission Decision 2023/1067
- Additional Safeguards: Google’s Processor Terms
- Data Localization: Option for EU-only processing available
9.2 Transfer Safeguards
Due Diligence Process:
- Transfer Impact Assessment (TIA) conducted
- Government access laws reviewed
- Additional technical measures implemented
- Regular monitoring of adequacy decisions
Contingency Plans:
- Alternative EU providers identified
- Data localization options available
- Suspension procedures if adequacy withdrawn
10. Retention and Deletion
10.1 Retention Periods
Analytics Data: 14 months (configurable, currently shortened from Google’s 26-month default)
Consent Records: 3 years from consent withdrawal
Functional Cookie Data: Varies by cookie (1 day to 6 months maximum)
Security Logs: 12 months for security incident investigation
10.2 Automatic Deletion
Expired Cookies: Automatically deleted by browser when expired
Analytics Data: Automatically purged after retention period
Inactive Users: Data for users inactive >18 months automatically anonymized
10.3 Manual Deletion Requests
Process:
- Submit deletion request via email
- Identity verification if required
- Deletion within 30 days
- Confirmation of deletion provided
11. Updates and Changes
11.1 Policy Updates
Notification Requirements:
- 30 days advance notice for material changes
- Email notification to regular users (if contact information available)
- Website banner notification of policy updates
- Version control with change history
Material Changes Include:
- New cookie categories
- Additional third-party services
- Changes to legal basis
- Retention period extensions
- International transfer changes
11.2 Emergency Updates
Immediate Updates Required For:
- Security vulnerabilities in cookie implementation
- Legal compliance issues identified
- Regulatory enforcement actions
- Third-party service discontinuation
Emergency Procedure:
- Immediate policy update
- Prominent website notice
- Email notification within 24 hours
- Follow-up detailed explanation
12. Contact Information and Complaints
12.1 Data Protection Contact
Primary Contact:
Email: info@microdigitalcorp.com
Subject: “Cookie Policy Inquiry” or “GDPR Cookie Request”
Response Time: Maximum 72 hours for initial response
Data Protection Officer:
Name: Peretyachenko Vitaly
Role: CEO/DPO
Email: info@microdigitalcorp.com
12.2 Regulatory Complaints
Romanian Supervisory Authority:
ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Website: dataprotection.ro
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest
EU Data Protection Authorities:
Full list available at: edpb.europa.eu/about-edpb/about-edpb/members_en
12.3 Complaint Process
Internal Complaint Handling:
- Receipt acknowledgment: Within 24 hours
- Investigation: Within 7 days
- Response: Within 30 days maximum
- Escalation: To supervisory authority if unresolved
13. Legal Disclaimers and Limitations
13.1 Scope of Policy
This policy applies EXCLUSIVELY to:
- Cookies set by microdigitalcorp.com domain
- Subdomains under our control
- Services directly provided by our company
Not Covered:
- Third-party websites linked from our site
- External services accessed via our website
- Cookies set by external websites you visit
13.2 Legal Limitations
Service Limitations:
- Cookie settings may affect website functionality
- Some features require specific cookies to operate
- Analytics data may be less accurate with limited cookies
Technical Limitations:
- Browser compatibility varies for advanced cookie controls
- Mobile device limitations for granular controls
- VPN/proxy services may affect geolocation accuracy
14. Technical Implementation Details
14.1 Cookie Banner Implementation
Technical Standards:
- Loads before any tracking scripts
- Blocks non-essential cookies until consent
- JavaScript-based consent management
- Local storage for consent preferences
- GDPR-compliant consent string format
Accessibility:
- WCAG 2.1 AA compliant banner design
- Keyboard navigation support
- Screen reader compatibility
- High contrast mode support
14.2 Consent Validation
Technical Validation:
- Consent timestamp verification
- Browser fingerprint validation (non-identifying)
- IP address consistency checks
- Tamper detection mechanisms
Legal Validation:
- Affirmative action requirement
- Granular consent verification
- Withdrawal mechanism testing
- Regular compliance audits
Document Version: 1.0
Legal Review: Completed per GDPR Articles 5, 6, 7, 12-22
Technical Review: Completed per ePrivacy Directive Article 5(3)
Regulatory Compliance: Romanian ANSPDCP guidelines, EDPB recommendations
Next Mandatory Review: July 1, 2025
Language: English
Jurisdiction: Romania, European Union
Maximum GDPR Compliance Level: Enhanced protection with documented consent procedures
Legal Certification: This Cookie Policy provides maximum legal protection under EU GDPR and Romanian data protection law, designed to withstand the most stringent regulatory scrutiny.