Cookie Policy

This Cookie Policy explains how Otiox d.o.o. ("Company", "we", "us", or "our") uses cookies and similar tracking technologies when you visit our website at https://otiox.com (the "Website") and use our software-as-a-service platform (the "Service").

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the ePrivacy Directive (2002/58/EC), and applicable national implementations across European Union member states. By using our Website, you consent to the use of cookies in accordance with this Cookie Policy.

We are committed to being transparent about the technologies we use. This policy provides detailed information about why, how, and when we use cookies on our Website and within our Service.

If you have any questions about our use of cookies, please contact us at legal@otiox.com.

Cookies are small text files that are placed on your computer, smartphone, or other device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site.

Cookies serve several purposes:

• Session management — Keeping you logged in, remembering your preferences, and maintaining your shopping cart or form data during a browsing session.

• Personalization — Adapting the content and functionality of a website to better match your preferences and past behavior.

• Analytics and performance — Collecting anonymous statistical data about how visitors use a website, which helps us understand and improve its performance.

• Advertising and targeting — Tracking your browsing activity to deliver relevant advertisements across websites (note: Otiox does not currently use advertising cookies).

Cookies can be set by the website you are visiting ("first-party cookies") or by third parties whose services the website uses ("third-party cookies"), such as analytics or marketing providers.

Similar technologies we may use include:

• Web beacons (pixel tags) — Small transparent images embedded in web pages or emails to track user behavior.
• Local storage — Browser storage mechanisms that allow websites to store data locally on your device.
• Session storage — Similar to local storage but data is cleared when the browser tab is closed.

We use the following categories of cookies on our Website and Service:

3.1 Strictly Necessary Cookies

These cookies are essential for the operation of our Website and Service. They enable core functionality such as security, session management, and accessibility. Without these cookies, certain features of the Website cannot function properly.

These cookies do not require your consent under EU law as they are strictly necessary for the provision of the service you have requested.

| Cookie | Purpose | Duration | Type |

|--------|---------|----------|------|

| otiox-session | Maintains user authentication session | Session | First-party |

| otiox-csrf | CSRF protection token | Session | First-party |

| otiox-lang | Stores your language preference | 1 year | First-party |

| otiox-consent | Records your cookie consent preferences | 1 year | First-party |

3.2 Performance & Analytics Cookies

These cookies collect information about how visitors use our Website, such as which pages are visited most often and whether visitors receive error messages. All information collected by these cookies is aggregated and therefore anonymous. These cookies are used only to improve how our Website works.

| Cookie | Purpose | Duration | Type |

|--------|---------|----------|------|

| _ga | Google Analytics — Distinguishes unique users | 2 years | Third-party |

| _ga_* | Google Analytics — Maintains session state | 2 years | Third-party |

| _gid | Google Analytics — Distinguishes unique users | 24 hours | Third-party |

| _gat | Google Analytics — Throttles request rate | 1 minute | Third-party |

3.3 Functional Cookies

These cookies allow the Website to remember choices you make (such as your language or region preference) and provide enhanced, personalized features. They may be set by us or by third-party providers whose services we have added to our pages.

| Cookie | Purpose | Duration | Type |

|--------|---------|----------|------|

| otiox-theme | Remembers your UI theme preference | 1 year | First-party |

| otiox-sidebar | Remembers sidebar collapse state | 30 days | First-party |

| otiox-onboarding | Tracks onboarding progress | 90 days | First-party |

3.4 Marketing & Targeting Cookies

Otiox does not currently use marketing or advertising cookies. We do not sell or share your personal data with advertisers. If this changes in the future, this policy will be updated accordingly, and your explicit consent will be required before any marketing cookies are set.

First-party cookies are set directly by Otiox (otiox.com domain). These cookies are used for essential functionality, user preferences, and to improve your experience on our platform.

Third-party cookies are set by external services that we integrate with, such as Google Analytics. These cookies are subject to the respective privacy policies of these third parties.

We carefully select and review all third-party services that set cookies through our Website. The third-party providers we currently work with include:

• Google Analytics (analytics.google.com) — Web analytics service provided by Google LLC. Used to analyze website traffic and user behavior patterns. Google's privacy policy: https://policies.google.com/privacy

We do not have control over third-party cookies and recommend that you review the privacy policies of these third parties for more information about their cookie practices.

Cookies can be classified based on how long they remain on your device:

Session Cookies — These are temporary cookies that are deleted from your device when you close your browser. They are used to maintain your session and ensure the Website functions correctly during your visit.

Persistent Cookies — These cookies remain on your device for a set period of time or until you manually delete them. They are used to remember your preferences and settings between visits, and to provide analytics data about Website usage over time.

The specific duration of each cookie we use is listed in the cookie tables in Section 3 above. We regularly review the cookies we use and their retention periods to ensure they remain proportionate and necessary.

Under the ePrivacy Directive, persistent cookies should not have an excessively long retention period. We limit our persistent cookies to a maximum of 2 years, in line with industry standards and regulatory guidance.

You have the right to decide whether to accept or reject cookies (except strictly necessary cookies). You can manage your cookie preferences in several ways:

Browser Settings

Most web browsers allow you to control cookies through their settings. Here are instructions for the most popular browsers:

• Google Chrome: Settings → Privacy and Security → Cookies and other site data
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Microsoft Edge: Settings → Cookies and Site Permissions → Manage and delete cookies
• Opera: Settings → Privacy & Security → Cookies

Please note that disabling cookies may affect the functionality of our Website and Service.

Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to be tracked. Our Website currently responds to DNT signals by disabling non-essential tracking when detected.

Opt-Out Links

For third-party analytics cookies, you can also use the following opt-out mechanisms:

• Google Analytics: Install the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: http://optout.networkadvertising.org/
• Digital Advertising Alliance: http://optout.aboutads.info/
• European Interactive Digital Advertising Alliance: http://www.youronlinechoices.eu/

Under the GDPR and the ePrivacy Directive, we are required to obtain your consent before placing non-essential cookies on your device. When you first visit our Website, you will be presented with a cookie consent banner that allows you to:

• Accept all cookies — This enables all categories of cookies, including analytics and functional cookies.
• Reject non-essential cookies — This allows only strictly necessary cookies and disables all optional cookies.
• Customize your preferences — This allows you to selectively enable or disable specific cookie categories.

Your right to withdraw consent

You can change or withdraw your cookie consent at any time by:

1. Clearing your browser cookies and revisiting our Website, at which point the consent banner will appear again.

2. Using the browser settings described in Section 6 to delete or block specific cookies.

3. Contacting us at legal@otiox.com to request that we update your cookie preferences.

Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

Record of consent

We maintain records of cookie consent in compliance with GDPR Article 7(1). The `otiox-consent` cookie stores a hash of your consent preferences and the date/time consent was given.

If you choose to disable or reject cookies, please be aware of the following potential impacts:

Strictly Necessary Cookies: These cannot be disabled as they are essential for the Website and Service to function. Blocking these cookies may make parts of the Website inaccessible.

Performance & Analytics Cookies: Disabling these cookies means we cannot collect data about how our Website is used, which limits our ability to identify and fix issues, and to improve the user experience.

Functional Cookies: Disabling these cookies may result in reduced functionality, such as the Website not remembering your language preferences, theme settings, or other personalization choices. You may need to re-enter information on each visit.

We recommend keeping at least the strictly necessary and functional cookies enabled for the best user experience. However, we fully respect your right to control your cookie preferences.

Some of the third-party cookies used on our Website may involve the transfer of personal data outside the European Economic Area (EEA). When this occurs, we ensure that appropriate safeguards are in place as required by GDPR Chapter V:

• Standard Contractual Clauses (SCCs) — We rely on the European Commission's standard contractual clauses for transfers of personal data to countries not recognized as providing an adequate level of data protection.

• Adequacy Decisions — Where the European Commission has determined that a third country provides an adequate level of data protection, transfers may occur on this basis.

• EU-US Data Privacy Framework — For transfers to the United States, we work with providers who participate in the EU-US Data Privacy Framework where applicable.

For Google Analytics specifically, Google LLC has committed to compliance under the EU-US Data Privacy Framework and employs Standard Contractual Clauses as a transfer mechanism.

You can request more information about the safeguards we use for international data transfers by contacting us at legal@otiox.com.

In relation to the personal data collected through cookies, you have the following rights under GDPR:

• Right of access (Article 15) — You can request a copy of the personal data we hold about you that has been collected through cookies.

• Right to rectification (Article 16) — You can request correction of inaccurate personal data.

• Right to erasure (Article 17) — You can request deletion of your personal data collected through cookies by clearing your browser cookies or contacting us.

• Right to restriction of processing (Article 18) — You can request that we restrict the processing of your personal data in certain circumstances.

• Right to data portability (Article 20) — You can request your personal data in a structured, commonly used, machine-readable format.

• Right to object (Article 21) — You can object to the processing of your personal data, including processing based on legitimate interests.

• Right not to be subject to automated decision-making (Article 22) — We do not make any automated decisions based solely on cookie data.

To exercise any of these rights, please contact us at legal@otiox.com. We will respond to your request within 30 days, in accordance with GDPR requirements.

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes the GDPR.

We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

1. Update the "Last Updated" date at the top of this policy.

2. Post the updated policy on our Website.

3. Where required by law, request your consent again for the use of cookies.

We encourage you to periodically review this Cookie Policy to stay informed about how we use cookies. Continued use of our Website after any changes constitutes your acceptance of the updated Cookie Policy.

For significant changes that affect your rights or our obligations, we may also notify you via email or through a prominent notice on our Website.

If you have any questions, concerns, or requests regarding this Cookie Policy or our use of cookies, please contact us at:

Otiox d.o.o.

Email: legal@otiox.com

Website: https://otiox.com/contact

For data protection inquiries, you may also contact our Data Protection Officer at the above email address.

You have the right to lodge a complaint with the relevant supervisory authority in your country of residence if you believe that our processing of your personal data through cookies infringes the GDPR or applicable data protection laws.

Supervisory Authority (Republic of Serbia):

Commissioner for Information of Public Importance and Personal Data Protection

Website: https://www.poverenik.rs