GDPR Cookie Policy

Last Updated: April 11, 2025

‍

Orgcäos OÜ, operating as Orgcaos Purpose-Driven Design Studio ("Orgcaos," "we," "us," or "our"), is committed to protecting your privacy and providing transparency about how we use cookies and similar technologies on our Website, accessible at https://orgcaos.com and https://orgcaos.ee (collectively, the "Website"). Our Website, hosted on Webflow, serves as a portfolio platform showcasing our branding and web design services, case studies, blog content, and client testimonials.

‍

This GDPR Cookie Policy ("Cookie Policy") explains what cookies are, the types of cookies we use, the purposes for which we use them, how Third-Party Services integrate with our Website, and how you can manage your cookie preferences. As a company registered in Estonia (registry code: 16321350, legal address: Vahtre Tables küla, Liiva, Hiiumaa vald, Hiiu maakond, 92318, Estonia), we comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the Estonian Personal Data Protection Act, and the EU ePrivacy Directive (Directive 2002/58/EC, as amended). This Cookie Policy applies to all Users ("you" or "User") visiting our Website, with specific protections for individuals in the European Economic Area (EEA).

‍

By using our Website, you acknowledge that you have read and understood this Cookie Policy. If you do not agree with our use of cookies, you can adjust your preferences as described below or refrain from using the Website.

‍

1. What Are Cookies and Similar Technologies?

Cookies are small text files placed on your device (e.g., computer, smartphone, or tablet) by your web browser when you visit a website. These files store information that helps websites function properly, remember your preferences, and provide insights into how the site is used. Similar technologies, such as pixels, web beacons, or local storage, serve comparable purposes by tracking user interactions or storing data.

‍

Cookies and similar technologies may collect Personal Data, such as your IP address or device identifiers, as defined in Article 4(1) of the GDPR. Where this occurs, we Process such data in accordance with our GDPR Privacy Policy and obtain your consent for non-essential cookies, as required by Article 5(3) of the EU ePrivacy Directive and Article 7 of the GDPR.

‍

Cookies can be temporary, lasting only for the duration of your visit ("session cookies"), or stored for a longer period to remember you on future visits ("persistent cookies"). They are set either directly by us ("first-party cookies") or by Third-Party Services integrated into our Website ("third-party cookies").

‍

2. Why We Use Cookies

We use cookies and similar technologies to enhance your experience on our Website, improve its functionality, and support our business operations. Specifically, we use them to achieve the following purposes:

‍

• To ensure the Website operates correctly by enabling core functionalities, such as page navigation, secure form submissions, and maintaining user sessions. These essential cookies are critical to providing a seamless browsing experience.
• To analyze how Users interact with the Website, including which pages they visit, how long they spend on each page, and what links they click. This helps us understand user behavior, identify areas for improvement, and optimize content and design.
• To deliver personalized advertising and measure the effectiveness of our marketing campaigns. Cookies allow us to track ad interactions, target relevant audiences, and ensure our promotional efforts align with your interests.
• To enhance Website security by detecting suspicious activity, preventing unauthorized access, and protecting against cyber threats, ensuring a safe environment for all Users.
• To remember your preferences, such as language settings or cookie consent choices, so you don’t need to reconfigure them on each visit.

‍

These purposes align with our legitimate interests under Article 6(1)(f) of the GDPR for essential cookies and are based on your consent under Article 6(1)(a) for non-essential cookies.

‍

3. Types of Cookies We Use

We categorize cookies based on their function and necessity, ensuring clarity about their role on our Website. Below are the types of cookies we use:

‍

• Essential Cookies: These cookies are strictly necessary for the Website to function and cannot be disabled without impairing core features. They enable you to navigate the Website, access secure areas, submit contact forms (e.g., at **https://orgcaos-website.webflow.io/contact**), and maintain a consistent browsing experience. For example, essential cookies ensure that our Webflow-hosted Website loads correctly and processes form submissions securely. Since these cookies are critical, they do not require your consent under the EU ePrivacy Directive, but we Process any Personal Data they collect in accordance with the GDPR.
• Analytics Cookies: These cookies collect information about how you use the Website, such as which pages you visit, how you arrive at the Website, and any errors you encounter. We use analytics cookies to generate aggregated, anonymized, or pseudonymized data that helps us improve the Website’s performance, usability, and content. For instance, cookies from Google Analytics track page views and user flows, while Microsoft Clarity provides heatmaps and session recordings to visualize interactions. These cookies are non-essential and are only activated with your consent.
• Marketing Cookies: These cookies track your browsing behavior to deliver personalized advertisements and measure the success of our marketing campaigns. They allow us to show you ads for our services on other platforms (e.g., Google or Meta-owned sites) and assess how users engage with our ads. For example, Google Ads and Meta Pixels use cookies to monitor ad clicks and conversions, helping us refine our promotional strategies. Marketing cookies are non-essential and require your explicit consent before being placed on your device.
• Functional Cookies: These cookies enhance the Website’s functionality by remembering your preferences, such as language settings or cookie consent choices. They ensure a more tailored experience, for example, by saving your decision to accept or reject certain cookies. Functional cookies are non-essential and are only used if you provide consent.

‍

We do not use cookies for purposes beyond those described, and we regularly review our cookie usage to ensure compliance with GDPR and ePrivacy requirements.

‍

4. Third-Party Cookies and Services

Our Website integrates Third-Party Services that may set their own cookies or similar technologies.

‍

These services support analytics, marketing, and performance monitoring, and their cookies are considered third-party cookies. The Third-Party Services we use include:

‍

• Google Tag Manager: This service manages tracking codes and scripts, enabling us to deploy analytics and marketing tools efficiently. It may set cookies to facilitate data collection for other Google services, such as Google Analytics or Google Ads, and operates based on your consent for non-essential cookies.
• Google Analytics: This service analyzes Website traffic and user behavior, setting cookies to track page views, session duration, and referral sources. The data collected is typically pseudonymized, meaning it cannot directly identify you unless combined with other information. We use Google Analytics to optimize our Website’s content and user experience, and cookies are activated only with your consent.
• Google Ads: This service supports our advertising campaigns by setting cookies to track ad interactions, such as clicks or conversions. These cookies help us understand which ads are effective and deliver relevant promotions to potential clients. Google Ads cookies are non-essential and require your consent.
• Google Search Console: While primarily a tool for monitoring search performance, it may interact with cookies set by other Google services to provide insights into how Users find our Website. Any cookie-related data collection is subject to your consent for analytics or marketing cookies.
• Microsoft Clarity: This service provides heatmaps, session recordings, and behavioral analytics, setting cookies to track how Users navigate and interact with the Website. The data helps us identify usability issues and enhance design, but cookies are only placed with your consent.
• Meta Pixels: Operated by Meta, these pixels set cookies to track user interactions for advertising purposes, such as retargeting visitors who view our portfolio or contact page. Meta Pixels cookies are non-essential and activated only if you consent to marketing cookies.

‍

Each Third-Party Service is bound by a Data Processing Agreement (DPA) with Orgcäos OÜ, ensuring compliance with Article 28 of the GDPR. These services may Process Personal Data, such as IP addresses or device identifiers, as described in our GDPR Privacy Policy. We are not responsible for the privacy practices of these Third-Party Services, and we encourage you to review their respective privacy policies for details on how they handle data:

‍

• Google: https://policies.google.com/privacy
• Microsoft Clarity: https://privacy.microsoft.com/en-us/privacystatement
• Meta: https://www.facebook.com/privacy/policy

‍

If you choose to reject non-essential cookies, third-party cookies will not be set, though this may limit certain Website features, such as personalized ads or detailed analytics.

‍

5. How We Obtain Your Consent

‍

For non-essential cookies (analytics, marketing, and functional), we obtain your explicit consent before placing them on your device, in accordance with Article 5(3) of the EU ePrivacy Directive and Article 7 of the GDPR. When you first visit our Website, a cookie banner appears, providing:

‍

• A clear explanation of the types of cookies we use and their purposes.
• Options to accept all cookies, reject non-essential cookies, or customize your preferences.
• A link to this Cookie Policy for further details.

‍

You can provide consent by clicking "Accept" or selecting specific cookie categories. If you choose to reject non-essential cookies, only essential cookies will be used, ensuring the Website remains functional. Consent is not required for essential cookies, as they are necessary for the Website’s operation, but any Personal Data they collect is Processed lawfully under the GDPR.

‍

You may withdraw your consent at any time by accessing the cookie settings link on our Website, typically found in the footer or via a pop-up option. Withdrawing consent will prevent further use of non-essential cookies but will not affect the lawfulness of Processing based on prior consent.

‍

6. Managing Your Cookie Preferences

You have full control over how cookies are used on our Website. Below are the ways you can manage your preferences:

‍

• Cookie Banner: On your first visit or after clearing your browser’s cookies, our cookie banner allows you to accept, reject, or customize non-essential cookies. You can save your preferences, which will be applied to future visits unless you modify them.
• Cookie Settings Link: We provide a dedicated link on the Website (e.g., in the footer) to revisit and update your cookie preferences at any time. This allows you to enable or disable analytics, marketing, or functional cookies as desired.
• Browser Settings: Most web browsers let you block or delete cookies through their settings. For example, you can configure your browser to reject all cookies, accept only first-party cookies, or prompt you before accepting cookies. Instructions vary by browser:
  ‍
  
  • For Google Chrome, visit Settings > Privacy and Security > Cookies and Other Site Data.
  • For Mozilla Firefox, go to Settings > Privacy & Security > Cookies and Site Data.
  • For Safari, navigate to Preferences > Privacy.
  • For Microsoft Edge, access Settings > Cookies and Site Permissions.
  • Blocking cookies may affect the Website’s functionality, such as preventing form submissions or limiting personalized features.
    ‍
• Device Settings: On mobile devices, you can adjust privacy settings to limit tracking, such as disabling ad identifiers (e.g., Apple’s IDFA or Android’s Advertising ID).
• Opt-Out Tools: For marketing cookies, you can opt out of targeted advertising through industry tools, such as:
  ‍
  • The Network Advertising Initiative at https://optout.networkadvertising.org.
  • The Digital Advertising Alliance at https://optout.aboutads.info.
  • Google’s ad personalization settings at https://adssettings.google.com.

‍

Please note that disabling cookies may cause some Website features to become unavailable, such as personalized content or analytics-driven improvements. Deleting cookies from your browser will not remove previously collected data but will reset your preferences, prompting the cookie banner on your next visit.

‍

7. Data Retention for Cookies

Cookies and the data they collect are retained only for as long as necessary to fulfill their purposes, in line with Article 5(1)(e) of the GDPR. Retention periods vary by cookie type:

• Essential Cookies: Session-based essential cookies expire when you close your browser. Persistent essential cookies, used for security or form functionality, may last up to one month to ensure consistent performance.
• Analytics Cookies: Cookies set by Google Analytics are retained for up to 26 months by default, after which the data is automatically deleted or anonymized. Microsoft Clarity cookies typically expire within 13 months, aligning with its data retention policies.
• Marketing Cookies: Cookies from Google Ads and Meta Pixels may persist for up to 90 days to track ad interactions, though retention depends on the specific campaign settings. Once expired, the data is no longer used for targeting.
• Functional Cookies: These cookies, such as those storing your consent preferences, may last up to one year to avoid repeated prompts, unless you clear them sooner.

‍

When cookies expire, they are automatically deleted from your device. Any Personal Data collected via cookies is securely deleted or anonymized in accordance with our GDPR Privacy Policy, unless required for legal purposes (e.g., security investigations).

‍

8. International Data Transfers

Some Third-Party Services, such as Google and Meta, are based outside the EEA, meaning cookie-related data may be transferred to countries like the United States. When this occurs, we ensure compliance with GDPR’s international transfer requirements under Articles 44-46, using the following safeguards:

• EU-U.S. Data Privacy Framework: For services certified under this framework (e.g., Google, Meta), ensuring equivalent protection to GDPR standards.
• Standard Contractual Clauses (SCCs): Incorporated into our Data Processing Agreements with Third-Party Services, as approved by the European Commission, to guarantee data protection.
• Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection, if applicable.

‍

We regularly review these safeguards to ensure ongoing compliance, particularly in light of evolving data protection laws. For details on how Third-Party Services handle international transfers, refer to their privacy policies linked in Section 4.

‍

9. Your Rights Regarding Cookie Data

Cookies may collect Personal Data, such as IP addresses or device identifiers, which are subject to GDPR protections. As a data subject, you have the following rights under the GDPR, as outlined in our GDPR Privacy Policy:

‍

• Right to Access: Request information about whether cookies collect your Personal Data and how it is Processed.
• Right to Rectification: Correct inaccurate Personal Data collected via cookies, though this is rare for cookie data.
• Right to Erasure: Request deletion of Personal Data collected by cookies, which we will honor by clearing relevant data, subject to legal retention obligations.
• Right to Restrict Processing: Limit how cookie data is Processed in certain cases, such as during a dispute.
• Right to Data Portability: Receive cookie-related Personal Data in a machine-readable format, though this is typically not applicable to anonymized or aggregated data.
• Right to Object: Object to Processing of cookie data for marketing or analytics, which you can exercise by rejecting non-essential cookies.
• Right to Withdraw Consent: Revoke consent for non-essential cookies at any time via our cookie settings link, with no impact on prior lawful Processing.

‍

To exercise these rights, contact us at hello@orgcaos.com. We will respond within 30 days, or 60 days for complex requests, as permitted by Article 12 of the GDPR. If you are dissatisfied, you may lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee) or your local supervisory authority.

‍

10. Security of Cookie Data

We implement robust technical and organizational measures to protect cookie-related data, as required by Article 32 of the GDPR. These include SSL/TLS encryption for data transmission, secure storage via Webflow’s infrastructure, and access controls to limit data exposure. Third-Party Services are required to maintain equivalent security standards under our Data Processing Agreements.

In the unlikely event of a data breach involving cookie data, we will notify you and the Estonian Data Protection Inspectorate within 72 hours, if required, per Article 33 of the GDPR, and take steps to mitigate harm.

‍

11. Changes to This Cookie Policy

We may update this Cookie Policy to reflect changes in our practices, Third-Party Services, or legal requirements. Material changes will be communicated by posting the updated Policy on the Website with a revised “Last Updated” date and, where required, notifying you via email or a Website notice at least 30 days before the changes take effect. Non-material changes, such as clarifications, will apply immediately upon posting.

‍

Your continued use of the Website after the effective date constitutes acceptance of the updated Cookie Policy. If you do not agree, you can adjust your cookie preferences or stop using the Website.

‍

12. Contact Information

For questions, concerns, or to manage your cookie preferences, please contact us at:

Orgcäos OÜ

Email: hello@orgcaos.com

Address: Vahtrepa küla, Liiva, Hiiumaa vald, Hiiu maakond, 92318, Estonia

We aim to respond within 7 business days. For data protection issues, you may also contact the Estonian Data Protection Inspectorate:

Estonian Data Protection Inspectorate

Email: info@aki.ee

Website: www.aki.ee

Address: Tatari 39, 10134 Tallinn, Estonia

‍