Legal
Cookies Policy
Effective Date: September 20, 2025
Last Updated: September 20, 2025
1. SCOPE AND CONTROLLER INFORMATION
Stergios & Dimitris Pappos OÜ ("Company," "we," "us," or "our"), an Estonian limited liability company with its registered office at Sepapaja 6, 15551 Tallinn, Estonia, VAT number EE102609752, is committed to protecting your privacy while you navigate our website https://stergiospappos.me/ (the "Website").
This Cookie Policy provides comprehensive information about our minimal use of cookies and similar tracking technologies, explaining what data we collect, why we collect it, and how we use it in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Estonian Personal Data Protection Act, and the ePrivacy Directive.
By using this Website, you acknowledge that you have read and understood this Cookie Policy. For additional information about how we handle your personal data, please refer to our comprehensive Privacy Policy.
2. UNDERSTANDING COOKIES AND TRACKING TECHNOLOGIES
2.1 What Are Cookies?
Cookies are small text files that websites save on your computer, smartphone, tablet, or other internet-enabled devices when you visit a website. They enable websites to remember information about your visit, such as your preferred language and other settings, which can make your next visit easier and the site more useful to you.
2.2 Types of Cookies by Duration
Session Cookies: Temporary cookies that are erased when you close your web browser. These cookies do not collect information from your device and do not remember your activities from previous browsing sessions.
Persistent Cookies: Cookies that remain on your device for a predetermined period or until you manually delete them. These cookies can remember information about your preferences and actions across multiple browsing sessions.
2.3 Types of Cookies by Origin
First-Party Cookies: Cookies set directly by our Website domain that you are visiting.
Third-Party Cookies: Cookies set by domains other than the one you are visiting, typically by external service providers or partners.
2.4 Similar Tracking Technologies
This policy also covers similar technologies such as:
- Web beacons (pixel tags)
- Local storage objects
- Flash cookies
- Fingerprinting techniques
- Other tracking scripts and technologies
3. OUR MINIMAL COOKIE APPROACH
3.1 Philosophy of Data Minimisation
We have specifically designed our Website to minimise the use of cookies and tracking technologies, adhering to the principle of data minimisation under GDPR. Our approach prioritises:
- Essential functionality over extensive tracking
- User privacy over data collection
- Transparency over hidden tracking mechanisms
- Compliance with the highest privacy standards
3.2 No Analytics or Marketing Cookies
Unlike many websites, we have deliberately chosen NOT to implement:
- Google Analytics or other web analytics services
- Marketing and advertising cookies (no Meta Pixel, Google Ads, retargeting pixels)
- Social media tracking pixels (no Facebook, Instagram, LinkedIn tracking)
- Third-party advertising networks
- Behavioural tracking cookies
- Personalisation cookies based on browsing history
- Cross-site tracking mechanisms
3.3 No Consent Banner Required
Because we only use strictly necessary cookies that are essential for Website operation, we do not require a cookie consent banner under GDPR Article 6(1)(f) and the ePrivacy Directive. Strictly necessary cookies are exempt from the consent requirement as they are essential for the functioning of the Website.
4. COOKIES WE USE
4.1 Strictly Necessary Cookies
These cookies are essential for the proper functioning of our Website and cannot be disabled without severely affecting the site's performance. They do not store personally identifiable information and are automatically accepted when you visit our site.
Webflow Essential Cookies:
Cookie Name: _webflow_session
Type: Session
Duration: Session
Purpose: Maintains basic website functionality and user session
Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
Cookie Name: _webflow_csrf
Type: Security
Duration: Session
Purpose: Protects against Cross-Site Request Forgery attacks
Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
Security and Performance Cookies:
Security monitoring cookies
Type: Security
Duration: Various
Purpose: Detect and prevent malicious activities, DDoS attacks, and security threats
Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
Load balancing cookies
Type: Performance
Duration: Session
Purpose: Ensure optimal website performance and server distribution
Legal Basis: Legitimate interest (Article 6(1)(f) GDPR)
4.2 Detailed Cookie Descriptions
Website Functionality Cookies
Purpose: These cookies ensure that our Website works properly and that you can navigate between pages, access secure areas, and use basic features.
Data Processed: Session identifiers, basic browser information, timestamp
Retention Period: Session duration or up to 24 hours maximum
Third-Party Involvement: Minimal (only Webflow hosting infrastructure)
Security Cookies
Purpose: Protect our Website and visitors from security threats, including malicious attacks, spam, and unauthorised access attempts.
Data Processed: IP addresses (for threat detection), request patterns, security event logs
Retention Period: 30 days for general security logs; indefinite for confirmed security threats
Third-Party Involvement: Webflow security infrastructure
Technical Performance Cookies
Purpose: Ensure optimal Website performance, load balancing, and content delivery.
Data Processed: Server response times, content delivery metrics, basic technical performance data
Retention Period: Session duration
Third-Party Involvement: Webflow content delivery network
5. THIRD-PARTY SERVICES AND THEIR COOKIES
5.1 Webflow Hosting Platform
Our Website is hosted on Webflow, which may set minimal essential cookies for:
- Content delivery optimisation
- Basic security protection
- Technical performance monitoring
- Infrastructure management
Webflow's Approach: Webflow only sets cookies that are necessary for website operation. They do not set tracking or analytics cookies unless specifically configured by the website owner (which we have not done).
Data Processing Location: Webflow processes data in the United States with appropriate safeguards under EU-US data transfer mechanisms.
Legal Basis: Legitimate interests for website hosting and technical operation.
5.2 Google Search Console
We use Google Search Console solely for:
- Technical SEO monitoring
- Website indexing status
- Basic search performance data
- Technical error detection
Important Note: Google Search Console does not set cookies on our Website. It only processes data about how our Website appears in Google search results, which does not involve visitor tracking on our site.
Data Processing: Google processes aggregated, non-personally identifiable data about search performance.
5.3 No Other Third-Party Services
We have specifically avoided integrating other common third-party services that typically use extensive cookie tracking, including:
- Analytics platforms (Google Analytics, Adobe Analytics, etc.)
- Marketing automation tools
- Customer relationship management (CRM) tracking
- Social media plugins with tracking
- Advertising networks
- Heat mapping tools (Hotjar, Crazy Egg, etc.)
- Live chat services with tracking
- A/B testing platforms
6. DATA COLLECTED THROUGH COOKIES
6.1 Technical Data
The minimal cookies we use may collect the following technical data:
- Session identifiers (temporary, non-personal)
- Browser type and version (for compatibility)
- Operating system information (for optimisation)
- Screen resolution (for responsive design)
- Timestamp of visit (for session management)
- IP address (for security purposes only, pseudonymised after 24 hours)
6.2 No Personal Identification
Our cookies are specifically configured to:
- NOT collect personally identifiable information (names, email addresses, phone numbers)
- NOT track browsing behaviour across multiple websites
- NOT build user profiles or behavioural patterns
- NOT store sensitive personal data
- NOT collect special categories of data under GDPR Article 9
6.3 Data Minimisation Compliance
In accordance with GDPR Article 5(1)(c), we ensure that:
- Only necessary technical data is processed
- Data collection is limited to what is essential for website operation
- No excessive or irrelevant data is gathered through cookies
- All data processing serves a specific, legitimate purpose
7. LEGAL BASIS FOR COOKIE PROCESSING
7.1 Legitimate Interests (Article 6(1)(f) GDPR)
Our primary legal basis for cookie processing is legitimate interests, specifically:
- Website security and protection against malicious activities
- Technical website operation and functionality
- Performance optimisation for user experience
- Infrastructure management and maintenance
7.2 Balancing Test
We have conducted a comprehensive balancing test confirming that:
- Our legitimate interests are not overridden by individuals' privacy rights
- The cookies used are proportionate and necessary
- The privacy impact on users is minimal
- Alternative means to achieve our legitimate interests are not reasonably available
7.3 No Consent Required
Under the ePrivacy Directive and GDPR, cookies that are "strictly necessary" for website operation do not require user consent. All our cookies fall into this category.
8. YOUR COOKIE RIGHTS AND CHOICES
8.1 Browser Cookie Controls
You can control cookies through your web browser settings:
Google Chrome:
1. Click the menu button (three dots) → Settings
2. Privacy and security → Cookies and other site data
3. Choose your preferred cookie settings
Mozilla Firefox:
1. Menu → Options → Privacy & Security
2. Cookies and Site Data section
3. Manage your cookie preferences
Safari:
1. Safari → Preferences → Privacy
2. Cookie settings and website data management
Microsoft Edge:
1. Settings → Cookies and site permissions
2. Manage and delete cookies
8.2 Impact of Disabling Cookies
Important Notice: If you choose to disable all cookies, you may experience:
- Reduced website functionality
- Inability to maintain sessions between page visits
- Potential security vulnerabilities
- Suboptimal performance and user experience
8.3 Granular Cookie Management
Most modern browsers allow you to:
- Block all cookies from specific websites
- Delete existing cookies
- Set preferences for cookie acceptance
- Receive notifications when cookies are being set
- Manage cookies on a site-by-site basis
8.4 Third-Party Cookie Blockers
You may use browser extensions or third-party tools to block cookies, such as:
- Privacy Badger
- uBlock Origin
- Ghostery
- AdBlock Plus
Note: These tools may affect website functionality, but given our minimal cookie usage, the impact should be negligible.
9. COOKIE DATA RETENTION AND DELETION
9.1 Automatic Expiration
Our cookies are configured with the following retention periods:
- Session cookies: Automatically deleted when you close your browser
- Security cookies: Maximum 30 days (deleted sooner if no longer needed)
- Performance cookies: Maximum 7 days
- Essential functionality cookies: Maximum 24 hours
9.2 Proactive Deletion
We proactively delete cookie data:
- When cookies reach their expiration date
- When they are no longer necessary for their original purpose
- Upon user request (where technically feasible)
- During regular system maintenance and cleanup procedures
9.3 User-Initiated Deletion
You can delete cookies at any time through:
- Browser cookie management settings
- Browser history and privacy clearing functions
- Third-party cookie management tools
- Contacting us directly for assistance
10. CHILDREN'S PRIVACY AND COOKIES
10.1 Age Restrictions
Our Website is not intended for children under 16 years of age. We do not:
- Knowingly set cookies on devices used by children under 16
- Collect data through cookies from individuals under 16
- Target content or functionality toward children
10.2 Parental Rights
If you are a parent or guardian and believe a child under 16 has accessed our Website:
- The minimal cookies we use pose no significant privacy risk
- You can clear cookies from the child's browser using standard browser functions
- You can contact us for additional guidance on cookie management
10.3 Educational Context
If our Website is accessed in an educational context involving minors, we maintain the same minimal cookie approach with additional safeguards as appropriate.
11. INTERNATIONAL DATA TRANSFERS
11.1 Webflow Data Processing
Webflow may process cookie data in the United States. We ensure appropriate safeguards through:
- EU-US Data Privacy Framework participation
- Standard Contractual Clauses approved by the European Commission
- Technical and organisational security measures
- Regular compliance assessments
11.2 Data Transfer Safeguards
All international transfers of cookie data include:
- Contractual data protection obligations
- Technical security measures equivalent to EU standards
- Regular monitoring and compliance reviews
- Right to audit data processing practices
11.3 No Widespread International Transfers
Unlike websites using extensive analytics and advertising cookies, our minimal approach significantly reduces international data transfers.
12. COOKIE SECURITY MEASURES
12.1 Technical Security
We implement comprehensive security measures for cookie data:
- Encryption in transit using TLS 1.3 or higher
- Secure cookie flags preventing transmission over unencrypted connections
- HttpOnly flags preventing JavaScript access to sensitive cookies
- SameSite attributes protecting against cross-site request forgery
- Regular security audits of cookie implementation
12.2 Access Controls
Cookie data access is restricted through:
- Strict access controls limiting data access to authorised personnel only
- Regular access reviews and audits
- Technical barriers preventing unauthorised cookie access
- Logging and monitoring of all cookie-related data access
12.3 Incident Response
In the unlikely event of a security incident affecting cookie data:
- Immediate containment and investigation procedures
- Notification to authorities within 72 hours (if required)
- User notification if high risk to privacy rights
- Remediation and enhanced security measures
13. UPDATES TO THIS COOKIE POLICY
13.1 Policy Review and Updates
We regularly review this Cookie Policy to ensure:
- Continued compliance with applicable laws and regulations
- Accuracy regarding our cookie practices
- Alignment with technological developments
- Reflection of any changes to our cookie usage
13.2 Notification of Changes
We will notify you of material changes to this Cookie Policy through:
- Prominent notice on our Website homepage
- Updated "Last Updated" date on this policy
- Email notification to users who have provided contact information (for significant changes)
13.3 Continued Use Constitutes Acceptance
Your continued use of our Website after any Cookie Policy modifications constitutes acceptance of the updated policy.
13.4 Version Control
We maintain records of all previous versions of this Cookie Policy for transparency and compliance purposes.
14. CONTACT INFORMATION
14.1 Cookie-Related Inquiries
For questions, concerns, or requests regarding our cookie practices, please contact:
Stergios & Dimitris Pappos OÜ
Sepapaja 6, 15551 Tallinn, Estonia
Email: contact@stergiospappos.me
Phone: +306946063828
Subject Line: "Cookie Policy Inquiry"
14.2 Data Protection Officer
For data protection and privacy-related matters:
Email: [Insert DPO email]
Subject Line: "Data Protection - Cookie Policy"
14.3 Technical Support
For technical assistance with cookie management:
Email: [Insert technical email]
Subject Line: "Technical Support - Cookies"
14.4 Response Times
We aim to respond to cookie-related inquiries within:
- Simple questions: 3 business days
- Technical issues: 5 business days
- Formal requests: 30 days (as required by GDPR)
15. REGULATORY COMPLIANCE
15.1 Applicable Laws
This Cookie Policy complies with:
- General Data Protection Regulation (EU) 2016/679 (GDPR)
- Estonian Personal Data Protection Act
- ePrivacy Directive (EU) 2002/58/EC
- Estonian Electronic Communications Act
- Estonian Information Society Services Act
15.2 Supervisory Authority
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Website: https://www.aki.ee/
Email: info@aki.ee
Phone: +372 627 4135
Address: Väike-Ameerika 19, 10129 Tallinn, Estonia
15.3 Cross-Border Compliance
As we serve users across the European Union, this policy ensures compliance with:
- EU-wide data protection standards
- National implementations of EU directives
- Cross-border data protection cooperation mechanisms
15.4 Regular Compliance Reviews
We conduct regular compliance reviews to ensure:
- Continued adherence to all applicable regulations
- Implementation of regulatory updates and changes
- Maintenance of best practices in cookie management
- Alignment with evolving privacy standards
16. ADDITIONAL INFORMATION
16.1 Cookie Education Resources
For more information about cookies and online privacy:
- All About Cookies: http://www.allaboutcookies.org
- Your Online Choices: http://www.youronlinechoices.eu
- Estonian Data Protection Inspectorate: https://www.aki.ee/
16.2 Browser Help Resources
For assistance managing cookies in different browsers:
- Chrome Help: https://support.google.com/chrome/answer/95647
- Firefox Help: https://support.mozilla.org/kb/cookies-information-websites-store
- Safari Help: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471
- Edge Help: https://support.microsoft.com/help/4027947
16.3 Industry Standards
Our cookie practices align with industry standards and best practices:
- IAB Europe Cookie Guidelines
- W3C Privacy Interest Group recommendations
- EDPB Guidelines on cookies and similar technologies
---
Company: Stergios & Dimitris Pappos OÜ
Website: https://stergiospappos.me/
Last Updated: September 20, 2025
Version: 1.0
Compliance: GDPR, Estonian Personal Data Protection Act, ePrivacy Directive
This Cookie Policy demonstrates our commitment to transparency, privacy protection, and regulatory compliance while maintaining essential website functionality through minimal, necessary cookie usage.