Cookie Policy

1. Definitions and Interpretation

1.1 Cookies Defined

For the purposes of this Policy, "Cookies" shall mean small text files containing alphanumeric identifiers that are placed on and stored in the terminal equipment (including but not limited to computers, tablets, and mobile devices) of users accessing the Website. Cookies serve to distinguish individual users and facilitate the storage and retrieval of user preferences and session information.

1.2 Similar Technologies

This Policy applies equally to cookies and similar tracking technologies, including but not limited to web beacons, pixels, local storage objects, and other identifiers that function in a comparable manner to store or access information on a user's device.

2. Legal Basis and Compliance

2.1 Applicable Legislation

The Company's use of cookies is governed by and compliant with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, "GDPR");
• Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive), as amended by Directive 2009/136/EC;
• All applicable national implementations of the aforementioned EU legislation.

2.2 Processing Principles

All personal data collected through cookies shall be processed in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality as set forth in Article 5 of the GDPR.

3. Purpose and Use of Cookies

3.1 General Purpose

The Company deploys cookies on the Website for the following purposes:

1. To ensure the proper functioning and security of the Website;
2. To maintain session continuity and user authentication;
3. To analyze Website usage patterns and optimize user experience;
4. To collect aggregated statistical data regarding visitor behavior.

3.2 Consent Requirement

Pursuant to Article 5(3) of the ePrivacy Directive and Article 6(1)(a) of the GDPR, the Company shall not deploy non-essential cookies on a user's device without first obtaining the user's freely given, specific, informed, and unambiguous consent through a clear affirmative action.

4. Categorization of Cookies

5. Consent Mechanism and User Choices

5.1 Initial Consent

Upon the data subject's first access to the Website, a consent management interface shall be presented prior to the deployment of any non-essential cookies. The data subject shall be provided with the following options:

• Accept All Cookies — Provide consent for all cookie categories, including analytics and performance cookies;
• Reject Non-Essential Cookies — Decline consent for non-essential cookies while allowing strictly necessary cookies required for Website functionality;
• Manage Cookie Preferences — Exercise granular control over specific cookie categories through the preference management interface.

5.2 Withdrawal of Consent

In accordance with Article 7(3) of the GDPR, data subjects retain the right to withdraw previously granted consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Users may modify or withdraw their cookie preferences at any time by accessing the "Cookie Settings" functionality available on this page.

5.3 Consent Characteristics

All consent obtained shall meet the requirements established by the GDPR, specifically:

• Freely given — No detriment shall result from the refusal to consent to non-essential cookies;
• Specific — Consent shall be obtained separately for each distinct purpose;
• Informed — Clear and comprehensive information regarding cookie usage shall be provided;
• Unambiguous — Consent shall be indicated through a clear affirmative action; silence, pre-ticked boxes, or inactivity shall not constitute valid consent.

6. Data Subject Rights

6.1 Rights Under GDPR

Data subjects whose personal data is processed through cookies are entitled to exercise the following rights pursuant to Chapter III of the GDPR:

1. Right of Access (Article 15) — To obtain confirmation as to whether personal data is being processed and, where applicable, access to such data and information regarding processing activities;
2. Right to Rectification (Article 16) — To obtain without undue delay the rectification of inaccurate personal data;
3. Right to Erasure (Article 17) — To obtain the erasure of personal data under specified conditions, including withdrawal of consent;
4. Right to Restriction of Processing (Article 18) — To obtain restriction of processing under specified circumstances;
5. Right to Data Portability (Article 20) — To receive personal data in a structured, commonly used, and machine-readable format;
6. Right to Object (Article 21) — To object at any time to the processing of personal data for legitimate interests or direct marketing purposes;
7. Right to Withdraw Consent (Article 7(3)) — To withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6.2 Exercise of Rights

Data subjects may exercise their rights by submitting a request to the Company's Data Protection Officer using the contact information provided in Section 10 of this Policy.

7. Browser-Level Cookie Controls

7.1 Technical Controls

Data subjects may exercise control over cookie deployment through browser-level configurations. The Company hereby informs users that blocking or deleting cookies may impair Website functionality and restrict access to certain features.

Browser-specific cookie management instructions are as follows:

• Google Chrome: Settings → Privacy and security → Cookies and other site data
• Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data

7.2 Consequences of Cookie Blocking

The data subject is hereby informed that disabling or blocking all cookies, particularly strictly necessary cookies, may result in degraded Website functionality, including but not limited to the inability to maintain authenticated sessions, access secure areas, or utilize certain interactive features.

8. Third-Party Processing and Data Sharing

8.1 Third-Party Services

The Company does not disclose, sell, rent, or otherwise transfer personal data collected through cookies to third parties for marketing or advertising purposes. Where third-party service providers are engaged to provide analytics or other services that involve cookie deployment, such third parties shall:

1. Process personal data only on the documented instructions of the Company;
2. Comply with all applicable provisions of the GDPR and ePrivacy Directive;
3. Enter into appropriate data processing agreements pursuant to Article 28 of the GDPR;
4. Implement appropriate technical and organizational measures to ensure data security.

8.2 Data Anonymization

All analytics data collected through cookies shall be aggregated and anonymized to the extent that it can no longer be attributed to an identified or identifiable natural person. Such anonymized data falls outside the scope of the GDPR pursuant to Recital 26.

9. Data Retention and Storage

9.1 Retention Periods

The Company adheres to the following data retention principles in accordance with Article 5(1)(e) of the GDPR:

• Session Cookies: Automatically deleted upon termination of the browser session;
• Persistent Cookies: Retained for the duration specified in the tables in Section 4 of this Policy, unless deleted earlier by the data subject;
• Withdrawal of Consent: Upon withdrawal of consent for non-essential cookies, such cookies shall be deleted or rendered inactive without undue delay.

9.2 Manual Deletion

Data subjects may manually delete cookies at any time through their browser settings or through the Company's cookie preference management interface. Instructions for browser-level deletion are provided in Section 7 of this Policy.

10. Contact Information and Data Protection Officer

10.1 General Inquiries

For inquiries regarding this Cookie Policy or the Company's use of cookies, data subjects may contact:

Leyoda B.V.
Email: contact@leyoda.eu
Maastricht, The Netherlands

10.2 Data Protection Officer

For the exercise of data subject rights under the GDPR or other data protection inquiries, the Company's Data Protection Officer may be contacted at:

Email: contact@leyoda.eu

10.3 Supervisory Authority

Pursuant to Article 77 of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR.

11. Amendments to This Policy

11.1 Right to Amend

The Company reserves the right to amend, modify, or update this Cookie Policy at any time to reflect changes in legal requirements, technological developments, business practices, or operational necessities.

11.2 Notification of Material Changes

In the event of material changes to this Policy that affect data subjects' rights or the Company's cookie practices, the Company shall provide notice through one or more of the following methods:

• Prominent notification on the Website;
• Direct communication to registered users via email;
• Updated effective date displayed at the beginning of this Policy.

11.3 Continued Use

Continued use of the Website following the publication of an amended Cookie Policy shall constitute acknowledgment and acceptance of such amendments, subject to the requirement to obtain fresh consent for any new cookie categories or purposes not covered by previously granted consent.

12. Governing Law and Jurisdiction

12.1 Applicable Law

This Cookie Policy and all matters relating to its interpretation, validity, and enforcement shall be governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of law provisions, and in compliance with applicable EU regulations.

12.2 Dispute Resolution

Any disputes arising out of or in connection with this Cookie Policy shall be subject to the exclusive jurisdiction of the competent courts of Amsterdam, the Netherlands, without prejudice to the data subject's right to lodge a complaint with a data protection supervisory authority.

13. Severability

Should any provision of this Cookie Policy be determined to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from this Policy, and the remaining provisions shall continue in full force and effect to the maximum extent permitted by law.

14. Entire Agreement

This Cookie Policy, in conjunction with the Company's Privacy Policy, constitutes the entire agreement between the Company and data subjects regarding the use of cookies and similar tracking technologies on the Website.