Cookie Policy

Cookie Policy (GDPR/ePrivacy‑only)

Last updated: 9 October 2025

Applies to: iienstitu.com (including relevant sub‑domains)

1) Who we are and how to contact us

This Cookie Policy explains how Enstitu OÜ (“we”, “us”, “our”) uses cookies and similar technologies on iienstitu.com. For the purposes of the EU General Data Protection Regulation (“GDPR”), IIENSTITU is the data controller of the personal data processed via cookies on this website.

Contact: support@iienstitu.com

2) What this policy covers

• the types of cookies and similar technologies we use (including pixels, tags, SDKs, localStorage and similar identifiers);

• the purposes for which we place them;

• the legal bases we rely on under the GDPR in conjunction with the ePrivacy Directive (2002/58/EC as amended); and

• how you can grant, refuse, or withdraw consent and exercise your rights.

Note: This policy is intended for users in the European Economic Area (EEA) and reflects GDPR/ePrivacy requirements. If you access the site from another jurisdiction, local rules may also apply.

3) What are cookies and similar technologies?

“Cookies” are small text files stored on your device when you visit a website. They can be first‑party (placed by us) or third‑party (placed by someone else, e.g., an analytics or advertising partner). Similar technologies include:

• Pixels/Tags: code snippets that load when you visit a page or perform an action;

• LocalStorage/SessionStorage/IndexedDB: browser storage mechanisms used for functionality and preferences;

• SDKs (in apps) and device identifiers.

4) Categories of cookies we use

• Strictly necessary cookies – essential to operate the site and provide services explicitly requested by you (e.g., page navigation, load balancing, security, authentication, shopping cart/checkout).

• Preferences/functional cookies – remember choices (e.g., language, layout) to enhance your experience.

• Performance/analytics cookies – help us measure and improve performance by collecting aggregate statistics (e.g., page views, load times).

• Advertising/marketing cookies – enable ad measurement, frequency capping, interest‑based advertising, and campaign attribution.

• Security/fraud‑prevention cookies – help prevent abuse, detect anomalies, and protect accounts.

5) Purposes and how we use them

• Service delivery & reliability: load balancing, session continuity, error tracking, and uptime monitoring.

• Preferences: retaining language settings or remembering you between sessions.

• Measurement & improvement: understanding which pages are popular, diagnosing technical issues, and improving content.

• Marketing & attribution: understanding whether our campaigns are effective and, where enabled, tailoring marketing to your interests.

• Security: helping identify suspicious activity.
  

6) Legal bases under GDPR (and how ePrivacy fits)

Under the ePrivacy rules, non‑essential cookies (e.g., analytics, marketing) require your prior consent. When such cookies lead to processing personal data under the GDPR, we rely on:

• Consent (GDPR Art. 6(1)(a)): for analytics, advertising and similar cookies where required by ePrivacy. You can withdraw consent at any time via the Cookie Preferences link in our footer (see Section 8).

  For cookies that are strictly necessary to provide the service you request, we do not require your consent under ePrivacy. The related personal data processing is based on:

• Legitimate interests (GDPR Art. 6(1)(f)): to operate a secure, reliable website and deliver requested content; and, where applicable,

• Performance of a contract (GDPR Art. 6(1)(b)): when cookies are needed to deliver features you request (e.g., enrolment checkout).

We do not rely on Art. 6(1)(e) (public task) or Art. 6(1)(d) (vital interests) for cookie‑based processing.

7) Cookies we set (illustrative inventory)

The exact list can change depending on the features you use. Your Preferences Center shows the current, binding list and states whether each category is active.

Replace or remove entries to match your actual tools. If you disable a service, its cookies will not be set (unless already stored by your browser from another site).

8) Managing consent and preferences

• Preferences Center (CMP): Use the “Cookie Preferences” link (site footer) to accept, reject, or fine‑tune cookie categories at any time.

• Withdraw consent: You can withdraw consent without detriment; your previous consent will remain valid until withdrawal and will not be retroactive.

• Browser controls: You may block or delete cookies via your browser settings.

• Global Privacy Control (GPC): If your browser sends a GPC signal, we will treat it as a general opt‑out/objection to non‑essential processing where reasonably detectable and applicable under EU law.

If you block or delete cookies, certain site features may not function as intended.

9) Retention

• Cookie files persist on your device for the durations shown in the Preferences Center.

• Consent records (proof of consent/refusal) are retained for no longer than 13 months, after which we will request consent again where required.

• Aggregated analytics are kept for periods necessary to produce and audit metrics and then are either deleted or anonymised.

10) Third parties and international transfers

Some cookies are placed by third‑party providers (e.g., analytics, advertising, CDN). When those providers process personal data for our purposes, they act as processors or joint controllers (depending on the tool and configuration).

Where data is transferred outside the EEA, we ensure appropriate safeguards, such as:

• Adequacy decisions by the European Commission; and/or

• Standard Contractual Clauses (SCCs), plus—where necessary—supplementary measures (e.g., encryption, pseudonymisation, access controls).

Information about specific recipients and transfer mechanisms is available through the Preferences Center or by contacting us.

11) Security

We implement appropriate technical and organisational measures to protect personal data collected via cookies, including access controls, transport encryption (TLS), and data minimisation.

12) Children’s data

Our services are not directed at children under the age specified in our Terms. We do not knowingly place non‑essential cookies on devices of children within the scope of the GDPR without appropriate consent mechanisms.

13) Profiling and automated decision‑making

We do not use cookie‑based profiling to make decisions that produce legal or similarly significant effects about you within the meaning of GDPR Art. 22. If we engage in interest‑based advertising, it is limited to segmentation for marketing relevance and can be disabled via Preferences.

14) Your GDPR rights

You have the following rights under the GDPR with respect to personal data processed through cookies:

• Access (Art. 15) – obtain a copy of your personal data;

• Rectification (Art. 16) – correct inaccurate or incomplete data;

• Erasure (Art. 17) – request deletion, subject to legal exceptions;

• Restriction (Art. 18) – limit processing in certain cases;

• Portability (Art. 20) – receive data you provided in a structured, commonly used, machine‑readable format;

• Objection (Art. 21) – object to processing based on legitimate interests, and object at any time to processing for direct marketing;

• Withdraw consent (Art. 7(3)) – at any time, without affecting the lawfulness of processing before withdrawal;

• Complaint – lodge a complaint with your local supervisory authority.

To exercise these rights, contact us at support@iienstitu.com . We may need to verify your identity and will respond within one month (extendable as permitted by the GDPR for complex requests).

15) How you can control cookies in your browser (quick links)

You can usually find cookie controls in your browser’s privacy/security settings (e.g., “Clear browsing data”, “Cookies and other site data”, “Do Not Track”). For guidance, visit your browser’s help pages (Chrome, Edge, Firefox, Safari, Opera) or use the Preferences Center on our site.

16) Updates to this policy

We may update this policy from time to time (for example, to reflect new cookies or legal requirements). We will post the updated version with a new “Last updated” date and, where appropriate, will seek your renewed consent.

17) Contact and supervisory authority

Controller: IIENSTITU - ENSTITU OÜ

Email: support@iienstitu.com

Postal address: Tallinn - Estonia

If you believe your privacy rights have been violated, you can contact us or your local Data Protection Authority. A list of EU supervisory authorities is available on the European Data Protection Board (EDPB) website.