COOKIE Policy
General
DECODE HQ d.o.o. is a technology company specialising in software development and the provision of IT services.
Controller
The Controller is DECODE HQ d.o.o., with its registered office in Zagreb, Radnička cesta 47, OIB (Personal Identification Number): 20903022276 (hereinafter: the Controller, or we, our, etc.).
Contact details of the Controller:
E-mail: gdpr@decode.agency
What are cookies and what do we use them for?
Cookies are small files that your browser saves on your computer or mobile device when you visit our Website (www.decode.agency). This enables our Website to recognize your device the next time you visit us.
Types of Cookies
- Cookies by duration
- Persistent cookies – Remain on the computer after closing the internet browser. The exact duration is shown in the table below.
- Temporary cookies (session cookies) – Removed from the computer upon closing the internet browser.
- Cookies by source
- First-party cookies – Originate from our Website. All cookies are ours (first-party), unless otherwise indicated in the table below.
- Third-party cookies – Originate from other websites.
- Cookies by function
- Strictly necessary cookies (Technical) – Always active and necessary for the functioning of our Website. They cannot be switched off in our systems. These cookies do not store any information that could identify you. In the table below, they are marked in bold.
- Functional cookies – Enable our Website to provide enhanced functionality and personalisation. They can be switched off.
- Statistical/analytical cookies – Enable recording of visits and traffic sources for the purpose of measuring and improving the performance of our Website. They can be switched off.
- Performance cookies – Used to understand and analyse key performance indicators of the website, which helps in providing a better user experience.
- Marketing/advertising cookies – Used to track users across websites and to display targeted advertisements.
Below is an overview of the cookies we use on our Website.
STRICTLY NECESSARY COOKIES (Technical)
Strictly necessary cookies are required to enable the basic functions of this site, such as secure login or adjusting consent preferences. These cookies do not store any personally identifiable data.
| NAME | DURATION | FUNCTION |
| __cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
| _lfa | 1 year | This cookie is set by the provider Leadfeeder to identify IP addresses of devices visiting the website, in order to retarget multiple users from the same IP address. |
| cookieyes-consent | 1 year | CookieYes sets this cookie to remember user consent preferences so that their preferences are respected on subsequent visits. It does not collect or store any personal data of the visitor. |
| wordpress_test_cookie | Session | WordPress sets this cookie to determine whether cookies are enabled in the users’ browsers. |
| wordpress_* | Session | WordPress sets this cookie when a user logs in to the WordPress administration. It stores user data for authentication, enabling access to the backend. |
| wordpress_sec_* | Session | WordPress sets this cookie to protect against hackers and to store account data. |
| wordpress_logged_in_* | Session | WordPress sets this cookie to indicate that you are logged in and who you are, for most interface uses. |
| wp-settings-* | Session | WordPress sets this cookie to preserve user wp-admin settings. |
| wp-settings-time-* | Session | WordPress sets this cookie to preserve user wp-admin settings. |
| wordpressuser_* | Session | WordPress sets this cookie to authenticate users and maintain their login session. It ensures that logged-in users can securely navigate the website. |
| wordpresspass_* | Session | WordPress sets this cookie for secure authentication of logged-in users. It stores an encrypted version of the password for verifying user credentials. |
| rc::a | Persistent | This cookie is set by the Google reCAPTCHA service to identify bots and protect the website from malicious spam attacks. |
| rc::c | Session | This cookie is set by the Google reCAPTCHA service to identify bots and protect the website from malicious spam attacks. |
| dd_cookie_test_* | 1 minute | Datadog Real User Monitoring (RUM) Browser SDK sets this cookie as a temporary cookie for testing cookie support. |
| tld | 1 minute | A test cookie that checks on which top-level domain (TLD) cookies should be set. It is used to determine the correct domain scope for other cookies (e.g. .decode.agency vs decode.agency). |
| _sn_tld_probe | 1 minute | Snitcher’s test cookie that checks on which domain it can set tracking cookies. Similar to tld, it is used for testing domain scope before setting the main tracking cookies. |
| X-CSRF-TOKEN | Session | Cross-Site Request Forgery token. A security cookie that protects against CSRF attacks by verifying that requests originate from legitimate users. Critical for web application security. |
| cf_clearance | 1 minute | Set by Cloudflare after a user passes a security check (challenge/CAPTCHA). It prevents the need for repeated checks during the session. Part of Cloudflare Bot Management and DDoS protection. |
FUNCTIONAL COOKIES
Functional cookies help to perform certain functionalities such as sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
| NAME | DURATION | FUNCTION |
| lidc | 1 day | LinkedIn sets the lidc cookie to facilitate data centre selection. |
| li_gc | 6 months | LinkedIn sets this cookie to store visitor consent regarding the use of cookies for non-essential purposes. |
| wp-wpml_current_language | Session | The WordPress multilingual plugin sets this cookie to store the current language/language settings. |
| sp_t | 1 year | The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and records information about user interaction with the audio content. |
| sp_landing | 1 day | The sp_landing cookie is set by Spotify to implement audio content from Spotify on the website and records information about user interaction with the audio content. |
| ytidb::LAST_RESULT_ENTRY_KEY | Persistent | YouTube uses this cookie to store the last search result the user clicked on. This information is used to improve the user experience by providing more relevant search results. |
| yt-remote-session-name | Session | YouTube uses this cookie to store user video player preferences for embedded YouTube videos. |
| yt-remote-fast-check-period | Session | YouTube uses this cookie to store user video player preferences for embedded YouTube videos. |
| yt-remote-session-app | Session | YouTube uses this cookie to store user preferences and information about the embedded YouTube video player interface. |
| yt-remote-cast-available | Session | This cookie is used to store user preferences about the availability of casting on their YouTube video player. |
| yt-remote-cast-installed | Session | This cookie is used to store user video player preferences for embedded YouTube videos. |
ANALYTICS COOKIES
Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
| NAME | DURATION | FUNCTION |
| _gcl_au | 3 months | Google Tag Manager sets this cookie to experiment with the advertising efficiency of websites using their services. |
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and to track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors. |
| _gid | 1 day | Google Analytics sets this cookie to store information about how visitors use the website, while also creating an analytics report of the website’s performance. |
| _gat_UA-* | 1 minute | Google Analytics sets this cookie to track user behaviour. |
| _hjSessionUser_* | 1 year | Hotjar sets this cookie to ensure that data from subsequent visits to the same site is attributed to the same user ID. |
| _hjSession_* | 1 hour | Hotjar sets this cookie to ensure that data from subsequent visits to the same site is attributed to the same user ID. |
| prism_* | 1 month | ActiveCampaign sets this cookie to track and store interactions. |
| _fbp | 3 months | Facebook sets this cookie to display advertisements when the user is on Facebook or on a digital platform powered by Facebook advertising after visiting the website. |
| UID | 1 year 1 month 4 days | Scorecard Research sets this cookie for browser behaviour research. |
| utm_campaign | Persistent | Google Ad Services sets this cookie to store the session campaign value if present. |
| utm_source | Persistent | This cookie is used to record where the visitor originally came to the website from. This information is used by the site operator to understand the effectiveness of their marketing. |
| sid | 1 year 1 month 4 days | The sid cookie contains digitally signed and encrypted records of the Google account ID of the user and the most recent sign-in time. |
| mp_*_mixpanel | Persistent | Mixpanel sets this cookie to determine how users use the website in order to provide a good user experience. |
| _gh_sess | Session | GitHub sets this cookie for temporary application and framework state between pages, such as the step the user is on in a multi-step form. |
| snitcher_device_id | Session | Set by Snitcher (a B2B visitor identification tool). It identifies the visitor’s device and tracks B2B companies visiting the website through IP addresses. Used for lead generation and retargeting of B2B clients. |
PERFORMANCE COOKIES
Performance cookies are used to understand and analyze key performance indicators of the website, which helps in delivering better user experience for the visitors.
| NAME | DURATION | FUNCTION |
| ac_enable_tracking | 1 month | ActiveCampaign sets this cookie to indicate that traffic is enabled for the website. |
| _uetsid | 1 day | Bing Ads sets this cookie to engage users who have previously visited the website. |
| _uetvid | 1 year 24 days | Bing Ads sets this cookie to engage users who have previously visited the website. |
| dd_anonymous_id | Session | Set by Datadog (a monitoring and analytics platform). It assigns an anonymous ID to each user for tracking site performance, error tracking, and user behaviour analytics. Datadog uses it to monitor user experience without identifying personal data. |
ADVERTISING COOKIES
Advertising cookies are used to provide visitors with customised advertisements based on the pages you have previously visited and to analyse the effectiveness of advertising campaigns.
| NAME | DURATION | FUNCTION |
| test_cookie | 15 minutes | doubleclick.net sets this cookie to determine whether the user’s browser supports cookies. |
| bcookie | 1 year | LinkedIn sets this cookie from the LinkedIn share button and ad tags to recognise browser IDs. |
| MUID | 1 year 24 days | Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. It is used for advertising, site analytics and other operations. |
| YSC | Session | YouTube sets this cookie to track views of embedded videos on YouTube pages. |
| VISITOR_INFO1_LIVE | 6 months | YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface. |
| yt-remote-device-id | Persistent | YouTube sets this cookie to store user video preferences for embedded YouTube videos. |
| yt.innertube::requests | Persistent | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has viewed. |
| yt.innertube::nextId | Persistent | YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has viewed. |
| yt-remote-connected-devices | Persistent | YouTube sets this cookie to store user video preferences for embedded YouTube videos. |
| utm_medium | Persistent | This cookie is used to record where the visitor originally came to the website from. This information is used by the site operator to understand the effectiveness of their marketing. |
| _rdt_uuid | 3 months | Reddit sets this cookie to build a profile of your interests and show you relevant advertisements. |
| IDE | 1 year 24 days | Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile. |
| id5 | 3 months | ID5 sets this cookie for the visitor, which enables third-party advertisers to target the visitor with relevant advertisements. This matching service is provided through third-party advertising hubs. |
| _pubcid | Persistent | This cookie is used for more relevant advertising on the website. It collects data based on visitor behaviour and optimises the website. |
| leadgenie_session | Session | Set by Apollo.io (a B2B sales intelligence and lead generation platform). It tracks the user’s session and identifies B2B companies/leads visiting the site. Used for sales prospecting and lead scoring. |
UNCATEGORISED COOKIES
Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category.
| NAME | DURATION | FUNCTION |
| _lfa_test_cookie_stored | Less than a minute | Description not currently available. |
| initial_referrer | Persistent | Description not available. |
| referrer | Persistent | Description not available. |
| utm_date | Persistent | Description not available. |
| _cfuvid | Session | Description not currently available. |
| VISITOR_PRIVACY_METADATA | 6 months | YouTube sets this cookie to store the user’s cookie consent state for the current domain. |
| loglevel | Persistent | Description not available. |
| _rdt_em | 3 months | Description not currently available. |
| __Secure-ROLLOUT_TOKEN | 6 months | Description not currently available. |
| __Secure-YEC | Expired | Description not currently available. |
| __Secure-YNID | 6 months | Description not currently available. |
| akaas_aud-seg-ocom-prod | Session | Description not available. |
| wp-postpass_* | Expired | Description not currently available. |
| _octo | 1 year | Description not available. |
| logged_in | 1 year | Description not available. |
Data Subject Rights
For all enquiries related to the exercise of your rights (concerning personal data, which includes cookies), please contact us using the contact details provided at the beginning of this document. We will comply with your request free of charge. We will respond to your enquiries and requests within 30 days. If for any reason we are unable to fulfil your request, we will send you an explanation as to why we were unable to comply.
Subject to the conditions set out in the GDPR, as well as the actual circumstances of your enquiry, you have a number of rights which we describe below, and which we will fulfil to the extent that it is technically possible given the specific nature of cookies:
If you wish to know whether we hold and process your personal data (and what data that is and what we do with it), or if you wish to access the personal data we hold about you, please contact us using the contact details provided at the beginning of this document (right of access).
You have the right to rectify the personal data we hold if it is inaccurate or needs to be updated.
Under certain circumstances, subject to certain exceptions, you may request that we erase your data or cease processing it. Please bear in mind that erasure may prevent us from providing certain services or may diminish the quality thereof.
You also have the right to restriction of processing, e.g. if some of the data being processed is inaccurate, but at the same time you do not wish the data to be erased but rather to restrict its use.
In addition to the right of access, you may also exercise the right to data portability. This means that we transfer your data to you in a structured, commonly used, machine-readable format.
You have the right to object (among other things) if we process your data for the performance of a task carried out in the public interest or in the exercise of official authority, or if we rely on our legitimate interests when processing your data.
If the processing is based on your consent, you may withdraw it at any time. The withdrawal of your consent shall only have effect for future processing. Processing carried out prior to the withdrawal of consent shall remain lawful.
If you are not satisfied with our response to your enquiry, or if you have not received a response within 30 days of submitting your request, you have the right to lodge a complaint with the supervisory authority, i.e. the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka). A request for establishing an infringement of rights may be submitted to the Agency: (i) in person (orally, on the record), or (ii) in writing to the address: Agencija za zaštitu osobnih podataka, Ulica Metela Ožegovića 16, 10 000 Zagreb, or (iii) by completing the online form on the Agency’s website (www.azop.hr), or (iv) by e-mail: azop@azop.hr, or (v) by fax to: 01/ 46-090-99.
Please note that we have the right, if your requests are manifestly unfounded (even if only one is) or excessive, particularly because of their repetitive character: (a) to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) to refuse to act on the request.
Changes to our Privacy Policy
In the event of changes to this Policy, we will notify you thereof on this page.