Cookie Policy

Effective date: 04 October 2025
Company: Blossom d.o.o., Safvet-bega Bašagića 38a, 71000 Sarajevo, Bosnia and Herzegovina
Company ID: 420282225170002
Contact: info@blossomdoo.com

---

1) About this Policy

This Cookie Policy explains how Blossom d.o.o. (“Blossom”, “we”, “us”) uses cookies and similar tracking technologies on tours.blossomdoo.com (the “Site”). It should be read together with our Privacy Policy.

We use a consent management platform (CMP) to collect and store your choices. Except for strictly necessary cookies, we will set cookies only after you grant consent via our banner or settings. You can change your choices at any time.

---

2) What are cookies and similar technologies?

• Cookies are small text files placed on your device by websites you visit.
• Similar technologies include SDKs, pixels, tags, local storage, device identifiers, and techniques used by embedded content (e.g., YouTube, social media widgets).

These tools help operate the Site, measure usage, remember preferences, prevent fraud, and (with consent) personalise content and ads.

---

3) Categories of cookies we use

We classify cookies as follows. Your banner shows the current status and lets you turn each category on/off:

1. Strictly Necessary (Always On) – essential for the Site to function (security, load balancing, consent logging, shopping cart, form submissions). These do not require consent.
2. Preferences – remember your choices (language, region).
3. Statistics/Analytics – help us understand how visitors use the Site so we can improve it (e.g., GA4 configured to respect your consent).
4. Marketing/Advertising – used to show relevant ads and measure marketing effectiveness (e.g., Meta Pixel), and for retargeting where enabled.
5. Social & Embedded Content – third‑party content (e.g., maps, videos) that may set cookies or read device identifiers when you interact with them.

Non‑essential categories (2–5) are off by default until you consent.

---

4) Legal basis and your choices

Under BiH Personal Data Protection Law (Sl. glasnik BiH 12/25) aligned with GDPR, non‑essential cookies require your prior consent, which must be freely given, specific, informed and unambiguous. You can withdraw consent at any time via the banner/settings without affecting the lawfulness of processing before withdrawal.

Where cookies are strictly necessary to provide a service you request (e.g., security, cart, login), we rely on legitimate interest or the performance of a contract instead of consent. See our Privacy Policy for more on legal bases.

---

5) How we collect, store, and prove consent

• Our banner provides granular choices (per category) and a link to “Cookie Settings”.
• We keep a consent log (timestamp, categories chosen, version of banner), stored securely for audit purposes.
• If you are under 16, we do not use non‑essential cookies unless a parent/guardian consents via appropriate verification.

---

6) Google Consent Mode v2 (where applicable)

If you interact with Google services on our Site, we use Consent Mode v2 so Google tags adjust their behaviour based on your choices. When consent is denied, tags are limited and use consent‑state “pings” instead of personal cookies; when consent is granted, tags operate normally. This helps us respect your preferences while maintaining basic measurement.

---

7) Third‑party cookies and international transfers

Some cookies/pixels are set by third parties (e.g., Google, Meta, YouTube, Hotjar, payment and anti‑fraud providers). These providers may process data on servers outside BiH/EU. When such transfers occur, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and assess risks as described in our Privacy Policy.

You can find links to key third‑party policies here:

• Google: https://policies.google.com/technologies/partner-sites
• Meta: https://www.facebook.com/privacy/policy
• Hotjar: https://www.hotjar.com/legal/policies/privacy/
• YouTube: https://policies.google.com/privacy

---

8) Cookie retention

Cookies are either session (deleted when you close your browser) or persistent (stored until they expire or you delete them). Retention varies by cookie; our banner/scan lists the current names, providers, purposes, and lifetimes.

---

9) Managing cookies

You can manage your choices any time via Cookie Settings on our banner. You can also manage cookies through your browser:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/kb/enable-and-disable-cookies-website-preferences
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471
• Edge: https://support.microsoft.com/topic/8e018ed6-0263-4f7b-8f4a-28d80823d968

Blocking all cookies may affect Site functionality.

---

10) Current list of cookies

Our CMP performs periodic cookie scans. The dynamic list of cookies (name, provider, purpose, expiry, type) is displayed in the banner’s “Details” or “Cookie Settings” panel. Because third‑party providers can change their cookies at any time, this is the authoritative list.

---

11) Children

We do not knowingly use non‑essential cookies for users under 16 without verifiable parental consent. If you believe a child has provided consent improperly, please contact us so we can take appropriate action.

---

12) Updates to this Policy

We may update this Policy to reflect changes in technologies, law, or our services. The “Effective date” above shows when it last changed. Significant changes will be highlighted in the banner or on this page.

---

13) Contact

Questions about this Policy or your choices? Contact our privacy team at info@blossomdoo.com or write to:
Blossom d.o.o.
Safvet-bega Bašagića 38a, 71000 Sarajevo, Bosnia and Herzegovina