Cookie Policy
Cookie Policy
Operator: Class RDA Impex SRL · Application: 4PRO Version: v2.1 · Effective from: 31 May 2026
What are cookies
Cookies are small text files that a website or web application places in your browser or device when you access it. They allow the application to recognise your session, remember your preferences, and function correctly.
In addition to cookies themselves, 4PRO may also use similar technologies: localStorage / sessionStorage (local browser storage), tracking pixels (in transactional emails), and server-side session identifiers.
This Cookie Policy complements the operator's Privacy Policy, which describes in full how we process your personal data.
What cookies we use
Strictly necessary cookies (essential)
These cookies are indispensable to the functioning of the application and cannot be disabled. They do not store personal data beyond what is strictly required for functionality.
| Name | Purpose | Duration | Type |
|---|---|---|---|
legal_admin_token | Authenticated admin session (HMAC-signed, HttpOnly) | 8 hours | HttpOnly, Secure, SameSite=Strict |
session_token | Authenticated user session (4PRO application) | As per account settings (max. 30 days) | HttpOnly, Secure, SameSite=Lax |
csrf_token | Protection against Cross-Site Request Forgery attacks | Session | SameSite=Strict |
locale_pref | Interface display language (required for correct page rendering) | 1 year | SameSite=Lax |
ePrivacy basis: these cookies are exempt from consent under Art. 5(3) of the ePrivacy Directive (transposed by Art. 4(5)(b) of Romanian Law No. 506/2004), being strictly necessary to provide the service you have explicitly requested. GDPR basis for the associated processing: legitimate interests (Art. 6(1)(f) GDPR) — security and proper operation of the service.
Functionality cookies
These remember your preferences to personalise your experience. They are placed only after you have given your consent via the cookie banner.
| Name | Purpose | Duration | Type |
|---|---|---|---|
theme_pref | Visual theme (light/dark mode) | 1 year | SameSite=Lax |
onboarding_state | Your progress through the registration process | Session | SameSite=Lax |
ePrivacy + GDPR basis: your prior consent (Art. 5(3) ePrivacy Directive / Art. 4(5) Law 506/2004, read together with Art. 6(1)(a) GDPR), given via the cookie banner. You may withdraw consent at any time, as easily as you gave it.
Analytics cookies
These help us understand how the Service is used so that we can improve it. Data is collected in pseudonymised or anonymised form. These cookies are placed only after your consent has been obtained.
| Tool | Purpose | Duration | Processing location |
|---|---|---|---|
| Internal analysis (pseudonymised server logs) | Number of visits, popular pages, errors | 12 months | EU |
We do not currently use Google Analytics, Facebook Pixel, or other third-party marketing trackers. If this changes, you will be notified and will be able to update your consent.
Legal basis: your prior consent (Art. 5(3) ePrivacy Directive / Art. 4(5) Law 506/2004, read together with Art. 6(1)(a) GDPR). Any non-essential cookie requires prior consent before placement — legitimate interests is not a valid basis for analytics or marketing cookies (CJEU C-673/17 Planet49; EDPB Opinion 5/2019).
Marketing and retargeting cookies
We do not currently use marketing or retargeting cookies. If we introduce such technologies, the consent banner will be updated and you will be able to opt in independently, on the basis of prior consent.
Managing your consent
On your first visit
When you first access the Service, you will see a consent banner that allows you to:
- Accept all categories (essential + functionality + analytics);
- Manage preferences individually, by category;
- Reject non-essential cookies (functionality + analytics).
The "Reject all" button is displayed with the same visibility and at the same level of accessibility as the "Accept all" button — refusing is just as easy as accepting. We do not use cookie walls and do not condition access to the Service on accepting non-essential cookies; refusing carries no detriment to you (in line with EDPB Guidelines 03/2022 on deceptive design patterns). Non-essential cookies are only placed after a clear affirmative action from you.
Your choices are stored in localStorage and respected throughout the session and for future visits, until you change them or clear your browsing data.
From the application settings
You may change your preferences at any time from Settings → Privacy → Cookie Preferences.
From your browser
You can manage cookies directly from your browser:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy
- Edge: Settings → Cookies and site permissions
Note: disabling essential cookies will affect authentication and other core features of the application.
Third-party cookies and technologies
The third-party providers we work with may place their own cookies (only to the extent permitted by your consent preferences):
| Provider | Purpose | Privacy policy |
|---|---|---|
| Stripe (if payment features are active) | Payment security, fraud prevention | https://stripe.com/privacy |
| Meta / WhatsApp Business API | Delivery of WhatsApp notifications | https://www.facebook.com/privacy/policy/ |
These providers operate under their own privacy policies. Where a third-party provider involves a transfer of data to a country outside the European Economic Area (for example, the United States), the transfer is carried out under a mechanism provided by Art. 46 GDPR: the EU-US Data Privacy Framework, where the recipient is DPF-certified, or the EU Standard Contractual Clauses (Commission Decision (EU) 2021/914). The application's operator is a Romania/EU entity; third-country exposure arises solely at the level of these providers/processors, not at the level of the controller.
Tracking pixels in emails
Our emails may contain a 1×1px pixel that informs us whether and when the email was opened. This is an open-tracking technology, not a mere delivery confirmation, and it relies on your consent (or, for strictly transactional emails, on the necessity of performing the service). You can control this tracking by disabling automatic image loading in your email client.
Consent refresh
Consent for non-essential cookies is not permanent: we will ask for your consent again periodically (typically after 6 months) or whenever there is a material change to the cookie categories or third-party providers.
Policy updates
This policy may be updated periodically. Significant changes (the addition of new cookies or categories) will be communicated by updating the consent banner, so you can renew or revoke your preferences.
Contact
For questions about cookies and privacy, contact the DPO at dpo@4pro.io.
Automatically generated by Legal Hub · Version v2.1 · Effective from 31 May 2026