Cookie Policy
Last Update: december 2025
This Cookie Policy explains what cookies are, how they are used by the Balog & Stoica – Attorneys at Law (“the Firm”, “we”), and what your rights are in relation to them.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, phone, tablet) when you visit a website. They allow the website to recognize your device and store information about the user’s preferences or past actions.
2. Types of Cookies Used
Our website uses strictly necessary session cookies required for the proper functioning of the site. These cookies are essential for the security and functionality of the contact form.
Strictly Necessary Cookies (no consent required)
These cookies are essential for the operation of the website and cannot be disabled in our systems. They are used only in response to your actions, such as completing the contact form.
| Cookie Name | Purpose | Duration | Domain |
|---|---|---|---|
PHPSESSID |
Maintains the user session for:
|
Session (automatically deleted when the browser is closed) | balog-stoica.com |
3. Security Features of Our Cookies
The cookies used on our website benefit from the following security measures:
- HttpOnly – The cookie cannot be accessed via JavaScript, preventing XSS (Cross-Site Scripting) attacks;
- Secure – The cookie is transmitted only through encrypted HTTPS connections;
- SameSite=Strict – The cookie is not sent in cross-site requests, offering additional protection against CSRF;
- No personal data – The cookie contains only a random session identifier, not personal information.
4. Data Collected Through Cookies
The session cookie does not collect identifiable personal data. The only information stored includes:
- A unique random identifier (e.g., a1b2c3d4e5f6...););
- The CSRF token is generated to protect the form;
- Form submission timestamps (for spam limitation).
This information is stored temporarily on the server and is not shared with third parties.
5. Purpose and Legal Basis for Using Cookies
Purpose:
- Security: Preventing cyberattacks (CSRF, spam, request flooding);
- Functionality: Ensuring the proper functioning of the contact form;
- Integrity: Maintaining session integrity across pages.
Legal basis:
According to Art. 5(3) of the ePrivacy Directive (2002/58/EC) and Romanian legislation on electronic communications, strictly necessary cookies required for providing a service explicitly requested by the user do not require consent.
Our session cookies fall under this category because they are indispensable for:
- Operating the contact form requested by the user;
- Protecting against security threats;
- Complying with legal data security obligations (GDPR).
6. Storage Duration
The session cookie is temporary and has the following characteristics:
- Created: Upon the first visit to the website or when accessing the contact form;
- Automatically deleted: When you close your browser;
- Non-persistent: It does not remain on your device after closing the browser;
- Server-side data: Session information stored on the server is deleted after 24 hours of inactivity.
7. Managing Cookies
Manual deletion
Although session cookies are deleted automatically, you may delete them manually at any time from your browser settings:
- Google Chrome: Settings → Privacy and security → Cookies and other site data → See all cookies → Delete
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data → Delete
- Safari: Preferences → Privacy → Manage Website Data → Delete
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
Blocking cookies
Warning: If you block session cookies in your browser settings, the contact form will not function, as these cookies are essential for its security.
8. Third-Party Cookies – Google Maps
8.1. Google Maps (Consent-Based Only)
The website integrates the Google Maps service on the contact page to help you locate our office. Google Maps loads only after you provide explicit consent via the cookie banner or by pressing the map-loading button.
Important: Without your consent, Google Maps will not load, and no Google cookies will be set. You may view our address in text format without accepting cookies.
8.2. Google Maps Cookies
After providing consent, Google Maps sets numerous cookies for functionality, authentication, and advertising. These include:
Important Note: Google Maps integrates with the entire Google ecosystem, including cookies related to Google accounts, advertising, and analytics. Even if you do not have a Google account, some tracking and advertising cookies will still be set.
Authentication and Session Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| SID | Google account session identifier | 2 years |
| HSID | Session hash for security | 2 years |
| SSID | Secure session identifier | 2 years |
| APISID | Google API authentication | 2 years |
| SAPISID | Secure API authentication | 2 years |
| __Secure-1PSID | Secure session (same-site) | 2 years |
| __Secure-3PSID | Secure session (cross-site) | 2 years |
| __Secure-1PAPISID | Secure API auth (same-site) | 2 years |
| __Secure-3PAPISID | Secure API auth (cross-site) | 2 years |
| SIDCC | Session continuation | 1 year |
| __Secure-1PSIDCC | Secure session continuation (same-site) | 1 year |
| __Secure-3PSIDCC | Secure session continuation (cross-site) | 1 year |
| __Secure-1PSIDTS | Session timestamp (same-site) | Session |
| __Secure-3PSIDTS | Session timestamp (cross-site) | Session |
Tracking and Advertising Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| NID | User preferences, customized ads, analytics | 6 months |
| __Secure-ENID | Enhanced tracking identifier | 1 year |
| AEC | Anti-abuse, security, and fraud prevention | 6 months |
| OTZ | Analytics and aggregated statistics | 1 lună |
Technical Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| SOCS | Stores Google cookie-consent status | 1 year |
| SEARCH_SAMESITE | SameSite security attribute | 6 months |
Legal basis for all cookies: Your explicit consent (Art. 6(1)(a) GDPR).
Please note: The number and types of cookies may vary depending on:
- Whether you are logged into a Google account
- Your Google account settings
- Your geographic region
- The version of the Google Maps service
8.3. Data Transmitted to Google
When you load Google Maps, the following data are transmitted to Google LLC (USA):
- IP address (device identification)
- Browser and operating system information
- Date and time of access
- Referrer page
- Map interactions (zoom, movement, etc.)
8.4. International Data Transfer
Important: Your data is transferred to the United States of America, , which does not provide a GDPR-equivalent level of protection. Google relies on the European Commission’s Standard Contractual Clauses (SCCs) to safeguard such transfers; however, U.S. authorities may have access to your data under certain circumstances.
8.5. Purpose of Use
Google uses data collected via Google Maps for:
- Providing the interactive mapping service
- Improving Google services
- Personalising Google advertising
- Analysing user behaviour
- Measuring the effectiveness of advertisements
8.6. Withdrawal of Consent
You may withdraw your consent for Google Maps at any time by:
- Opening the cookie banner (“Cookie Settings” button in the footer)
- Disabling the Google Maps option
- Deleting cookies in your browser
- Using your browser’s private/incognito mode
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
8.7. Further Information
For full details on how Google processes your data:
- Google Privacy Policy: https://policies.google.com/privacy
- Google Cookies Policy: https://policies.google.com/technologies/cookies
- Google Maps Terms: https://www.google.com/intl/ro_ro/help/terms_maps/
8.8. Other Third-Party Cookies
Apart from Google Maps, the website does not use any other third-party cookies (e.g., Google Analytics, Facebook Pixel, advertising, or remarketing cookies).
If such services are implemented in the future, this policy will be updated accordingly, and your explicit consent will be requested for each cookie category.
9. Your Rights Under the GDPR
Although session cookies do not collect identifiable personal data, you have the following general rights regarding data processed through the website:
- The right to access information about data processing;
- The right to rectify inaccurate data;
- The right to erasure (“the right to be forgotten”);
- The right to restrict processing;
- The right to complain to the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro).
10. Changes to the Cookie Policy
The Firm reserves the right to update this Cookie Policy to reflect:
- Changes in the technology used;
- Legislative updates (GDPR, ePrivacy);
- The implementation of new website functionality.
The updated version will be published on this page, with the date of the latest update indicated.
11. Contact
For questions about this Cookie Policy or the use of cookies on our website, you may contact us at:
Balog & Stoica – Attorneys at Law
E-mail: office@balog-stoica.com
Telephone: +40 747 486 549 / +40 754 503 681
Address: 19 Stockholm Street, 011786 Bucharest, Romania