Cookies policy

Effective from: May 05, 2026
Replaces the previous version dated April 28, 2025.

We have updated our Privacy Policy to better protect your data and ensure the reliability of our services. Recently, our servers have been targeted by DDoS attacks. To prevent this and guarantee uninterrupted access to our courses and tools, we have implemented advanced infrastructure protection. All our services now operate under Cloudflare protection. This system analyzes traffic in real-time to filter out malware and attacks. Most of these changes happen "under the hood." Your data remains secure, and we continue to apply the Privacy by Design principle (e.g., by hashing IP addresses in our applications). Thanks to these changes, our websites run faster and are resilient to intentional overload attempts.

This cookies policy applies to the following services: app.kocie.mba, edi.kocie.mba, adr-egzamin.pl, adr-polska.pl, damiankociemba.pl, dgsa-nederland.nl, learn.noviqa.group.

1. Data Controller and Contact
The controller of your personal data and the entity responsible for the use of cookies is DGSA drs. D. Kociemba, headquartered in Eindhoven, Spalaan 6, 5628 ZG, Netherlands, registered in the Dutch Chamber of Commerce (KVK) under number 95907130, holding VAT ID: NL005178103B20 (hereinafter referred to as the "Controller" or "We").

If you have any questions about how we use cookies or process data, you can contact us via e-mail at: damian@kocie.mba.

2. Your privacy is our priority
We care about your privacy and want you to feel safe when using our applications and services. We have taken rigorous steps to avoid directly identifying users. Our infrastructure is based on the Privacy by Design principle. For example, IP addresses in our analytical system are processed exclusively on an aggregated and anonymized level, making tracking a specific natural person practically impossible.

3. What are cookies and similar technologies?
We use cookies and similar technologies (such as Local Storage in your browser) that provide us with information about your device and store specific data on it. They are used to ensure the proper functioning of our services (e.g., remembering the selected language in the application), as well as to analyze how you use them, which allows us to improve them.

4. What cookies do we use?
Our services use technologies that can be divided into two main categories:

A. Strictly necessary cookies (Technical and Functional)
These files are absolutely crucial for the proper functioning of our application and services. Since they are necessary to provide the services you have explicitly requested (e.g., displaying the application in the appropriate language or maintaining a login session), you do not need to consent to them.
Within our services, we use, among others:

• UI Preferences (ADR / EDI Application): Variables in Local Storage, such as appLang (PL/EN language selection), theme (light/dark mode), and smartBannerDismissed (hiding the installation banner). They allow us to remember your choices so you do not have to repeat them on each visit.
  
  
• Session maintenance (Moodle): The MoodleSession file maintains the login session on the educational platform. Without it, using the courses after logging in would be impossible. The MOODLEID file remembers the username, supporting digital accessibility.
  
  
• Security and Payments (Stripe): On the adr-egzamin.pl service, we use the Stripe payment gateway. Stripe uses strictly necessary cookies (e.g., __stripe_mid) to prevent fraud (including defense against cross-site request forgery attacks) and to securely process transactions.

If you block or delete these files in your browser, our services will not function as intended (e.g., you will not be able to log in to the course or the application will reset your interface settings).

B. Privacy-First Analytics (Anonymized)
To improve our services, we analyze information about how you use them (e.g., how you use the ADR calculator or the tunnel search engine). We do this using the Matomo software, which we have installed on our own secure server in the European Union.

• No cookies (Cookieless): We have configured Matomo so that it does not save any persistent cookies on your device for statistical purposes.
  
  
• Anonymized IP: Your IP address is automatically masked, making it impossible for us to identify you personally. We process this data exclusively on an aggregated (collective) level.
  
  
• No transfer to third parties: Unlike popular external tools, your statistical data is not shared with any corporations and is not used to build advertising profiles.

C. Marketing Cookies
Currently, we do not use any marketing cookies, tracking pixels, or third-party remarketing tools.

5. Infrastructure security and abuse prevention (IP address processing)
We pay special attention to the distinction between anonymized analytics and the technical security of our systems. Although we do not process your full IP address for analytical purposes, logging and verifying network parameters (including IP addresses) at the server infrastructure level is technologically necessary. We process this data exclusively for security purposes, fraud protection, and maintaining the stability of services. This constitutes our legitimate interest (Art. 6(1)(f) GDPR).

Depending on the Service, we implement this in the following way:

• ADR Application and EDI Application (including API): the kocie.mba domain and its subdomains (app.kocie.mba, app.kocie.mba/api, and edi.kocie.mba) are protected by Cloudflare's security infrastructure. All network traffic (including IP addresses) is analyzed in real-time to protect against DDoS attacks and malicious software. If anomalies or unusual network traffic (unusual traffic) are detected, Cloudflare filters may automatically block access to our Services. Additionally, these services are subject to daily limits (so-called Rate Limiting). To enforce these limits and block automated attempts to download the database (web scraping), the server verifies the source of the request. However, with a view to maximizing your privacy, your IP address is instantly and irreversibly hashed (algorithmically encrypted) a fraction of a second after reaching the server. The API system counts available limits based solely on this anonymized character string, without storing original IP addresses in the query database;
  
  
• Moodle Platform: for security purposes, to verify the progress of training, and to prevent account takeovers (account takeovers), the e-learning platform records IP addresses in the system login logs of users by default;
  
  
• Other information and utility services: the websites adr-egzamin.pl, adr-polska.pl, damiankociemba.pl, and dgsa-nederland.nl use Cloudflare protection. In the event that unusual network traffic is detected (e.g., an attempt to overload the server), security systems may automatically block access to the site to guarantee availability for other users. Traffic data is processed solely for technical purposes and is not used to identify specific individuals for marketing purposes.

6. How can you manage your settings?

• Browser settings: By selecting the appropriate settings in your browser, you can block certain types of cookies. Your browser may automatically reject such files or inform you each time a website requests to save them. After your visit, you can also delete the persistent cookies saved on your device.
  
  
• Do Not Track (DNT): Our analytical system automatically respects the "Do Not Track" setting in your browser. If you enable this option, your visit will be completely ignored in our anonymous statistics.

7. Your rights
In accordance with GDPR provisions, you have the right to access your data, rectify it, erase it, restrict its processing, and the right to lodge a complaint with a supervisory authority (in the Netherlands, this is the Autoriteit Persoonsgegevens).

Due to the fact that our analytical infrastructure (Matomo) is fully anonymized and we do not store data in it that allows for user identification, the execution of certain rights (e.g., deletion of specific analytical data) may be impossible due to the objective lack of connection of logs with a specific natural person.