1. Introduction

This Cookie Policy (“Policy”) explains how MARKOEU OÜ (“Company”) uses cookies and similar tracking technologies on its website https://endngo.com (“Website”). It is issued in compliance with Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy Directive) as transposed in Estonia by the Elektroonilise side seadus, and the guidelines of the European Data Protection Board (EDPB) on consent and cookies. This Policy should be read together with the Privacy Policy at https://endngo.com/privacy-policy.

2. What Are Cookies?

Cookies are small text files placed on a User’s device by the website they are visiting. Similar technologies used by the Website include web beacons (pixel tags), local storage objects, session tokens, and device fingerprinting techniques (where such technologies are used, they are applied in compliance with applicable law and, where required, subject to User consent). These technologies may be: (a) first-party (placed directly by endngo.com) or third-party (placed by third-party service providers integrated into the Website); and (b) session cookies (deleted automatically when the browser is closed) or persistent cookies (retained on the device for a specified period).

In practice, most Users interact with the Website using default settings, and detailed cookie preferences are adjusted only where necessary.

3. Cookie Categories

Category	Legal Basis	Type / Party	Purpose	Duration
Strictly Necessary	Legitimate Interest (no consent required)	Session; First-party	These cookies are essential for core functionality and are typically used for login sessions, checkout processes, and basic security.Session management; user authentication; shopping cart; CSRF protection; checkout fraud detection	Session / max 24 hours
Performance and Analytics	User Consent	Persistent; 1st and 3rd party	In practice, analytics data is used in aggregated form to understand general usage patterns rather than individual behaviour. Aggregated usage statistics; page performance metrics; error tracking (data pseudonymised or anonymised)	Up to 12 months
Functional	User Consent	Persistent; First-party	Typically, these cookies improve convenience by remembering user preferences such as language or currency. Language preference; currency selection; previously viewed items; accessibility preferences	Up to 12 months
Social Login	User Consent (on OAuth initiation)	Session; Third-party	Authentication state management for third-party OAuth sign-in; only placed if User initiates social login	Session only
Marketing and Targeting	Not currently deployed	N/A	The Company does not currently use behavioural advertising cookies. If deployed in future, this Policy will be updated and fresh consent obtained.	N/A

4. Consent

4.1 How Consent is Obtained

On the User’s first visit to the Website, a Consent Management Platform (CMP) banner is displayed. Strictly necessary cookies are activated on the basis of legitimate interest and do not require consent. All other cookie categories are deactivated by default. The User must affirmatively and actively select the categories they consent to before those cookies are placed.

4.2 Consent Standards

Consent obtained through the CMP is: (a) granular- the User may accept or reject each non-essential category independently; (b) freely given – refusing non-essential cookies does not prevent access to the Website or its core functions; (c) informed – full details of each category are available in this Policy and in the CMP; (d) documented – consent records including timestamp and selected preferences are stored; and (e) renewable – Users are re-prompted for consent at intervals not exceeding twelve (12) months, or earlier where the purposes of processing materially change.

5. Do-Not-Track Signals

Some browsers transmit a “Do Not Track” (DNT) header signal. As the European Data Protection Board has not issued a harmonised interpretation of the legal significance of DNT signals under EU law, the Company does not currently alter its cookie practices in automatic response to DNT headers. Users who wish to restrict cookie placement should use the CMP preference centre or their browser’s cookie controls described in Section 7. Users remain in control of cookie preferences through the Consent Management Platform regardless of browser settings.

6. Third-Party Cookies

Where third-party service providers place cookies through the Website, those providers act as independent data controllers in respect of data collected through their own cookies. The Company ensures that Data Processing Agreements or Standard Contractual Clauses are in place for any third-party processors. Users are encouraged to review the privacy policies of third-party providers for information on their own data practices.

7. Managing Cookies

7.1 CMP Preference Centre

Cookie preferences may be updated at any time via the “Cookie Settings” link in the Website footer at https://endngo.com/cookie-settings.

7.2 Browser Controls

Users may also control cookies through their browser settings. Disabling strictly necessary cookies will impair core Website functionality including checkout and account login. Guidance for major browsers:

Google Chrome: Settings → Privacy and Security → Cookies and other site data
Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
Apple Safari: Preferences → Privacy → Manage Website Data
Microsoft Edge: Settings → Cookies and site permissions

Further guidance is available from the Estonian Data Protection Inspectorate: https://www.aki.ee.

7.3 Analytics Provider Opt-Out

Where third-party analytics tools are in use, Users may opt out through the provider’s own mechanisms. Links to applicable opt-out tools are provided within the CMP.

8. Amendments

This Policy is updated when required by changes in applicable law, EDPB guidance, or the technologies deployed on the Website. Where changes materially affect the basis on which consent is collected, the CMP is updated and Users are presented with fresh consent prompts.

9. Contact Us

Data Controller: MARKOEU OÜ

Data Protection Contact: [email protected]

Supervisory Authority: Andmekaitse Inspektsioon, [email protected], https://www.aki.ee

Effective Date: 06 April 2026