Webpages of Airports of Montenegro (APM) which basic website is https://montenegroairports.com/, use cookies. A cookie is a small simple file that is sent along with pages of this website and stored at visitor’s browser on the hard drive of visitor’s computer or another device.   They are processed and stored by visitor’s web browser.  Cookies can also generally be easily viewed and deleted. In and of themselves, cookies are harmless and serve crucial functions for websites. However, cookies can store a wealth of data, enough to potentially identify visitor without visitor’s consent. Given the amount of data that cookies can contain, they can be considered personal data in certain circumstances and, therefore, subject to the GDPR. Visitor can disable cookies via visitor’s browser settings, but please note that disabling cookies may affect the functionality of website of APM.

I TYPES OF COOKIES

In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.

• DURATION
• Session cookies – These cookies are temporary and expire once visitor closes browser (or once visitor’s session ends).
• Persistent cookies — This category encompasses all cookies that remain on visitor’s hard drive until visitor erases them or visitor’s browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. According to the ePrivacy Directive, they should not last longer than 12 months, but in practice, they could remain on visitor’s device much longer. For all cookies used on APM’s website we have enlisted duration and function

• PROVENANCE
• First-party cookies — As the name implies, first-party cookies are put on visitor’s device directly by website of APM.
• Third-party cookies — These are the cookies that are placed on visitor’s device, not by APM’s website, but by a third party like an analytic system.

• PURPOSE
• Strictly necessary cookies — These cookies are essential for visitor to browse APM’s website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold visitor’s items in visitor’s cart while visitor is shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
• Functional cookies — These cookies allow APM’s website to remember choices visitor has made in the past, like what language visitor prefers, what region visitor would like weather reports for, or what visitor’s user name and password is for the sake of easier authorisation and access to information and for skippinng of repetition of steps.
• Preferences – The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
• Statistics cookies — Also known as “performance cookies,” these cookies collect information about how visitor uses a web location, like which pages visitor searched and which links visitor clicked on. None of this information can be used to identify visitor. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
• Marketing cookies — These cookies track visitor’s online activity to help advertisers deliver more relevant advertising or to limit how many times visitor sees an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.

These are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can contain significant amounts of information about visitor’s online activity, preferences, and location. The chain of responsibility (who can access a cookies’ data) for a third-party cookie can get complicated as well, only heightening their potential for abuse. Perhaps because of this, the use of third-party cookies has been in decline since the passage of the GDPR.

.

II Cookies and the GDPR

• The General Data Protection Regulation is the most comprehensive data protection legislation that has been passed by any governing body to this point. However, throughout its’ 88 pages, it only mentions cookies directly once, in Recital 30.
• Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
• What these two lines are stating is that cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.

III Cookies and ePrivacy Directive

Passed in the 2002 and amended in 2009, the ePrivacy Directive (EPD) has become known as the “cookie law” since its most notable effect was the proliferation of cookie consent pop-ups after it was passed. It supplements (and in some cases, overrides) the GDPR, addressing crucial aspects about the confidentiality of electronic communications and the tracking of Internet users more broadly.

IV Cookie compliance

The cookies placed on visitor’s website are compliant with the regulations governing cookies under the GDPR and the ePrivacy Directive, meaning we duly observe the following requirements:

• When visitor’s searchs APM’s website for the first time, he/she shall be required to provide his/her consent before using any cookies except strictly necessary cookies. As soon as visitor clicks on “Save preferences”, visitor consent to APM using the categories of cookies and plug-ins visitor selected in the pop-up, as described in this Cookie Policy.
• Accurate and specific information about the data each cookie tracks and its purpose are provided  in plain language before consent is received.
• Users are allowed to access APM’s service even if they refuse to allow the use of certain cookies.
• We have ensured that it is as easy for the users to withdraw their consent as it was for them to give their consent in the first place.  Please note that APM’s website may not work properly if all cookies are disabled. If visitor does delete the cookies in visitor’s browser, they will be placed again after visitor’s consent when visitor searchs APM’s websites again.

V ePrivacy Regulation

• The EPD’s eventual replacement, the ePrivacy Regulation (EPR), will build upon the EPD and expand its definitions. (In the EU, a directive must be incorporated into national law by EU countries while a regulationbecomes legally binding throughout the EU the date it comes into effect.)
• The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing users about the cookies site are being used on website and, when necessary, receiving their consent will keep APM’s users happy and keep visitors GDPR-compliant.

IV Applied cookies