COOKIE POLICY
Effective Date: May 25, 2026
Current Version: https://dpfoffservice.com/legal/cookies
Applicable to: Authorized users, business clients, and technical contacts interacting with https://dpoffservice.com
1. INTRODUCTION
This Cookie Policy explains how TENCAR sp. z o.o. ("Controller", "TENCAR", "we", "us") uses cookies and similar client-side storage technologies on https://dpoffservice.com (the "Service"). This Policy is an integral part of the Privacy Policy and Terms & Conditions for Business Services. By accessing or using the Service, you acknowledge that you have read and accepted the terms herein.
TENCAR's platform is engineered for B2B commercial operations. Accordingly, our use of cookies is strictly limited to technical, authentication, and security functions required to deliver the Service safely and reliably.
2. TYPES OF COOKIES WE USE
We employ only strictly necessary cookies required for core Service functionality and security. No analytical, marketing, retargeting, or profiling cookies are used.
| Cookie Type | Purpose | Technical Implementation |
|---|---|---|
| ASP.NET Authentication & Authorization Tokens | Maintains secure user session state, verifies commercial account identity, and enforces role-based access control for B2B users. | Standard ASP.NET Core authentication cookies (e.g., .AspNetCore.Cookies, .AspNetCore.Identity.Application). Contains encrypted ticket data; no readable personal data. |
| CSRF Protection Tokens | Prevents Cross-Site Request Forgery attacks by validating that form submissions and API calls originate from the legitimate Service session. | Standard ASP.NET Core anti-forgery cookies (e.g., .AspNetCore.Antiforgery.*). Paired with request headers for dual-validation. |
| Session State Cookies | Temporarily preserves application state during active processing workflows (e.g., file upload progress, payment gateway handshakes, API session continuity). | Ephemeral session cookies destroyed on browser close or idle timeout. |
Note: All tokens are cryptographically signed, server-bound where applicable, and transmitted exclusively over TLS 1.2+. No personal identifiers, file contents, or business data are embedded in cookie payloads.
3. PURPOSE & LAWFUL BASIS
3.1. Purpose
Cookies are used exclusively to:
Authenticate B2B accounts and enforce commercial access controls
Protect HTTP statefulness against CSRF attacks
Maintain temporary application state during file processing and payment workflows
Ensure infrastructure security and prevent unauthorized session hijacking
3.2. Lawful Basis
GDPR Art. 6(1)(f): Legitimate interest in maintaining secure, functional, and reliable B2B services.
GDPR Art. 6(1)(b): Contract performance – cookies are essential to deliver the requested digital processing service.
ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) Art. 5(3): Exemption applies. These cookies are strictly necessary for the explicit request of the service (secure B2B access and transaction integrity) and do not require prior consent.
4. COOKIE DURATION & TECHNICAL BEHAVIOR
Duration: Session-bound or tied to authentication ticket expiration (typically 30–60 minutes of inactivity, or until manual logout). Server-side sessions are invalidated on payment completion, account deactivation, or timeout.
Scope: Cookies are HttpOnly, Secure, SameSite=Strict/Lax, and domain-restricted to dpoffservice.com and subdomains.
Storage: No client-side personal data is persisted in cookies. All tokens are stateless or cryptographically bound to server-side sessions.
Automatic Cleanup: Expired or revoked tokens are purged server-side. Browser-side cookies are cleared on logout or session termination.
5. USER CONTROL & CONFIGURATION
You may configure your browser to block, delete, or alert you to cookies via native browser settings.
Important: Blocking, disabling, or deleting these cookies will immediately disable authentication, break CSRF validation, interrupt file processing, and prevent access to the Service. Core B2B functionality cannot operate without them.
TENCAR does not provide an internal cookie management panel. Cookie configuration is exclusively managed through your browser's settings or installed security extensions.
Third-party browser extensions or security tools that modify cookie behavior may impact Service reliability. TENCAR is not liable for workflow interruptions caused by client-side cookie restrictions.
6. THIRD-PARTY COOKIES & EXTERNAL REFERENCES
No third-party cookies are deployed. We do not integrate analytics, advertising, social media, or external tracking scripts.
Links to external websites or payment gateways may set their own cookies governed by the respective provider's policy. TENCAR does not control or endorse these external practices. Users are advised to consult third-party privacy policies directly.
7. UPDATES TO THIS POLICY
TENCAR may update this Cookie Policy to reflect technical, security, or regulatory changes. Revised versions will be published at https://dpfoffservice.com/legal/cookies with a new effective date. Continued use of the Service constitutes acceptance. Material changes will be communicated via account dashboard or registered email.
8. CONTACT & COMPLIANCE
Data Protection & Cookie Queries:
privacy@dpoffservice.com
TENCAR sp. z o.o. | ul. Straganińska 20-22/35 | 80-837 Gdańsk, Poland
Regulator: Urząd Ochrony Danych Osobowych (UODO), Warsaw, Poland
Legal References:
This Cookie Policy is cross-referenced in Section 11 of the Privacy Policy and Section 8 of the Terms & Conditions.
In case of inconsistency, the Privacy Policy and Terms & Conditions govern.
Document Version: 1.1
Last Updated: May 25, 2026
Compliance Framework: GDPR (2016/679), ePrivacy Directive, ASP.NET Core Security Standards, NIST SP 800-53 / ISO 27001 cookie management principles