Cookie Policy

Last updated: 05.04.2026 · Version 2.0

Cookie Policy

Version: 2.0
Effective Date: 5 April 2026
Last Updated: 5 April 2026

This Cookie Policy explains which cookies and similar technologies SmartKartica uses, for what purposes they are applied, what options you have to manage them, and how such technologies relate to security, localization, site functioning, account operations, and individual service features.

In this Policy, "cookies" refer not only to traditional HTTP cookies but also to similar technologies for storing and reading information on the user's device or browser, including server-side session identifiers, local storage, security tokens, and other technical mechanisms, if used for similar purposes. To the extent that such technologies involve personal data, their use is also governed by the SmartKartica Privacy Policy.

1. Who Uses Cookies

The operator of the SmartKartica website and services using cookies and similar technologies is VMTech d.o.o. Beograd, Matični broj 22069152, PIB 114779614, address: Topalovićeva 4, Zvezdara, 11050 Belgrade, Serbia, e-mail: support@smartkartica.rs.

2. Why Cookies and Similar Technologies Are Needed

  • to recognize the user's session and maintain proper account login functionality;
  • to preserve technical settings such as interface language and other user preferences;
  • to provide protection against CSRF, abuse, automated requests, and other security threats;
  • to support the proper functioning of public forms, account dashboards, legal pages, onboarding flows, and other interfaces;
  • to ensure compatibility of certain features with external providers and widgets, if such features are activated;
  • to minimize the number of repeated user actions where technically justified.

3. Categories of Cookies and Similar Technologies We Use

3.1. Strictly Necessary Cookies and Session Identifiers. These mechanisms are needed for the basic operation of the website and service. Without them, account login, server-side session maintenance, request protection, correct navigation through the service, and functioning of key forms are impossible or greatly impaired.

In the current architecture of SmartKartica, these mechanisms, in particular, include:

  • session cookie used to maintain the server-side session of the user, such as a cookie like sk_session_v2 or its current version;
  • security / CSRF-related mechanisms that use tokens and associated technical parameters to protect forms and requests against forgery and unauthorized execution;
  • cookies and server mechanisms related to security, anti-abuse, limit controls, authorization, password recovery, protection of public onboarding flows, and other critical technical tasks.

3.2. Functional Cookies and User Preference Cookies. These technologies allow the remembering of user-selected settings that are not strictly necessary for data transmission over the network but make the use of the site more convenient and predictable.

In the current implementation, these tools, in particular, include:

  • locale cookie sk_locale, used to save the selected language of the website interface;
  • local storage key sk-locale, which can be used by the frontend to save the selected locale;
  • local storage key sk-theme, used to save the selected interface theme if the user interface of the site supports it.

3.3. Protective and Anti-Bot Technologies from Third-Party Providers. On certain pages, especially in public onboarding flows, verification forms or other protected scenarios, SmartKartica may use third-party anti-bot solutions, such as Cloudflare Turnstile. These services may use their own technical identifiers, cookies, local storage, device signals, or other mechanisms if necessary to distinguish human from automated traffic, prevent spam, abuse, and attacks on the infrastructure.

3.4. Local Storage and Other Similar Mechanisms. Not all information stored by the browser is a cookie in the strict sense. SmartKartica may also use local storage, session storage, and other built-in browser storage mechanisms to save local interface settings and similar technical parameters.

4. Cookies We Do Not Declare as Used by Default

As of the last update date of this Policy, the main architecture of SmartKartica primarily relies on the strictly necessary and functional cookies listed above. We do not declare in this document the use of advertising, behavioral, profiling, or retargeting cookies by default unless such functionality is separately implemented, documented, and, where required by law, subjected to a separate consent mechanism.

5. Purposes of Using Cookies

  • user authentication and maintaining an active session;
  • protection of forms, API requests, and other actions from CSRF and abuse;
  • maintaining site localization and saving language preferences;
  • preserving user UI settings, including interface theme;
  • anti-bot and anti-fraud checks;
  • ensuring the proper functioning of public onboarding flows, login, password reset, legal pages, account dashboards, and other web features;
  • diagnosis and ensuring security to the maximum necessary technical extent.

6. Legal Basis for Using Cookies

Strictly necessary cookies and session identifiers are used for the execution of the contract, ensuring the operation of the website and service, complying with security obligations, and realizing our legitimate interest in protecting infrastructure and users. Functional preference cookies and local storage settings are used for user convenience and a sustainable UX; in relevant jurisdictions, their application may be based on legitimate interest or consent, if required by law.

7. Cookies Retention Period

  • session cookies usually exist only during the active browser session or until the server-side session expires;
  • preference cookies, such as the locale cookie sk_locale, may be saved longer so that the interface language does not have to be re-selected;
  • local storage records, such as sk-locale and sk-theme, may be saved until the user deletes them or the application updates the corresponding record.

8. How to Manage Cookies

You can manage cookies and similar technologies through browser settings, clearing local storage/site data, private mode, and, if available, a consent banner or Cookie Settings. Blocking strictly necessary cookies may make it impossible to log into an account, use protected forms, save the selected language, and ensure the correct functioning of several SmartKartica features.

9. Third-Party Technologies and External Sites

Links, transitions, or technical flows leading to third-party resources, including Apple, Google, payment pages, anti-bot pages, and other external services, may be present on the website and service. After transitioning to a third-party resource, the use of cookies, local storage, and other technologies is governed by the policy of the respective resource, not by this SmartKartica Policy.

10. International Aspect and Personal Data

If cookies or similar technologies result in personal data processing, such data may be processed in Serbia and other jurisdictions where our providers and technical partners are located. In this case, the provisions of the SmartKartica Privacy Policy on international transfers and data protection guarantees also apply.

11. Amendments to This Cookie Policy

We reserve the right to periodically update this Policy if changing the site architecture, the composition of technologies used, legal requirements, anti-bot tools, framework-level cookie behavior, or other technical and legal conditions. The new version will take effect on the date specified in the document unless otherwise explicitly stated.

12. Contact Information

If you have questions regarding the use of cookies and similar technologies by SmartKartica, please send a request to support@smartkartica.rs.

© 2025–2026 VMTech DOO Beograd. All rights reserved.