The Legal Minimum: Cookies, Privacy, and Basic Terms

Whether you run a small business, an online store, or just a web presentation, the law requires you to meet certain obligations. These are basic documents that protect both you and your users: the privacy policy, cookie policy, and terms of use. Lacking them can lead to fines or loss of user trust.

📜 1. Privacy Policy — This document explains how you collect, use, and store users’ personal data. Even if you only have a contact form, you’re already collecting data (name, email, phone number). The law requires you to clearly state:
- what data you collect,
- why you collect it,
- how long you keep it,
- who (if anyone) you share it with.

For businesses in Bosnia and Herzegovina, Croatia, Serbia, and Montenegro, compliance with the EU’s GDPR regulation is the foundation, as it also influences regional laws. The privacy policy doesn’t need to be complicated — what matters is that it’s understandable and includes a contact person for data protection inquiries.

🍪 2. Cookie Policy — Cookies are small files that a website uses to remember a user. If you use Google Analytics, Facebook Pixel, or any tracking tools, you’re required to inform users and allow them to accept or reject cookies. A standard banner with “Accept” / “Reject” options is sufficient — but it must actually work, not just look decorative.

In your cookie policy, list the types of cookies you use (e.g., analytical, functional, marketing), the purpose of each type, and links to third-party tools if applicable (e.g., Google, Meta, YouTube). Users must also be able to change their cookie preferences later.

⚖️ 3. Terms of Use — This is the basic agreement between you and the site visitor. It should define:
- ownership of content (text, images, brand),
- permitted site usage,
- limitation of liability,
- how to contact the company.
For e-commerce sites, include sections about returns, complaints, and warranties.

These documents not only fulfill legal obligations — they build trust. When users see transparency about privacy and security, they feel more confident sharing their data or making purchases.

💡 Practical Tip: don’t copy documents from other websites. Every site has its own tools and data processing methods. Using generic templates can unintentionally mislead users (for example, claiming you don’t use cookies when you actually use Google Analytics).

For small businesses, the ideal solution is to have a single page with three sections:
1. *Privacy Policy* — explains data collection and usage.
2. *Cookie Policy* — lists types of cookies and management options.
3. *Terms of Use* — defines rules and responsibilities.
Link all three in your site’s footer so they’re easily accessible from any page.

🧩 KOD Approach: in every project, we automatically implement a basic legal package — a cookie banner, a page with privacy and terms of use policies, and optionally a GDPR checkbox in contact forms. This ensures the website meets minimal legal standards and looks professional.

Conclusion: Legal compliance isn’t just a formality — it’s part of a professional image. When your website communicates openly about privacy and security, users see you as a serious and trustworthy partner.