Privacy & Cookie Policy
TATTOO LIFE STORE – WWW.TATTOOLIFESTORE.COM
Last updated: May 2026
This document consists of two parts: a Privacy Policy and a Cookie Policy. The Privacy Policy explains how personal data is collected, used, and protected when you visit or interact with the website www.tattoolifestore.com (the “Website”). The Cookie Policy explains how cookies and similar technologies are used on the Website.
Both parts are provided in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”). The Website is the official online store of Tattoo Life, owned and managed by Mediafriends S.r.l., and is dedicated to the sale of books, magazines, and yearbooks on the art of tattooing.
The Data Controller is committed to protecting your personal data and ensuring that it is processed in a lawful, fair, and transparent manner.
PART I — PRIVACY POLICY
1. Data Controller
The Data Controller responsible for this Website is:
Mediafriends S.r.l
C.so Lodi 18
20135 Milano (MI) – Italy
VAT / C.F.: IT12877390158
R.E.A.: 1594429 – C.C.I.A.A. MI-199024/1999
Operative Office: V.le Papiniano 49, 20123 Milano – Italy
Phone: +39028322431
Email: info@tattoolifestore.com
2. Types of Data Processed
2.1 Browsing Data
The IT systems and software procedures used to operate the Website automatically collect certain personal data as part of their normal functioning. This includes, for example, IP addresses, browser type, operating system, referring URL, and date and time of access. These data are used to ensure the proper functioning and security of the Website and to obtain aggregated statistical information. They are retained only for a limited period unless required for the investigation of unlawful activities.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in ensuring the security and proper functioning of the Website.
2.2 Data Provided for Purchase and Order Management
When placing an order, users must provide personal data necessary to complete the transaction and arrange delivery. Such data may include: first name, last name, email address, phone number, billing address, shipping address, and country of residence. Guest checkout is available — registration is not required to purchase.
Where the user identifies as a business customer, additional data may be collected for invoicing purposes, including: company name, VAT/tax identification number, and — for Italian business customers — PEC (certified email address) or SDI recipient code for electronic invoicing, and fiscal code (optional).
Legal basis: Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(c) GDPR – legal obligation for electronic invoicing requirements under Italian law (D.Lgs. 127/2015).
2.3 Account Data (Optional)
Users may optionally create a personal account (“My Account”) to manage orders, track shipments, and save a wishlist. Account creation requires: first name, last name, email address, and password. Account data is retained for as long as the account remains active or until the user requests deletion.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(a) GDPR – consent for optional features such as the wishlist.
2.4 Data Voluntarily Provided by the User
Users may also provide personal data voluntarily when subscribing to the newsletter, submitting a contact request, or sending direct communications to the Data Controller. Such data may include: first name, last name, email address, and any other information the user includes in the message field.
Legal basis: Art. 6(1)(a) GDPR – consent; Art. 6(1)(b) GDPR – pre-contractual or contractual measures.
3. Purpose and Legal Basis of Processing
3.1 Order Processing and Contract Fulfilment
To process and fulfil orders placed on the Website, including payment processing, shipment preparation, delivery tracking, and management of returns and refunds. The provision of personal data for this purpose is mandatory — without it, the order cannot be processed.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
3.2 Payment Processing
Payments are processed exclusively through PayPal (PayPal Europe S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). When selecting PayPal as the payment method or paying by credit card via PayPal’s infrastructure, the user is redirected to PayPal’s secure platform, where the transaction is completed. Mediafriends S.r.l. does not store or have access to payment card details. PayPal acts as an independent data controller for payment processing purposes, in accordance with its own Privacy Policy (www.paypal.com/privacy).
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
3.3 Shipping and Delivery
To arrange and track the delivery of physical products, personal data (name, shipping address, phone number, email address) is shared with third-party courier and logistics providers acting as data processors pursuant to Art. 28 GDPR. The couriers used by the Website include:
– FedEx (FedEx Europe Inc.) — for international shipments;
– UPS (United Parcel Service Inc.) — for international and domestic shipments;
– TNT (TNT Express / FedEx group) — for domestic shipments within Italy only.
The specific courier used may vary depending on the destination country and the shipping option selected at checkout. The Website ships internationally to destinations worldwide.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
3.4 Invoicing and Compliance with Legal Obligations
To issue invoices and fulfil fiscal and accounting obligations imposed by applicable Italian and EU laws and regulations. For Italian business customers, this includes the issuance of electronic invoices via the Sistema di Interscambio (SDI) in accordance with D.Lgs. 127/2015. Billing data are retained for the period required by law, generally 10 years under Italian law (D.P.R. 633/1972 and D.P.R. 600/1973).
Legal basis: Art. 6(1)(c) GDPR – legal obligation.
3.5 Customer Account Management
To manage optional user accounts, including order history, saved addresses, and wishlist functionality. Account data is processed only for users who have chosen to register.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(a) GDPR – consent for optional features.
3.6 Transactional and Order-Related Communications
To send order confirmations, shipping notifications, and other transactional communications strictly related to purchases made on the Website. These communications are not marketing and do not require separate consent.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
3.7 Newsletter and Marketing Communications
To send email newsletters and promotional communications relating to the Tattoo Life editorial world managed by Mediafriends S.r.l., including new products, special offers, and editorial content available through our platforms www.tattoolifestore.com, www.tattoolife.com, and www.tattooebooks.com. Such communications are sent only with the user’s explicit consent, collected through a specific optional checkbox in the newsletter subscription form. Users may unsubscribe at any time via the unsubscribe link included in every communication or by sending a written request to info@tattoolifestore.com.
Legal basis: Art. 6(1)(a) GDPR – consent.
3.8 Optional Marketing via Contact Form
Users who submit a contact request may optionally provide separate and specific consent, through a dedicated checkbox, to receive email communications relating to the Tattoo Life editorial world managed by Mediafriends S.r.l., including new products, special offers, and editorial content available through our platforms www.tattoolifestore.com, www.tattoolife.com, and www.tattooebooks.com. This consent is independent and optional, and is not required in order to submit or process the contact request.
Legal basis: Art. 6(1)(a) GDPR – consent.
3.9 Handling Contact and Support Requests
To respond to inquiries, complaints, and support requests submitted via email or any contact channel available on the Website. The provision of personal data for this purpose is optional but necessary to process and respond to the user’s request.
Legal basis: Art. 6(1)(b) GDPR – pre-contractual or contractual measures; Art. 6(1)(f) GDPR – legitimate interest in responding to user enquiries.
3.10 Marketing and Advertising via Meta Pixel
The Website uses the Meta Pixel (Facebook Pixel), a tracking technology provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Meta Pixel collects data on users’ browsing behaviour on the Website — including pages visited — and transmits this data to Meta for the purpose of measuring the effectiveness of advertising campaigns. This processing is activated only after the user has granted explicit consent via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Privacy policy: www.facebook.com/privacy/policy/
3.11 Protection of Legal Rights
Where necessary, personal data may be processed to establish, exercise, or defend legal claims.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest.
4. Third-Party Services
The following third-party services are active on the Website. For information on cookies set by these services, please refer to Part II — Cookie Policy.
4.1 Google Analytics 4
The Website uses Google Analytics 4 (“GA4”), a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). GA4 collects browsing data — such as pages visited, session duration, device type, and approximate geolocation — and generates aggregated statistical reports on Website usage. IP addresses are anonymised before any data is stored. GA4 is activated only after the user grants consent via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Opt-out: Withdraw consent via the cookie preferences panel at any time, or install the Google Analytics opt-out browser add-on (tools.google.com/dlpage/gaoptout).
Privacy policy: policies.google.com/privacy
4.2 Google Fonts
The Website uses Google Fonts (Poppins) for typography. Font files are loaded by your browser directly from Google’s servers (fonts.googleapis.com / fonts.gstatic.com). This means that your IP address is transmitted to Google LLC when you visit the Website, as part of the font loading process. This processing is carried out by Google LLC as an independent data controller.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in providing consistent typographic rendering across devices.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Privacy policy: policies.google.com/privacy
4.3 Google reCAPTCHA
Certain forms on the Website are protected by Google reCAPTCHA, a bot-detection and anti-abuse service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). reCAPTCHA analyses user behaviour on the Website to distinguish between human users and automated bots, using cookies and other tracking technologies. The data collected by reCAPTCHA — which may include IP address, browser type, mouse movements, keystroke patterns, and interaction timing — is transmitted to and processed by Google LLC as an independent data controller. In addition to cookies, reCAPTCHA may also write identifiers to the browser’s local storage (such as _grecaptcha) independently of cookie consent. Data may be transferred to the United States under the EU–US Data Privacy Framework and/or Standard Contractual Clauses.
The use of reCAPTCHA is necessary to protect the integrity of the Website’s forms and to prevent spam submissions and automated abuse. Users who prefer not to interact with reCAPTCHA may contact the Data Controller directly at info@tattoolifestore.com as an alternative means of communication.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest. No consent required.
Privacy policy: policies.google.com/privacy
Terms of Service: policies.google.com/terms
4.4 PayPal
Payments on this Website are processed through PayPal, a payment service provided by PayPal Europe S.à r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg). When the user selects PayPal as the payment method or pays by credit card via PayPal’s infrastructure, they are redirected to PayPal’s secure environment to complete the transaction. Mediafriends S.r.l. does not receive, store, or process payment card data. PayPal acts as an independent data controller for all payment-related processing.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract.
Privacy policy: www.paypal.com/privacy
4.5 WooCommerce
The Website’s e-commerce functionality is powered by WooCommerce, an open-source plugin developed by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). WooCommerce manages product listings, shopping cart, checkout, order management, and order attribution tracking (via SourceBuster.js). Data processed through WooCommerce is stored on servers located in Italy managed by the Data Controller’s hosting provider.
The WooCommerce Order Attribution feature uses SourceBuster.js to track the traffic source of each order (e.g. direct, organic search, referral). The cookies set by this feature (sbjs_*) are loaded as part of WooCommerce’s core infrastructure and are set on page load independently of cookie consent, as they are technically integrated into the e-commerce platform and cannot be selectively blocked without disabling the order attribution functionality entirely. The data collected is pseudonymised and used exclusively for internal order attribution purposes. No data is shared with third parties for advertising or profiling purposes.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(f) GDPR – legitimate interest in tracking order attribution for internal analytics purposes.
Privacy policy: automattic.com/privacy/
4.6 MailUp
The Website uses MailUp, an email and SMS marketing platform provided by MailUp S.p.A. (Via Famagosta 75, 20142 Milan, Italy). MailUp is an Italian company; all data is processed within the European Union.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Within the EU — no adequacy decision or Standard Contractual Clauses required.
Opt-out: Unsubscribe link in every communication, or written request to info@tattoolifestore.com.
Privacy policy: www.mailup.com/privacy-policy/
4.7 YouTube
Some pages of the Website embed or link to videos hosted on YouTube, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). YouTube is used in three different configurations on this Website:
Background videos (homepage and other pages): Certain pages use decorative or ambient videos loaded via privacy-enhanced mode (youtube-nocookie.com). Although this configuration is designed to minimise data collection, YouTube may still set certain cookies (such as __Secure-ROLLOUT_TOKEN, __Secure-YNID, __Secure-YEC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, YSC) and write identifiers to the browser’s local storage (such as yt-remote-device-id, yt-icons-last-purged, yt-player-bandwidth, ytidb::LAST_RESULT_ENTRY_KEY) on page load, regardless of user consent. These are set directly by YouTube’s infrastructure and are outside the control of this Website. This processing is carried out by Google LLC as an independent data controller.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in providing visual content. Users who prefer not to be subject to this processing may use browser settings or extensions to block third-party iframes from youtube-nocookie.com.
Embedded video players (product pages): Interactive video players are embedded within product pages via privacy-enhanced mode (youtube-nocookie.com). Although no HTTP cookies from YouTube are set on page load, YouTube may write identifiers to the browser’s local storage (such as yt-icons-last-purged, ytidb::LAST_RESULT_ENTRY_KEY) independently of user consent and outside the control of this Website. This processing is carried out by Google LLC as an independent data controller.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in providing product previews.
External video links (product pages): Some product pages include links that open YouTube videos directly on youtube.com in a popup or new tab. These are implemented as standard hyperlinks and do not establish any connection to YouTube’s servers on page load. A connection is made only when the user actively clicks the link, at which point the user is interacting directly with YouTube as an independent data controller and YouTube’s own privacy policy applies.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in enabling access to video content.
Data transfer (all configurations): Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Privacy policy: policies.google.com/privacy
4.8 Meta Pixel (Facebook)
The Website uses the Meta Pixel, a tracking technology provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Meta Pixel tracks pageviews and user behaviour on the Website and transmits this data to Meta for advertising measurement purposes. The Meta Pixel is activated only after the user has granted explicit consent to Third-Party Content cookies via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Opt-out: Withdraw consent via the cookie preferences panel at any time, or manage your ad preferences at www.facebook.com/ads/preferences.
Privacy policy: www.facebook.com/privacy/policy/
4.9 Social Sharing Buttons
Some product pages of the Website include social sharing buttons for Facebook and X (formerly Twitter). These buttons are implemented as standard hyperlinks and do not establish any automatic connection to third-party servers on page load. A connection is made only when the user actively clicks a sharing button, at which point the respective platform may collect the user’s IP address and other data in accordance with its own privacy policy. The Data Controller is not responsible for such independent data processing.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in enabling content sharing.
Privacy policy: Facebook: www.facebook.com/privacy/policy/ — X: x.com/privacy
4.10 Complianz
Cookie consent on this Website is managed through Complianz, a cookie consent management platform provided by Complianz B.V. (Kalmarweg 14-5, 9723 JG Groningen, Netherlands). Complianz displays the cookie banner, records user consent choices by category, and ensures that only authorised scripts and third-party services are activated based on the user’s preferences. No personally identifiable data collected through the consent process is shared with third parties.
Legal basis: Art. 6(1)(c) GDPR – legal obligation; Art. 6(1)(f) GDPR – legitimate interest in maintaining records of consent.
Privacy policy: complianz.io/privacy-statement
5. Consumer Rights — Right of Withdrawal
In accordance with the Italian Consumer Code (D.Lgs. 206/2005, as amended) and EU Directive 2011/83/EU on consumer rights, users who qualify as consumers have the right to withdraw from any purchase made on this Website within 14 days of receiving the product, without providing any reason. To exercise the right of withdrawal, the user must notify the Data Controller at info@tattoolifestore.com before the deadline expires. The product must be returned in its original condition. Refunds will be issued within 14 days of receipt of the returned product, using the same payment method used for the original purchase. Please note that the right of withdrawal does not apply to digital products that have been downloaded or accessed after delivery.
6. Data Retention
Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected and in accordance with applicable legal obligations:
– Order and transaction data: retained for 10 years from the date of the transaction, in compliance with Italian fiscal and accounting law.
– Shipping and delivery data: retained for up to 12 months from the date of delivery, unless required for the resolution of disputes or legal claims.
– Account data: retained for as long as the account remains active. Users may request deletion of their account at any time by contacting info@tattoolifestore.com.
– Data related to contact and support requests: retained for up to 12 months from the date of the last interaction.
– Data processed for marketing purposes: retained until consent is withdrawn and, in any case, no longer than 24 months from the last interaction.
– Browsing data and server logs: retained for a maximum of 90 days, unless required for security investigations.
– Cookie consent records: retained for 12 months as evidence of the lawful basis for processing.
7. Methods of Processing and Security Measures
Personal data are processed using electronic and, where necessary, manual tools, in accordance with the principles of lawfulness, fairness, and transparency. Appropriate technical and organisational measures are adopted to ensure a level of security appropriate to the risk, including protection against unauthorised access, loss, or unlawful processing. The Website uses SSL/TLS encryption for all data transmissions. Hosting infrastructure is located in Italy.
However, it is not possible to guarantee that such measures completely eliminate any risk of unauthorized access or data disclosure.
To report malfunctions, security concerns, or abuse, please contact: info@tattoolifestore.com.
8. Data Recipients
Personal data may be processed by authorised personnel of the Data Controller and, where necessary, shared with third parties, including:
– IT service providers and hosting providers (servers located in Italy);
– payment service providers (PayPal, acting as an independent data controller);
– courier and logistics providers for order fulfilment and international shipping (FedEx, UPS, TNT);
– email service providers and marketing platforms;
– analytics and tracking service providers (Google LLC);
– advertising and marketing platforms (Meta Platforms Ireland Limited);
– security service providers (including Google reCAPTCHA);
– typography service providers (Google LLC / Google Fonts);
– video hosting platforms (Google LLC / YouTube, acting as an independent data controller);
– legal, fiscal, and administrative consultants;
– public authorities, where required by law.
Such parties act as data processors pursuant to Art. 28 GDPR or as independent controllers, depending on the circumstances and the nature of the processing.
9. Transfers of Data Outside the European Economic Area (EEA)
Personal data may be transferred to countries outside the European Economic Area (EEA), in particular in connection with the use of services provided by companies such as Google LLC, Meta Platforms Inc., and PayPal Europe S.à r.l., and in connection with international shipping to destinations outside the EEA, which may require the communication of personal data (name, address) to courier services (FedEx, UPS) and customs authorities in the destination country.
In such cases, the Data Controller ensures that such transfers are carried out in compliance with the GDPR (Chapter V), in particular through:
– adequacy decisions issued by the European Commission (e.g. the EU–US Data Privacy Framework for certified US companies, adequacy decision of 10 July 2023);
– Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914/EU);
– where applicable, the necessity of the transfer for the performance of a contract between the data subject and the Data Controller (Art. 49(1)(b) GDPR), in the case of international shipping.
You may request further information about the specific safeguards applicable to any transfer by contacting us at info@tattoolifestore.com.
10. Rights of the Data Subject
In accordance with Articles 15–22 of the GDPR, users have the right at any time to:
– access their personal data and obtain a copy, including information on purposes, categories of recipients, retention periods, and applicable safeguards (Art. 15 GDPR);
– request rectification of inaccurate or incomplete personal data (Art. 16 GDPR);
– request erasure of their data (‘right to be forgotten’) where processing lacks a lawful basis or the purpose has ceased (Art. 17 GDPR);
– request restriction of processing in specific circumstances, e.g. while accuracy is contested (Art. 18 GDPR);
– object to processing based on legitimate interest, including for direct marketing purposes (Art. 21 GDPR);
– withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7(3) GDPR);
– receive their data in a structured, commonly used and machine-readable format, and transmit it to another controller (data portability — Art. 20 GDPR, applies to data processed by consent or contract);
– lodge a complaint with a competent supervisory authority.
Requests to exercise any of the above rights can be submitted to: info@tattoolifestore.com. We may ask the user to provide proof of identity to protect against unauthorised access. We will respond within one month of receipt of the request (extendable by two further months in complex cases — Art. 12(3) GDPR).
The competent supervisory authority in Italy is the Garante per la protezione dei dati personali (www.garanteprivacy.it). Users may also lodge a complaint with the supervisory authority of their habitual residence or place of work within the EU.
No automated individual decision-making processes, including profiling pursuant to Art. 22 GDPR, are carried out on this Website.
11. Third-Party Websites
The Website may contain links to external websites not managed or controlled by the Data Controller, including the Tattoo Life editorial website (www.tattoolife.com) and the Tattoo Life eBooks store (www.tattooebooks.com). When users click on such links, they leave the Website and are subject to the privacy policies of the respective websites. The Data Controller is not responsible for the content or privacy practices of such external websites.
12. Minors
This Website is not directed at individuals under the age of 18. Users must be at least 18 years of age to make purchases on this Website, in accordance with the requirements of Italian contract law regarding legal capacity (Art. 1425 Codice Civile). The Data Controller does not knowingly collect personal data from minors. If such data are inadvertently collected, they will be promptly deleted upon notification.
PART II — COOKIE POLICY
This Cookie Policy applies to the website www.tattoolifestore.com and explains how cookies and similar technologies are used. It applies only to this Website, not to any third-party websites that may be accessed via links. For detailed information on the processing of personal data, please refer to Part I — Privacy Policy above.
13. What Are Cookies?
A cookie is a small text file that is stored by your browser on your device when you visit a website. Cookies allow the website to recognise your device on subsequent visits and may store user preferences, session data, or tracking identifiers.
Scripts are pieces of code used to ensure that the Website functions correctly and interactively. This code may be executed on our servers or on your device.
Web beacons (also known as pixel tags) are small invisible elements — such as the Meta Pixel — used to monitor user behaviour on a website for advertising and analytics purposes.
Local storage is a browser-based storage mechanism, separate from cookies, which websites and embedded third-party services may use to store persistent identifiers on your device. Unlike cookies, local storage data is not automatically transmitted to servers with each request but may be read by scripts running on the page. Some third-party services used on this Website, including YouTube (via youtube-nocookie.com) and Google reCAPTCHA, may write identifiers to local storage independently of cookie consent and outside the control of this Website.
14. Categories of Cookies Used
14.1 Functional Cookies (Always Active)
These cookies are strictly necessary for the proper functioning of the Website and cannot be disabled. They enable essential features such as page navigation, shopping cart, checkout, access to secure areas, form protection against spam and abuse, and storage of your cookie consent choice. The Website cannot function properly without these cookies.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in ensuring the secure and proper functioning of the Website. No consent required.
14.2 Preference Cookies
These cookies allow the Website to remember choices you have made (such as language, region, or display preferences) to provide a more personalised experience. Disabling them will not prevent you from using the Website but may affect some display settings.
Legal basis: Art. 6(1)(a) GDPR – consent.
14.3 Statistics Cookies
These cookies help us understand how visitors use the Website and track the sources of traffic to attribute orders to the correct marketing source. They collect aggregated or pseudonymised information and do not directly identify individual users. Statistics cookies are activated only with your consent. You can disable them at any time without affecting the basic functionality of the Website.
Legal basis: Art. 6(1)(a) GDPR – consent.
14.4 Third-Party Content Cookies
This category enables tracking from third-party services, including advertising measurement tools (Meta Pixel / Facebook Pixel). Third-party providers may set cookies and process personal data for their own purposes, acting as independent data controllers. Some of these providers may transfer data outside the European Economic Area (EEA). For further information on applicable safeguards, please refer to Part I — Privacy Policy above.
Legal basis: Art. 6(1)(a) GDPR – consent.
14.5 Cookies and Local Storage Set Outside the Control of This Website
Some third-party services embedded on this Website may set cookies or write identifiers to your browser’s local storage on page load, regardless of your consent choices and outside the control of this Website. This includes:
– YouTube (Google LLC), via privacy-enhanced mode (youtube-nocookie.com): may set cookies and write local storage identifiers on all pages where video content is embedded, including background videos and embedded product page players. For full details see Section 18.
– Google reCAPTCHA (Google LLC): may set cookies and write the identifier _grecaptcha to local storage on pages where forms are present. For full details see Section 15.
– WooCommerce Order Attribution (SourceBuster.js): sets cookies (sbjs_*) on page load as part of WooCommerce’s core order attribution infrastructure. For full details see Section 4.5 of Part I.
This processing is carried out by the respective third parties as independent data controllers and cannot be prevented or controlled by this Website.
Legal basis (as applied by the respective third parties): Art. 6(1)(f) GDPR – legitimate interest, as declared in their respective privacy policies.
15. Security Service: Google reCAPTCHA
To protect the Website from spam and automated abuse, we use Google reCAPTCHA, a security service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). reCAPTCHA works invisibly in the background — it analyses user behaviour on the page to assign a risk score, without requiring any action from the user. It may be active on contact forms and checkout fields. In addition to setting cookies, reCAPTCHA may also write the identifier _grecaptcha to your browser’s local storage independently of cookie consent.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest. No consent required. For information on data transfers and applicable safeguards, please refer to Part I — Privacy Policy above.
This Website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
16. Statistics Service: Google Analytics 4
The Website uses Google Analytics 4 (“GA4”), a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). GA4 collects browsing data and generates aggregated statistical reports on Website usage. IP addresses are anonymised before any data is stored. GA4 is activated only after the user grants consent to Statistics cookies via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Opt-out: Withdraw consent via the cookie preferences panel at any time, or install the Google Analytics opt-out browser add-on (tools.google.com/dlpage/gaoptout).
Privacy policy: policies.google.com/privacy
17. Marketing Service: Meta Pixel
The Website uses the Meta Pixel (Facebook Pixel), provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Meta Pixel tracks pageviews and user behaviour and transmits this data to Meta for advertising measurement purposes. It is activated only after the user has granted explicit consent to Third-Party Content cookies via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR – consent.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses.
Opt-out: Withdraw consent via the cookie preferences panel at any time, or manage your ad preferences at www.facebook.com/ads/preferences.
Privacy policy: www.facebook.com/privacy/policy/
18. Embedded Videos and Video Links: YouTube
Some pages of the Website embed or link to videos hosted on YouTube, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). YouTube is used in three different configurations on this Website:
Background videos (homepage and other pages): Decorative or ambient videos are loaded via privacy-enhanced mode (youtube-nocookie.com). Although this mode is designed to minimise data collection, YouTube may still set certain cookies (such as __Secure-ROLLOUT_TOKEN, __Secure-YNID, __Secure-YEC, VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, YSC) and write identifiers to local storage (such as yt-remote-device-id, yt-icons-last-purged, yt-player-bandwidth, ytidb::LAST_RESULT_ENTRY_KEY) on page load, regardless of user consent. These are set directly by YouTube’s infrastructure and are outside the control of this Website.
Embedded video players (product pages): Interactive video players are embedded within product pages via privacy-enhanced mode (youtube-nocookie.com). Although no HTTP cookies from YouTube are set on page load, YouTube may write identifiers to the browser’s local storage (such as yt-icons-last-purged, ytidb::LAST_RESULT_ENTRY_KEY) independently of user consent and outside the control of this Website.
External video links (product pages): Some product pages include links that open YouTube videos directly on youtube.com in a popup or new tab. These links are implemented as standard hyperlinks and do not establish any connection to YouTube’s servers on page load. A connection is made only when the user actively clicks the link, at which point the user is interacting directly with YouTube as an independent data controller.
For all configurations, the processing of data by YouTube is carried out by Google LLC as an independent data controller, in accordance with its own privacy policy. The Data Controller has no ability to prevent or control the cookies and local storage identifiers set by YouTube via its embedded infrastructure. Users who wish to avoid this processing may use browser settings or extensions to block third-party iframes from youtube-nocookie.com.
Legal basis: Art. 6(1)(f) GDPR – legitimate interest in providing visual content and product previews.
Data transfer: Covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs — Decision 2021/914/EU).
Privacy policy: policies.google.com/privacy
19. Cookie Consent Management – Complianz
Cookie consent on this Website is managed through Complianz, a cookie consent management platform provided by Complianz B.V. (Kalmarweg 14-5, 9723 JG Groningen, Netherlands). Complianz displays the cookie banner, records user consent choices by category, and ensures that only authorised scripts and third-party services are activated based on the user’s preferences. Consent preferences are stored locally via functional cookies (see Cookie Reference Table for details). No personally identifiable data collected through the consent process is shared with third parties.
When you first visit the Website, the cookie banner allows you to accept or reject non-essential cookies and to manage your preferences by category. Functional cookies are always active and do not require consent. All other categories are activated only upon your explicit consent.
You can modify or withdraw your consent at any time by accessing the Cookie Management link available in the Website footer. Please note that withdrawing consent does not affect the lawfulness of processing carried out prior to withdrawal.
For further information: complianz.io/privacy-statement
20. Cookie Reference Table
The following table lists the main cookies currently used on the Website, their provider, duration, category, and purpose. This list is updated periodically and may not be exhaustive due to the dynamic nature of third-party content.
In addition to cookies, the following third-party technologies store data on your device or transmit data to external servers independently of cookie consent and outside the control of this Website. They are disclosed here for transparency:
– Google reCAPTCHA may write the identifier _grecaptcha to your browser’s local storage on pages where forms are present, independently of your consent choices. Local storage data is not a cookie but functions as a persistent identifier.
– YouTube (via youtube-nocookie.com) may write identifiers such as yt-remote-device-id, yt-icons-last-purged, yt-player-bandwidth, and ytidb::LAST_RESULT_ENTRY_KEY to your browser’s local storage on pages where video content is embedded, independently of your consent choices.
– Google Fonts loads the Poppins font directly from Google’s servers on every page visit. This is not a cookie but causes your IP address to be transmitted to Google LLC as part of a standard HTTP request, independently of your consent choices.
| Cookie Name | Provider | Duration | Category | Purpose |
|---|---|---|---|---|
| cmplz_banner-status | Complianz B.V. | 1 year | Functional | Records the status of the cookie banner (e.g. dismissed) to avoid showing it on every visit |
| cmplz_policy_id | Complianz B.V. | 1 year | Functional | Stores the version ID of the cookie policy at the time consent was given, to detect policy changes and request new consent if needed |
| cmplz_functional | Complianz B.V. | 1 year | Functional | Records whether the user has consented to functional cookies |
| cmplz_preferences | Complianz B.V. | 1 year | Functional | Records whether the user has consented to preference cookies |
| cmplz_statistics | Complianz B.V. | 1 year | Functional | Records whether the user has consented to statistics cookies |
| cmplz_marketing | Complianz B.V. | 1 year | Functional | Records whether the user has consented to third-party content cookies |
| cmplz_consented_services | Complianz B.V. | 1 year | Functional | Stores the list of specific third-party services the user has consented to |
| woocommerce_cart_hash | WooCommerce | Session | Functional | Stores a hash of the cart contents to detect changes and update the cart widget |
| woocommerce_items_in_cart | WooCommerce | Session | Functional | Indicates whether the shopping cart contains items |
| wp_woocommerce_session_* | WooCommerce | 2 days | Functional | Stores the user’s session data including cart contents and checkout information |
| wordpress_logged_in_* | WordPress | Session | Functional | Identifies logged-in WordPress users and session |
| wp-settings-* | WordPress | 1 year | Functional | Stores user interface preferences for the WordPress admin panel |
| woocommerce_recently_viewed | WooCommerce | Session | Functional | Stores the list of recently viewed products to display personalised recommendations on the Website |
| wpo_* | WP-Optimize | Session | Functional | WP-Optimize caching plugin: manages cached page delivery and performance optimisation |
| sbjs_current | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: stores the current traffic source (channel, source, medium) to attribute orders to the correct marketing source. Set on page load as part of WooCommerce core infrastructure, independently of consent |
| sbjs_current_add | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: stores additional data about the current visit (date, entry page, referrer). Set independently of consent |
| sbjs_first | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: stores the first traffic source that brought the user to the Website. Set independently of consent |
| sbjs_first_add | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: stores additional data about the first visit (date, entry page, referrer). Set independently of consent |
| sbjs_session | WooCommerce (SourceBuster.js) | 30 minutes | Functional (set outside consent control) | WooCommerce Order Attribution: tracks the current session pages and current page URL. Set independently of consent |
| sbjs_migrations | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: tracks library version migrations. Set independently of consent |
| sbjs_udata | WooCommerce (SourceBuster.js) | Session | Functional (set outside consent control) | WooCommerce Order Attribution: stores user data including visit count and user agent information. Set independently of consent |
| _GRECAPTCHA | Google LLC (reCAPTCHA) | 6 months | Functional (set outside consent control) | Google reCAPTCHA: stores a token used to distinguish human users from bots. Also written to local storage as _grecaptcha independently of consent |
| __Secure-ENID | Google LLC (reCAPTCHA) | 13 months | Functional (set outside consent control) | Google reCAPTCHA / Google services: used for user preference storage and analytics on Google services. Set by Google infrastructure independently of consent |
| rc::a | Google LLC (reCAPTCHA) | Persistent | Functional (set outside consent control) | Google reCAPTCHA: used to distinguish between humans and bots across sessions |
| rc::b | Google LLC (reCAPTCHA) | Session | Functional (set outside consent control) | Google reCAPTCHA: used to distinguish between humans and bots within a single session |
| rc::c | Google LLC (reCAPTCHA) | Session | Functional (set outside consent control) | Google reCAPTCHA: used to distinguish between humans and bots within a single session |
| _ga | Google LLC (GA4) | 2 years | Statistics | Google Analytics 4: distinguishes unique users via an anonymous identifier |
| _ga_* | Google LLC (GA4) | 2 years | Statistics | Google Analytics 4: persists session state and campaign tracking |
| _gid | Google LLC (GA4) | 24 hours | Statistics | Google Analytics 4: distinguishes users within a single session |
| _gat | Google LLC (GA4) | 1 minute | Statistics | Google Analytics 4: throttles the request rate to limit data collection |
| __Secure-ROLLOUT_TOKEN | Google LLC (YouTube) | 6 months | Functional (set outside consent control) | YouTube: used to launch new features and measure their impact; set by YouTube’s infrastructure via privacy-enhanced mode (youtube-nocookie.com) independently of user consent |
| __Secure-YNID / VISITOR_INFO1_LIVE | Google LLC (YouTube) | 6 months | Functional (set outside consent control) | YouTube: used for analytics and to detect and resolve service issues; also used for personalised recommendations and advertising where applicable. Set by YouTube’s infrastructure independently of user consent |
| __Secure-YEC | Google LLC (YouTube) | 6 months | Functional (set outside consent control) | YouTube: used for analytics and service integrity purposes; set by YouTube’s infrastructure independently of user consent |
| VISITOR_PRIVACY_METADATA | Google LLC (YouTube) | 6 months | Functional (set outside consent control) | YouTube: stores privacy-related metadata associated with the user’s session; set by YouTube’s infrastructure independently of user consent |
| YSC | Google LLC (YouTube) | Session | Functional (set outside consent control) | YouTube: used to track user input and associate actions within a session; set by YouTube’s infrastructure independently of user consent |
| _fbp | Meta Platforms (Facebook Pixel) | 3 months | Third-Party Content | Meta Pixel: identifies browsers for advertising measurement and audience targeting on Facebook and Instagram |
21. Managing Cookies via Browser Settings
In addition to the consent management tool on the Website, you may manage or delete cookies at any time through your browser settings. Most browsers allow you to:
– View and delete individual cookies;
– Block all cookies or only third-party cookies;
– Configure the browser to notify you before cookies are stored.
Please note that disabling cookies may affect the proper functioning of the Website or limit access to certain features. For guidance on cookie management for common browsers:
– Google Chrome: support.google.com/chrome/answer/95647
– Mozilla Firefox: support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
– Safari: support.apple.com/en-us/105082
– Microsoft Edge: support.microsoft.com/en-us/windows/delete-and-manage-cookies
22. Amendments to this Privacy & Cookie Policy
Mediafriends S.r.l. reserves the right to update this Privacy & Cookie Policy at any time to reflect changes in applicable law, processing activities, the technologies used, or the cookies deployed on the Website. The updated version will be published on this page with a revised ‘Last updated’ date.
Users are encouraged to review this page periodically.
