Language. This document is published in English, which is the authoritative version. For an accessibility-friendly version or a Portuguese translation, please email contact@tattoofactory.eu. In case of any discrepancy between translations and the English version, the English version prevails to the maximum extent permitted by mandatory consumer-protection law applicable to you.
This Cookie Policy explains how Trendy Texture Unipessoal Lda(NIF / VAT PT519181816), trading as “Tattoo Factory” (“we”, “us”, “our”) uses cookies and similar technologies on tattoofactory.eu (the “Site”). It complements and forms an integral part of our Privacy Policy.
1. Legal framework
Our use of cookies is governed primarily by:
- Article 5(3) of Directive 2002/58/EC (the “ePrivacy Directive”), as amended;
- Portuguese Law n.º 41/2004 of 18 August (which transposes the ePrivacy Directive), as amended by Law n.º 46/2012;
- Regulation (EU) 2016/679 (the GDPR) for any processing of personal data triggered by a cookie;
- Guidance from the European Data Protection Board (EDPB) and the Portuguese supervisory authority (CNPD).
In line with this framework, we set strictly necessarycookies without consent, and request your consentbefore setting any non-essential cookie or similar technology (functional, analytics, marketing). Consent is collected via the cookie banner shown on your first visit, can be granular per category, and can be withdrawn at any time as easily as it was given (see §6).
2. What is a cookie
A cookie is a small text file placed on your device when you visit a website. We also treat the following as “similar technologies” for the purposes of this Policy:
- localStorage and sessionStorage entries set by the Site or its scripts;
- IndexedDB records;
- Pixel tags / web beacons;
- Fingerprinting techniques, which we do not use;
- SDK identifiers, which we do not use.
Cookies can be:
- First-party — set by tattoofactory.eu itself;
- Third-party — set by another domain whose service is loaded on a page (e.g. Stripe on the checkout page);
- Session — deleted when you close the browser;
- Persistent — retained for a fixed duration.
3. Categories of cookies we use
3.1 Strictly necessary
These cookies are required for the Site to function correctly. Under Article 5(3) of the ePrivacy Directive they are exempt from the consent requirement because they are strictly necessary to provide the service explicitly requested by you. They cannot be switched off in our system.
| Cookie / storage key | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
cartId | Tattoo Factory (first-party) | Identifies your shopping cart between page loads | HTTP cookie | 7 days |
NEXT_LOCALE | Tattoo Factory (first-party) | Remembers your language preference | HTTP cookie | 1 year |
tf_session | Tattoo Factory (first-party) | Authentication session if you sign in | HTTP cookie (HttpOnly, Secure, SameSite=Lax) | Session / up to 30 days when “remember me” is selected |
tf_csrf | Tattoo Factory (first-party) | Cross-site request forgery protection on forms | HTTP cookie | Session |
tf_consent | Tattoo Factory (first-party) | Stores your cookie-banner choices and the date of consent | HTTP cookie | 12 months |
__cf_bm | Cloudflare | Bot management — distinguishes humans from bots, protects against abuse | HTTP cookie (third-party) | 30 minutes |
cf_clearance | Cloudflare | Records that you passed a security challenge | HTTP cookie (third-party) | Up to 1 year |
3.2 Functional
These cookies enable enhanced functionality and personalisation but are not strictly necessary. They are set only with your consent.
| Cookie / storage key | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
recentlyViewed | Tattoo Factory (first-party) | Tracks designs you have viewed for the “recently viewed” row on the home page | localStorage | 30 days |
customizerDraft | Tattoo Factory (first-party) | Auto-saves your in-progress design in the customizer so you can return later | localStorage | Until manually cleared |
3.3 Analytics
We use Google Analytics 4 (GA4), operated by Google Ireland Limited, to understand how visitors use the Site (page views, traffic sources, conversion funnels) in aggregate. GA4 cookies are set only after you grant the “analytics” consent category in our cookie banner. We enable IP anonymisation (anonymize_ip), so your IP address is truncated before storage.
| Cookie | Purpose | Duration |
|---|---|---|
_ga | Distinguishes unique visitors (Google Analytics) | 2 years |
_ga_<id> | Persists session state for the GA4 property | 2 years |
Google may transfer data to Google LLC in the United States. These transfers are covered by the EU–US Data Privacy Framework (Google LLC is certified) and, as a supplementary safeguard, by Standard Contractual Clauses. Because these cookies are read from and stored on your device, they fall within Article 5(3) of the ePrivacy Directive and are set only with your prior consent.
3.4 Marketing
We use the Meta (Facebook) Pixel, operated by Meta Platforms Ireland Limited, to measure the effectiveness of our advertising and to build audiences for remarketing on Meta platforms (Facebook, Instagram). The Pixel and its cookies load only after you grant the “marketing” consent category.
| Cookie | Purpose | Duration |
|---|---|---|
_fbp | Identifies browsers for ad delivery and measurement (Meta) | 3 months |
Meta may transfer data to Meta Platforms, Inc. in the United Statesunder the EU–US Data Privacy Framework and Standard Contractual Clauses. Meta acts as an independent / joint controller for the data collected via the Pixel; see Meta’s Privacy Policy and Cookie Policy. If you withdraw consent, we stop firing new events; cookies already set expire on the schedule above or can be cleared in your browser.
3.5 Tag management
We use Google Tag Manager (Google Ireland Limited) to load and organise the tags described above. Tag Manager itself does not set cookies or collect personal data; it is a delivery mechanism. It runs with Google Consent Mode: storage is denied by default and only enabled for the categories you accept in the banner, so no analytics or marketing tag stores data on your device before consent.
4. Third-party services that may set cookies
The following third-party services may set their own cookies when their components are loaded. They are loaded only on the relevant page or after consent, as indicated:
| Service | Where loaded | Purpose | Their cookie / privacy policy |
|---|---|---|---|
| Stripe | Checkout pages only | Card-payment processing, anti-fraud | stripe.com/cookies-policy/legal |
| PayPal | If PayPal is selected at checkout | Payment processing, fraud prevention | paypal.com/legalhub |
| Cloudflare | Site-wide (CDN, DDoS protection) | Network security, performance | cloudflare.com/privacypolicy |
Where a third-party service sets cookies that are not strictly necessary, we load that service only after you have given consent for the relevant category.
5. How long cookies last
The duration of each cookie is shown in the tables above. Session cookies are deleted when you close your browser; persistent cookies remain until they expire or you delete them. We never set a non-essential cookie that lasts more than 12 months without renewing your consent.
6. How to manage your preferences
You can manage cookies in three ways:
- Cookie banner— shown on your first visit. Use “Accept all”, “Reject all”, or “Customise” to choose categories. Refusing non-essential cookies has no negative consequence and is as easy as accepting.
- Cookie settings link — at the bottom of every page. Open it at any time to change your choices. Withdrawing consent is as easy as giving it.
- Browser settings — most browsers let you delete or block cookies for a specific site or all sites. See: Chrome, Firefox, Safari, Edge.
Note: blocking strictly-necessary cookies will break key features of the Site (cart, login, language, security challenges).
7. Do Not Track
Some browsers send a “Do Not Track” (DNT) signal. There is no industry consensus on how to interpret DNT, and it is not a legally recognised consent mechanism in the EU. Because we already operate on a strict opt-in basis for non-essential cookies, our Site behaves the same regardless of the DNT signal. If a future legal standard (e.g. ADPC / Global Privacy Control) is endorsed by EU authorities, we will respect it.
8. Records of consent
When you set cookie preferences, we store the date of the action, the categories accepted/rejected, and the version of this Policy in effect at that moment, as proof of consent (Article 7(1) GDPR). This record is retained for 12 months and used only to prove compliance.
9. Changes to this Policy
We update this page whenever the cookies we use change. The latest version is always available here, marked with the “Last updated” date above. Material changes are announced through the cookie banner the next time you visit, and — where required — fresh consent is requested.
10. Contact
Questions about cookies? Email contact@tattoofactory.eu or write to Trendy Texture Unipessoal Lda, Largo Barão de São Martinho, nº 13, 4º, sala H, 4700-306 Braga, Portugal.