Cookie Policy
Last updated: 11/23/2025
January 2025
1. Introduction
This Cookie Policy explains how Joalys UK Ltd ('Joalys', 'we', 'our' or 'us') uses cookies and similar technologies when you visit our website and use our services. This policy should be read in conjunction with our Privacy Policy, which explains how we collect, use and protect your personal data.
Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and provide information to website owners.
We are committed to being transparent about how we use cookies and giving you control over your cookie preferences in compliance with UK GDPR, EU GDPR (ePrivacy Directive), and applicable international data protection regulations.
2. By Duration
Session Cookies
These are temporary cookies that expire when you close your browser. They enable you to navigate through our website efficiently.
Persistent Cookies
These cookies remain on your device for a set period (specified in the cookie) or until you manually delete them. They remember your preferences and actions across multiple visits.
3. By Purpose
3.1 1. Strictly Necessary Cookies (Essential)
These cookies are essential for the website to function properly and cannot be disabled. They enable core functionality such as security, authentication, and network management.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) - These cookies are necessary for the provision of the service you have explicitly requested.
Consent: Not required under PECR Regulation 6(1) as they are strictly necessary.
Examples of essential cookies we use:
- •Supabase Authentication Cookies: Session management and user authentication (sb-access-token, sb-refresh-token)
- •Security cookies: CSRF protection, secure session tokens
- •Load balancing cookies: Distribute requests across servers for optimal performance
- •Cookie consent preferences: Remember your cookie consent choices
Retention period: Session cookies expire when you close your browser; persistent authentication cookies typically expire after 7-30 days depending on your 'Remember Me' selection.
3.2 2. Functional Cookies (Preference)
These cookies allow our website to remember choices you make (such as your language, currency, or region) to provide enhanced, personalized features.
Legal basis: Consent (Article 6(1)(a) GDPR)
Examples of functional cookies we use:
- •Language preference: Remember your selected display language
- •Currency selection: Save your preferred currency for pricing display
- •View mode: Remember your preference for grid/list view in catalog
- •Timezone settings: Display times in your local timezone
Retention period: Typically 12 months
3.3 3. Analytics and Performance Cookies
These cookies collect information about how visitors use our website, such as which pages are visited most often, user journey paths, and any error messages. All information collected is aggregated and anonymized.
Legal basis: Consent (Article 6(1)(a) GDPR)
Purpose: To analyze website performance, understand user behavior, and improve our services.
Third-party analytics services we use:
- •Google Analytics 4 (GA4): Tracks website traffic, user demographics, behavior flow, and engagement metrics. Cookies: _ga, _ga_*, _gid. Data is anonymized where possible and retained for 14 months.
- •Microsoft Clarity: Session recording and heatmaps to understand user interactions. Cookies: _clck, _clsk, CLID, ANONCHK, MR, MUID. Data retention: 1 year.
- •Supabase Analytics: First-party analytics for application performance monitoring and error tracking.
Data transfers: Google Analytics and Microsoft Clarity may transfer data to the United States. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.
You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Retention period: Analytics cookies typically expire after 14-24 months
3.4 4. Marketing and Targeting Cookies (Advertising)
These cookies are used to deliver advertisements relevant to you and your interests. They track your browsing activity across websites and are used to build a profile of your interests to show you relevant ads.
Legal basis: Consent (Article 6(1)(a) GDPR)
Purpose: To display personalized advertisements, measure ad campaign effectiveness, and prevent showing you the same ads repeatedly.
Third-party advertising services we use:
- •Facebook Pixel: Tracks conversions from Facebook ads, builds custom audiences, and enables retargeting. Cookies: _fbp, fr. Data retention: 90 days for Pixel data.
- •Google Ads (formerly AdWords): Conversion tracking and remarketing for Google advertising campaigns. Cookies: _gcl_au, IDE, test_cookie. Data retention: 90 days for conversion data.
- •Google Tag Manager: Manages marketing and analytics tags. Cookie: _gat.
- •Stripe Marketing Cookies: If integrated, may track payment-related interactions for fraud prevention and marketing optimization.
Data transfers: These services may transfer data to the United States and other jurisdictions. We rely on Standard Contractual Clauses (SCCs), adequacy decisions, and service provider commitments to data protection.
Your control: You can opt out of personalized advertising:
- •Facebook: https://www.facebook.com/settings?tab=ads
- •Google: https://adssettings.google.com
- •European Interactive Digital Advertising Alliance: http://www.youronlinechoices.eu/
- •Network Advertising Initiative: http://www.networkadvertising.org/choices/
- •Digital Advertising Alliance: http://www.aboutads.info/choices/
Retention period: Marketing cookies typically expire after 90 days to 2 years
3.5 5. Payment and Fraud Prevention Cookies
These cookies are used by our payment processors (Stripe, PayPal) to process transactions securely and prevent fraudulent activity.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and contractual necessity (Article 6(1)(b) GDPR)
Payment providers:
- •Stripe: Uses cookies for fraud detection, secure payment processing, and PCI-DSS compliance. Cookies may include: __stripe_mid, __stripe_sid, m (fraud prevention).
- •PayPal: Session management and fraud prevention for PayPal transactions. Cookies managed by PayPal's privacy policy.
These cookies are essential for secure transaction processing and fraud prevention. They cannot be disabled if you wish to make purchases on our platform.
For detailed information, review:
- •Stripe Cookie Policy: https://stripe.com/cookies-policy/legal
- •PayPal Privacy Statement: https://www.paypal.com/webapps/mpp/ua/privacy-full
Retention period: Varies by provider; typically session-based or up to 1 year
4. Detailed Cookie Table
Below is a comprehensive list of cookies used on our website:
| Cookie Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| sb-access-token | Supabase (First-party) | User authentication and session management | Essential | 1 hour (auto-renewed) |
| sb-refresh-token | Supabase (First-party) | Refresh authentication session | Essential | 30 days or until logout |
| cookie-consent | Joalys (First-party) | Stores your cookie consent preferences | Essential | 12 months |
| _ga | Google Analytics | Distinguishes unique users for analytics | Analytics | 2 years |
| _ga_* | Google Analytics 4 | Stores and counts page views | Analytics | 2 years |
| _gid | Google Analytics | Distinguishes users for 24-hour analytics | Analytics | 24 hours |
| _clck | Microsoft Clarity | Persists Clarity User ID for session recording | Analytics | 1 year |
| _clsk | Microsoft Clarity | Connects multiple page views in a session | Analytics | 1 day |
| CLID | Microsoft Clarity | Identifies first-time visitors | Analytics | 1 year |
| _fbp | Facebook Pixel | Tracks visits and conversions from Facebook ads | Marketing | 3 months |
| fr | Enables ad delivery and retargeting | Marketing | 3 months | |
| _gcl_au | Google Ads | Stores and tracks conversions from Google Ads | Marketing | 3 months |
| IDE | Google DoubleClick | Serves targeted advertisements | Marketing | 13 months |
| __stripe_mid | Stripe | Fraud prevention and detection | Payment | 1 year |
| __stripe_sid | Stripe | Fraud prevention (session) | Payment | 30 minutes |
5. Similar Technologies
In addition to cookies, we may use other similar technologies:
5.1 Web Beacons (Pixel Tags)
Small transparent images embedded in web pages or emails to track user activity, email opens, and campaign effectiveness. Used by Google Analytics, Facebook Pixel, and email marketing services.
5.2 Local Storage and Session Storage
HTML5 browser storage that allows websites to store data locally on your device. Used for application state management, user preferences, and offline functionality. Unlike cookies, this data is not automatically transmitted to servers.
5.3 Device Fingerprinting
We do NOT use device fingerprinting techniques. However, our payment processors (Stripe) may use non-invasive fingerprinting for fraud prevention purposes only.
5.4 Third-Party SDKs and APIs
We integrate third-party services (Supabase, Stripe, PayPal) that may use their own tracking technologies. These are governed by their respective privacy policies.
6. Legal Basis for Cookie Processing
We process cookie data under the following legal bases as defined by GDPR Article 6:
- •Consent (Article 6(1)(a)): For functional, analytics, and marketing cookies, we obtain your explicit, freely-given consent via our cookie consent banner before placing these cookies on your device.
- •Legitimate Interest (Article 6(1)(f)): For strictly necessary cookies, security cookies, and fraud prevention cookies, we rely on our legitimate interest in operating a secure and functional website.
- •Contractual Necessity (Article 6(1)(b)): For authentication and payment processing cookies essential to fulfill our contract with you when you create an account or make a purchase.
We comply with the EU ePrivacy Directive (2002/58/EC) and UK Privacy and Electronic Communications Regulations (PECR), which require consent for non-essential cookies before they are placed on your device.
7. International Data Transfers
Some of our third-party service providers (Google, Facebook, Microsoft, Stripe) are based in the United States or other countries outside the European Economic Area (EEA) and United Kingdom.
We ensure appropriate safeguards are in place:
- •Standard Contractual Clauses (SCCs) approved by the European Commission
- •Adequacy decisions recognizing equivalent data protection in certain countries
- •Service provider commitments to GDPR-equivalent data protection standards
- •Data Processing Agreements (DPAs) with all third-party processors
Your rights: You have the right to object to international transfers and request details of the safeguards in place by contacting us at privacy@joalys.com
8. How to Manage and Control Cookies
You have several options to manage and control cookies:
8.1 1. Cookie Consent Banner (Recommended)
When you first visit our website, you will see a cookie consent banner. You can:
- •Accept all cookies
- •Reject non-essential cookies (only essential cookies will be used)
- •Customize your preferences by category (essential, functional, analytics, marketing)
- •Change your preferences at any time by clicking the 'Cookie Settings' link in the footer
8.2 2. Browser Settings
You can configure your browser to block or delete cookies. However, this may affect website functionality:
- •Google Chrome: https://support.google.com/chrome/answer/95647
- •Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- •Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- •Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- •Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Warning: Blocking all cookies will prevent you from logging in and using core features of our platform.
8.3 3. Third-Party Opt-Out Tools
You can opt out of targeted advertising from participating companies:
- •Google Ads Settings: https://adssettings.google.com
- •Facebook Ad Preferences: https://www.facebook.com/settings?tab=ads
- •Your Online Choices (EU): http://www.youronlinechoices.eu/
- •NAI Opt-Out (US): http://www.networkadvertising.org/choices/
- •DAA Opt-Out (US): http://www.aboutads.info/choices/
8.4 4. Do Not Track (DNT) Signals
Currently, there is no industry-wide standard for recognizing DNT signals. We do not respond to DNT browser settings at this time. However, you can use the cookie consent banner to opt out of tracking cookies.
9. Consequences of Disabling Cookies
If you choose to block or delete cookies, certain features of our website may not function properly:
- •Essential cookies: You will not be able to log in, maintain your session, or make purchases.
- •Functional cookies: Your preferences (language, currency, view mode) will not be saved between visits.
- •Analytics cookies: We will not be able to measure and improve website performance, but this will not affect your user experience.
- •Marketing cookies: You will still see advertisements, but they may be less relevant to your interests.
We recommend keeping essential and functional cookies enabled for the best user experience.
10. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
Material changes: For significant changes, we will notify you by:
- •Displaying a prominent notice on our website
- •Sending an email notification to registered users
- •Updating the 'Last Updated' date at the top of this policy
If changes require new consent under GDPR or PECR, we will obtain your consent before placing any new non-essential cookies.
We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies.
11. Your Data Protection Rights
In relation to data collected via cookies, you have the following rights under GDPR:
- •Right to access: Request a copy of cookie data we hold about you
- •Right to rectification: Correct inaccurate cookie data
- •Right to erasure: Request deletion of your cookie data
- •Right to restriction: Limit how we process your cookie data
- •Right to object: Object to processing based on legitimate interests
- •Right to data portability: Receive your cookie data in a structured format
- •Right to withdraw consent: Withdraw cookie consent at any time without affecting prior processing
To exercise these rights, please contact us at privacy@joalys.com or use the cookie consent banner to manage your preferences.
Right to lodge a complaint: If you believe we have not handled your cookie data properly, you have the right to lodge a complaint with your national data protection authority:
- •UK: Information Commissioner's Office (ICO) - https://ico.org.uk/make-a-complaint/
- •EU: Find your national authority - https://edpb.europa.eu/about-edpb/board/members_en
12. Contact Us
If you have any questions, concerns, or requests regarding this Cookie Policy or our use of cookies, please contact us:
Joalys Group
Email: privacy@joalys.com
Data Protection Officer: dpo@joalys.com
Postal Address:
Joalys UK Ltd, 4th Floor Office, 205 Regent Street, London W1B 4HB, England (Company No. 16757466) | Joalys Paris (Private) Limited, Colombo, Sri Lanka (Company No. PV 00332989)
Website: www.joalys.com
We will respond to your inquiry within 30 days in accordance with GDPR requirements.
13. Third-Party Privacy Policies
For more information about how our third-party service providers use cookies and process data, please review their privacy policies:
- •Supabase: https://supabase.com/privacy
- •Google Analytics: https://policies.google.com/privacy
- •Microsoft Clarity: https://privacy.microsoft.com/en-us/privacystatement
- •Facebook: https://www.facebook.com/privacy/explanation
- •Stripe: https://stripe.com/privacy
- •PayPal: https://www.paypal.com/webapps/mpp/ua/privacy-full