Cookie Policy
Last updated: 28 April 2026
This policy is issued pursuant to Articles 13 and 14 of EU Regulation 2016/679 ("GDPR"), Article 5(3) of EU Directive 2002/58/EC ("ePrivacy") and the Italian Garante's "Guidelines on cookies and other tracking tools" of 10 June 2021 (no. 231), and describes in detail how myorganics.com uses cookies and similar technologies.
Table of contents
- Data Controller
- Definitions: cookies and similar technologies
- Categories of cookies used
- Legal bases for processing
- Third-party services
- International data transfers
- Consent management
- How to manage cookies in your browser
- User rights
- Legal references
- Changes to this policy
1. Data Controller
The Data Controller is SMÀ Srl, VAT no. 03547050249, with registered office at Via Bianche 3, 36010 Schio (VI), Italy, reachable at support@myorganics.com.
2. Definitions: cookies and similar technologies
2.1 HTTP Cookies
Cookies are small text files that visited websites send to the user's device, where they are stored to be retransmitted to the same websites on subsequent visits.
- Session cookies: deleted when the browser is closed.
- Persistent cookies: stored until their expiration date or manual deletion.
- First-party cookies: set directly by myorganics.com.
- Third-party cookies: set by operators other than the Controller (e.g. Google, Meta).
2.2 Similar technologies
In addition to HTTP cookies, the website may use:
- Web beacons / tracking pixels: small transparent images embedded in pages or emails that allow detection of the opening, IP address and browser used.
- Local Storage / Session Storage: HTML5 client-side storage mechanisms, similar to cookies but with greater capacity.
- Third-party SDKs: JavaScript libraries loaded by the browser that may collect navigation data.
- Fingerprinting: device identification technique based on browser/system characteristics; not used by myorganics.com.
3. Categories of cookies used
3.1 Strictly necessary cookies
Essential for the proper functioning of the website (session management, cart, authentication, security, storage of consent choices). Do not require user consent under Article 5(3) ePrivacy Directive (final sentence exception).
| Name | Provider | Type | Purpose | Duration |
|---|---|---|---|---|
PrestaShop-* | SMÀ Srl (first-party) | HTTP | Stores user session, cart and authentication state. | Session / up to 480 days |
cookiesplus | SMÀ Srl (first-party) | HTTP | Stores the cookie consent choices made by the user. | 365 days |
3.2 Preference cookies
Store user choices (language, currency) to improve the experience. Require consent under Art. 6(1)(a) GDPR.
| Name | Provider | Type | Purpose | Duration |
|---|---|---|---|---|
iqitlanguage / iqitcurrency | SMÀ Srl (first-party) | HTTP | Stores the language and currency preferences chosen by the user. | 1 year |
3.3 Statistics cookies
Used to analyse visitor behaviour in aggregate form. Require consent under Art. 6(1)(a) GDPR.
| Name | Provider | Type | Purpose | Duration |
|---|---|---|---|---|
_ga | Google Ireland Ltd. (third-party) | HTTP | Distinguishes unique users by assigning a randomly generated client identifier. GA4 property G-EFRWBJ3YFH. | 2 years |
_ga_EFRWBJ3YFH | Google Ireland Ltd. (third-party) | HTTP | Persists session state for the specific Google Analytics 4 property. | 2 years |
3.4 Marketing / profiling cookies
Used to display advertising relevant to the user's interests and measure campaign effectiveness. Require consent under Art. 6(1)(a) GDPR.
| Name | Provider | Type | Purpose | Duration |
|---|---|---|---|---|
_gcl_au | Google Ireland Ltd. (third-party) | HTTP | Used by Google Ads to measure ad effectiveness. Conversion ID AW-931356265. | 90 days |
IDE | Google Ireland Ltd. – DoubleClick (third-party) | HTTP | Records and reports user actions after viewing or clicking an ad to measure its effectiveness. | 13 months |
_fbp | Meta Platforms Ireland Ltd. (third-party) | HTTP | Used by Meta (Facebook/Instagram) for advertising and conversion measurement of Pixel ID 1769735723759274. | 90 days |
fr | Meta Platforms Ireland Ltd. (third-party) | HTTP | Used by Meta to deliver, measure and improve the relevance of ads. | 3 months |
_fbc | Meta Platforms Ireland Ltd. (third-party) | HTTP | Stores the last-click ad identifier (fbclid parameter) for attribution purposes. | 90 days |
The list is updated based on periodic scans. Additional cookies set by third parties not listed may occasionally appear: in such case, please report to support@myorganics.com.
4. Legal bases for processing
| Category | Legal basis | Consent required |
|---|---|---|
| Strictly necessary cookies | Art. 6(1)(f) GDPR (legitimate interest) + Art. 5(3) ePrivacy Directive | No |
| Preference cookies | Art. 6(1)(a) GDPR (consent) | Yes |
| Statistics cookies | Art. 6(1)(a) GDPR (consent) | Yes |
| Marketing cookies | Art. 6(1)(a) GDPR (consent) + Art. 7 GDPR | Yes, explicit and granular |
5. Third-party services
Third-party cookies are set directly by the providers of the following services, each acting as an independent data controller:
5.1 Google Analytics 4 (Google Ireland Ltd.)
- Service type: Statistics / traffic analysis
- GA4 property:
G-EFRWBJ3YFH - EU registered office: Gordon House, Barrow Street, Dublin 4, Ireland
- Privacy policy: policies.google.com/privacy
- Opt-out: tools.google.com/dlpage/gaoptout
5.2 Google Ads (Google Ireland Ltd.)
- Service type: Marketing / remarketing / conversion measurement
- Conversion account ID:
AW-931356265 - Privacy policy: policies.google.com/privacy
- Ad personalization: adssettings.google.com
5.3 Meta Pixel (Meta Platforms Ireland Ltd.)
- Service type: Marketing / remarketing / conversion measurement on Facebook and Instagram
- Pixel ID:
1769735723759274 - EU registered office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Privacy policy: facebook.com/policy.php
- Opt-out: facebook.com/ads/preferences
5.4 Google Tag Manager (Google Ireland Ltd.)
- Service type: Tag management system (does not set analytics cookies itself but loads the GA4/Ads/Meta scripts listed above)
- Container ID:
GTM-TS9272VH - Privacy policy: policies.google.com/privacy
6. International data transfers
Some of the third-party services listed above belong to multinational groups headquartered in the United States (Google LLC and Meta Platforms Inc.). Personal data transfers outside the EU are made in compliance with Articles 44-49 GDPR, on the basis of:
- EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023) — both providers are certified;
- Standard Contractual Clauses (Implementing Decision EU 2021/914) approved by the European Commission, with supplementary technical and organisational measures where required.
The user may request a copy of the SCCs and transfer impact assessments by writing to support@myorganics.com.
7. Consent management
7.1 How to grant consent
On first access to the website, a consent banner is shown allowing the user to:
- Accept all cookies;
- Reject all non-strictly-necessary cookies;
- Customise preferences by granting or denying consent for each category.
Consent is given through a positive and unambiguous action; scrolling, continued navigation or closing the banner without choosing do not constitute consent.
7.2 Consent storage
Choices made are stored in the technical cookie cookiesplus (365-day duration). After this period, or in case of substantial changes to the website or to the processing, a new consent will be requested.
7.3 How to change or withdraw consent
The user may, at any time:
- Reopen the consent management panel by clicking the "Cookie preferences" button at the bottom-right of every page;
- Delete the
cookiespluscookie from the browser to receive the banner again on the next visit; - Configure the browser to block or delete cookies (see next section).
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
8. How to manage cookies in your browser
Major browsers allow viewing, managing, deleting and blocking cookies. Procedures are described on the providers' official pages:
- Google Chrome: support.google.com/chrome/answer/95647
- Mozilla Firefox: support.mozilla.org
- Apple Safari: support.apple.com (macOS) – iOS
- Microsoft Edge: support.microsoft.com
- Opera: help.opera.com
The user can also use collective opt-out tools such as YourOnlineChoices.eu (EDAA network) and NAI Opt-out. Disabling strictly necessary cookies may impair the website's functionality.
9. User rights
You have the right, at any time, to:
- access your data (Art. 15 GDPR);
- request rectification (Art. 16) or erasure (Art. 17);
- request restriction of processing (Art. 18);
- object to processing, in particular for direct marketing (Art. 21);
- receive your data in a portable format (Art. 20);
- withdraw consent at any time (Art. 7(3));
- lodge a complaint with the competent supervisory authority.
To exercise these rights, write to support@myorganics.com. A response will be provided within 30 days from receipt of the request, save for justified extension under Art. 12(3) GDPR.
10. Legal references
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR");
- Italian Legislative Decree 30 June 2003, no. 196 ("Personal Data Protection Code"), as amended by Legislative Decree 101/2018;
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 ("ePrivacy"), as amended by Directive 2009/136/EC;
- Italian Garante Provision of 10 June 2021, no. 231, "Guidelines on cookies and other tracking tools";
- EDPB Guidelines 03/2022 on consent patterns (version 2.0 of 14 February 2023);
- Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (Standard Contractual Clauses);
- EU Commission adequacy decision of 10 July 2023 (EU-US Data Privacy Framework).
11. Changes to this policy
The Controller reserves the right to update this policy to reflect regulatory changes, modifications to the third-party services used, or the introduction/removal of cookies. The latest update date is shown at the top of the document. In case of substantial changes to tracking tools or purposes, the Controller will request new consent by reopening the banner.