Cookie Policy

Data Controller

The Data Controller is BEAUTY DEF S.R.L., with registered office at Viale Montello 7, 20154 Milan (MI), Italy, VAT ID 08968280969 ("BEAUTY DEF", "ISARO", "we", "us" or the "Company").

Contact: service@beautydef.it.

What This Policy Covers

This Cookie Policy explains how ISARO uses cookies and similar technologies on the ISARO online shop.

Cookies and similar technologies may collect or store information such as device identifiers, browser information, IP address, language preference, cart status, account/session state, cookie consent choices, pages viewed, products viewed and interactions with the site.

This Policy should be read together with our Privacy Policy.

What Cookies Are

Cookies are small text files stored on your device by a website or by third-party services used by that website. They allow the website to remember information about your visit, such as your language, cart, login session or consent choices.

Session cookies are deleted when you close your browser. Persistent cookies remain on your device for a defined period or until you delete them.

Similar technologies, such as pixels, tags, local storage and scripts, may perform similar functions and are covered by this Policy.

Categories of Cookies We Use

Strictly necessary cookies are required for the website to work. They support functions such as cart, checkout, account login, security, language routing and storing your cookie preferences. They do not require your consent.
Analytics cookies help us understand how visitors use the site, including pages viewed, products viewed, interactions and technical performance. They are only activated if you consent to analytics cookies.
Marketing cookies may be used to measure advertising campaigns, manage advertising pixels or support similar marketing tools. At the date of this Policy, no separate advertising pixel has been confirmed in the production Google Tag Manager container. This category is kept available so future marketing tags remain disabled unless consent is given.
Profiling and personalization cookies may be used for session insight, heatmaps or behavioral analytics to improve the website experience. They are only activated if you consent to profiling or personalization cookies.

Cookies and Similar Technologies Used on This Site

The following cookies and similar technologies are used or may be activated on this site according to your consent choices.

Name	Provider	Purpose	Duration	Type	Legal basis
isaro_cookie_consent	ISARO / CookieConsent	Stores your cookie consent choices and proof of acceptance or refusal.	180 days	First-party necessary cookie	Necessary to store consent preferences and comply with legal obligations.
cartId	ISARO / Shopify Storefront integration	Stores the shopping cart identifier so that the cart can be maintained during browsing.	14 days	First-party necessary cookie	Necessary to provide the service requested by the user.
NEXT_LOCALE	ISARO / Next.js	Stores the user's language preference.	Session or browser-controlled duration, depending on browser settings.	First-party necessary cookie	Necessary or legitimate interest in remembering the user's language preference.
customerAccessToken, customerRefreshToken, customerIdToken, customerTokenExpiresAt, oauth_state, oauth_code_verifier, oauth_nonce	ISARO / Shopify Customer Account	Supports customer account login, authentication, account security and session continuity.	Access token: 30 days; refresh token: 60 days; ID token: 60 days; expiry marker: 30 days; temporary OAuth state, nonce and code-verifier cookies: approximately 10 minutes.	First-party necessary cookie	Necessary to provide the customer account service requested by the user and to ensure security.
_ga	Google Analytics 4 / Google Ireland Limited	Used to distinguish users and measure site usage.	2 years by Google default, subject to browser limits.	First-party analytics cookie	User consent.
_ga_<container-id>	Google Analytics 4 / Google Ireland Limited	Used to persist session state.	2 years by Google default, subject to browser limits.	First-party analytics cookie	User consent.
Google Tag Manager	Google Tag Manager / Google Ireland Limited	Tag management container used to load and manage approved tags after the relevant consent category is accepted. In the current production setup, the GTM container is retained for tag management, while GA4 and Microsoft Clarity loading is controlled by the website consent code. GTM itself does not set regular visitor cookies; cookies may be set by tags loaded through it.	Not applicable.	Tag management tool	User consent.
No separate marketing pixel cookie currently confirmed	ISARO / Google Tag Manager	No separate marketing or advertising pixel cookie is currently confirmed from the active production Google Tag Manager setup.	Not applicable.	Marketing category placeholder	User consent if future marketing tags are added.
_clck	Microsoft Clarity / Microsoft Ireland Operations Limited	Persists the Clarity user ID and preferences for this site.	Commonly 1 year / 13 months.	First-party profiling/analytics cookie	User consent.
_clsk	Microsoft Clarity / Microsoft Ireland Operations Limited	Connects multiple page views into a single Clarity session recording.	Commonly 1 day / 24 hours.	First-party profiling/analytics cookie	User consent.
CLID	Microsoft Clarity / Microsoft Corporation	Identifies the first time Clarity saw this user on any site using Clarity.	Commonly 1 year / 13 months.	Third-party profiling/analytics cookie	User consent.
ANONCHK	Microsoft Clarity / Microsoft Corporation	Indicates whether MUID is transferred to ANID. Microsoft states this is set to 0 for Clarity.	Commonly 10 minutes.	Third-party cookie	User consent.
MR	Microsoft Clarity / Microsoft Corporation	Indicates whether to refresh MUID.	Commonly 7 days.	Third-party cookie	User consent.
MUID	Microsoft Clarity / Microsoft Corporation	Identifies unique web browsers visiting Microsoft sites for advertising, site analytics and operational purposes.	Commonly 1 year / about 390 days.	Third-party cookie	User consent.
SM	Microsoft Clarity / Microsoft Corporation	Synchronizes MUID across Microsoft domains.	Session.	Third-party cookie	User consent.

How Consent Works

When you first visit the site, a cookie banner allows you to accept all optional cookies, reject all optional cookies, or manage your preferences by category.

Strictly necessary cookies are always active because they are required for the website to work.

Analytics, marketing, profiling and personalization cookies remain disabled unless you actively consent to the relevant category. Closing the banner, scrolling the page or continuing to browse is not treated as consent.

You can change or withdraw your consent at any time by using the "Cookie settings" link in the footer of the website.

If you withdraw consent, the website attempts to stop the relevant optional scripts and clear related optional cookies.

Browser Cookie Settings

You can also manage or delete cookies from your browser settings. If you block all cookies, some parts of the website may not work correctly.

Chrome cookie settings Safari cookie settings Firefox cookie settings Microsoft Edge cookie settings Opera cookie settings

Data Recipients

Authorized employees and collaborators of BEAUTY DEF S.R.L.
Website, hosting, security and infrastructure providers.
Shopify and related storefront, checkout or customer account service providers.
Google Ireland Limited, where analytics consent or GTM-related consent is given.
Microsoft Ireland Operations Limited and Microsoft Corporation, where profiling/personalization consent is given.
Professional advisers or authorities where required by law.
External providers may act as processors under Article 28 GDPR or, in some cases, as independent controllers, depending on their role and their own terms.

International Transfers

Some service providers may process personal data outside the European Economic Area, including in countries that may not offer the same level of data protection.

Where required, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments or other safeguards provided by GDPR.

This may apply in particular to Shopify, Google, Microsoft, Cloudflare and other infrastructure or analytics providers used to operate and protect the website.

Your Rights

You may request access, rectification, erasure, restriction, portability and objection to processing of your personal data, where applicable under GDPR.

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, contact: service@beautydef.it.

You also have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali.

Italian Data Protection Authority

Updates

We may update this Cookie Policy when the website, cookies, providers or legal requirements change. The latest version will be published on this page.