Cookie Policy
Log in / Create account

Country

Cart

Your cart is empty

Cookie Policy

The Alchemist's Sanctuary™
Copenhagen, Denmark
Effective Date: 1 October 2025

Introduction

This Cookie Policy (the "Policy") delineates the principles and practices employed by The Alchemist's Sanctuary™, a sole proprietorship (Enkeltmandsvirksomhed) duly registered in the Kingdom of Denmark under Central Business Register CVR/VAT: DK40801448, operating from Copenhagen, Denmark within the EU VAT zone (the "Company," "we," "us," or "our"), in relation to the use of cookies and analogous tracking technologies on our website accessible at https://www.thealchemistsanctuary.com (the "Website").

The Alchemist's Sanctuary™ is an established creative brand name and identity in continuous use since 2016 across digital, social, and publishing platforms. The name, logo, and related creative assets constitute protected intellectual property under Danish and international copyright and unfair competition law. The domain thealchemistsanctuary.com is officially registered and forms part of the business's intellectual property portfolio, along with verified social media accounts (Facebook, Instagram, Pinterest, LinkedIn, YouTube, Tiktok). These collectively represent the official brand presence. The Alchemist's Sanctuary™ covers current and future creative activities, including fine art prints, publishing, digital media, homeware, fashion, and other derivative works produced under the same trade identity. References to original artworks indicate use under Creative Commons CC0 1.0 Universal Public Domain Dedication or equivalent open-archive license. All AI tools are used solely to assist with restoration, research, and communication. Final artworks remain human-directed and original. No customer data or artwork is ever used for AI training, resale, or data-sharing purposes.

As the data controller for personal data processed via the Website, we are committed to ensuring transparency, accountability, and compliance with applicable data protection and electronic communications legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Directive 2002/58/EC (as amended by Directive 2009/136/EC, the "ePrivacy Directive"), and the Danish Marketing Practices Act (Markedsføringsloven). This Policy supplements our Privacy Policy and forms an integral part of our Terms of Service.

By accessing the Website, you acknowledge and consent to the deployment and processing of cookies and similar technologies as described herein, subject to your rights to withdraw consent, object, or configure preferences via our consent management tools or browser settings. In the event of any inconsistency between this Policy and our Privacy Policy, the provisions of the Privacy Policy shall prevail. For full details about how we use and protect your data, see our Privacy Policy. Our website uses Shopify's built-in cookie management system. You can manage your cookie preferences through the banner or your browser settings.

Article 1: Definitions and Scope

Key Defined Terms

For the purposes of this Policy:

  • "Cookies": Small text files or data packets comprising unique identifiers, stored on your device (e.g., computer, tablet, or mobile) by the Website or third-party services, enabling the recognition and tracking of user interactions.
  • "Similar Technologies": Analogous mechanisms, including but not limited to web beacons, pixels, local storage objects, and embedded scripts, that perform comparable functions to cookies.
  • "Personal Data": Information relating to an identified or identifiable natural person, as defined under Article 4(1) GDPR.
  • "User" or "you/your": Any individual accessing or interacting with the Website.
  • "Third-Party Service Providers": External entities authorized to place cookies on the Website, such as Shopify, Inc., Klaviyo, Inc., Meta Platforms, Inc., and Pinterest, Inc.

1.2 Scope of Application

This Policy applies to all cookies and similar technologies deployed by or on behalf of the Company via the Website. It does not extend to third-party websites linked from the Website, which are governed by their respective policies. We process cookie data in accordance with the data minimisation and purpose limitation principles (Article 5(1)(b) and (c) GDPR).

Article 2: Purpose and Functionality of Cookies

Cookies and similar technologies serve to enhance the Website's performance, facilitate user interactions, and support our legitimate business objectives. They enable:

  • Maintenance of essential functionalities, such as secure navigation and transaction processing;
  • Analysis of aggregate usage patterns to optimize user experience and Website efficacy;
  • Personalization of content and services based on user preferences; and
  • Delivery of targeted advertising while respecting consent requirements.

Without cookies, certain features (e.g., shopping cart persistence) may be impaired. All processing activities are documented in our records of processing activities ("ROPA") and subject to periodic review for necessity and proportionality.

Article 3: Categories of Cookies Deployed

We classify cookies according to their purpose and duration, in alignment with the guidelines of the European Data Protection Board (EDPB) and Shopify standards: Essential, Analytics, Marketing, Preferences. Deployment of non-essential cookies requires your prior, informed consent, obtained via granular preference mechanisms. Shopify's built-in cookie banner functions correctly across all EU regions.

3.1 Essential/Strictly Necessary Cookies

These cookies are indispensable for the provision of the Website and Services, ensuring core operability without which requested functionalities cannot be delivered. They are exempt from consent requirements under Article 5(3) ePrivacy Directive (as interpreted by national authorities) and are processed on the basis of contractual necessity (Article 6(1)(b) GDPR).

Examples:

  • Session management cookies for cart functionality and secure checkout (deployed by Shopify).
  • Authentication tokens for accessing restricted areas.

3.2 Analytics Cookies

Analytics Cookies facilitate aggregated, pseudonymized data collection on Website usage to monitor performance and improve functionality. This Website uses Shopify's internal analytics tools for traffic volume, page views, and bounce rates (no third-party tools such as Google Analytics are employed). Data is anonymized or pseudonymized where possible and processed according to GDPR safeguards.

Examples:

  • Shopify's internal analytics tools for traffic volume, page views, and bounce rates (no third-party tools such as Google Analytics are employed).

3.3 Preferences/Functionality Cookies

These store user-selected preferences to deliver a tailored browsing experience, enhancing accessibility and usability without compromising privacy. Processing is grounded in legitimate interests (Article 6(1)(f) GDPR).

Examples:

  • Localization cookies for language and currency selection (via Shopify or Transtor integrations).
  • Preference cookies remembering layout or theme choices.

3.4 Marketing Cookies

These enable the tracking of user interactions across sessions and platforms to serve personalized advertisements and measure campaign efficacy. Deployment is contingent upon explicit consent (Article 6(1)(a) GDPR and Article 5(3) ePrivacy Directive).

Examples:

  • Meta Pixel (for Facebook/Instagram retargeting and conversion tracking).
  • Klaviyo cookies for behavioral analysis in email marketing flows.
  • Pinterest tracking pixels for visual discovery and ad performance.

Article 4: Third-Party Cookies and Processors

The Website integrates services from vetted Third-Party Service Providers, who may independently place cookies as data processors under data processing agreements ("DPAs") compliant with Article 28 GDPR. Such processors are contractually obligated to process data solely on our instructions, implement equivalent security measures, and adhere to this Policy.

4.1 Identified Third Parties

  • Shopify, Inc. – Deploys essential, analytics, and preferences cookies for e-commerce hosting, payments, and internal analytics. (Privacy Policy: https://www.shopify.com/legal/cookies)
  • GoDaddy Operating Company, LLC – Domain registration, DNS management, and website security services. (Privacy Policy: https://www.godaddy.com/legal/agreements/privacy-policy)
  • Trusted Global Print, Fulfilment, and Logistics Partners – On-demand production, packaging, and delivery coordination. (Privacy Policy available via respective regional partners.)
  • Klaviyo, Inc. – Email automation and transactional campaign tracking. (Privacy Policy: https://www.klaviyo.com/privacy)
  • Meta Platforms, Inc. – Facebook, Instagram, WhatsApp, and Threads advertising pixels, analytics, and conversion tracking. (Privacy Policy: https://www.facebook.com/policies/cookies)
  • Pinterest, Inc. – Visual discovery and advertising analytics cookies. (Privacy Policy: https://policy.pinterest.com/en/cookies)
  • TikTok Technology Limited – Pixel integration and advertising analytics. (Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en)
  • LinkedIn Ireland Unlimited Company – Insight Tag for analytics and business advertising metrics. (Privacy Policy: https://www.linkedin.com/legal/cookie-policy)
  • Google LLC – Provides YouTube embeds. (Privacy Policy: https://policies.google.com/privacy)
  • Carrier Partners (e.g., PostNord, DHL, or local equivalents) – Shipment handling, logistics, and tracking systems integrated within Shopify fulfilment networks. (Privacy Policy available via respective carrier websites.)

You are encouraged to review these providers' policies for comprehensive details. The Company does not permit unauthorized third-party cookie placement and conducts regular audits to enforce compliance.

Article 5: Legal Bases for Cookie Processing

All cookie-related processing is predicated upon lawful bases under Article 6 GDPR, with explicit documentation:

  • Consent (Article 6(1)(a)): For marketing and certain analytics cookies, where affirmative, granular consent is obtained and revocable at any time without detriment (Article 7(3) GDPR).
  • Contractual Necessity (Article 6(1)(b)): For essential cookies essential to fulfilling your requests (e.g., order processing).
  • Legitimate Interests (Article 6(1)(f)): For analytics and preferences cookies, following a legitimate interests assessment ("LIA") that weighs our interests against your rights—no automated decision-making with legal effects occurs (Article 22 GDPR).

Transfers of cookie data to third countries (e.g., United States) are safeguarded through the EU–U.S. Data Privacy Framework or Standard Contractual Clauses (Article 46 GDPR).

Article 6: Consent Management and Withdrawal

6.1 Consent Acquisition

We utilize Shopify's native cookie consent banner—a prominent, user-friendly interface compliant with GDPR Article 12 and ePrivacy Directive requirements—to solicit and record your preferences upon initial Website access. The banner categorizes cookies, permits selective acceptance/rejection, and is geo-targeted for EEA users. By default, only essential cookies are active; non-essential deployment awaits your opt-in.

6.2 Withdrawal and Management

Consent may be withdrawn prospectively at any juncture via:

  • The consent management platform embedded in the Website footer;
  • Browser settings (e.g., blocking third-party cookies in Chrome, Safari, or Firefox); or
  • Direct request to support@thealchemistsanctuary.com.

Withdrawal shall not affect the lawfulness of prior processing. We maintain audit logs of consent events for evidentiary purposes (up to two years post-revocation). Disabling cookies may degrade Website functionality, for which we disclaim liability.

Article 7: Cookie Duration and Retention

Cookie lifespans vary by category and purpose, adhering to storage limitation (Article 5(1)(e) GDPR):

  • Session Cookies: Ephemeral, auto-deleting upon browser closure (e.g., Shopify session IDs, expiring after 30 minutes of inactivity).
  • Persistent Cookies: Retained for predefined periods, not exceeding necessity (e.g., Klaviyo behavioral cookies up to two (2) years; Meta Pixel up to thirteen (13) months).

Retention commences upon placement and ceases upon expiry, deletion, or purpose fulfillment. Pseudonymized data may be retained longer for statistical analysis, provided re-identification is infeasible.

Article 8: User Controls and Browser Management

You retain full autonomy over cookie usage through standard browser configurations:

  • Viewing/Deleting Cookies: Access via browser developer tools or privacy dashboards (e.g., Chrome: Settings > Privacy and Security > Cookies).
  • Blocking/Allowlisting: Selectively prohibit cookies from specific domains or categories.
  • Do Not Track (DNT): Honor browser DNT signals where technically feasible, though not a universal standard.

Guidance on major browsers is available via the Website's consent banner. Note that third-party cookie blockers (e.g., browser extensions) may interact unpredictably with our Services. For comprehensive controls, consult resources from the Danish Data Protection Agency (Datatilsynet).

Article 9: Security Measures for Cookies

Cookies are secured through industry-standard protocols, including:

  • Secure (HTTPS) transmission to prevent interception;
  • HttpOnly and Secure flags to mitigate cross-site scripting (XSS) and man-in-the-middle attacks; and
  • SameSite attributes to curb cross-site request forgery (CSRF).

Personal data embedded in cookies is encrypted where applicable (e.g., AES-256), and access is restricted via role-based controls. Breaches are reported per Article 33 GDPR.

Article 10: Amendments to This Policy

The Company reserves the right to amend this Policy to accommodate legislative evolutions, technological advancements, or operational changes. Revised versions shall be published on the Website with an updated Effective Date. Significant modifications—impacting consent or processing purposes—shall be notified via email (for registered Users) or a conspicuous banner, affording a reasonable objection period.

Continued Website use post-amendment constitutes acceptance; we recommend periodic review.

Article 11: Contact and Redress Mechanisms

We aim to acknowledge inquiries within 24–48 business hours and provide a full response within one (1) month (extendable under Article 12(3) GDPR):

Responses are dispatched within one (1) month (extendable under Article 12(3) GDPR). For supervisory recourse, address the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk. A downloadable PDF of this Policy is available upon request.

© The Alchemist's Sanctuary™ 2025. All rights reserved.

>