Cookie Policy
1. Website Owner Information
This Cookie Policy applies to the website https://simufy.com (hereinafter, the "Website"), owned by SAPRO TRADING, S.L. (hereinafter, "SIMUFY"):
| Company name | SAPRO TRADING, S.L. («SIMUFY») |
| Tax ID (Spain) | B67553040 |
| Registered address | Ctra. BV-2131 Km. 7,2, 08787 Orpí, Barcelona, Spain |
| Commercial Registry | Barcelona, volume 47166, folio 110, sheet 543317 |
| Contact email | info@simufy.com |
| Privacy email | privacidad@simufy.com |
| Phone | +34 93 131 06 62 |
2. What Are Cookies?
Cookies are small text files that websites install on the User's terminal device (computer, tablet, mobile or other devices) when they access them. They allow the website to store and retrieve information about the User's browsing habits and, depending on the type, the information collected may be used to recognise the User.
Throughout this Policy, the term "cookies" is used broadly and includes any equivalent technology that allows the storage of or access to information on the User's terminal device, such as pixels, tags, scripts and other identifiers (Spanish LSSI-CE art. 22.2).
3. Legal Basis and Applicable Framework
The installation and use of cookies on the Website is governed by:
- Article 22.2 of Spanish Law 34/2002 on Information Society Services (LSSI-CE), which requires the User's informed consent for the installation of non-essential cookies.
- EU Regulation 2016/679 (GDPR), where cookie processing involves personal data. Legal basis: consent (GDPR art. 6.1.a), except for strictly necessary cookies (GDPR arts. 6.1.b and 6.1.f).
- Spanish Organic Law 3/2018 (LOPDGDD).
- The Cookie Use Guidelines published by the Spanish Data Protection Authority (AEPD), current edition.
The User's consent is requested via the cookie banner displayed on first access to the Website or when previous consent has expired.
4. Types of Cookies Used
4.1 By managing entity
- First-party cookies: sent from a device or domain managed by SIMUFY.
- Third-party cookies: sent from a device or domain managed by another entity that processes the data obtained through the cookies.
4.2 By duration
- Session cookies: deleted when the User closes their browser session.
- Persistent cookies: data remains stored for a period defined by the cookie owner, ranging from minutes to several years.
4.3 By purpose
- Strictly necessary cookies: enable navigation and use of Website services. No consent required.
- Preference / personalisation cookies: remember User settings (language, currency, regional configuration).
- Analytics / measurement cookies: track and analyse User behaviour to optimise the Website.
- Behavioural advertising cookies: build a user profile to deliver personalised advertising.
5. Detailed List of Cookies Used
The cookies and equivalent technologies used are detailed below, grouped by purpose. Names and durations may vary slightly due to provider updates; this table is reviewed periodically.
5.1 Strictly necessary cookies
Essential for Website operation. No consent required (LSSI-CE art. 22.2).
| Name | Owner | Purpose | Duration | Int. transfer |
|---|---|---|---|---|
| _shopify_y | Shopify Inc. | Session and user identification. Essential for Website operation. | 1 year | USA (DPF) |
| _shopify_s | Shopify Inc. | Current session identification. | 30 min. | USA (DPF) |
| cart, cart_ts, cart_ver | Shopify Inc. | Shopping cart management. | 2 weeks | USA (DPF) |
| _secure_session_id | Shopify Inc. | Secure session during browsing and checkout. | Session | USA (DPF) |
| _shopify_visit | Shopify Inc. | Visit identification. | 30 min. | USA (DPF) |
| _shopify_fs | Shopify Inc. | Record the first visit moment during the session. | Session | USA (DPF) |
| checkout_token | Shopify Inc. | Process checkout and purchase. | 1 year | USA (DPF) |
| secure_customer_sig | Shopify Inc. | Authentication of registered users. | 20 years | USA (DPF) |
| localization | SAPRO TRADING, S.L. | Remember User language and country preference. | 1 year | No |
| cookie_consent / equiv. CMP | SAPRO TRADING / CMP provider | Store User cookie preferences (art. 22.2 LSSI-CE). | 12 months | Per CMP provider |
5.2 Preference cookies
Remember User navigation preferences. Require consent.
| Name | Owner | Purpose | Duration | Int. transfer |
|---|---|---|---|---|
| _orig_referrer | Shopify Inc. | Record visit source for navigation preferences. | 2 weeks | USA (DPF) |
| _landing_page | Shopify Inc. | Record the User's landing page. | 2 weeks | USA (DPF) |
| currency | Shopify Inc. / SAPRO TRADING | Remember the User's selected currency. | 1 year | USA (DPF) |
5.3 Analytics / measurement cookies
Measure traffic and analyse User behaviour. Require prior consent.
| Name | Owner | Purpose | Duration | Int. transfer |
|---|---|---|---|---|
| _ga | Google Ireland Ltd. / Google LLC | Distinguish unique users. Used by Google Analytics 4 to measure Website traffic. | 2 years | USA (DPF) |
| _ga_[container-ID] | Google Ireland Ltd. / Google LLC | Persist session state and event count in Google Analytics 4. | 2 years | USA (DPF) |
| _gid | Google Ireland Ltd. / Google LLC | Distinguish users. Google Analytics. | 24 hours | USA (DPF) |
| _gat / _gat_gtag_[ID] | Google Ireland Ltd. / Google LLC | Throttle request rate. | 1 minute | USA (DPF) |
| _shopify_sa_p, _shopify_sa_t | Shopify Inc. | Shopify internal marketing analytics for session attribution. | 30 min. | USA (DPF) |
| _clck, _clsk, CLID, MR, MUID, SM, ANONCHK | Microsoft Corporation | Behavioural analytics (heatmaps, anonymised session recordings) via Microsoft Clarity. | 1 day – 1 year | USA (DPF) |
| _hjSessionUser_[ID], _hjSession_[ID] | Hotjar Ltd. | Behavioural analytics via Hotjar: heatmaps, recordings, surveys. | 30 min. – 1 year | Malta (EU) / USA (DPF) |
5.4 Behavioural advertising cookies and network technologies
Enable personalised advertising and effectiveness measurement. Include server-side network technologies using customer behaviour data. Require prior consent.
| Name | Owner | Purpose | Duration | Int. transfer |
|---|---|---|---|---|
| _fbp | Meta Platforms Ireland Ltd. | Identify User's browser for personalised advertising on Facebook/Instagram. Conversion measurement and custom audiences. | 90 days | USA (DPF) |
| fr | Meta Platforms Ireland Ltd. | Personalised advertising on Facebook and effectiveness measurement. | 90 days | USA (DPF) |
| tr | Meta Platforms Ireland Ltd. | Conversion tracking from Website to Facebook Ads. | Session | USA (DPF) |
| _ttp | TikTok Technology Ltd. / ByteDance | User activity tracking for personalised advertising and conversion measurement on TikTok Ads. | 13 months | Ireland / Singapore / USA (SCCs) |
| _pinterest_sess, _pin_unauth, etc. | Pinterest Europe Ltd. | Conversion tracking and personalised advertising on Pinterest Ads. | 1 year | USA (DPF) |
| IDE | Google Ireland Ltd. / Google LLC (DoubleClick) | Ad effectiveness measurement and personalisation in Google Ads. | 13 months | USA (DPF) |
| _gcl_au, _gcl_aw, _gcl_dc | Google Ireland Ltd. / Google LLC | Conversion attribution for Google Ads campaigns. | 90 days | USA (DPF) |
| NID, VISITOR_INFO1_LIVE, YSC | Google Ireland Ltd. / Google LLC (YouTube) | Ad personalisation and playback tracking in embedded YouTube videos. | 6 months – Session | USA (DPF) |
| __kla_id | Klaviyo Inc. | User identification for email marketing personalisation and abandoned cart recovery. | 2 years | USA (DPF) |
| Shopify Network Intelligence (network-level technology — not a browser cookie) | Shopify Inc. | Network feature using customer behaviour and purchase history data to improve ad targeting and personalisation models across the Shopify merchant network. Operates server-side. Configurable in the Shopify Customer Privacy panel. | Per Shopify config. | USA (DPF) |
Note: The Website may occasionally incorporate additional third-party cookies. This Policy will be updated to reflect such changes. Users can consult the current list via the cookie preferences panel accessible from the website footer.
6. International Data Transfers
Some cookies involve international data transfers outside the EEA, legitimised through:
- EU-US Data Privacy Framework (DPF): European Commission adequacy decision of 10 July 2023, applicable to participating organisations (Shopify Inc., Google LLC, Meta Platforms Inc., Microsoft Corporation, Klaviyo Inc. and others; full list at dataprivacyframework.gov).
- Standard Contractual Clauses (SCCs): approved under Commission Decision (EU) 2021/914. Applicable in particular to TikTok Technology Ltd., which is not signed up to the DPF and is under specific supervision by the European Data Protection Board.
- Other appropriate safeguards under GDPR arts. 46 and 49.
The User may request detailed information about the transfer mechanism applicable to each cookie by contacting privacidad@simufy.com.
7. Obtaining Consent
7.1 Cookie banner
On first access to the Website, the User is shown a banner that allows them to: (a) accept all cookies; (b) reject all non-essential cookies, with equal ease to the acceptance option; (c) granularly configure which cookie categories to accept or reject.
Until the User gives express consent, no cookies other than strictly necessary ones will be installed. Mere browsing, closing the banner without responding, or scrolling does NOT constitute valid consent under current regulations and the AEPD Guidelines.
7.2 Consent expiry
Consent is valid for a maximum of twenty-four (24) months, in accordance with AEPD recommendations. After this period, or if there are substantial changes to the cookies used, the Website will request consent again.
7.3 Withdrawal of consent
The User may withdraw consent at any time via: (a) the cookie preferences panel in the Website footer; (b) deleting cookies from their browser (see section 8); (c) emailing privacidad@simufy.com. Withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal.
8. Browser Settings
The User may also manage cookies directly through their browser settings:
- Google Chrome: support.google.com/chrome/answer/95647
- Mozilla Firefox: support.mozilla.org
- Safari (desktop): support.apple.com/guide/safari
- Safari (iOS): support.apple.com/HT201265
- Microsoft Edge: support.microsoft.com
- Opera: help.opera.com
SIMUFY informs the User that blocking all cookies may prevent some Website features from working correctly, including completing the checkout process.
9. User Rights
Where cookie use involves the processing of personal data, the User may exercise the rights recognised by the GDPR and the LOPDGDD (access, rectification, erasure, restriction, objection, portability) by contacting privacidad@simufy.com.
For more information on personal data processing, please consult the Privacy Policy available on the Website.
The User may also lodge a complaint with the Spanish Data Protection Authority (AEPD): C/ Jorge Juan, 6, 28001 Madrid · 900 293 183 · https://sedeagpd.gob.es/sede-electronica-web/
10. Updates to this Cookie Policy
SIMUFY may amend this Cookie Policy to comply with legislative requirements, AEPD instructions, or changes to the cookies used on the Website. Significant changes will be notified to the User via a Website notice and, where they affect consent-based processing, through re-requesting consent via the cookie banner.
11. Contact
| Privacy email | privacidad@simufy.com |
| General email | info@simufy.com |
| Phone | +34 93 131 06 62 |
| Postal address | Ctra. BV-2131 Km. 7,2, 08787 Orpí, Barcelona, Spain |
Last updated: 1 May 2026. Version 2.0.
