6_4ee4f2.png)
1. INTRODUCTION
1.1 This Cookie Policy ("Policy") explains how SIA Synchron, a limited liability company incorporated under the laws of the Republic of Latvia, registration number 40203436468, registered address Unijas iela 74A - 45, Riga, LV-1084, Latvia ("Company," "we," "us," or "our"), uses cookies and similar tracking technologies on the shookout.com digital goods marketplace (the "Platform").
1.2 This Policy supplements our Privacy Policy, in particular Section 9 thereof, and forms part of the contractual framework that includes the Terms of Service, Seller Agreement, Refund & Return Policy, Community Guidelines, and Copyright & Takedown Policy.
1.3 Legal Framework
This Policy is designed to align with: (a) Regulation (EU) 2016/679 ("GDPR"), in particular Articles 6 and 7 (lawful basis and conditions for consent); (b) Directive 2002/58/EC ("ePrivacy Directive"), in particular Article 5(3) (storage of and access to information on terminal equipment); (c) the Latvian Electronic Communications Law (Elektronisko sakaru likums), which transposes the ePrivacy Directive into Latvian law; and (d) guidance issued by the European Data Protection Board ("EDPB"), including Guidelines 2/2023 on the technical scope of Article 5(3) of the ePrivacy Directive.
2. WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES
2.1 Cookies
Cookies are small text files placed on your device (computer, tablet, smartphone) by a website you visit. They are widely used to make websites function, operate more efficiently, provide a better user experience, and provide information to website operators.
2.2 Types by Duration
| Type | Description |
|---|---|
| Session Cookies | Temporary cookies deleted automatically when you close your browser. They are used to maintain user sessions and temporary settings while browsing the Platform (e.g., keeping you logged in or remembering items in a process). |
| Persistent Cookies | Cookies that remain on your device for a specified period or until deleted manually. They are used to recognise returning users and remember preferences. |
2.3 Types by Origin
| Type | Description |
|---|---|
| First-Party Cookies | Set by shookout.com (the domain you are visiting) and controlled by SIA Synchron. |
| Third-Party Cookies | Set by domains other than shookout.com. These cookies are placed by external service providers whose services are integrated into the Platform, such as analytics, payment processing, and advertising services. |
2.4 Similar Technologies
In addition to cookies, the Platform may use: (a) web beacons (clear GIFs/pixels): small transparent images embedded in web pages or emails to track whether a page has been viewed or an email opened; (b) local storage (HTML5 localStorage/sessionStorage): browser-based storage mechanisms that function similarly to cookies but can store larger amounts of data; (c) fingerprinting: techniques that collect information about your browser configuration to identify your device (used only for fraud prevention within the scope of strictly necessary processing); and (d) SDKs (Software Development Kits): code embedded in mobile-optimised experiences that may collect data similarly to cookies.
All references to "cookies" in this Policy include these similar technologies unless the context requires otherwise.
3. COOKIES WE USE
3.1 Overview by Category
We classify cookies into five categories based on their purpose. The tables below provide a detailed inventory of the cookies used on the Platform.
3.1.1 Strictly Necessary Cookies
Consent required: No. These cookies are essential for the Platform to function. They cannot be switched off in our systems. They are usually set in response to actions you take that amount to a request for services, such as logging in, setting privacy preferences, or completing a purchase. The legal basis for these cookies is Article 5(3) of the ePrivacy Directive (exemption for cookies strictly necessary for the provision of a service explicitly requested by the user) and Article 6(1)(b) GDPR (contract performance) or Article 6(1)(f) GDPR (legitimate interest in Platform security).
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| __session | shookout.com | Maintains user session state for authentication and navigation | Session | First-party |
| __csrf_token | shookout.com | Protects against cross-site request forgery (CSRF) attacks | Session | First-party |
| cookie_consent | shookout.com | Stores your cookie consent preferences to ensure compliance with GDPR requirements | 12 months | First-party |
| cart_token | shookout.com | Maintains shopping cart contents during session | Session | First-party |
| device_id | shookout.com | Fraud prevention and security monitoring (anonymised device fingerprint) | 6 months | First-party |
| __stripe_mid | Stripe (stripe.com) | Fraud prevention and secure payment processing | 1 year | Third-party |
| __stripe_sid | Stripe (stripe.com) | Maintains secure payment session and assists in fraud prevention | 30 minutes | Third-party |
| PayPal cookies | PayPal (paypal.com) | Processes payments securely, maintains checkout sessions, and prevents fraud during PayPal transactions | Session / varies | Third-party |
| CF_Authorization | Cloudflare | Cloudflare Access authentication token | 1 month | Third-party |
| __cf_bm | Cloudflare | Bot detection and DDoS protection | 30 minutes | Third-party |
| cf_clearance | Cloudflare | Records successful completion of security challenge | 1 year | Third-party |
| _cfuvid | Cloudflare | Rate limiting: per-visitor identifier | Session | Third-party |
| __cflb | Cloudflare | Load balancer session affinity | 30 minutes | Third-party |
3.1.2 Functional Cookies
Consent required: Yes. These cookies enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have integrated into the Platform. If you do not allow these cookies, some or all of these features may not function properly. The legal basis is your consent under Article 5(3) ePrivacy Directive and Article 6(1)(a) GDPR.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| locale | shookout.com | Remembers your language preference | 12 months | First-party |
| currency | shookout.com | Remembers your currency preference | 12 months | First-party |
| theme | shookout.com | Remembers display preferences (e.g., dark/light mode) | 12 months | First-party |
| recently_viewed | shookout.com | Stores recently viewed products for convenience | 30 days | First-party |
| __cfruid | Cloudflare | Load balancing and session routing | Session | Third-party |
| intercom-* | Intercom (if used) | Live chat widget state and conversation history | Session / persistent | Third-party |
3.1.3 Analytics and Performance Cookies
Consent required: Yes. These cookies allow us to count visits and traffic sources so we can measure and improve Platform performance. They help us understand which pages are most and least popular and see how visitors navigate the Platform. All information these cookies collect is aggregated or pseudonymised. The legal basis is your consent under Article 5(3) ePrivacy Directive and Article 6(1)(a) GDPR.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users (anonymised IP) | 2 years | Third-party |
| _ga_* | Google Analytics | Maintains session state for Google Analytics 4 | 2 years | Third-party |
| _gid | Google Analytics | Distinguishes unique users (24-hour window) | 24 hours | Third-party |
| _gat_* | Google Analytics | Throttles request rate to Google Analytics | 1 minute | Third-party |
Note: If privacy-friendly alternatives (e.g., Plausible, PostHog self-hosted) are deployed, this table will be updated accordingly. Server-side analytics that do not use client-side cookies are not listed here.
3.1.4 Marketing and Advertising Cookies
Consent required: Yes. These cookies may be set through the Platform by our advertising partners. They may be used to build a profile of your interests and show you relevant advertisements on other sites. They do not directly store personal information but are based on uniquely identifying your browser and device. If you do not allow these cookies, you will experience less targeted advertising. The legal basis is your consent under Article 5(3) ePrivacy Directive and Article 6(1)(a) GDPR.
Google Advertising:
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _gcl_au | Google (Google Ads) | Stores conversion data for advertising attribution | 90 days | Third-party |
| _gcl_aw | Google (Google Ads) | Stores Google Ads click information for conversion tracking | 90 days | Third-party |
| IDE | Google (DoubleClick) | Serves targeted advertisements and tracks ad interactions | 13 months (EEA) / 24 months (other) | Third-party |
| ANID | Links Google advertising activity to non-Google sites | 13 months | Third-party | |
| NID | Stores preferences and information for Google ads personalisation | 6 months | Third-party | |
| gclid | Stores Google click identifier from ad interactions | 24 hours | Third-party | |
| _glc_de | Google consent-related advertising cookie | 90 days | Third-party | |
| _glc_dc | Google consent-related advertising cookie | 90 days | Third-party |
TikTok Advertising:
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _ttp | TikTok | Tracks visitor behaviour for TikTok advertising attribution | 13 months | Third-party |
| ttcsid_ |
TikTok | Session identifier for TikTok Pixel event tracking | 30 minutes | Third-party |
| ttclid | TikTok | Stores TikTok click identifier for conversion measurement | 13 months | Third-party |
Microsoft/Bing Advertising:
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| MUID | Microsoft (Bing) | Microsoft unique user identifier for advertising across Microsoft services | 13 months | Third-party |
| _uetvid | Microsoft (Bing UET) | Stores visitor identifier for Bing Ads conversion tracking | 13 months | Third-party |
| _uetsid | Microsoft (Bing UET) | Session-level identifier for Bing Ads analytics | 24 hours | Third-party |
| _uetmsclkid | Microsoft (Bing UET) | Stores Microsoft click identifier from ad interactions | 90 days | Third-party |
| msclkid | Microsoft (Bing) | First-party Microsoft click ID for conversion attribution | 24 hours | Third-party |
| MSPTC | Microsoft | Tracks visitor behaviour across Microsoft advertising network | 180 days | Third-party |
| MR | Microsoft | Referral tracking for Microsoft advertising services | 7 days | Third-party |
Meta/Facebook Advertising:
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _fbp | Meta Platforms Ireland Ltd. | Identifies browsers for Facebook advertising attribution | 3 months | Third-party |
| _fbc | Meta Platforms Ireland Ltd. | Stores click identifier from Facebook ad clicks | 3 months | Third-party |
X (Twitter) Advertising:
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| ads_prefs | X Corp. (Twitter) | Stores advertising preferences for ad personalisation and measurement | 10 years | Third-party |
Note: Marketing cookies are deployed only when the corresponding advertising service is active and you have consented to this category. Not all providers listed above may be active at any given time. This table reflects all advertising partners that may be used on the Platform. Company currently does not use paid advertising services. This table will be updated as advertising partners are onboarded.
3.1.5 Social Media Cookies
Consent required: Yes. These cookies are set by social media services that we have embedded on the Platform (e.g., share buttons, embedded feeds). They allow you to share content and interact with social networks. These services may track your browsing activity across websites. The legal basis is your consent under Article 5(3) ePrivacy Directive and Article 6(1)(a) GDPR.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| Social sharing cookies | Meta, X (Twitter), Pinterest, LinkedIn, WhatsApp, Reddit, and others (depending on enabled features) | Enable content sharing to social networks and interaction with embedded sharing functionality | Session / varies by provider | Third-party |
Note: Social media cookies are only set when you actively use social sharing features and have provided consent to this category. No social media cookies are stored unless these features are engaged.
4. THIRD-PARTY COOKIES
4.1 Several of the cookies described in Section 3 are set by third-party service providers. When you consent to a cookie category, you also consent to the associated third-party cookies within that category.
4.2 Third-party providers operate under their own privacy policies. Company does not control the data collected by third-party cookies once the data is transmitted to the third party. The following links provide access to the privacy policies and opt-out mechanisms of our primary third-party cookie providers:
| Provider | Privacy Policy | Opt-Out |
|---|---|---|
| Google Analytics | Google Privacy Policy | Google Analytics Opt-Out |
| Google Ads / DoubleClick | Google Privacy Policy | Google Ad Settings |
| Stripe | Stripe Privacy Policy | Not applicable (strictly necessary for payment processing) |
| PayPal | PayPal Privacy Policy | Not applicable (strictly necessary for payment processing) |
| Cloudflare | Cloudflare Privacy Policy | Not applicable (security cookies are strictly necessary) |
| Meta / Facebook | Meta Privacy Policy | Meta Ad Preferences |
| TikTok | TikTok Privacy Policy | TikTok Ad Settings |
| Microsoft / Bing | Microsoft Privacy Statement | Microsoft Ad Settings |
| X / Twitter | X Privacy Policy | X Personalization Settings |
| Intercom (if used) | Intercom Privacy Policy | Via cookie consent banner |
4.3 Company conducts due diligence on third-party cookie providers to verify that their data processing practices are compatible with the GDPR. Where third-party providers are located outside the EU/EEA, appropriate safeguards are implemented as described in the Privacy Policy, Section 6.
5. COOKIE CONSENT MANAGEMENT
5.1 Consent Mechanism
Upon your first visit to the Platform, you will be presented with a cookie consent banner ("Consent Banner") that:
(a) Clearly identifies each category of cookies (Strictly Necessary, Functional, Analytics, Marketing, Social Media);
(b) Explains the purpose of each category in plain language;
(c) Does not use pre-ticked boxes or pre-selected toggles for non-essential cookie categories;
(d) Provides three primary options: (i) "Accept All": consent to all cookie categories; (ii) "Reject All" (or equivalently labelled): reject all non-essential cookies (only strictly necessary cookies will be set); and (iii) "Manage Preferences" (or equivalently labelled): open a granular settings panel allowing individual category selection;
(e) Does not set any non-essential cookies until you have made an affirmative choice;
(f) Does not use manipulative design patterns ("dark patterns") such as: making the "Accept" button more prominent than the "Reject" button; requiring additional clicks to reject cookies compared to accepting; using confusing language to obscure the reject option; or presenting cookie walls that block access to the Platform unless all cookies are accepted;
(g) Provides a link to this Cookie Policy and the Privacy Policy;
(h) Is accessible in all languages supported by the Platform.
5.2 Consent Record
Company records your consent choice (including the specific categories consented to, the date and time, and the version of the consent banner presented) in the cookie_consent first-party cookie and in a server-side consent log. This record serves as evidence of valid consent in accordance with Article 7(1) GDPR and is retained for three (3) years from the date of consent or until withdrawal, whichever occurs first, as described in the Privacy Policy, Section 7.2.
5.3 Renewal
Consent is valid for a period of twelve (12) months from the date it is given. After this period, the Consent Banner will be re-presented to allow you to confirm or update your preferences. Consent will also be re-requested if: (a) new cookie categories or providers are added; (b) the purposes of existing cookies materially change; or (c) applicable law or regulatory guidance requires renewed consent.
6. HOW TO MANAGE OR WITHDRAW CONSENT
6.1 Cookie Settings on the Platform
You may review, modify, or withdraw your cookie consent at any time by:
(a) Clicking "Cookie Settings" in the footer of any page on the Platform; or
(b) Accessing the cookie preference centre directly at shookout.com/cookie-settings.
Changes take effect immediately. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR).
6.2 Browser Settings
You can also control cookies through your browser settings. Most browsers allow you to: (a) view which cookies are stored; (b) delete individual or all cookies; (c) block cookies from specific or all sites; and (d) set preferences for first-party versus third-party cookies.
Instructions for common browsers:
| Browser | Instructions |
|---|---|
| Chrome | Settings → Privacy and Security → Cookies and other site data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Safari | Preferences → Privacy → Manage Website Data |
| Edge | Settings → Cookies and site permissions → Manage and delete cookies |
Please note that blocking or deleting cookies may affect Platform functionality. In particular, if you block strictly necessary cookies, certain features (login, payment processing, security) may not function.
6.3 Provider-Specific Opt-Outs
For analytics and marketing cookies, you may also use the provider-specific opt-out mechanisms listed in Section 4.2, or the following industry opt-out tools:
- Your Online Choices (EU): www.youronlinechoices.eu
- Digital Advertising Alliance (US): optout.aboutads.info
- Network Advertising Initiative (US): optout.networkadvertising.org
7. DO NOT TRACK AND GLOBAL PRIVACY CONTROL
7.1 Do Not Track (DNT)
The Platform respects the Do Not Track (DNT) signal transmitted by your browser. When a DNT signal is detected, we will disable non-essential cookies and tracking technologies to the extent technically feasible, treating the DNT signal as equivalent to declining non-essential cookie categories (Functional, Analytics and Performance, Marketing and Advertising, and Social Media).
7.2 Global Privacy Control (GPC)
The Platform honours the Global Privacy Control (GPC) signal as: (a) an opt-out of non-essential cookies and tracking; and (b) for California residents, an opt-out of the "sale" or "sharing" of personal information under the CCPA/CPRA, as described in the Privacy Policy, Section 8.3. When a GPC signal is detected, non-essential cookies will not be set, regardless of any prior consent selection, and the Consent Banner will reflect the opt-out status accordingly. You may override the GPC signal at any time by adjusting your preferences through the cookie preference centre as described in Section 6.1.
8. UPDATES TO THIS POLICY
8.1 We may update this Policy from time to time to reflect changes in the cookies we use, our service providers, applicable law, or regulatory guidance. Material changes will be communicated by: (a) posting the updated Policy with a revised "Last Updated" date; (b) re-presenting the Consent Banner where the changes affect the categories of cookies or the purposes for which they are used; and (c) where practicable, email notification to registered Users.
8.2 Your continued use of the Platform after the effective date of any changes, combined with your cookie consent choices (either maintained or renewed through the re-presented Consent Banner), constitutes acknowledgement of the updated Policy.
9. CONTACT INFORMATION
For questions about this Policy, our use of cookies, or to exercise your rights under applicable data protection law, you may contact Company through the channels set out below.
| Purpose | Contact |
|---|---|
| Cookie and privacy inquiries | privacy@shookout.com |
| General support | support@shookout.com |
| Legal inquiries | legal@shookout.com |
9.1 Company Details
Company: SIA Synchron Registration number: 40203436468 Registered address: Unijas iela 74A - 45, Riga, LV-1084, Latvia
9.2 Supervisory Authority
You have the right to lodge a complaint with the competent data protection supervisory authority in the Republic of Latvia, which is: Datu valsts inspekcija (Data State Inspectorate), Elijas iela 17, Riga, LV-1050, Latvia, website: www.dvi.gov.lv.
You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, in accordance with Article 77 GDPR.
9.3 Related Documents
This Policy should be read in conjunction with the following Platform documents: Privacy Policy; Terms of Service; Imprint; and Community Guidelines.