Cookie Policy
Last Updated: October 14, 2025
Operated by: Aqualanes Limited ("Aqualanes", "Company", "we", "our", or "us")
1. INTRODUCTION AND SCOPE OF APPLICATION
Aqualanes Limited operates the DERMXELL⁺ website, online store, and associated digital marketing channels (the "Services") to provide customers with premium cosmetic and anti-aging products. This Cookie Policy explains how we use cookies, tracking technologies, and similar data collection mechanisms across all DERMXELL⁺ digital properties, advertising campaigns, and associated platforms operated by Aqualanes Limited.
This Cookie Policy has been specifically designed to ensure comprehensive compliance with all major advertising platform policies including AppLovin Corporation, Google LLC (including YouTube), Meta Platforms Inc. (Facebook/Instagram), TikTok, Shopify Inc., and other approved digital advertising networks and platforms. By accessing our Services, purchasing our products, or engaging with our advertising content across any platform, you acknowledge that you have read, understood, and accepted all cookie and tracking technology provisions contained herein.
CRITICAL ADVERTISING PLATFORM COMPLIANCE DECLARATION: This Cookie Policy ensures complete compliance with all major advertising platform cookie and tracking policies, user consent mechanisms, and data subject rights frameworks effective as of October 2025.
2. MANDATORY REGULATORY COMPLIANCE FRAMEWORK
2.1 GLOBAL PRIVACY LAW COMPLIANCE
This Cookie Policy has been designed to satisfy the requirements of the world's most stringent privacy and cookie regulations:
European Union and United Kingdom:
• EU Privacy and Electronic Communications Directive (ePrivacy Directive) 2002/58/EC
• General Data Protection Regulation (GDPR) Article 6 and Article 7 consent requirements
• UK Privacy and Electronic Communications Regulations (PECR) 2003
• UK Data Protection Act 2018 and UK GDPR implementation
United States:
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• Other applicable state privacy legislation
International Compliance:
• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australian Privacy Act 1988 and Privacy Amendment (Notifiable Data Breaches) Act 2017
• Switzerland Federal Data Protection Act (FADP) as amended
• UAE Federal Decree Law No. 45 of 2021 on Personal Data Protection
• Additional jurisdictional requirements as applicable
2.2 PLATFORM-SPECIFIC COOKIE COMPLIANCE
APPLOVIN CORPORATION COMPLIANCE: Full adherence to AppLovin's data collection and cookie policies including:
• Proper consent flag transmission for EU/EEA/UK users in compliance with applicable laws
• Compliance with AppLovin's Sensitive Data restrictions for cookie-based targeting
• Integration with AppLovin's consent management and user control mechanisms
• Data retention limitations aligned with AppLovin's 13-month maximum retention policy
GOOGLE LLC AND YOUTUBE COMPLIANCE: Comprehensive compliance with Google's cookie and consent policies including:
• Google Ads personalization and measurement cookie policies
• YouTube advertising and analytics cookie requirements
• Privacy Sandbox implementation for privacy-preserving advertising
• Enhanced user control mechanisms and consent management integration
META PLATFORMS (FACEBOOK/INSTAGRAM) ENHANCED COMPLIANCE: Strict adherence to Meta's 2025 enhanced cookie and tracking policies including:
• Complete exclusion of health-related data from cookie-based targeting
• Enhanced user control mechanisms for cookie preferences
• Custom audience cookie data limitations and health data restrictions
• Conversion tracking privacy protections and user consent verification
SHOPIFY PLATFORM COMPLIANCE: Full compliance with Shopify's cookie and e-commerce tracking requirements including:
• Payment processing cookie security standards
• Customer data protection in cookie implementation
• E-commerce analytics and conversion tracking compliance
• Platform security and data protection requirements
3. COMPREHENSIVE COOKIE DEFINITIONS AND CATEGORIES
3.1 TECHNICAL COOKIE DEFINITIONS
Cookies: Small text files placed on your device when you visit our website that contain information about your browsing activities and preferences.
Session Cookies: Temporary cookies that expire when you close your browser and are essential for website functionality.
Persistent Cookies: Cookies that remain on your device for a specified period or until manually deleted, used for preferences and performance optimization.
First-Party Cookies: Cookies set directly by DERMXELL⁺ domains for essential website functionality and user experience.
Third-Party Cookies: Cookies set by external services and advertising partners integrated into our website and marketing campaigns.
3.2 ESSENTIAL COOKIES (ALWAYS ACTIVE)
These cookies are strictly necessary for website operation and cannot be disabled:
Website Functionality:
• User session management and authentication
• Shopping cart functionality and checkout process
• Website security and fraud prevention
• Load balancing and performance optimization
• Error tracking and website stability monitoring
Security and Authentication:
• Login verification and account access
• Cross-site request forgery (CSRF) protection
• Bot detection and spam prevention
• Secure payment processing integration
• Identity verification for restricted content
Legal Basis: Legitimate interest and contractual necessity for service provision under GDPR Article 6(1)(b) and (f).
3.3 FUNCTIONAL COOKIES (USER PREFERENCE BASED)
These cookies enhance website functionality and user experience:
User Preferences:
• Language and regional settings
• Currency and pricing display preferences
• Accessibility feature customization
• Content personalization and layout preferences
• Previous search queries and browsing history
Enhanced Features:
• Live chat functionality and customer support
• Product comparison and wishlist features
• Recently viewed products and recommendations
• Form completion assistance and auto-fill
• Video playback preferences and settings
Legal Basis: Consent under GDPR Article 6(1)(a) where required, legitimate interest under Article 6(1)(f) for essential functionality.
3.4 ANALYTICS COOKIES (OPT-IN CONSENT)
These cookies help us understand website performance and user behavior:
Google Analytics Integration:
• Website traffic analysis and user journey tracking
• Conversion funnel analysis and optimization
• Audience demographics and interest reporting
• Enhanced e-commerce tracking and revenue attribution
• Custom event tracking for user engagement measurement
Internal Analytics:
• Page performance monitoring and load time analysis
• User interaction heatmaps and click tracking
• A/B testing implementation and results measurement
• Content effectiveness analysis and optimization
• Customer satisfaction and feedback collection
Third-Party Analytics:
• Social media interaction tracking and engagement analysis
• Email marketing performance and click-through measurement
• Advertising campaign effectiveness and ROI analysis
• Cross-platform user journey tracking and attribution
Legal Basis: Explicit consent under GDPR Article 6(1)(a) and Article 7 consent requirements.
3.5 ADVERTISING COOKIES (EXPLICIT CONSENT REQUIRED)
These cookies enable personalized advertising and marketing optimization:
AppLovin Advertising Technology:
• Device identifier processing (IDFA/AAID when available)
• Purchase behavior and transaction data analysis
• Geographic location data processing (country/region level)
• App usage patterns and engagement metrics collection
• Cross-platform advertising optimization and measurement
Google Advertising Ecosystem:
• Google Ads personalization and targeting optimization
• YouTube advertising preference management and delivery
• Display advertising network participation and optimization
• Search advertising personalization and keyword optimization
• Conversion tracking and attribution measurement
Meta Platforms Advertising:
• Facebook advertising personalization and targeting (excluding health data)
• Instagram advertising optimization and delivery
• Custom audience management and lookalike modeling (health-data excluded)
• Conversion tracking and campaign optimization
• Social media advertising preference management
Cross-Platform Advertising Integration:
• Unified customer journey tracking across platforms
• Cross-device advertising and personalization
• Retargeting and remarketing campaign optimization
• Advertising frequency management and user experience optimization
• Performance measurement and campaign attribution analysis
Legal Basis: Explicit, freely given, informed consent under GDPR Article 6(1)(a) and Article 7.
4. PLATFORM-SPECIFIC TRACKING TECHNOLOGY IMPLEMENTATION
4.1 APPLOVIN CORPORATION TRACKING COMPLIANCE
MANDATORY APPLOVIN DISCLOSURE LANGUAGE: "We work with AppLovin to deliver ads in our mobile application and other devices and/or platforms. AppLovin's advertising technology processes device identifiers (IDFA/AAID when available), purchase behavior and transaction data, geographic location data (country/region level), and app usage patterns and engagement metrics through cookies and similar tracking technologies."
AppLovin Cookie Implementation:
• SDK integration with proper consent management
• Device identifier collection with user consent verification
• Behavioral data processing limited to advertising optimization
• Geographic data collection restricted to country/region level
• User control mechanisms integrated with device-level settings
AppLovin-Specific Protections:
• No collection or processing of health data through cookies
• No sensitive personal information used in cookie-based targeting
• Proper consent flag transmission for EU/EEA/UK users
• Data retention limited to 13 months maximum per AppLovin policies
• Full compliance with AppLovin's Sensitive Data processing restrictions
Enhanced Device-Level Consent Integration:
MANDATORY USER CONTROL LANGUAGE: Users can manage advertising preferences through device settings:
iOS: Settings > Privacy & Security > Apple Advertising (Limit Ad Tracking)
Android: Settings > Privacy > Ads (Opt out of Ads Personalization)
These settings directly control IDFA/AAID data collection and processing
IDFA/AAID Explicit Consent Notice:
We collect device identifiers (IDFA/AAID) only with your explicit consent obtained through:
iOS App Tracking Transparency prompt (iOS 14.5+)
Android Advertising ID consent mechanisms
Web-based consent for cross-app advertising attribution
Device-level settings synchronization where technically feasible
4.2 GOOGLE LLC AND YOUTUBE TRACKING IMPLEMENTATION
GOOGLE ADVERTISER TRANSPARENCY AND COOKIE COMPLIANCE: "We participate in Google's advertiser transparency and verification programs and implement Google's privacy-preserving advertising technologies including Privacy Sandbox implementation for enhanced user privacy protection."
Google Cookie Categories:
• Google Analytics cookies for website performance measurement
• Google Ads cookies for advertising personalization and optimization
• YouTube cookies for video content delivery and advertising
• DoubleClick cookies for display advertising network participation
• Privacy Sandbox implementation for privacy-preserving advertising
Enhanced Google Privacy Features:
• Topics API implementation for interest-based advertising
• Protected Audience (formerly FLEDGE) for remarketing without cross-site tracking
• Attribution Reporting API for privacy-preserving conversion measurement
• Trust Tokens for fraud prevention without user tracking
• Enhanced user control mechanisms in supported browsers
Google Analytics 4 Enhanced Opt-Out Mechanism:
For Google Analytics 4 specifically:
Browser Add-on: Install the Google Analytics Opt-out Browser Add-on at tools.google.com/dlpage/gaoptout
GA4 Enhanced Measurement: Opt-out affects Enhanced Measurement features including scroll tracking, site search, video engagement, and file downloads
Cross-Platform Tracking: Opt-out applies to GA4 cross-platform measurement and Google Signals
Data Retention: Existing GA4 data subject to user-defined retention settings (14 months default)
4.3 META PLATFORMS ENHANCED COOKIE COMPLIANCE
META HEALTH & WELLNESS DATA RESTRICTIONS (2025): MANDATORY COMPLIANCE DECLARATION: "We strictly comply with Meta's enhanced health and wellness data restrictions effective January 2025. Our cookie implementation expressly excludes health-related behavioral data, health conditions, wellness behaviors, medical interests, or healthcare service utilization from all targeting and optimization."
Meta Cookie Implementation:
• Facebook Pixel implementation with health data exclusions
• Instagram tracking with enhanced privacy protections
• Custom audience cookie data limited to non-health behaviors
• Conversion tracking with privacy-preserving measurement
• Enhanced user control mechanisms for cookie preferences
Meta-Specific Cookie Protections:
• Complete exclusion of health-related behavioral data from cookie collection
• No health or wellness indicators used in cookie-based audience creation
• Enhanced transparency for cookie-based custom audience inclusion
• Real-time cookie preference management and updates
• Complete health data exclusion options for all cookie categories
Real-Time Cookie Preference Management:
Cookie preferences update immediately across all Meta platforms:
Preference changes sync within 24 hours to Facebook and Instagram advertising systems
Custom audience exclusions processed in real-time for active campaigns
Conversion tracking adjustments applied to current advertising attribution
Cross-platform preference synchronization for unified user experience
Enhanced Health Data Verification Protocol:
We implement automated verification systems ensuring no health, wellness, or medical behavioral data collection through cookies:
Automated data classification preventing health indicator capture
Real-time filtering of wellness-related behavioral signals
Regular auditing of cookie data to ensure health data exclusion compliance
Immediate alert systems for any inadvertent health data collection
4.4 SHOPIFY PLATFORM COOKIE INTEGRATION
SHOPIFY E-COMMERCE COOKIE COMPLIANCE: "All e-commerce operations, transaction processing, and customer data handling through Shopify platform implement comprehensive cookie security and privacy protection measures in full compliance with Shopify's merchant requirements."
Shopify Cookie Categories:
• Essential e-commerce functionality cookies for cart and checkout
• Payment processing cookies with enhanced security measures
• Customer account management cookies for personalization
• Order tracking and fulfillment cookies for customer service
• Fraud prevention and security cookies for transaction protection
Enhanced Shopify Security Measures:
• PCI DSS compliant cookie implementation for payment processing
• SSL encryption for all cookie data transmission
• Secure session management for customer accounts
• Anti-fraud cookie implementation with privacy protection
• Customer data protection in all cookie processing activities
PCI DSS Level 1 Payment Cookie Compliance:
Payment processing cookies maintain PCI DSS Level 1 compliance standards:
All payment-related cookies encrypted with AES-256 encryption
Payment session cookies expire within 20 minutes of inactivity
No payment card data stored in browser cookies beyond transaction completion
Regular PCI compliance audits conducted by certified security assessors
Shopify Infrastructure Data Processing Disclosure:
E-commerce transaction cookies may be processed through Shopify's global infrastructure including:
Primary data centers: United States (Virginia, Oregon)
Secondary processing: Canada (Ontario), Europe (Ireland)
CDN edge locations: Global distribution for performance optimization
All international transfers protected by Standard Contractual Clauses (SCCs)
5. COMPREHENSIVE CONSENT MANAGEMENT FRAMEWORK
5.1 ADVANCED CONSENT MANAGEMENT PLATFORM (CMP)
Granular Consent Controls: Our Consent Management Platform provides users with comprehensive control over cookie categories:
Essential Cookies: Always active for website functionality (no consent required)
Functional Cookies: User choice for enhanced features and personalization
Analytics Cookies: Explicit opt-in consent for performance measurement
Advertising Cookies: Explicit opt-in consent for personalized marketing
Platform-Specific Consent Integration:
• AppLovin: Device-level consent integration and email-based controls
• Google: Account-based consent management and browser-level controls
• Meta: Platform-specific consent with enhanced health data protections
• YouTube: Video and channel-specific privacy settings integration
5.2 CONSENT VERIFICATION AND DOCUMENTATION
Consent Recording Framework:
• Timestamp documentation of all consent interactions
• IP address and device information for consent verification
• Consent version tracking and historical consent management
• Withdrawal tracking and implementation verification
• Cross-platform consent synchronization and management
Enhanced Consent Standards:
• GDPR Article 7 compliant consent collection
• Clear and plain language consent mechanisms
• Granular consent options for specific cookie categories
• Easy consent withdrawal with immediate implementation
• Regular consent renewal requests for ongoing processing
5.3 GLOBAL PRIVACY CONTROL (GPC) AND DO NOT TRACK (DNT) INTEGRATION
Advanced Privacy Signal Recognition:
• Automatic Global Privacy Control (GPC) signal recognition
• Do Not Track (DNT) browser signal respect where legally required
• Universal opt-out mechanism integration with industry standards
• Cross-platform privacy preference synchronization
• Real-time privacy setting enforcement and implementation
Technical Implementation:
• Browser-level privacy signal detection and response
• Device-level advertising preference integration
• Platform-specific privacy control synchronization
• Automated consent preference enforcement
• Real-time privacy preference validation and updates
6. USER CONTROL MECHANISMS AND OPT-OUT PROCEDURES
6.1 COMPREHENSIVE OPT-OUT FRAMEWORK
Universal Opt-Out Mechanisms:
• Cookie preference center accessible from all website pages
• One-click category-specific opt-out options
• Platform-specific advertising control links and integration
• Email-based opt-out requests with immediate processing
• Phone-based opt-out support for accessibility compliance
Industry Standard Opt-Out Integration:
• Network Advertising Initiative (NAI): optout.networkadvertising.org
• Digital Advertising Alliance (DAA): optout.aboutads.info
• European Digital Advertising Alliance (EDAA): youronlinechoices.eu
• Platform-specific advertising preference centers
6.2 PLATFORM-SPECIFIC USER CONTROLS
AppLovin Privacy Management:
• Device-level advertising controls (iOS: Settings > Privacy & Security > Apple Advertising; Android: Settings > Privacy > Ads)
• Email-based privacy management: dataprotection@applovin.com
• AppLovin Privacy Management Application access
• Real-time consent preference updates and synchronization
Google Ecosystem Controls:
• Google Ads personalization management: adssettings.google.com
• Google Account privacy settings: myaccount.google.com/privacy
• YouTube advertising preferences: youtube.com/account_privacy
• Google Analytics opt-out: tools.google.com/dlpage/gaoptout
• Privacy Sandbox controls in supported Chrome browsers
Meta Platforms Controls:
• Facebook advertising preferences: facebook.com/adpreferences
• Instagram privacy controls: instagram.com/accounts/privacy_and_security/
• Data sharing withdrawal: facebook.com/help/568137493302217
• Enhanced health and wellness advertising controls
• Custom audience exclusion requests: support@dermxell.com
6.3 CONSENT WITHDRAWAL AND PREFERENCE MANAGEMENT
Immediate Withdrawal Processing:
• Real-time consent withdrawal implementation (maximum 24 hours)
• Automatic cookie deletion upon withdrawal request
• Cross-platform consent synchronization and withdrawal
• Confirmation of withdrawal implementation and verification
• Historical consent preference access and management
Ongoing Preference Management:
• Regular consent preference review and renewal opportunities
• Consent preference dashboard with real-time status updates
• Category-specific consent management with granular controls
• Platform-specific preference synchronization and updates
• Enhanced accessibility options for preference management
7. INTERNATIONAL DATA TRANSFERS AND CROSS-BORDER COOKIE PROCESSING
7.1 CROSS-BORDER COOKIE DATA PROTECTION
International Transfer Safeguards: Cookie data may be processed internationally with comprehensive protection measures:
European Union and UK:
• Standard Contractual Clauses (SCCs) for third-country transfers
• Transfer Impact Assessments (TIA) for high-risk destinations
• Supplementary measures for enhanced protection
• Adequacy decision reliance where applicable
United States and Other Jurisdictions:
• Contractual protection measures equivalent to EU standards
• Certification program participation where available
• Regular transfer risk assessment and monitoring
• Enhanced security measures for international processing
7.2 COOKIE DATA LOCALIZATION AND RESIDENCY
Data Processing Locations: Cookie data may be processed in:
• United States: Under appropriate safeguards and contractual protections
• European Union: Within GDPR-compliant data centers and facilities
• Canada: With PIPEDA compliance and adequate protection measures
• Other Approved Jurisdictions: With equivalent protection standards
Enhanced International Protections:
• Encrypted data transmission for all international transfers
• Local data protection law compliance in all processing jurisdictions
• Regular security audits and compliance monitoring
• Cross-border incident response and notification procedures
8. ENHANCED SECURITY MEASURES AND DATA PROTECTION
8.1 ADVANCED COOKIE SECURITY IMPLEMENTATION
Technical Security Measures:
• HTTPS encryption for all cookie transmission and storage
• Secure cookie flags implementation for enhanced protection
• HttpOnly flags to prevent client-side script access
• SameSite cookie attributes for cross-site request protection
• Regular security vulnerability assessment and monitoring
Organizational Security Framework:
• Staff training on cookie security and privacy protection
• Access controls and role-based permissions for cookie data
• Incident response procedures for cookie-related security breaches
• Regular security audits and compliance assessments
• Vendor security assessment and ongoing monitoring
8.2 COOKIE DATA RETENTION AND DELETION
Retention Schedule by Cookie Category:
• Essential Cookies: Session duration or until logout
• Functional Cookies: Maximum 12 months or until preference change
• Analytics Cookies: Maximum 26 months with anonymization after 14 months
• Advertising Cookies: Maximum 13 months with user control options
Automated Deletion Procedures:
• Systematic deletion upon retention period expiration
• User-initiated deletion with immediate implementation
• Consent withdrawal triggered deletion across all platforms
• Regular purging of expired and obsolete cookie data
• Secure deletion methods with verification and documentation
9. CHILDREN'S PRIVACY AND ENHANCED PROTECTIONS
9.1 COPPA AND INTERNATIONAL CHILDREN'S PRIVACY COMPLIANCE
Age Verification and Protection Framework:
• Strict 18+ age requirement for all DERMXELL⁺ services and cookie processing
• Enhanced age verification procedures and mechanisms
• Immediate deletion of any inadvertently collected children's data
• Parental notification and consent procedures where legally required
Cookie-Specific Children's Protections:
• No targeting or advertising cookies for users under 18
• Enhanced protection against underage data collection
• Parental control integration where technically feasible
• Age-appropriate content delivery and protection measures
9.2 PLATFORM-SPECIFIC CHILDREN'S PROTECTIONS
Google/YouTube: Full compliance with YouTube Kids policies and family-friendly content restrictions
Meta Platforms: Adherence to Instagram and Facebook minor protection standards and policies
AppLovin: Implementation of age-gating and children's privacy restrictions
Enhanced Monitoring: Proactive detection and prevention of underage access and data collection
10. TRANSPARENCY REPORTING AND USER EDUCATION
10.1 REGULAR TRANSPARENCY REPORTING
Annual Transparency Reports: Comprehensive annual reports including:
• Cookie usage statistics and performance metrics
• User consent rates and preference management data
• Platform-specific cookie implementation updates
• Security incident reporting and resolution measures
• Privacy program enhancements and improvements
Quarterly Updates:
• Platform policy changes and implementation updates
• New cookie technology implementation and user impact
• Consent management system improvements and enhancements
• User education program effectiveness and feedback
• Regulatory compliance updates and requirement changes
10.2 COMPREHENSIVE USER EDUCATION PROGRAM
Educational Resources:
• Interactive cookie preference tutorials and guidance
• Platform-specific privacy control education and training
• Regular privacy webinars and Q&A sessions
• Cookie literacy workshops and educational content
• Personalized privacy optimization guidance and recommendations
Consumer Empowerment:
• Personal cookie audit tools and assessment capabilities
• Privacy preference optimization guidance and recommendations
• Regular privacy rights communications and updates
• Enhanced control interface training and support
• Community-driven privacy education and peer support
11. COMPLIANCE MONITORING AND CONTINUOUS IMPROVEMENT
11.1 ONGOING COMPLIANCE FRAMEWORK
Regular Compliance Assessment:
• Quarterly review of all platform cookie policies and requirements
• Annual legal compliance audit and documentation review
• Continuous monitoring of regulatory changes and updates
• Real-time platform policy change detection and implementation
• Proactive compliance enhancement and risk mitigation
Update Implementation Process:
• Immediate assessment of compliance requirements for policy changes
• Legal team review and implementation strategy development
• Technical implementation with user notification and education
• Ongoing monitoring and compliance verification
• Customer communication and transparency enhancement
11.2 CONTINUOUS IMPROVEMENT PROGRAM
Performance Optimization:
• Regular cookie performance analysis and optimization
• User experience enhancement based on feedback and analytics
• Platform integration improvements and efficiency gains
• Security enhancement and vulnerability mitigation
• Privacy protection advancement and user control improvement
Innovation and Enhancement:
• Emerging privacy technology evaluation and implementation
• New platform integration assessment and deployment
• Enhanced user control mechanism development and testing
• Privacy-preserving technology adoption and optimization
• Industry best practice integration and compliance advancement
12. CONTACT INFORMATION AND SUPPORT RESOURCES
12.1 PRIMARY COOKIE AND PRIVACY CONTACTS
Cookie Policy Inquiries:
Aqualanes Limited Privacy and Cookie Officer
Email: support@dermxell.com
Subject Line: "Cookie Policy Inquiry"
Phone: +852 6516 5836
Specialized Cookie Support:
• Cookie Preference Management: support@dermxell.com with subject "Cookie Preferences"
• Technical Cookie Issues: support@dermxell.com with subject "Technical Cookie Support"
• Consent Management Problems: support@dermxell.com with subject "Consent Management"
• Platform-Specific Cookie Questions: support@dermxell.com with subject "Platform Cookie Inquiry"
12.2 PLATFORM-SPECIFIC COOKIE CONTACTS
AppLovin Cookie Issues: dataprotection@applovin.com (direct to AppLovin)
Google Cookie Controls: Via Google Account settings and support
Meta Platform Cookie Issues: Via Facebook/Instagram privacy settings and support
YouTube Cookie Management: Via YouTube privacy and account settings
Shopify Platform Issues: Via Shopify merchant support and documentation
Response Timeline Commitments:
• Cookie preference changes: Immediate implementation (maximum 24 hours)
• General cookie inquiries: Response within 48 hours
• Technical cookie issues: Response within 24 hours
• Platform-specific problems: Response within 48 hours with escalation support
13. REGULATORY AUTHORITY RESOURCES AND COMPLAINT MECHANISMS
13.1 DATA PROTECTION AUTHORITY CONTACTS
European Union and United Kingdom:
• European Data Protection Board: edpb.europa.eu
• UK Information Commissioner's Office: ico.org.uk
• CNIL (France): cnil.fr
• Bundesbeauftragte für Datenschutz (Germany): bfdi.bund.de
United States:
• Federal Trade Commission: ftc.gov/complaint
• California Attorney General (CCPA): oag.ca.gov/privacy/ccpa
• State-specific privacy authorities as applicable
International Authorities:
• Privacy Commissioner of Canada: priv.gc.ca
• Office of the Australian Information Commissioner: oaic.gov.au
• Swiss Federal Data Protection and Information Commissioner: edoeb.admin.ch
• UAE Data Protection Office (contact via relevant emirates authorities)
13.2 INDEPENDENT DISPUTE RESOLUTION
Alternative Resolution Mechanisms:
• Independent privacy ombudsman services and mediation
• Industry-specific cookie dispute resolution mechanisms
• International arbitration for cross-border cookie disputes
• Legal action preservation and procedural support
14. POLICY UPDATES AND AMENDMENT PROCEDURES
14.1 AMENDMENT AUTHORITY AND PROCEDURES
Aqualanes Limited reserves the right to modify this Cookie Policy to reflect:
• Changes in applicable privacy and cookie regulations
• Updates to advertising platform policies and requirements
• Modifications to cookie technologies and implementation methods
• Enhanced user protection measures and privacy improvements
• Business operational changes affecting cookie usage
14.2 NOTIFICATION AND IMPLEMENTATION PROCEDURES
Material Changes: Substantive modifications affecting cookie processing or user rights:
• 30-day advance notice via email to registered users
• Prominent website notification for 30 days minimum
• Side-by-side policy comparison tool for transparency
• Enhanced notification for changes affecting platform-specific cookies
• Opt-in consent collection for material changes expanding cookie usage
Minor Updates: Non-substantive changes (technical clarifications, contact information updates):
• Immediate implementation with updated "Last Updated" date
• Website notification for informational purposes
• No additional consent required for clarifications or improvements
Legal Compliance Updates: Changes required by law or platform policy mandate:
• Immediate implementation with subsequent user notification
• Clear explanation of legal requirement and compliance necessity
• Enhanced user control options where technically feasible
• Regular compliance monitoring and user communication
15. EFFECTIVE DATE AND LEGAL VALIDITY
This Cookie Policy becomes effective immediately upon publication and supersedes all previous versions. This Policy constitutes a legally binding agreement between Aqualanes Limited and all users of DERMXELL⁺ products and services regarding cookie usage and tracking technologies.
Legal Enforceability: Should any provision of this Cookie Policy be deemed invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed, and the remainder of the Policy shall remain in full force and effect.
Complete Privacy Framework: This Cookie Policy, together with our Privacy Policy, Terms of Service, Data Privacy Rights document, FDA Disclaimer, and Ingredient Safety Guidelines, constitutes the complete privacy and data protection framework governing DERMXELL⁺ products and services.
Translation Disclaimer: In the event of conflicts between translated versions of this Cookie Policy, the English language version shall control and supersede all other versions.
16. DOCUMENT AUTHENTICATION AND CERTIFICATION
Document Version: October 14, 2025, 002
Legal Review Date: October 14, 2025
Next Scheduled Review: January 14, 2026
Regulatory Compliance Status: Current as of October 14, 2025
Platform Compliance Certification: AppLovin, Google, Meta, YouTube, Shopify - Compliant
This Cookie Policy has been prepared to meet the highest standards of privacy law compliance, advertising platform policy adherence, and international legal protection for cookie and tracking technology implementation. For specific cookie policy questions or complex technical implementations, consult with qualified legal counsel familiar with privacy technology law and international digital advertising regulations.
Postal Address:
Aqualanes Limited Cookie Policy Officer
Flat/Rm C1207 12/F, Hang Cheong Factory Building
1 Wing Ming Street, Cheung Sha Wan, Kowloon
Hong Kong