COOKIE POLICY

COOKIE POLICY

Natural Resistance AB
Last updated: 25-10-2025

1. Introduction and scope

This Cookie Policy explains how Natural Resistance AB (“Natural Resistance”, “we”, “us”, “our”) uses cookies and similar technologies on www.naturalresistance.com (the “Website”), in our emails, and—where applicable—in mobile experiences that link to this Policy (collectively, the “Services”). It should be read together with our Privacy Policy, which describes our broader personal data practices and your rights.

When you first visit the Website, you will see a consent banner that allows you to accept all cookies, refuse all non-essential cookies, or tailor your choices by purpose. Your preferences are remembered for this browser and device and can be changed at any time via Cookie Settings in the Website footer.

This Policy applies to both first-party technologies set by us and third-party technologies set by partners that provide features, analytics, advertising, social media tools, security, or hosting on or through our Services. Where a third party independently decides how it uses data, its own privacy notice applies in addition to this Policy.

2. What cookies and “similar technologies” are

A cookie is a small text file placed on your device by a website you visit. Cookies may be session (deleted when you close your browser) or persistent (retained until they expire or you delete them). In this Policy, “cookies” includes other similar technologies, such as HTML5 local storage, software development kits (SDKs) for apps, pixels and tags, web beacons, JavaScript libraries, server-to-server event APIs, and limited device-level identifiers that operate like cookies.

These technologies can remember your preferences, help pages load efficiently, measure performance, secure our Services, and support advertising and social features.

3. Who is responsible for cookie-related data

For the Website, the controller (EU/UK) and “business” (U.S. state privacy laws) is:

Natural Resistance AB
Ringduvegatan 6, 431 32 Mölndal, Sweden
Company registration number: 559462-9877


We engage trusted providers as processors (acting on our instructions) and also integrate with certain independent controllers (for example, major advertising and social platforms). For specific social plugins and advertising tools, we and the platform may act as joint controllers for the initial collection and transmission of data; each party’s responsibilities are described in the platform’s terms and/or in our Privacy Policy. After transfer, the platform independently controls further processing.

4. Categories of technologies and why we use them

We use technologies that fall into the following purposes. The precise cookies, providers, and lifespans are visible at any time via Cookie Settings (our consent management platform, “CMP”), which maintains a live list.

4.1 Strictly necessary (essential)

These are required for the Services to function or to provide a feature you request. They support core operations such as page navigation, basket and checkout, authentication, load balancing, security and fraud prevention, and the storage of your privacy preferences.

• EU/UK legal basis: our legitimate interests in operating a secure, functional service and/or necessity to provide the service you request (ePrivacy).

• Consent: not required for essential cookies.

• Impact of disabling: blocking essential cookies via browser settings may break key features.

4.2 Performance and analytics

These help us understand how the Services are used so we can measure performance, detect errors, and improve content and layout. Typical data include page views, scroll depth, time on page, referring URLs, generalized location (city/region), device/browser details, and pseudonymous identifiers. We may use A/B testing and session-replay strictly configured to mask inputs and exclude sensitive fields (e.g., payment, passwords, health information). Audio capture is disabled, and keystrokes in sensitive inputs are not recorded.

• EU/UK legal basis: your consent (except where strictly necessary analytics are permitted under local ePrivacy implementations).

• U.S.: you can opt out via Cookie Settings and, where applicable, through Global Privacy Control (GPC) (see Section 10).

4.3 Functionality (preferences)

These remember choices you make—language, region, currency, saved addresses, size preferences, wishlists—and provide enhanced, personalized features you request.

• EU/UK legal basis: consent where not strictly necessary; legitimate interests where the cookie is required to provide a requested feature.

• Effect of refusal: some convenience features may be limited.

4.4 Advertising and retargeting (including cross-context behavioral advertising)

These support delivery of more relevant ads, limit repetition, measure campaign effectiveness, build and refine audiences (e.g., custom/lookalike), and attribute conversions. Data may include hashed identifiers (for example, email—only where consented), cookie and device IDs, coarse geolocation, and events such as page views, cart additions, and purchases.

• EU/UK legal basis: consent.

• U.S. disclosure: certain uses of advertising and analytics may constitute a “sale” or “sharing” of personal information under state privacy laws (e.g., CPRA). You may opt out at any time via Do Not Sell or Share My Personal Information and Cookie Settings; we also honor GPC signals (Section 10).

4.5 Social media and embedded content

We may include plugins or embedded content (e.g., “Like/Share” buttons, video embeds, social login). Loading or interacting with such features can allow the platform to receive technical data (IP address, browser type, page URL, timestamp) and—if you are logged in—link the visit to your account. For limited initial collection and transfer to certain platforms, we may be joint controllers; the platform’s privacy policy governs subsequent processing.

• EU/UK legal basis: consent for non-essential loading/measurement.

• Your choice: refuse this category in Cookie Settings; embed functionality may be limited.

5. Email pixels and in-app SDKs

Some of our marketing emails contain a pixel that informs us whether you opened the email or clicked on links, enabling us to measure engagement and improve relevance. You can disable images in your email client to reduce pixel loading or unsubscribe from marketing at any time.

If we provide a mobile app, we may use SDKs that operate similarly to cookies to deliver features, fix crashes, perform analytics, or support advertising consistent with this Policy. You can manage app permissions via your device settings (e.g., Advertising ID, Tracking, Location).

6. Our consent approach and CMP behavior

Within the EU/UK (and where EU/UK ePrivacy-style rules apply), we request prior consent for any cookie or similar technology that is not strictly necessary. Our CMP:

• Presents clear choices: Accept all, Reject all (except essential), or Customize.

• Blocks non-essential tags until consent is given (true prior consent).

• Records granular purpose-level consent and vendor-level consent where applicable (IAB TCF compatible where deployed).

• Stores a consent log (timestamp, purposes, vendor toggles, region signal) to demonstrate compliance and renews consent when materially changed or after local maximums.

• Allows you to withdraw or change consent at any time with effect for the future via Cookie Settings.

7. Third parties: processors vs. independent controllers

We use vetted providers for analytics, measurement, security, content delivery networks (CDNs), tag management, A/B testing, session replay (with masking), marketing automation, payment experience optimization, social media tools, and advertising. Some providers act solely as our processors under written data protection terms (including confidentiality, security, sub-processor controls, and deletion at end of service). Others act as independent controllers (for example, social/ads platforms) and use data according to their privacy notices. Where available, we link to those notices in Cookie Settings.

We do not authorize partners to use data collected through our tags for their own purposes unless disclosed and consented (where required). We do not engage in CNAME cloaking to disguise third-party trackers as first-party.

8. Server-side tagging, data minimization, and security

We may use server-side tagging to improve security and restrict data flows—ensuring only necessary parameters are forwarded to vendors. We apply data minimization and pseudonymization where appropriate (e.g., hashing before audience matching), and we configure tools to:

• Mask sensitive input fields from any recording or analytics.

• Truncate or anonymize IP addresses where feasible for analytics in the EU/UK.

• Disable cross-site collection unless consented.

• Enforce HTTPS, access controls, and least-privilege keys for tag and API endpoints.

9. International transfers

Cookie-derived data may be processed outside your country, including outside the EU/EEA/UK. Where EU/UK data is transferred to a country without an adequacy decision, we use Standard Contractual Clauses (SCCs) and, where necessary, supplementary measures. You can request details at privacy@naturalresistance.com.

10. “Do Not Sell or Share,” Global Privacy Control (GPC), and U.S. state rights

For U.S. residents, some advertising/analytics uses may be a “sale” or “sharing” under state privacy laws (e.g., CPRA; similar rules may exist in CO/CT/VA/UT). You may opt out at any time using Do Not Sell or Share My Personal Information and via Cookie Settings. We also honor GPC signals: if your browser sends a valid GPC signal, we treat that as an opt-out of sale/share for that browser and, where we can associate it to your profile, extend it account-wide.

Exercising these choices will not degrade core functionality, but personalization and advertising relevance may be affected.

11. How you can control cookies and similar technologies

You remain in control, and you can change your mind anytime:

• Cookie Settings (recommended): adjust your preferences by purpose and vendor, and review your consent history.

• Browser controls: most browsers let you block, limit, or delete cookies. Deleting cookies removes your consent state; the banner may reappear on your next visit.

• Device/OS settings: iOS and Android provide controls for advertising IDs and app tracking.

• Ad industry tools: learn more and set preferences at www.aboutads.info/choices, www.youronlinechoices.eu, and optout.networkadvertising.org.

• Platform controls: Google Ads Settings and Meta Ad Preferences (and other platforms) offer additional choice; we link to them in Cookie Settings.

Please note that blocking essential cookies can impair the Website’s operation. Refusing non-essential cookies will not stop all ads, but ads may be less relevant.

12. Fingerprinting and similar identification

We do not use or authorize partners to use browser fingerprinting or similar covert identification methods for advertising or analytics without consent. If a limited fingerprinting technique is strictly necessary for security/fraud prevention, we use it only for that purpose and never for advertising without consent.

13. Children

Our Services are not directed to children, and we do not knowingly set non-essential cookies on users known to be under the age of 16 (or a higher threshold where required) without appropriate consent mechanisms. If you believe this has occurred, contact privacy@naturalresistance.com.

14. Retention and cookie lifespans

Each cookie/identifier has its own lifespan, shown in Cookie Settings. As guidance:

• Essential cookies persist only as long as needed for their function (often session-based).

• Analytics and preference cookies are typically retained for no longer than 13 months in the EU/UK (or shorter if configured).

• Advertising cookies follow partner defaults disclosed in Cookie Settings and partner notices.

When a cookie expires or is deleted, associated data is removed or aggregated/anonymized. Consent logs are retained as required to demonstrate compliance and then deleted or anonymized.

15. Social plugins, embeds, and joint controllership

When we include social plugins or embeds, the platform may receive technical data upon load or interaction. If you are logged in, the platform may associate the visit with your account. For certain audience products (e.g., custom audiences or conversion APIs), we and the platform may jointly determine the initial collection and transfer of data; the platform’s terms describe how to exercise rights against each party. If you prefer that social networks don’t collect data during your visit, log out of those networks and clear their cookies before visiting, or refuse the relevant category in Cookie Settings.

16. Accessibility and availability

We strive to make our consent banner and Cookie Settings accessible to users relying on assistive technologies. If you experience difficulties, please email privacy@naturalresistance.com, and we will offer an accessible alternative to manage your choices.

17. DPIAs and audits

Where necessary, we conduct Data Protection Impact Assessments (DPIAs) for higher-risk tagging (e.g., session-replay, profiling) and audit vendor configurations to ensure masking, minimization, and lawful bases are applied. We periodically review our vendor list and CMP configuration to reflect changes in law and technology.

18. Changes to this Policy

We may update this Policy to reflect legal, technical, or business developments. The “Last updated” date indicates the latest version. Where required, we will re-present consent or provide prominent notice of material changes. Continued use of the Services after updates take effect constitutes acceptance of the revised Policy.

19. Contact

If you have questions about this Cookie Policy or how we use cookies and similar technologies, contact:

Natural Resistance AB – Privacy
Ringduvegatan 6, 431 32 Mölndal, Sweden
Email: Oscar.hallerod@naturalresistance.com

EU/UK users may also lodge a complaint with their local data protection authority. U.S. users can contact their state regulator; see our Privacy Policy for details.

20. Live cookie list and partner disclosures

For transparency, our CMP maintains a live inventory of all cookies and similar technologies currently used on the Services, including the provider, purpose, category, and lifespan, with links to each provider’s privacy notice and opt-out (where available). You can view and manage this at any time via Cookie Settings in the Website footer.