Cookie Policy

1.1Definition: A cookie is a small piece of data placed on your device by a website. It allows the site to "remember" your actions (for example: that you are logged in, what is in your cart, or what language you chose) across pages and across visits.

1.2Similar Technologies: We also rely on (a) localStorage and sessionStorage — browser key/value stores that hold data such as cart state, recently viewed items, and consent decisions; (b) pixels and web beacons — 1×1 transparent images embedded in pages or emails that signal "this page was loaded" or "this email was opened" to analytics or marketing providers; (c) tag-manager containers (e.g. Google Tag Manager) which load other tags only when consent is granted.

1.3First-party vs Third-party: A "first-party" cookie is set by Best Brands directly on bestbrands-eg.com. A "third-party" cookie is set by a separate company (for example Google or Meta) whose code we have embedded on our pages for a specific purpose. Third-party cookies only fire if you have consented to the relevant category.

1.4Session vs Persistent: A "session" cookie is deleted as soon as you close your browser. A "persistent" cookie has a defined expiry date and survives across visits, up to a maximum of 12 months for any consent-bearing cookie we set on bestbrands-eg.com.

2.1Equal-Prominence Buttons: Our consent banner offers "Accept all", "Reject all", and "Customize" as equally styled buttons, in line with EDPB Guidelines 03/2022 on deceptive design patterns. We do not pre-tick any optional category, and refusal is exactly one click — the same effort as acceptance.

2.2Re-opening Preferences: At any time you can re-open the preferences panel by clicking "Cookie preferences" in the footer of every page. This dispatches the internal event `bb:open-cookie-settings` which the consent banner listens for. Your previous choices are pre-loaded so you can adjust per category instead of starting over.

2.3Per-Category Granularity: You can grant or withdraw consent for each of the seven categories independently. For example, you may keep "Functional & preferences" on while turning "Marketing & advertising" off. Strictly necessary cookies cannot be turned off because the site cannot function without them.

2.4Withdrawal: Withdrawing consent is as easy as granting it. When you save a new decision, we immediately stop firing the categories you have refused, and we reload the page so any already-initialized SDKs are unloaded cleanly. Withdrawal applies going forward — data already collected lawfully under prior consent is governed by our Privacy Policy retention rules.

2.5Browser-Level Controls: Independent of our banner, you can configure your browser to refuse all cookies, refuse third-party cookies only, or delete cookies on exit. Doing so will not stop you from shopping but may break features such as language persistence, cart memory, and recently viewed items. Most browsers expose these controls under Settings → Privacy.

2.6Legal Basis (Egypt PDPL): Our processing of personal data linked to cookies relies on your explicit consent under Article 12 of the Egyptian Personal Data Protection Law No. 151 of 2020 (قانون حماية البيانات الشخصية رقم 151 لسنة 2020), except for "strictly necessary" cookies which we set on the basis of legitimate interest to deliver the service you requested. Your consent record (subject ID, decisions, timestamp, banner version) is stored so we can prove compliance.

3.1necessary — Strictly necessary (always on, cannot be disabled): Required for the site to function. Covers session continuity, security, fraud and bot prevention, load balancing, your cart contents, the consent decision itself, and the CSRF protection that keeps your account safe. Disabling these would break login, checkout, and basic navigation, so they are set on the basis of legitimate interest rather than consent.

3.2functional — Functional & preferences (optional, off by default): Remembers settings you have chosen, such as your currency (EGP), language (English or Arabic), region, recently viewed items, and small UI states (closed banners, expanded panels). Refusing this category does not break the site but will reset these preferences on each visit.

3.3analytics — Analytics (optional, off by default): Helps us understand, in aggregate, which pages are popular, which products attract attention, and where users encounter friction. We use this signal to prioritize what to fix and what to build next. We do not use analytics to identify you personally; identifiers are pseudonymous and reports are aggregated.

3.4session_replay — Session replay (optional, off by default): Records anonymised interactions (clicks, scrolls, rage-taps) so we can debug UX issues — for example, why a form is being abandoned. Sensitive fields (passwords, payment data) are masked at the source. This category is separate from analytics so you can keep analytics on without enabling replay.

3.5marketing — Marketing & advertising (optional, off by default): Lets us, and our advertising partners (Meta, Google Ads, TikTok, Pinterest), show you tailored ads on their platforms based on what you looked at here. Refusing this category does not stop you from seeing ads on those platforms — it only stops them from being personalised based on your activity on bestbrands-eg.com.

3.6email_newsletter — Newsletter (optional, off by default): Used when you ask to receive product news and promotions by email. Covers signup-form state, double-opt-in confirmation, and (if our email provider sets them) tracking pixels embedded in marketing emails to measure opens and clicks.

3.7personalized_recs — Personalized recommendations (optional, off by default): Personalises the product suggestions we show you on-site, taking into account your browsing history, wishlist, past orders, and loyalty tier. Refusing this category gives you the standard non-personalised recommendation feed.

4.1Google (Analytics & Ads) — analytics + marketing categories. Loaded only when you grant Analytics and/or Marketing consent. Uses cookies including `_ga`, `_gid`, `_gcl_au`, and the `IDE` cookie set by Google when an ad is loaded. Data is processed under Google Consent Mode v2 — our site signals your decisions to Google before any pixel fires.

4.2Meta (Facebook Pixel) — marketing category. Loaded only when you grant Marketing consent. Sets cookies including `_fbp` (browser) and `_fbc` (click ID) used to attribute conversions to Meta ads and to build Custom Audiences on Facebook and Instagram.

4.3TikTok Pixel — marketing category. Loaded only when you grant Marketing consent. Sets `_ttp` to attribute conversions to TikTok ads and to retarget users on TikTok and TikTok Audience Network.

4.4Pinterest Tag — marketing category. Loaded only when you grant Marketing consent. Sets `_pin_unauth` and `_pinterest_ct` to attribute conversions to Pinterest pins and to power Pinterest Audience targeting.

4.5Courier Tracking Iframes (Bosta) — necessary category, on-demand only. When you open an order-tracking page, we may embed an iframe from our local courier partner (Bosta) so you can see live shipment status. The iframe is loaded only on that page and only for orders you have access to.

4.6Payment Iframes (Paymob, Fawry) — necessary category, on-demand only. During checkout, payment is handled inside iframes hosted by our payment processors (Paymob and Fawry). The cookies they set are scoped to their own domains and are strictly necessary to complete your transaction; they are never set on browsing pages.

4.7Tag Manager (Google Tag Manager) — orchestration, no marketing payload of its own. We load GTM so tags can be added or removed without a code deploy. GTM itself does not collect personal data; it loads other tags only when the matching consent category has been granted via Google Consent Mode v2.

4.8Processor Disclosures: Each of the partners above acts as an independent data controller or processor for the data they collect via their own cookies. Their full privacy and cookie policies are linked from our Privacy Policy. We periodically review our processor list and will update this document when we add or remove a partner.

5.1How to Read the Table: The "Category" column matches the seven consent categories defined in Section 3. The "Expiry" column shows the maximum lifetime — actual lifetime may be shorter if you clear cookies, log out, or change consent. The "Provider" column shows the entity that sets the cookie; cookies set by Best Brands are first-party, all others are third-party.

5.2Completeness: We strive to list every consent-bearing cookie we knowingly set. Partner SDKs (Google, Meta, TikTok, Pinterest) occasionally introduce new cookies; if you spot one not listed here, please write to us and we will update the table.

6.1Maximum Lifetime: We cap the lifetime of cookies we set at 12 months (referenced in code as `COOKIE_MAX_AGE` in the consent module). Third-party cookies set by partners (Google, Meta, TikTok, Pinterest) follow each partner's own retention policy as listed in the Named Cookies table.

6.2Consent Renewal: After 12 months, your consent expires and the banner is shown again on your next visit. This is intentional — consent should be a deliberate decision, not a once-in-a-lifetime click. You can of course re-grant the same choices in one click.

6.3Server-Side Records: We also keep a server-side audit record of your consent decisions (what was decided, when, on which banner version, via which UI path). This record is retained per Privacy Policy retention rules and is required by the Egyptian PDPL to demonstrate that consent was freely given and informed.

6.4Browser-Storage Items: Items we keep in localStorage (such as your cart, recently viewed items, and small UI preferences) have no automatic expiry; they live until you clear browser storage or until they are superseded. They are scoped to your browser and never leave your device unless you take an action that requires sending them (such as starting checkout).

7.1Versioning: Each change to this policy increments the banner_version stored in the consent module. When the banner version bumps in a way that materially affects categories or processors, the consent banner is re-shown on your next visit so you can re-confirm.

7.2Cross-Reference to Privacy Policy: This Cookie Policy is a companion to our Privacy Policy, which covers how we handle personal data in general (lawful basis, retention, your rights under the Egyptian PDPL, and so on). For data-subject rights (access, rectification, erasure, withdrawal), please refer to the Privacy Policy or contact us using the details below.

7.3Contact: For any question about this Cookie Policy, the categories described, or to exercise your rights, email privacy@bestbrands-eg.com or reach our team via the Contact page. We are based in Cairo, Egypt, and we respond to data-subject requests within 30 days as required by the Egyptian Personal Data Protection Law.