Cookie Policy

Testograph UK LTD  |  tglabs.co.uk

Last updated: 27 May 2026

This policy explains how Testograph UK LTD uses cookies, pixels, and similar tracking technologies on tglabs.co.uk, in full compliance with the Privacy and Electronic Communications Regulations (PECR), the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

⚠ IMPORTANT — Paid Advertising Notice: This store uses the Meta Pixel (Facebook/Instagram) and the TikTok Pixel for paid advertising and conversion tracking. Both are classified as advertising tracking technologies under PECR and UK GDPR. They ALWAYS require prior, explicit user consent before firing. They are blocked by default on this website until a visitor actively accepts advertising cookies.

1. What Are Cookies and Tracking Technologies?

Cookies are small text files placed on your device when you visit our website. We also use related technologies including:

• Pixels — small invisible scripts (such as the Meta Pixel and TikTok Pixel) that track user actions on our site and report them to advertising platforms

• Web beacons — tiny transparent images used to track whether pages or emails have been viewed

• Local storage — browser-based storage used to remember user preferences

• Tag manager scripts — tools that control when third-party tracking tags are loaded

Together, these are referred to in this policy as 'tracking technologies'. The ICO's 2025 and 2026 updated guidance explicitly covers all of these — not just traditional cookies.

2. Legal Framework

Our use of tracking technologies is governed by:

• Privacy and Electronic Communications Regulations 2003 (PECR) — requires prior, informed, opt-in consent before placing any non-essential tracking technology on a user's device

• UK General Data Protection Regulation (UK GDPR) — governs how personal data collected via tracking is processed

• Data Protection Act 2018 — supplements the UK GDPR

• Data (Use and Access) Act 2025 — introduced limited new exemptions for low-risk analytics cookies but confirmed advertising and retargeting pixels always require consent

Since February 2026, PECR fines are aligned with UK GDPR levels: up to £17.5 million or 4% of global annual turnover — whichever is higher. The ICO actively enforces cookie compliance and issued warnings to 134 UK websites during its 2025 audit campaign.

3. Your Consent Rights

When you first visit tglabs.co.uk, a cookie consent banner will be displayed. You have the right to:

• Accept all cookies and tracking technologies

• Reject all non-essential cookies and tracking technologies

• Make granular choices by category (e.g., accept analytics but reject advertising pixels)

✓ Legal Requirement: We will never fire the Meta Pixel, TikTok Pixel, or any other advertising tracking technology before you have actively clicked 'Accept' on our cookie banner. Continued browsing does not constitute consent. Pre-ticked boxes are not used.

You may change or withdraw your consent at any time by clicking 'Cookie Settings' in the footer of our website. Withdrawing consent will stop the relevant tracking technologies from firing on future page visits. It will not retroactively undo any data already sent to third-party platforms.

4. Tracking Technologies We Use — Full Disclosure

The following table provides complete disclosure of all tracking technologies used on tglabs.co.uk, as required by the ICO's updated guidance on storage and access technologies (April 2026).

Category A — Strictly Necessary (No Consent Required)

These are essential for the website to function and cannot be disabled. They do not track you for advertising or analytics purposes.

Category B — Analytics (Consent Required)

These help us understand how visitors interact with our site. Although the Data (Use and Access) Act 2025 introduced a limited exemption for purely aggregate statistical analytics, Google Analytics in its standard configuration does not qualify for this exemption. We therefore treat it as requiring consent.

ℹ Note: The DUA Act 2025 analytics exemption only applies to cookies used solely for aggregate statistics with no link to advertising targeting. Standard Google Analytics (GA4) does not qualify in most configurations.

Category C — Advertising & Retargeting (Consent Always Required)

This category includes the Meta Pixel and TikTok Pixel. These technologies track your behaviour on our website and report it to Meta (Facebook/Instagram) and TikTok's advertising platforms. This enables us to:

• Measure whether our paid ads result in purchases (conversion tracking)

• Show our ads to people who have previously visited our site (retargeting / remarketing)

• Build lookalike audiences of people similar to our existing customers

Advertising and retargeting pixels ALWAYS require explicit, prior consent under PECR. There are no exemptions. This applies regardless of whether data is sent via browser-side pixel or server-side Conversions API.

⚠ Enforcement Risk: Firing advertising pixels before consent is obtained is a direct PECR violation. The Swedish DPA fined two pharmacy chains approximately £14 million combined in 2024 for transmitting user data to Meta via pixel without valid consent. The ICO enforces the same standard in the UK.

5. How Advertising Pixels Work — Transparency

5a. Meta Pixel (Facebook & Instagram)

The Meta Pixel is a piece of JavaScript code provided by Meta Platforms Inc. that we place on our website. When a user who has given consent visits our site or completes an action (such as adding to cart or purchasing), the pixel sends information about that action to Meta. This data is used to:

• Confirm that our Facebook and Instagram ads are driving purchases (conversion tracking)

• Show our ads to people who visited our site but did not purchase (retargeting)

• Create audiences of people with similar characteristics to our customers (lookalike audiences)

Data sent to Meta may include: page URL, browser information, and if you are logged into Facebook, your Facebook ID. Meta acts as a joint data controller for pixel data. Their data practices are governed by Meta's Privacy Policy (facebook.com/privacy/policy).

If you decline advertising cookies, the Meta Pixel will not fire on your visit. You can also opt out of Meta's interest-based advertising at: facebook.com/settings/ads

5b. TikTok Pixel

The TikTok Pixel is a piece of JavaScript code provided by TikTok Technology Limited (or ByteDance group). When a consenting user visits our site or takes an action, the pixel reports that event to TikTok Ads Manager. This enables:

• Measuring whether our TikTok ads resulted in purchases (conversion tracking)

• Retargeting users who visited our website on TikTok

• Building lookalike audiences for our advertising campaigns

TikTok may use pixel data to match events to TikTok user accounts if a user is logged in. TikTok acts as a separate data controller for its advertising platform. Their data practices are governed by TikTok's Privacy Policy (tiktok.com/legal/privacy-policy).

If you decline advertising cookies, the TikTok Pixel will not fire on your visit. You can opt out of TikTok's interest-based advertising in your TikTok account settings under 'Ads'.

6. International Data Transfers

Both Meta and TikTok transfer personal data outside the UK. As the data controller instructing these pixels, we are responsible for ensuring adequate safeguards are in place:

• Meta Platforms Inc. (USA) — transfers are covered by UK-approved standard contractual clauses and Meta's data processing addendum

• TikTok Technology Limited (UK/Ireland) / ByteDance (global) — data may be transferred to the USA and Singapore. TikTok operates under standard contractual clauses. Be aware that regulators in multiple jurisdictions have scrutinised TikTok's data transfers to China; by consenting to TikTok cookies, you acknowledge this risk.

ℹ Your Right: You may decline TikTok and/or Meta advertising cookies independently via our cookie preference centre. You do not have to accept one to use the other, and you can reject both without affecting your ability to use our website.

7. Technical Implementation — How We Block Pixels Until Consent

To ensure PECR compliance, we implement the following technical controls:

• All non-essential tracking technologies are blocked at page load by default

• A Consent Management Platform (CMP) controls which scripts are permitted to fire based on your consent choices

• The Meta Pixel and TikTok Pixel are wrapped in consent-conditional triggers — they do not load unless you have clicked 'Accept' on the relevant category

• If you later withdraw consent, the CMP will prevent the pixels from firing on subsequent visits (though data already sent to Meta or TikTok cannot be recalled)

• Consent records including timestamps and choices are logged and retained for 12 months for ICO audit purposes

⚠ Action Required for Store Owner: You must use a PECR-compliant Consent Management Platform (CMP) that integrates with Shopify and supports conditional tag loading. Recommended options: CookieYes, Axeptio, or Cookiebot. Ensure the CMP is configured to block the Meta Pixel and TikTok Pixel tags until consent is granted.

8. Cookie Banner Requirements (ICO 2026 Guidance)

Our cookie banner is designed to meet the ICO's 2026 guidance requirements:

• 'Accept all' and 'Reject all' buttons are displayed with equal visual prominence — the reject button is not hidden, smaller, or greyed out

• Consent is recorded only when the user takes a clear, affirmative action (e.g., clicking 'Accept')

• Browsing the site, scrolling, or closing the banner does not constitute consent

• Users are presented with granular category choices (Necessary / Analytics / Advertising)

• The banner clearly identifies Meta and TikTok by name in the advertising category

• Users can update their preferences at any time via the Cookie Settings link in the website footer

9. Duration of Consent

Your cookie consent preferences are stored for up to 12 months. After this period, we will ask for your preferences again. You can update your preferences at any time without waiting for expiry.

10. Managing Your Preferences

In addition to our cookie banner, you can control tracking technologies through:

• Browser settings — most browsers allow you to block, delete, or receive alerts about cookies. Note: blocking essential cookies may affect website functionality

• Platform-level opt-outs:

• Meta ad preferences: facebook.com/settings/ads

• TikTok ad preferences: tiktok.com — Settings > Privacy > Ads

• Google ad preferences: myaccount.google.com/data-and-privacy

• Industry opt-out tools: youronlinechoices.com | allaboutcookies.org

11. Third-Party Data Controllers

When advertising pixels are activated, the following companies become independent or joint data controllers for the data they receive:

• Meta Platforms Inc. — Privacy Policy: facebook.com/privacy/policy

• TikTok Technology Limited / ByteDance — Privacy Policy: tiktok.com/legal/privacy-policy

We are not responsible for the data practices of these third parties once data has been transmitted to their platforms. Please review their privacy policies to understand how they use your data.

12. Updates to This Policy

We will update this Cookie Policy when we add, remove, or change the tracking technologies we use, or when legal requirements change. The version number and date at the top of this document indicate the current version. Material changes will be communicated via our cookie consent banner.

13. Contact & Complaints

For any questions about our use of cookies or tracking technologies:

• Email: support@tglabs.co.uk

• Website: tglabs.co.uk

If you believe we have not handled your cookie consent correctly, you have the right to complain to the ICO:

• ICO website: ico.org.uk/make-a-complaint

• ICO helpline: 0303 123 1113

© 2026 Testograph UK LTD. All rights reserved.

tglabs.co.uk  |  support@tglabs.co.uk