Your next dispatch date is Thursday 5th of June

  • Home
  • Shop
  • More
    • Home
    • Shop
  • Sign In
  • Create Account
  • Orders
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • Orders
  • My Account

  • Sign out

Signed in as:

filler@godaddy.com

  • Home
  • Shop

Account

  • Orders
  • My Account

  • Sign out

  • Sign In
  • Orders
  • My Account

Privacy Policy


Overview


Carlys Cookies Limited are committed to protecting and respecting your privacy. This policy sets out how we (the “Site”) collects, uses, and discloses your Personal information when you visit or make a purchase from the Site.

The terms “we”, “us” or “our” shall refer to Carlys Cookies Limited. The terms “you”, “your”, “User” or “customer” shall refer to any individual or entity who accepts this Agreement, has access to your account or uses the Site or the Services. Nothing in this Agreement shall be deemed to confer any third-party rights or benefits.


Collecting Personal Information


When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.


Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels 
  • Disclosure for a business purpose: shared with our processor Go Daddy.


Order information

  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with      the preferences you have shared with us, provide you with information or      advertising relating to our products or services.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: shared with our processor Go Daddy and Royal Mail.


Customer support information

  • Purpose      of collection: to provide customer support.
  • Source      of collection: collected from you.
  • Disclosure      for a business purpose: shared with our processor Go Daddy and Royal      Mail.
     

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:

  • We use Go Daddy to power our online store. You can read more about how Go Daddy uses your Personal Information here:

             Privacy Agreement - GoDaddy UK

  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
     

Using Personal Information

We use your personal information to provide our services to you, which includes offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers.


Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.
     

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.


Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.


GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below 

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. 

This Global Privacy Notice describes the core privacy practices of GoDaddy Operating Company, LLC and certain of its subsidiaries, affiliates and brands, including GoDaddy.com, LLC, Afternic.com, Inc., Blue Razor Domains, LLC, CallCatchers, Inc. d/b/a Freedom Voice, GoDaddy Payments, LLC, GoDaddy Media Temple, Inc. d/b/a Sucuri, GoDaddy Sellbrite, Inc., Lantirn, Inc. d/b/a re:Amaze, Pagely, LLC, and Poynt, LLC (collectively herein, “GoDaddy”) and applies to all individuals regardless of where they live. Other GoDaddy companies maintain separate privacy policies and procedures, notices of which are available on those companies’ websites and/or mobile applications. We also maintain customized local privacy notices for certain jurisdictions with unique privacy notice requirements, which can be access through the following links:

  • Australia
  • Canada
  • Europe (EU/EEA, UK, and Switzerland)
  • United States (California and other States)

We encourage you to review your local customized notice if you live in one of these areas.


Cookies 

GoDaddy empowers entrepreneurs everywhere, making opportunity more inclusive for all. We also empower you to manage your privacy preferences and exercise your privacy rights when visiting our website, using our services, and communicating with us.

As described below,

  • website      visitors can manage their privacy preferences by visiting Manage Privacy Settings
  • customers      can manage their privacy preferences in their 

             Account Settings page, and

  • you      can always reach us at privacy@godaddy.com or by mail at the addresses listed in Contact Us to exercise your privacy rights.

This Global Privacy Notice describes the core privacy practices of GoDaddy Operating Company, LLC and certain of its subsidiaries, affiliates and brands, including GoDaddy.com, LLC, Afternic.com, Inc., Blue Razor Domains, LLC, CallCatchers, Inc. d/b/a Freedom Voice, GoDaddy Payments, LLC, GoDaddy Media Temple, Inc. d/b/a Sucuri, GoDaddy Sellbrite, Inc., Lantirn, Inc. d/b/a re:Amaze, Pagely, LLC, and Poynt, LLC (collectively herein, “GoDaddy”) and applies to all individuals regardless of where they live. Other GoDaddy companies maintain separate privacy policies and procedures, notices of which are available on those companies’ websites and/or mobile applications. We also maintain customized local privacy notices for certain jurisdictions with unique privacy notice requirements, which can be access through the following links:

  • Australia
  • Canada
  • Europe (EU/EEA, UK, and Switzerland)
  • United States (California and other States)

We encourage you to review your local customized notice if you live in one of these areas.

Data Covered by this Privacy Notice

This global privacy notice covers personal data when we act as the data controller.

  • Personal data includes data that identifies or could be used to identify a specific person and any data about that person. For example, your name, address and payment details are personal data.
  • We act as a controller when we process personal data for our own use. For example, we act as a controller when you provide your personal data to open an account.

This notice does not apply when our customers or another person processes personal data for their own benefit. For example, when a customer sends email for their own business purposes that includes personal data, the customer is acting as the “controller”. When our customer acts as the controller, we act as the “processor” and process personal data only in accordance with our customer's instructions or as required by law.

This notice does not apply to third-party applications offered through our services or linked through our website, such as Microsoft 365 and similar offerings. For information about the privacy practices of any third-party offerings, please review the privacy notice applicable to that offering before using it.


Core Privacy Rights

We recognize several core privacy rights for all individuals:

  • the right to know what personal data we hold about you
  • the right to access, correct, or delete your personal data
  • the right to transfer your personal data (data portability)
  • the right to set your individual marketing and advertising preferences

Where technically feasible and appropriate, we provide self-service and automated mechanisms to allow individuals to exercise their privacy rights.

We also manually review requests to exercise privacy rights where self-service is not possible or appropriate. We promptly review such requests to exercise privacy rights. If we need more information to process a request, we will contact the requestor by email or, if we do not have an email address on file for the requestor, by the same method the request was made.

If we do not honour a request for legal or other reasons, we will explain why we did not honour the request, the right to appeal, and any right to file a complaint (if available where the requestor lives).


PII We Collect

  1. Personal Data Individuals Provide;
        We collect personal data when a customer or another person sets up an account, uses our services, or contacts us. Examples of personal data we may collect include a person's name, email address, phone number, physical address, and payment method.
  2. Personal Data We Collect Automatically;
        We collect personal data automatically when you visit our websites, use our services, contact us, open our emails, or view our advertising. Examples of personal data we may collect include your device ID, your IP address, information about web pages and other websites you visit, and other similar details.
  3. Personal Data from Other Sources;
        We may collect personal data about you from other sources. Examples of personal data obtained from other sources include publicly available data, social media information, and information lawfully gathered by third party data providers.
  4. Personal Data We Generate;
        We process data in connection with our business and services to generate inferences and insights that may be linked to a specific person, including through the use of data analytics and artificial intelligence.


Use of Personal Data

We use personal data to operate and improve our business and services. Examples of how we use personal data include:

  • Managing customer accounts
  • Processing purchase requests
  • Registering domains
  • Provisioning products and services
  • Providing customer support
  • Securing updating, and improving our services
  • Detecting DNS abuse, fraud and other illegal activity
  • Marketing and advertising of our services
  • Contacting customers, prospective customers, and others by telephone, text or messaging applications to offer you our services
  • Website traffic measurement
  • Other uses consistent with the purposes for which the personal data was collected or provided to us.


No Sale of Personal Data

We do not sell, lease, rent, or transfer personal data to third parties for monetary or other consideration.


Disclosures to Others

We disclose personal data:

  • to processors to operate our business and provide services, including but not limited to providing security services, payment processing and customer support; conducting contests and surveys; generating data insights; and performing other activities related to our business and services.
  • to business partners to offer some services, such as email and payment processing.
  • to marketers and advertisers, including for the purpose of creating and delivering personalized marketing and advertising messages.
  • to comply with law enforcement and other legal requests, protect our legal rights, prevent harm to us or others, and enforce our policies and contracts.
  • in addition, if we sell some or all of our assets or merge with a third-party, we may transfer relevant personal data to the buyer or new company.

Cookies, Web Beacons, and Other Online Identifiers

We use three main types of online identifiers on our website and in our services: cookies, web beacons, and scripts.

  • Cookies are text files placed on a device when a person visits our webpages or view messages from us. Some cookies are “session cookies” that expire at the end of a browser session, while others are “persistent cookies” that allow us to remember user preferences and settings over multiple visits and across other websites.
  • Web Beacons are image files placed in our web pages and emails that we use for such purposes as determining if an email has been opened or an advertisement has been viewed.
  • Scripts are small pieces of computer code that power customer service tools, deliver video, provide interactive experiences, and help us measure service use.

We manage some identifiers directly. Other identifiers are managed by third parties. For example, we use Google Analytics to monitor website performance and visitor engagement.

We use identifiers to provide customized services, measure website performance, provide customer support, deliver personalized advertising, and generate data insights, including the use of artificial intelligence. Specific examples of how we use identifiers include, but are not limited to:

  • Setting your service preferences
  • Managing your shopping cart
  • Guarding against fraud
  • Delivering relevant advertisements
  • Measuring website use
  • Conducting research on use of product features improve our services


Identifier Management

We use optional and mandatory identifiers. Optional identifiers are used for support, website performance, and advertising. Mandatory identifiers are used for account, verification, service continuity, security, and other essential functions necessary to provide our website and services.

We offer several methods for managing optional identifier settings. Individuals using our websites can manage identifier settings by clicking on Manage Privacy Settings through the link in this notice. Customers can also manage their identifier settings for our websites and our services through their customer account settings. We do not offer the ability to manage mandatory identifiers, because such identifiers are essential to providing our products and services.

In addition to our Manage Privacy Settings options, many web browsers allow users to block cookies (directly or through plugins and extensions). Some cookies, however, are essential for our website and services to function. If you set your browser to block all cookies, you may not be able to use our services.


Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.


Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.


Contact

For more information about our privacy practices, if you have questions, or if you wish to make a complaint, please contact us by e-mail at contact@carlyscookies.co.uk

  • Privacy Policy
  • T&Cs / Postal & Refunds
  • Allergy Information

Carlys Cookies

Copyright © 2025 Carlys Cookies - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept