All Deliveries €1, or FREE forCaboodle Plus Members (€1 Per Month)
Caboodle Logo

Privacy Policy

Last Updated: August 2025

Effective Date: August 2025

1. Introduction

Caboodle Ireland ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our e-commerce marketplace platform.

This policy complies with the General Data Protection Regulation (GDPR) and Irish data protection laws. As we operate exclusively in Ireland, we are subject to the jurisdiction of the Data Protection Commission (DPC) of Ireland.

Data Controller: Caboodle Ireland
Contact: info@caboodle.ie

2. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to perform our contract with you, including account management, order processing, and membership services
  • Legitimate Interests (Article 6(1)(f)): For platform security, fraud prevention, business analytics, and service improvements
  • Consent (Article 6(1)(a)): For marketing communications, optional cookies, and certain data sharing activities
  • Legal Obligation (Article 6(1)(c)): For VAT compliance, financial reporting, and regulatory requirements

3. Personal Data We Collect

3.1 Account Information

  • Name and email address (via Google OAuth)
  • Profile picture (via Google OAuth, optional)
  • User role (Member, Partner, Admin)
  • Account creation date and login history
  • Terms of Service acceptance records

3.2 Membership and Payment Data

  • Billing address and Irish county information
  • Payment method details (processed by Stripe - we do not store card details)
  • Subscription status and billing history
  • Membership activation and cancellation records

3.3 Order and Transaction Data

  • Order details (products, quantities, prices)
  • Delivery addresses and contact information
  • Order status and fulfillment tracking
  • Refund and return requests
  • Communication history with vendors and support
  • Product reviews and ratings submitted by members
  • Review moderation and reporting data

3.4 Business Partner Data (Vendors)

  • Business contact information
  • Shopify store connection details and access tokens
  • Product listings, descriptions, and images
  • Sales reports and commission data
  • VAT preferences and tax information
  • Stripe Connect account information
  • Shopify order data and fulfillment information
  • Inventory levels and product variant details

3.5 Technical and Usage Data

  • Device information and browser type
  • IP address and location data (Ireland only)
  • Session data and authentication tokens
  • Platform usage analytics and preferences
  • Error logs and technical diagnostics

4. How We Use Your Personal Data

4.1 Service Provision

  • Creating and managing your account
  • Processing membership subscriptions and payments
  • Facilitating orders between members and vendors
  • Coordinating product delivery and fulfillment
  • Managing refunds and customer service requests
  • Processing and displaying product reviews and ratings
  • Moderating review content and handling disputes

4.2 Business Operations

  • Vendor commission calculations and invoicing
  • Product approval and quality control
  • Fraud prevention and security monitoring
  • Compliance with Irish VAT and tax obligations
  • Platform performance monitoring and improvements
  • Shopify store integration and product synchronization
  • Order fulfillment tracking and customer support

4.3 Communication

  • Order confirmations and delivery notifications
  • Account and membership updates
  • Customer support and dispute resolution
  • Platform announcements and service updates
  • Marketing communications (with consent)

5. Data Sharing and Third-Party Services

We share your personal data with the following categories of recipients:

5.1 Essential Service Providers

  • Google (OAuth): Authentication services - subject to Google's Privacy Policy
  • Stripe: Payment processing and subscription management - subject to Stripe's Privacy Policy
  • Shopify: E-commerce integration for vendors - subject to Shopify's Privacy Policy
  • Resend: Email delivery services - subject to Resend's Privacy Policy

5.2 Shopify Data Processing

When vendors connect their Shopify stores to Caboodle, we process the following data from Shopify:

  • Product Data: Product titles, descriptions, images, variants, pricing, SKUs, and inventory levels for marketplace display and synchronization
  • Order Data: Order details, customer information, product selections, quantities, and fulfillment status for order processing and tracking
  • Fulfillment Data: Real-time fulfillment notifications, tracking information, and delivery status updates
  • Store Information: Basic store details and connection status for platform integration

Purpose: This data is used exclusively for operating our marketplace platform, facilitating transactions between customers and vendors, and providing order fulfillment services. We do not use Shopify data for any other commercial purposes.

Data Security: All Shopify access tokens and data are encrypted and stored securely. We implement industry-standard security measures and comply with Shopify's security requirements.

Data Retention: Shopify data is retained only for as long as the vendor's store remains connected to our platform. Upon disconnection, we securely delete all Shopify access tokens and associated data within 30 days.

Vendor Control: Vendors can revoke Caboodle's access to their Shopify store at any time through their Shopify admin panel or Caboodle Partner Dashboard.

5.3 Business Partners

  • Vendors: Order details necessary for fulfillment (name, delivery address, product requirements)
  • Other Members: Product reviews and ratings are publicly displayed to help inform purchasing decisions
  • Vendors: Review content and ratings for their products to help improve customer service and product quality

5.4 Legal and Regulatory

  • Irish Revenue Commissioners (for VAT compliance)
  • Law enforcement and regulatory authorities (when legally required)
  • Legal advisors and auditors (under confidentiality agreements)

5.5 Review Data Processing

When members submit product reviews and ratings, we process the following data:

  • Review Content: Text reviews, star ratings, and any additional feedback provided by members
  • Purchase Verification: Confirmation that the reviewer has purchased the product being reviewed
  • Reviewer Information: Member name and profile information (as displayed on the platform)
  • Product Association: Link between reviews and specific products/vendors
  • Moderation Data: Information about review moderation, reporting, and dispute resolution

Purpose: Review data is used to provide product feedback to other members, help vendors improve their products and services, and maintain platform quality standards.

Public Display: Reviews and ratings are publicly displayed on our platform to help inform purchasing decisions. Member names are displayed with reviews unless the member chooses to remain anonymous.

Data Retention: Review data is retained for the duration of the product's availability on our platform, plus 2 years for historical reference and analytics. Deleted reviews are retained for 30 days for moderation purposes.

Member Control: Members can edit or delete their reviews through their account dashboard, subject to moderation policies and legal requirements.

6. International Data Transfers

Some of our service providers (Google, Stripe, Shopify) may process your data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Certification schemes and codes of conduct
  • Service provider adherence to GDPR principles

We regularly review these arrangements to ensure your data remains protected to European standards.

7. Data Retention

We retain your personal data for the following periods:

  • Account Data: Until account deletion + 30 days for system cleanup
  • Transaction Records: 7 years (Irish tax and accounting requirements)
  • Payment Data: As required by Stripe and banking regulations
  • Marketing Consents: Until withdrawn or 3 years of inactivity
  • Technical Logs: 12 months maximum
  • Support Communications: 3 years for service quality and training
  • Review Data: Duration of product availability + 2 years for historical reference
  • Review Moderation Data: 30 days after review deletion for moderation purposes

After these periods, data is securely deleted or anonymized. Some data may be retained longer if required by law or for legitimate business interests (e.g., fraud prevention).

8. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing (Article 18)

Limit how we use your personal data

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

Right to Object (Article 21)

Object to processing based on legitimate interests

How to Exercise Your Rights

Contact us at info@caboodle.ie or through your dashboard. We will respond within one month of receiving your request. Some rights may be limited by legal obligations or legitimate business interests.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use strictly necessary cookies for:

  • User authentication and session management
  • Shopping cart functionality
  • Security and fraud prevention
  • Load balancing and system stability

9.2 Analytics and Performance

With your consent, we may use cookies for:

  • Platform usage analytics and improvements
  • Error monitoring and debugging
  • Performance optimization

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access and authentication
  • Regular Updates: Security patches and system monitoring
  • Third-Party Security: Vetted service providers with security certifications
  • Incident Response: Procedures for detecting and responding to breaches

In the unlikely event of a data breach affecting your rights and freedoms, we will notify the Data Protection Commission within 72 hours and inform affected individuals as required by law.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

For users aged 16-18, we may require parental consent for certain activities as required by Irish law.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify users of material changes via email or platform notification
  • Obtain fresh consent where required by law

13. Contact Information and Complaints

Data Controller Contact

Caboodle Ireland

Email: info@caboodle.ie

Response Time: Within 30 days

Supervisory Authority

If you're not satisfied with our response to your privacy concerns, you can lodge a complaint with:

Data Protection Commission (Ireland)

Website: www.dataprotection.ie

Phone: +353 57 868 4757

Email: info@dataprotection.ie

This Privacy Policy is compliant with GDPR and Irish data protection laws. By using Caboodle, you acknowledge that you have read and understood this policy.