Privacy policy
PRIVACY POLICY – GOODLY STORE
This Privacy Policy explains how Dramotal Limited (registration No. HE 470675, registered office at 24 Peiraios Street, 1st floor, Strovolos, Nicosia 2023, Cyprus) (“Goodly Store”, “we”, “us”) handles personal data collected when you visit, register on, or make a purchase from our online store at shop.thegoodly.com (the “Store”). This Privacy Policy applies only to the Store. Our other websites and our mobile applications are governed by separate privacy policies.
Capitalised terms used but not defined here have the meanings given to them in our Terms of Use.
BY USING THE STORE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE AT LEAST EIGHTEEN (18) YEARS OF AGE.
1. Categories of Personal Data We Collect
1.1 Data you provide to us. When you register for an account, place an order, sign up to our newsletter, contact us or otherwise interact with the Store, we collect data including your name, email address, telephone number, billing and shipping address, the products you order, and the contents of any communications you send us. When you post a product review, we collect the review content, your display name and (if you provide them) your photograph and location.
1.2 Data we collect automatically. When you use the Store, we automatically collect device and usage data, including: language settings, IP address, approximate location derived from your IP address, time zone, device type and model, device settings, operating system, browser type, Internet service provider, referring app or URL, interactions with our pages and ads, and similar technical information. We also use cookies and similar tracking technologies (see Section 2.7 below).
1.3 Data from third parties. Where you log in using a third-party identity provider (for example, Apple, Google or Shop Pay), we receive limited data from your account with that provider, such as your name, email address and a unique account identifier. Where you pay using a payment method linked to your account with another platform, we receive transaction-related metadata from the relevant payment service provider.
1.4 Transaction data. When you make a payment, you provide financial account data (such as your payment-card number) directly to our third-party payment service providers. We do not collect or store your full payment-card number ourselves; we receive only transaction metadata (such as the last four digits and brand of the card, the billing ZIP/postal code, the date, time and amount of the transaction and the authorisation status).
2. How We Use Your Personal Data
2.1 To process your orders. We process your personal data to confirm your order, charge the payment method you provide, arrange shipment, communicate order-status updates, handle returns and refunds, and otherwise fulfil our contract with you.
2.2 To manage your account. We process your personal data to create and secure your account, to authenticate you, and to send you technical notifications, including notices about security, payment transactions, and updates to our Terms of Use, this Privacy Policy or other policies.
2.3 To communicate with you about your use of the Store. We may send you transactional emails or notifications relating to your orders, account activity, abandoned carts and other matters.
2.4 To provide customer support. We use a third-party customer-support ticketing system to track, prioritise and resolve your queries when you contact us.
2.5 To research, analyse and improve the Store. We use third-party web and product-analytics providers to understand how visitors interact with the Store, measure the effectiveness of our pages, and improve the Store.
2.6 To send you marketing communications. Where permitted by applicable law, we may use your personal data to send you marketing emails, push notifications or SMS messages about our products, promotions and content. You can opt out of marketing communications at any time by following the unsubscribe link in our messages or by adjusting your device settings.
2.7 To personalise our advertising. We and our advertising partners may use your personal data, advertising identifiers and information about your interactions with the Store to deliver and measure personalised advertising on our behalf, including by setting advertising cookies and pixels on the Store and by uploading hashed customer lists to advertising platforms for audience matching. The categories of data shared with these platforms include online identifiers, advertising IDs and information about your interactions with the Store. You can influence personalised advertising through your device settings (Settings > Privacy & Security > Apple Advertising on iOS / macOS; Settings > Privacy > Ads on Android; equivalent controls on Windows); through your browser cookie settings; and through industry opt-out tools (Network Advertising Initiative – optout.networkadvertising.org; Digital Advertising Alliance – optout.aboutads.info; European Interactive Digital Advertising Alliance – youronlinechoices.com).
2.8 To process payments and refunds. We use third-party payment service providers (including Shopify Payments and, where you choose to pay with PayPal, PayPal) to process payments and refunds, and to detect and prevent fraud in transactions on the Store.
2.9 To enforce our Terms of Use and combat fraud. We use personal data to enforce our agreements, to detect, prevent and address fraud and abuse, and to protect the security and integrity of the Store and our customers.
2.10 To comply with legal obligations. We may process, use or share your data where required by applicable law or in response to a lawful request from a competent authority.
3. Legal Bases for Processing (EEA and UK Users Only)
3.1 Performance of a contract. We rely on this legal basis to process your data for the purposes set out in Sections 2.1 to 2.4 above.
3.2 Your consent. We rely on this legal basis to send you marketing communications where consent is required, to use non-essential cookies and similar tracking technologies, and to engage in personalised advertising where consent is required by applicable law. You can withdraw consent at any time.
3.3 Legitimate interests. We rely on this legal basis to research, analyse and improve the Store, to send you marketing communications where permitted on this basis, to personalise our advertising where permitted on this basis, and to enforce our Terms of Use and combat fraud. We balance these interests against your rights and freedoms.
3.4 Compliance with legal obligations. We rely on this legal basis where we are required to process your personal data to comply with a legal obligation that applies to us.
4. With Whom We Share Your Personal Data
We share personal data with the following categories of third parties:
4.1 Service providers. We share personal data with third parties we engage to perform services on our behalf, based on our instructions. These include e-commerce-platform and checkout providers (Shopify), payment-processing providers (Shopify Payments, PayPal and other payment processors we may engage), shipping carriers, customer-support tools, web and product-analytics providers, marketing-communications providers, advertising and remarketing partners (including major social-media and search-engine ad networks), cloud-hosting and infrastructure providers, and product-review providers.
4.2 Law-enforcement agencies and other public authorities. We may disclose personal data to enforce our Terms of Use, to protect our rights, privacy, safety or property, or that of our affiliates, you or others, and to respond to lawful requests from courts, law-enforcement and regulatory agencies.
4.3 Corporate transactions. In connection with a sale of our business, a divestiture, merger, consolidation, asset sale or in the unlikely event of bankruptcy, customer data may be transferred as a business asset.
4.4 Sale or sharing of personal information. We do not sell your personal information in exchange for money. However, some of the disclosures described in Section 2.7 above – in particular, our use of advertising cookies and pixels and our practice of uploading hashed customer lists to advertising platforms – may be considered a “sale” or “sharing” of personal information for cross-context behavioural advertising under the California Consumer Privacy Act (as amended by the CPRA) and similar US state privacy laws. You can opt out of these disclosures at any time by following the “Your Privacy Choices” link in the Store footer, by sending the Global Privacy Control signal from your browser, or by emailing support@thegoodly.com.
5. How You Can Exercise Your Privacy Rights
You have the following rights in respect of your personal data: (a) to access, review and obtain a copy of the personal data we hold about you; (b) to request correction of inaccurate or incomplete personal data; (c) to request erasure of your personal data; (d) to object to or restrict our use of your personal data; and (e) to withdraw any consent you have previously given. EEA and UK users also have the right to data portability and the right to lodge a complaint with their local data-protection supervisory authority. To exercise any of these rights, please contact us at support@thegoodly.com.
6. Age Limitation
We do not knowingly process personal data from persons under the age of eighteen (18). If you learn that anyone younger than eighteen (18) has provided us with personal data, please contact us at support@thegoodly.com.
7. International Data Transfers
We do business globally. We may transfer personal data to countries other than the country in which the data was originally collected. Where we transfer personal data originating in the EEA or the UK to countries that do not provide an adequate level of data protection, we rely on appropriate safeguards, including the Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, the European Commission’s adequacy decisions, or, where the recipient is certified, the EU–US Data Privacy Framework.
8. Data Retention
We retain personal data for as long as is reasonably necessary to fulfil the purposes set out in this Privacy Policy, including providing the Store to you, complying with our legal, tax and accounting obligations, resolving disputes and enforcing our agreements. When personal data is no longer required, we delete or anonymise it.
9. Supplemental Notice for California Residents
This Supplemental California Privacy Notice applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act) (the “CCPA”). Categories of personal information collected, and the categories of third parties to whom they are disclosed for a business purpose, are: (i) identifiers (such as name, contact information, IP address, online identifiers) – service providers, advertising partners; (ii) personal information categories listed in Cal. Civ. Code § 1798.80(e) (such as billing/shipping address, phone number, payment-related metadata) – service providers; (iii) commercial information (such as records of products purchased, order history) – service providers, payment-processing providers; (iv) Internet or other electronic network activity information – service providers, advertising partners; (v) geolocation data (approximate location based on IP address) – service providers, advertising partners; (vi) inferences – service providers, advertising partners. We do not knowingly “sell” or “share” personal information of minors under 16 years of age. California residents have the right to opt out of “sales” and “sharing” of personal information, to know what categories of personal information we have collected, to request access, correction and deletion of their personal information, and to non-discrimination for exercising their rights. To exercise these rights, please contact us at support@thegoodly.com.
10. Supplemental Notice for Virginia Residents
Where applicable, the Virginia Consumer Data Protection Act (“VCDPA”) gives Virginia residents the right to confirm whether their personal data is being processed, to access their personal data, to correct inaccuracies, to request deletion, to obtain a portable copy of their personal data, and to opt out of processing for purposes of targeted advertising or the sale of personal data. To exercise any of these rights, please contact us at support@thegoodly.com. If we decline to take action on your request, you may appeal that decision by contacting us at the same address with the subject line “Appeal of Refusal to Take Action on Privacy Request”.
11. Supplemental Notice for Nevada Residents
If you are a Nevada resident, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. To exercise this right, please contact us at support@thegoodly.com with the subject line “Nevada Do Not Sell Request”. We do not currently sell your personal information as “sales” are defined in Nevada Revised Statutes Chapter 603A.
12. Account Deletion
You can delete your account at any time through your account settings in the Store, or by contacting us at support@thegoodly.com. Upon your request, we will delete your account and the associated data, except for limited information we are required to retain for legal, tax, fraud-prevention or audit purposes. The deletion process may take up to thirty (30) days to complete.
13. How “Do Not Track” and Global Privacy Control Signals Are Handled
Except as otherwise stated in this Privacy Policy, the Store does not respond to “Do Not Track” signals. For California residents and for users in any other US state whose laws require us to do so, we honour the Global Privacy Control (GPC) signal as an opt-out of “sale” or “sharing” of personal information for cross-context behavioural advertising.
14. Changes to this Privacy Policy
We may modify this Privacy Policy from time to time. Material changes will be notified to you through the Store or by other available means. The “Last Updated” date at the top of this Privacy Policy indicates when it was last revised. Continued use of the Store after the effective date of any change constitutes your acceptance of that change.
15. Personal Data Controller
Dramotal Limited, a company incorporated under the laws of the Republic of Cyprus (registration No. HE 470675), with registered office at 24 Peiraios Street, 1st floor, Strovolos, Nicosia 2023, Cyprus, is the controller of personal data processed in connection with the Store.
16. Contact Us
For any question about this Privacy Policy or to exercise your privacy rights, please contact us at support@thegoodly.com.
Last Updated: June 5th, 2026