Privacy Policy

Last Updated: January 1, 2021

Thank you for visiting us at carolscookies.com!

First, you should know that this service (including all websites and other Sites) is operated by Carol’s Cookies, Inc. (“Carol’s Cookies” or “us”, “we” and related terms), an Illinois corporation, with its principal office at 3184 MacArthur Blvd., Northbrook, IL 60062. Our contact information is below.

Next, you should know that we are committed to respecting the privacy rights of all individuals, wherever located. For that reason, we have adopted this privacy policy (“Privacy Policy”) to explain: (1) how our service works; (2) the types of personal data that we and our service partners may collect via our Sites; (3) how we process the data; and (4) the rights that you may have with regards to personal data.

Please review this policy carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us. By accessing any of the Sites, and/or by registering with us as a Customer or User, you are agreeing to all of the terms set forth in this Privacy Policy.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE ANY OF THE SITES OR GIVE US ANY OF YOUR INFORMATION. YOUR CONTINUED USE OF ANY OF THE SITES MEANS THAT YOU AGREE TO THIS PRIVACY POLICY.

You can reach us at:
Carol’s Cookies, Inc.
3184 MacArthur Blvd.
Northbrook, IL 60062
(847) 831-4500
info@carolscookies.com

1. The Scope of this Policy

A. Scope: This Privacy Policy applies to our website (carolscookies.com); to our “backend” hosted applications that are a part of our service platform; to all mobile applications; and to all data and/or information that is collected via our websites, applications and mobile applications. For the purposes of this Privacy Policy, we refer to our websites, applications and mobile applications collectively as our “Site” or “Sites”, as applicable. This Privacy Policy applies to all Site visitors (“Users”), as well as to all Site visitors that purchase products or use the services as a guest or as a registered customer (“Customers”). While certain portions of our Sites can be viewed without registering, Users will have to register (create an account) in order to access some of our secure proprietary applications and certain service features. Customers and Users are responsible for managing the activity on their accounts on the Sites and how they use the Sites.

B. Changes: We may make changes to this Privacy Policy from time to time, and any material changes that we make will be posted (in the form of an updated Privacy Policy) on our Sites. Such policy updates will be effective when they are posted. Accordingly, please review the terms of this Privacy Policy on a regular basis to understand the current terms.

C. Terms of Use: In addition to the terms of this Privacy Policy, your use of the Sites is subject to our Terms of Use, which can be found here.

2. Third Party Features, Links and Privacy Policies

The Sites may include service features and augmentations that are operated by other companies that are not service partners, but which provide features that we believe users may appreciate – like social media widgets, links to third-party websites, advertisements and other third-party content (“Third-Party Features”). If you choose to access any Third Party Features, then please understand the following: (1) we do not operate, control or monitor Third-Party Features, and these features are subject exclusively to the privacy policies of the companies that operate them; (2) this Privacy Policy does not apply to information collected by any third party, including through any Third Party Features; and (3) we are not responsible for the privacy practices, the placement of cookies on your computer by any third party, or any content you may encounter via Third Party Features. If you decide to access any Third Party Features, please read the privacy policy of each linked website to understand the privacy practices that apply to those features.

3. The Types of Information That We Collect and How We Collect It

To provide our products and services, we collect data which are not personally identifiable (“Anonymous Data”) and also data which either alone or in conjunction with other data could be used to identify an individual or household (referred to as “Personal Data”). Collectively, Anonymous Data and Personal Data are referred to herein as “Data.” Data may be collected in the following ways:

A. Account and Transaction Data: We collect Personal Data that is provided to us voluntarily either via direct communications (e.g., email) or through our Sites, such as when a User registers for the service. We use this data to provide our services to you; and we may also use this data to contact Customers and/or Users for limited marketing or product communication purposes (subject to the provisions herein). The data collected include common categories of contact information (e.g., name, email address, telephone number, username, password and zip code), and may also include certain account administration information (e.g., invoice and shipment information), your purchase history, information about items in your online shopping cart when you place an order with us online or place product in your online shopping cart.

B. Site Usage Data: We collect certain Site/service utilization data through the use of tracking technologies (including cookies, as detailed below) and the data collected can include both Anonymous Data (e.g., how a Site is used) and Personal Data. We refer to this data as “Site Usage Data.” We use these Site Usage Data to understand how our Sites and services are used, to improve our Sites and services, and to protect the integrity and security of our Sites and services. Site Usage Data include:

(1) Device data. Information about the computer or mobile device you use to access the Site(s). This may include technical information transmitted by your device such as the browser used, the device model and operating system, language preference, device location, unique device identifiers, and the Internet Protocol (IP) address through which you accessed the Site.

(2) Site Use Activity. Information regarding your activity on the Site(s) such as the time and frequency of access, a referrer page domain, pages viewed, and interactions between the User and the Site.

If your device settings allow us, we may also collect information about your location or geolocation information when you use our mobile application. For more information about how you can control the collection of local information and to set your preferences, please see “Your Choices” below.

C. Other Information you Choose to Provide: We collect information you choose to provide, such as your contact and marketing preferences, brand and merchandise interests, and communications and interactions (which may include email messages, chat sessions, text messages or phone calls with you) when you sign up for emails and marketing, participate in a survey, promotion or interactive area of a Site, or when you request technical or customer support or contact us.

D. Information we Collect from Social Media Platforms: We may obtain information about you from social media platforms that you use in connection with our Sites, or that share or allow you to share information with us, such as Facebook, Twitter, Pinterest, and Instagram. For example, if you post content to feeds on third-party social media sites or use social media platforms in connection with the Sites, if you use credentials (e.g., username and password ) from a third party site to create or log into your account on the Sites, or if you like us or follow us on social media platforms, we may collect the information that you share with us, or that those social media platforms share with us in accordance with their privacy policies and privacy settings. For more information about social media platform privacy practices, please review the privacy policies and settings of the social media platforms and networks that you use. You may update your privacy settings on each social media platform directly.

If we combine Personal Data with Anonymous Data, the combined information will be treated by us as Personal Data for as long as it remains combined.

4. Cookies and Other Automated Tracking Technologies

We may use cookies (small text files placed on your web browser or device) in connection with our Sites and we may analyze the information derived from these cookies for the same purposes as set forth elsewhere in this Privacy Policy. You may be able to limit the use or function of some cookies on your computer or mobile device in the manner described below.

We may use the following types of cookies on the Sites:

A. “Convenience” cookies: These cookies can store ‘persistent’ information like registration information for use on later visits to the Sites. You may be able to configure your browser to block/delete these cookies; but if you do, you will have to (e.g.,) input the account-related information every session.

• You may have the option to opt out of convenience cookies (if applicable) when you visit our Sites.

• If you do not opt out, and you would like to delete any account information we may store via convenience cookies, you can take the following actions: (1) you can delete your cookies (via your browser); and/or (2) you can reach out to us as specified in this Privacy Policy.

B. “Analytics” Cookies: Cookies which help us to determine usage patterns of our web pages by collecting information about how visitors use our Site.

More specifically, we use a tool called Google Analytics for aggregated and anonymized website traffic analysis. In order to track your session usage, Google places a cookie with a randomly generated Client ID number in your browser. This ID number is anonymized and contains no identifiable information like email, phone number, name, etc. Google also has access to your IP address. In addition, Google may install additional cookies (e.g., Google fonts, Google tag manager). We use Google Analytics to track aggregated website behavior, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness.

If you would like to understand or limit what Google Analytics-derived browsing information we may have and/or want to delete any Google Analytics data, you can take the following actions: (1) you can delete your cookies (via your browser); (2) you can reach out to us as specified in this Privacy Policy, and/or (3) you can install the Google Analytics Opt-Out Browser Add-On (https://tools.google.com/dlpage/gaoptout). Although Google Analytics plants a permanent cookie on your web browser which can identify you as a unique user the next time you visit the Site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.

C. “Necessary” Cookies: These cookies are essential for you to browse a website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies.

D. “Third-party” Cookies: These cookies are set by other online services that run content on the page you view on your browser. For example, if you click on a Facebook “like” button, the underlying code may store a cookie on your computer that can later be accessed by Facebook and may be able to track other sites that you visit.

E. Web Beacons: We may also collect information using Web beacons, which are small images embedded into websites or emails that send information about your computer, mobile phone, or other device when you visit our Sites, use our mobile application, or open an email we send to you.

Please see “Your Choices” below to manage the use of these Cookies.

5. How We Use the Data that We Collect

We use Personal Data in the manner described in this Privacy Policy. We use such Data to:

A. Provide Products and Services to you: We use it to provide the services to you, facilitate account creation and one-click orders, provide memberships and subscriptions, provide maintenance and support (including by sending you confirmations, security alerts, support and administrative messages), and to improve our services and the Sites. We also use anonymized, de-identified and aggregated data generated by the services to provide insights to our customers.

B. Further our Business Purposes: We use it to operate, improve upon and expand our business and lawful business activities; to maintain our programs, accounts, and records; for research; to detect and prevent fraud or misuse of our services; and for any other business purpose that is permitted by law.

C. Customize and Enhance your Experiences with Us: We use it to remember and categorize your interests and preferences; customize the products and services we share with you through direct marketing; communicate with you about the Site(s), services, products, offers, promotions, surveys, events and other news and information we think may be of interest to you and contact you for feedback.

D. Respond to You: We use it to respond to you, such as when you place an order, call us, make a request or inquiry, complete a survey, participate in contests or share a comment or concern.

E. Engage with Service Partners: By necessity, we may share certain Data with third party service partners which are under contract with us and which perform Site-related functions on our behalf (“Service Partners”). Service Partners include certain cloud-based service providers (listed below) that provide aspects of the Sites’ functionality (e.g., application hosting, cloud-based storage) other technology service providers and third parties that furnish us with products and services and provide services such as shipping, fulfillment and payment processing.

Service Partners include the following:

• Cloudways’ application hosting and data storage services. Cloudways’ privacy policy can be found here: Terms of Service | Cloudways
• Constant Contact’s database services. Constant Contact’s privacy policy can be found here: Privacy Center (clarip.com)
• Google Analytics: See previous section.
• FedEx: Shipping, etc. FedEx’s privacy policy can be found here: FedEx Privacy Notice

Carol’s Cookies also relies on the following service partners to process credit card and/or other payments made by Customers: Chase Paymentech processes payments and PayPal is the processing gateway. Your use of our Sites is subject to the terms of our payment service partners’ terms of service and privacy policies, available at Privacy Policy | Chase J.P. Morgan – Commerce Solutions (chasepaymentech.com), Terms of Use | Chase J.P. Morgan – Commerce Solutions, PayPal Privacy Statement and PayPal. Carol’s Cookies does not retain or record any payment processing information except that which is necessary to confirm payments and associate those payments with Customer accounts. Only our payment processing partners receive credit card information.

All usage of the Sites will be subject to the privacy policies and terms of service maintained by the applicable Service Partner(s). If you object to the privacy practices of any Service Partner(s), please inform us, and please do not use the Sites or our Services.

F. For Legal Purposes: We also reserve the right to disclose Data or any information submitted via Sites if we have a good faith belief that disclosure of such information is reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to our rights, property or safety (or the same interests of our Users or any third party) or (vi) to notify you of any product recalls or other safety concerns.

G. For Other Purposes: We may share personal information with third parties for other purposes. For example, we share personal information with the Website, if you provide comments or reviews on our services or products on social media platforms.

H. No Sale or Sharing: Except Data that we share out of necessity with our service partners (see Section 5.E, above), Data that may be generated by certain cookies (see Section 4, above), and for the purposes listed in Section 5.G above, we do not rent, sell, or share Data with third parties for third-party marketing or advertising purposes.

We may use non-personally identifiable information such as demographic data to analyze and develop our marketing strategy and maintain and further improve the Sites and our services.

Please see the “Your Choices” section for information about the choices you have about the sharing of your information.

6. Your Choices

A. Google Analytics: If you would like to opt out of Google Analytics on a per browser basis, please see above.

B. Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies and web beacons. Managing cookie preferences is different on each browser so refer to your specific browser for further information. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Site(s). If you set your browser to refuse all cookies, please contact us directly if you have trouble placing your order. We will store your cookie preferences until you clear your browsing cache. You may change your preferences at any time.

C. Social Media: You should review your privacy settings and options directly with each of the social media platforms and networks that you access to determine your options and choices about sharing information from these sites with us.

D. Email and Phone Communications: You may choose during the account registration process on the Site(s), or otherwise, to provide us with your email address for the purpose of allowing us to send newsletters, surveys, offers, and other materials related to our products and services. You may opt out of receiving these promotional communications from us by following the instructions in those communications (such as by using an “unsubscribe” link in an email or texting “STOP” in response to a text message you receive) or by contacting us at the contact information provided above. Even if you opt out, we may still send you non-promotional communications, such as those about your account or our ongoing business relations.

E. Location Information: We may collect information about your actual location when you use our mobile applications. You may stop the collection of this information at any time by changing the settings on your mobile device but note that some features of our mobile applications may no longer function if you do so.

F. Account Information: You may update, correct or modify information about you at any time by logging into your online account or by contacting us at the contact information provided above. If you wish to deactivate your account, please email us at onlineorders@carolscookies.com, but note we may continue to store information about you as required by law or for legitimate business purposes.

7. Measures Adopted by Carol’s Cookies to Protect Privacy Interests

A. Data Inventory/Mapping: We have assessed our data practices and systems to assure that we understand the personal data that may be collected via our Sites and how it may flow through our services and technology platform. We prioritize privacy concerns in the design phase of all new features for our platform.

B. Data Retention: We only collect and process those data that we need to perform the Services or as otherwise described in this policy. We have adopted policies that require us to delete or anonymize all data that are no longer required for the performance of the Services

C. Security of Data and Processing: We have implemented measures that are designed to limit access to personal data to our authorized individuals and are designed to prevent the loss or corruption of data. We have implemented commercially reasonable data security technologies designed to preserve the security of all data collected and/or processed on our platform, including encryption for all such data in transit and at rest when applicable.

Please understand, however, that no security system is impenetrable or perfectly secure. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to or from us over the Internet. As a result, you use the Sites at your own risk. When registering with us on the Sites, we encourage you to choose passwords of sufficient length and complexity, install the latest security updates and anti-virus software on your computer to help prevent malware and viruses, not share your password with others, and review your account information periodically. If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, please contact us using the contact information provided above.

8. Other Terms

A. Transfer of Assets: If another entity acquires us or acquires all (or substantially all) of our assets, the Data in our platform will be transferred to and used by this acquiring entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be sold or transferred to third parties.

B. Minors and Privacy: The Sites are not directed toward, or intended for use by, individuals under age 18. We do not knowingly collect information from anyone under age 18. If you are under the age of 18, please do not use the Sites and do not register with, order or purchase from, or provide any personal information to, us. If you are under the age of 18, you should use the Sites only with the involvement of a parent or legal guardian and should not submit any personal information to us.

C. Third Party Sites and Links: We are not responsible for the privacy practices and/or security practices employed by any third-party websites or service, including but not limited to any such sites or services that may be linked to or referred to in any way on the Sites.

D. International Users: The Sites are intended for use only by U.S. residents that are physically located in the United States. Each time you use or access a Site, you represent that you are a legal resident of the United States and that you are located in the United States; and further, you agree and consent (and represent that you have the authority to provide such consent) to the information collection, use and sharing practices described in this Privacy Policy. We store and process your data in the United States, and our services and the Sites are subject to the laws of the United States, including those governing the privacy and security of your information.

If you are a user from a country outside the United States, and you choose to access the Sites, you are deemed to consent to the transfer of any personal information you disclose from the country from which you reside or from which you access the Sites to United States.

E. Do Not Track: Some web browsers may transmit “Do Not Track” signals to websites visited by the user. The Sites may not respond to web browser-based “do not track” signals.

F. Biometric ID Processing: Carol’s Cookies does not use any technologies (e.g., face recognition) that are designed to identify an individual based on data (e.g., photographs, videos) collected/processed by the system.

G. Accessibility: We strive to assure that our Sites are accessible. If you experience any difficulty in accessing any part of the Sites or this Privacy Policy, please contact us immediately.

H. California Residents: If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California’s “Shine the Light” law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information, if any we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal data in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to use using the contact information provided above. Please allow up to 45 days for a response.