Privacy Policy

Irish Fake ID, operated by CardFairy (“we”, “us”, or “our”), takes your privacy seriously. This policy explains what personal data we collect, how we use it, who we share it with, and how we keep it safe. We comply with the General Data Protection Regulation (GDPR) and all applicable data protection law.

We collect personal data that you provide directly when placing orders or interacting with our services, including novelty card orders and account creation. This may include your name, email address, delivery address, and payment details. Additionally, anonymised data is collected automatically when you visit irishfakeid.com — such as browsing behaviour and IP addresses — through cookies and similar technologies.

Our site uses Google Analytics and Microsoft Clarity to understand how visitors interact with our pages and to improve the overall experience. These tools gather anonymised data — including pages visited and time spent on site — via cookies. None of this data can be used to identify you personally; it serves only to help us refine our services.

Your personal data is used for the following purposes:

• Fulfilling and processing your novelty card orders.

• Sending order updates, confirmations, and tracking information.

• Responding to enquiries submitted through our contact page.

• Enhancing our website and services using anonymised analytics data.

• Meeting legal obligations, including reporting to authorities where required.

When you place a novelty card order, we act as a data processor handling information (e.g., names, photos) on your behalf. You remain the data controller and bear responsibility for the accuracy and legality of the data you provide.

Customer-provided data is retained for 6 months following order completion to support returns and enquiries; after this period it is permanently and securely deleted. Shorter retention periods may apply where you request early deletion or where the law requires it.

Your personal data may be shared only in the following circumstances:

• With trusted service providers — such as payment processors and postal services — who process data on our behalf under strict confidentiality agreements.

• With law enforcement agencies, including An Garda Síochána or other national police bodies, where required by a valid warrant or other legal obligation.

We never sell or share your data for marketing purposes.

The GDPR grants you the following rights in relation to your personal data:

• Access — request a copy of the data we hold about you.

• Rectification — have inaccurate data corrected.

• Erasure — request that your data be deleted.

• Restriction — limit the ways in which your data is processed.

• Data Portability — obtain your data in a structured, machine-readable format.

• Objection — object to specific data processing activities.

• Automated Decision-Making — opt out of automated profiling (Irish Fake ID does not currently use automated profiling).

To exercise any of these rights, please reach out via our contact page.

We employ robust technical and organisational measures to protect your personal data from unauthorised access, loss, alteration, or disclosure. These safeguards include encrypted payment systems, secure servers, and regular security audits.

Where your data is transferred outside Ireland or the European Economic Area (EEA), we ensure GDPR compliance through appropriate safeguards such as Standard Contractual Clauses or adequacy agreements, maintaining an equivalent level of protection.

This policy may be updated from time to time to reflect changes in our practices or legal requirements. Material updates will be published on this page with a revised “Last updated” date. We recommend checking this page periodically.

For questions about this privacy policy or our data practices, please get in touch via:

• Our Contact Page

We aim to respond within 48 hours.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland’s supervisory authority for data protection.