- INFORMATION WE COLLECT ABOUT YOU
When you use the Website or interact with us offline we collect and use information about you in the course of providing you with information about petitions, newsletters, events and campaigns (together “Campaign Marketing”), and to contact you about surveys related to vaping. We may collect some or all of the information listed below to help us with this:
- information that you submit online via the Website including your name, email address, date of birth, your vaping history and preferences, login credentials;
- information that you submit via any contact forms on the Website and any correspondence we have with you over email;
- details of your vaping history;
- details of your newsletter marketing preferences;
- details when you sign a petition or join a campaign;
- details when we ask you to participate in a survey;
- extra information that you choose to tell us; and
- technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We may receive personal information about you from third party data providers including your contact details and your status as a smoker or vaper. Where possible, we will contact you with details of the personal information we have received from such providers, together with that provider’s details.
For details of the lawful bases that we rely on to be able to use and process your personal information, please see How we use your information.
2. HOW WE USE YOUR INFORMATION
The purposes for which we use your personal information and the lawful basis under data protection laws on which we rely to do this are explained below:
Where you have provided CONSENT
We will rely on your consent, in certain cases, to send you the following where we invite you to opt-in on the Website:
- electronic marketing communications by email;
- electronic Campaign Marketing communications which relate to smoking or vaping;
You may withdraw your consent at any time. Please see the Marketing section below for further details.
Where it is required to complete or, at your request, take steps to enter into, a CONTRACT
The use of your personal information may be necessary to perform a contract that you have with us or perform steps you request to enter into a contract. We also need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.
Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations, including where the law requires us:
- to respond or assist the public authorities or the police and other criminal investigation bodies;
- to verify the accuracy of data we hold about you;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request); and
- to carry out age verification checks (please see Verifying your age for further details).
Where it is in your VITAL INTERESTS
We will use your personal information to notify you of any product safety or product recall issues.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue the following legitimate interests (whether ours, in connection with our business, or that of a third party), for the following purposes:
- to communicate marketing information to you by post;
- to respond to correspondence you send to us and fulfill the requests you make to us relating to our campaigns, petitions and services;
- to carry out (or instruct a third party to carry out on our behalf) market research and analysis (including contacting you with surveys);
- to ensure that the Website’s content is presented as effectively as possible for you;
- to notify you about changes to our services;
- to administer the Website and for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to correspond or communicate with you in relation to administrative, legal and business matters;
- for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies;
- for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services; and
- for other general administration including managing your queries, complaints, or claims, and to send service messages to you.
3. VERIFYING YOUR AGE
As this Website relates to vaping and vaping products, we are legally obliged to make sure that users are verified on the Website and are aged 18 years or over. Failing age verification will mean you cannot access the Website. On entry to the website you will be asked to confirm that you are over the legal age to purchase vaping products in your region. In some cases, we may need to ask for further information in order to verify your age. If this is necessary, we will contact you to explain why.
We may collect your preferences to receive information about petitions, newsletters and campaigns directly from us by email in the following ways:
- if you sign up via the Website, we will ask you if you would like to opt in to receive marketing information directly from us; or
- if you click on the link on our Website to sign up to our newsletter.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.
5. USE OF DEVICE AND SOFTWARE USAGE INFORMATION
We may monitor your use of the Website and record your IP address, operating system and browser type for system administration purposes.
We collect aggregated statistics data about visitors to the Website and sales and traffic patterns. This information does not identify users in any personal capacity and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Website.
A cookie (and other technologies like pixels and beacons) is a small data file that is placed on your browser or the hardware of your computer or other device to allow a website to recognise you as a user when you return to the website.
We use non-strictly necessary cookies when you consent for us to do so and strictly necessary cookies on the Website. Please see our Cookies Notice for more information about the type of cookies and tracking technologies that we use on the Website and why, and how to accept and reject them.
7. AUTOMATED DECISION MAKING
We may make automated decisions about you based on your personal information to verify your age when you visit our Website (see the explanation above for further information about this).
We do not make any other automated decisions about you which have a legal or other significant effect on you.
8. SHARING YOUR INFORMATION WITH THIRD PARTIES
We will share your information primarily to ensure that we provide you with the most exciting and up to date products. We may share your information with any of the following groups:
- third party organisations who share similar goals and objectives to us such as Adam Smith Institute
- lawyers who provide us with legal and regulatory advice;
- third party providers who assist us with running campaigns, events and petitions;
- third party providers who assist with surveys;
- third party outsourced IT providers such as Mailchimp where we have an appropriate data processing agreement (or similar protections) in place;
- if we have to share your information to comply with legal or regulatory requirements (for example, for age verification purposes), or if we have to enforce or apply our Terms and Conditions or any other agreements or to protect our rights, property or our site users, etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may share the non-personal aggregated statistics data about visitors to the Website with third parties for analytics and statistical purposes.
9. WHERE WE STORE YOUR INFORMATION
Your personal information may be transferred outside of the UK and the European Economic Area (EEA) to the third parties described in Sharing your information with third parties.
We want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK and EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission, the UK Information Commissioner’s Office or other competent body for the transfer of personal information to jurisdictions without adequate data protection laws;
- by transferring your data to a country where there has been a finding of adequacy by the European Commission, the UK Information Commissioner’s Office or other competent body in respect of that country’s levels of data protection via its legislation;
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
- where you have consented to the transfer.
Where we transfer your personal information outside the UK and EEA and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Notice. You can ask to see these by contacting us using the contact details below.
10. HOW WE SAFEGUARD YOUR INFORMATION
We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal information.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorized access. We do this by having in place a range of appropriate technical and organisational measures.
If you suspect any misuse or loss of or unauthorized access to your personal information please let us know immediately by contacting Mark Oates using the details provided at the end of this notice.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to the Website and any transmission is at your own risk.
The Website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those websites.
11. HOW LONG WE KEEP YOUR INFORMATION
We will keep your information relating to orders you have placed with us as required by law or other regulation.
If you have signed up to receive Campaign Marketing from us: we will store your personal information for as long as you are subscribed to our email marketing list (unless your account has been closed). If you unsubscribe or are otherwise removed from our marketing list, we will keep your email address on our suppression list to ensure that we do not send you marketing emails.
When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems (either by erasing or anonymising that data). After that time, we may retain aggregated data (from which you cannot be identified) and retain it for analytical and statistical purposes.
12. YOUR RIGHTS
You have a number of rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either: (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Right to object
This right enables you to object to us processing your personal information where we do so for one of the following reasons:
- where we rely on our legitimate interests to do process your information;
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials and where your right to withdraw consent does not apply; or
- for scientific, historical, research, or statistical purposes.
Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your personal information for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your personal information.
Right to withdraw consent
Where we have obtained your consent to process your personal information for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your personal information for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
To withdraw your consent to marketing communications, please use the unsubscribe tool in the relevant communication or update your preferences in the account section on the Website.
Right of access (‘Data Subject Access Requests’)
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
If you would like to request access to your information, it would assist us with dealing with your request if you could use the subject heading ‘Data Subject Access Request’ when contacting us. Please note that this is not mandatory and we will still deal with any requests without this reference.
Right to erasure
You have the right to request that we erase your personal information in certain circumstances. Normally, this right exists where:
- the data is no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing of your data and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal information in certain circumstances, for example if you dispute the accuracy of the personal information that we hold about you, you object to our processing of your personal information for our legitimate interests or you require us to keep it in connection with legal proceedings. If we have shared your personal information with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal information.
We may only process your information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties to whom we have disclosed the inaccurate or incomplete personal information. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
You can access and update certain parts of your information by logging into your account on the Website.
Right of data portability
If you wish, you have the right to transfer your personal information between service providers where we rely on your consent or the performance of your contract as the lawful basis to use that information. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you if technically possible.
Rights relating to automated decisions
In certain circumstances, you may contest a decision made about you based purely on automated processing and where the processing is not required by law. You may also ask us to stop making such decisions using automated processing alone.
Right to complain
You have the right to lodge a complaint with your local supervisory authority which is the Information Commissioner’s Office in the UK. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: email@example.com
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
How to exercise your rights
If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org Please note that we may keep a record of your communications to help us resolve any issues that you raise.
We may make changes to this Privacy Notice at any time by posting a copy of the modified notice on the Website or, where appropriate, by sending you an email with that notice. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Website, whichever is the earlier.
14. HOW TO CONTACT US
If you have any queries about this Privacy Notice, including your rights in relation to your personal information, please contact Mark Oates at: email@example.com
14 Shortcroft Mead Court, 55 Cooper Road, London, NW10 1BF
If you wish to contact us with any general queries or concerns, you can email us at firstname.lastname@example.org
When contacting us by email or post, please use the subject heading ‘Data protection query’ so that we can direct your query to the appropriate department and deal with it promptly.