Wholesome Vape Limited is totally committed to protecting your personal data and holds your privacy in extremely high regards. This privacy statement serves to provide you with all the important information about how we protect your data when you visit or use our website vapestoreukonline.co.uk and informs you about your privacy rights and how the law protects you.
Definition of Terms
Personal Data - This means information or data about a living individual that can be used to identify an individual, that is in our possession or may come into our possession.
Usage Data – This means data that our service infrastructure collects automatically and generates, as a living individual use or interact with our website (for example, the duration of a page visit). Cookies – This are small pieces of data stored on a User’s device as you interact with our website.
Data Controller - This means a person who is responsible for determining how the personal data collected through direct or indirect interaction with us through our website infrastructures are processed, used as well as the purpose for which they are processed.
Data Processor – This means data service processor, which is any person who processes the data on behalf of the Data Controller. The data processor is not an employee of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
Data Subject – This means any living individual that is the subject of Personal Data.
User – This means an individual who uses or is using our Service. A User is the same as a Data Subject.
Purpose of This Privacy Statement
1) This privacy statement is to provide all the information you need to know about how we collect and processes your personal data when you use our website, including any data you may provide when you register on our website, sign up for our newsletter or purchase a product on our website.
2) We do not sell products to persons under the age of 18. If you are under the age of 18, you are not permitted to use our website, or access our products through any other available channel.
3) It is of great importance that you read this privacy statement along side any other privacy notice or fair processing notice we may provide from time to time when we collect or process your personal data so that you have a full awareness of how and why we are using your data. This privacy statement is to serve as an addition to other notices and not intended to override them.
4) Controller: Wholesome Vape Limited Trading As Variety E-Vape is the controller responsible for your personal data, and for the purpose of this policy statement may be referred to as ("Variety E-Vape", "we", "us" or "our").
6) Full Legal Name: Wholesome Vape Limited
Trading Name: Variety E-Vape Name
Title: Data Privacy Manager
Email address: email@example.com
Postal address: 547 Oxford Road, Reading, RG30 1HJ
Telephone number: 01189967352
7) You can make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority responsible for data protection issues (www.ico.org.uk). However, we would appreciate the opportunity to deal with your concerns and attempt to resolve the complaint before you approach the ICO. So please contact us, in the first instance.
8) Changes to your Personal Information and your duty to inform us of change: Please notify us if your personal data changes during the period you have a contract relationship with us as it is important that the personal data we hold about you is accurate.
What Type of Personal Information Do We Collect?
Personal data, or personal information, means information about a person that is unique to the person and can be used for the purpose of identifying a person. It does not include anonymous data, which means data that the identity has been removed.
We may collect, different types of personal information or data about you at different stages of your interaction with us, for the legitimate purpose of providing you with the product you want to purchase as well as improve our service.
When you use our website or sign up for an account, whether making a purchase or not, the system will store the details you have provided. Where an account is created by one of our employees on behalf of the customer, the minimum amount of data this will contain is your name, email address and password (which is encrypted), the date you registered and the date you last visited. If the account is created by you directly, then it will also contain the IP address and Host name you used the last time you logged in. If you enter further information such as your address and telephone number, this will also be stored in the account.
When you place an order on our website, the information you enter, such as your name, email address, billing address, delivery address, telephone number, company name and VAT number (if applicable) will be stored within the order. Other information that is stored are as follows:
A) Your IP Address, its host name and country location
B) The type of device you used, such as mobile or desktop
C) The date and time you ordered
D) Your payment method
E) How much you paid
F) The shipping method
G) The number of loyalty points you earned, where applicable
H) Any activity on the order, such as the date and time we completed your order
I) Whether you are a new customer or returning customer
J) The product you ordered
K) Please Note: Payment information, such as credit card number, is never stored on this site or BigCommerce. This information is always stored separately by the payment gateway provider.
What Types of Cookies Do We Use?
How We Collect Your Personal Data?
We collect your personal data in the following ways:
1) By Direct Interaction with us when you place an order on our website, create an account on our website, subscribe to our newsletter or give us feedback about our products and services. At this point you may provide us with your personal data such as Identity information and contact information when completing forms, corresponding with us by email, phone or post.
2) By Indirect Interaction through automated technologies which can occur when you use our website. Our cookies, server log system and other technologies may collect Technical Data about your equipment and browsing actions when you use our website.
3) We may receive your personal data from third parties or publicly available sources for technical purposes. These Personal data about you may be made available to us by:
• Providers of analytic services such as Google based outside the EU; Search information providers like Google or Bing based outside the EU
• Public sources like the Electoral Register and Companies House based within the EU.
How Do We use the data we collect?
We will only use the personal data we collect from you, when it is lawful to do so and that would include:
1. To carry-out a legitimate contract you have entered into or about to enter into with us, for the supply of a product or service that you have ordered.
2. To carry-out a legal or regulatory obligation, such as the prevention and detection of fraud, crime and money laundering
3. A situation where we need to fulfil a legitimate interest, whether ours or that of a third party and your personal interest and fundamental rights do not override the legitimate interest
4. In addition, we may use your personal data to develop and improve our products and services, through research and statistical analysis. For us to contact you by email, post or phone in relation to marketing communications, we will request your consent. Only when you consent to us contacting you, would we contact you about products and services we believe may be of interest to you.
How Do We Secure Your Personal Data?
Ensuring the personal data you provide us is well secured and protected is an utmost priority to us. However, be aware that no method of transmission of data over the internet is 100% secured. Though we ensure we use necessary commercially acceptable means to keep your data safe and secured, we cannot guarantee an absolute security of your personal data.
Which Third Party Service Providers Do We Share Your Data?
We may employ the services of third parties to help facilitate the provision of our services or to assist in analysing and improving our service. We may share your personal data with these third parties service providers only for the purpose of performing a contract you have or will enter to with us, to improve our service and or to comply with a lawful request. These third parties are obligated to not disclose or use your data for any other purpose whatsoever, other than to perform the agreed task on our behalf.
Age Verification Service Providers
We may use age verification service providers to verify your age, as it is a legal requirement that you must be over 18 years of age to purchase any product or service on this website.
We use VerifymyAge for age verification service. This service is in place to ensure that our customers are all over 18 years of age. Verifymyage will check your details against electoral roll data to be certain that you are over 18 years of age as you pass through our checkout system for the first time. If for any reason, Verifymyage is unable to confirm that you are over 18 years of age, we will request a proof of age from you, which would be a photo identity such as a driving license or passport. Once you have been verified, all subsequent orders we will not need to confirm your age again.
Our e-commerce website uses Big Commerce Platform and it is powered by Big Commerce, by virtue of the fact that Big Commerce provides and power the website, it means your personal data may be shared with BigCommerce, you can read more about how BigCommerce uses your personal information on https://www.bigcommerce.com/privacy/
Google Analytics tracks and reports a website’s traffic and Google use the collated data to track and monitor the use of our services.
We make use of google analytics to give us an insight into how customers make use of our website and also help us improve our services. Please visit https://www.google.com/intl/en/policies/privacy/ to learn more about how Google manages and uses your personal data.
We use third party services for payment processing (e.g Payment Processors). We do not store neither do we collect your card details for payment, your information is provided directly to our third parties payment processors. Our payment processors’ use of your personal information is governed by their own privacy policies and they adhere to PCI-DSS standards that is managed by the PCI Security standards Council. PCI Security Standards Council is a joint effort by brands like Visa, Mastercard, American Express and Discover to govern, manage and secure the processing of payments and payment information.
The Social media share button and Facebook login that feature on the website, and added to all product pages and blog pages, only transmit data once they have been clicked. Therefore, the button only becomes active once you have clicked on it and at this point you will be using the social media's website. The only data the social media servers receive from our site is referral information from the page, such as product title and image. No personal data is transmitted.
However, once you have clicked on the Facebook button, any data that is gathered from your Facebook account, such as name and Facebook ID, will be stored within their User Account. You can request for the information to be deleted.
Do We Disclose Your Personal Data?
In the event of a legal requirement to disclose your personal data by law enforcement agencies or in response to a valid public authority request, we will do so. We may also disclose your data in the following circumstances:
1. To fulfil a legal obligation
2. To Protect our rights and property
3. To prevent or investigate fraudulent or other criminal activities
4. To ensure the safety and protection of the public and other users of the service
5. To protect or prevent legal liability
How Long Do We Retain Your Personal Data?
We may also retain and use your Personal Data to the extent necessary to comply with our legal obligations.
We may also retain automatically generated data for the purpose of internal analysis, which may include improving our services, strengthening the functionality of our website and service or where we are legally obligated to do so.
What Are Your Rights Under the GDPR?
Under the GDPR, you have the following rights:
1. You have the right to access your personal information we hold, you can get a copy of your personal data free of charge.
2. You have the right to restrict processing and request restriction of use of your data, under certain circumstances.
3. You have the right to ensure any data held about you is accurate
4. You have the right to request that your data be removed, under certain circumstances.
5. You have a right to data portability, which means you are entitled to request a copy of your personal data we hold in a common electronic format.
6. You have the right under certain circumstances, to request that your data is not used to make automated decisions about you that could have legal consequences.
7. You have the right to lodge a complaint with the Information Commissioners Office (ICO)
How Do We get your Consent?
When you create an account with us, place an order on our website, provide your information for the purpose of verifying your age or your credit card, arrange for a delivery or return of a product purchased, we take it that you have consented to your personal data being collected and used for the purpose of performing that specific transaction or contract.
Where we seek to use your personal information for any other reason other than completing a transaction or order you have placed or are about to place with us, for example marketing, we will directly request your consent, or provide you with the option to reject the use of your data for such a purpose.
How Can You Withdraw Your Consent?
If after you have consented to your data being used for any other purpose other than completing an order, you then change your mind, you can with-draw your consent for the use or disclosure or continued collection of your information. To do so, please contact us by email on firstname.lastname@example.org or call us on 01189967352. Where you prefer to contact us by post, you can write to us at the following address:
Variety E-Vape Online
547 Oxford Road
How Can You Access Your Personal Data?
In the event you wish to obtain information about your personal data we may hold, you can request that we provide you a copy of the personal data we hold about you. This is what is known as a subject access request. All Subject Access Request, should be made in writing to our email address which is email@example.com or by post to Variety E Vape, 547 Oxford Road, Reading RG30 1HJ. We aim to respond to any subject access request within one month of receipt of the re-quest.
However, in situations where your request is a complex one, we may require more time, but not more than three months from the date of the receipt of the request. We will keep you fully informed of our progress over the period. We aim to provide a complete response which will include copies of your personal data we may have in our possession.
If the changes are material in nature, we will notify you that it has been updated, so that you are aware of the changes and how they may affect you, what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.