Vapourism UK GDPR Privacy Policy: Data Collection, Use & Rights

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us for support. This includes your name, email address, phone number, delivery address, billing information, and age verification details. We also collect information about your product preferences, order history, and communication preferences to provide personalized service.

Additionally, we automatically collect certain information when you visit our website, including your IP address, browser type, device information, pages viewed, time spent on pages, and referring websites. This technical data helps us understand how customers use our site and identify areas for improvement. We collect this information through cookies and similar tracking technologies as detailed in our Cookie Policy.

For age verification purposes, we collect date of birth and government-issued identification details through certified third-party verification services. This is a legal requirement for selling vaping products in the UK, and we only collect the minimum information necessary to verify you are 18 or over.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, process transactions, and communicate with you about orders, products, and promotional offers. Your personal data enables us to fulfill orders accurately, provide customer support, and ensure legal compliance with UK vaping regulations including mandatory age verification.

We analyze aggregated customer data to understand shopping patterns, popular products, and seasonal trends. This helps us maintain optimal inventory levels, develop relevant marketing campaigns, and improve product recommendations. We may use your email address to send order confirmations, shipping notifications, and occasional promotional emails (which you can opt out of at any time).

Your data also supports fraud prevention and security measures. We monitor transactions for suspicious activity, verify customer identities to prevent account takeovers, and maintain records as required by UK financial regulations. Age verification data is retained to comply with legal obligations regarding the sale of restricted products.

3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We share limited information with trusted service providers who assist in operating our website, conducting business, and serving customers. These third parties include payment processors, shipping carriers, email service providers, and age verification services.

All third-party service providers are contractually obligated to maintain confidentiality and can only use your information to perform specific services on our behalf. They cannot use your data for their own purposes or share it with other organizations. We carefully vet all service providers to ensure they meet GDPR compliance standards and implement appropriate security measures.

We may disclose your information when required by law, such as responding to court orders, legal processes, or law enforcement requests. We may also share information to protect our rights, property, and safety, or the rights and safety of our customers and the public, as permitted by law. In the event of a business sale or merger, customer data may be transferred to the acquiring entity.

How We Secure Your Personal Data at Vapourism

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include SSL encryption for data transmission, secure servers with firewall protection, regular security audits, and restricted access to personal data on a need-to-know basis.

Payment information is processed through PCI DSS compliant payment gateways and never stored on our servers. Age verification data is encrypted both in transit and at rest, with access limited to authorized personnel for compliance verification purposes. We maintain comprehensive backup systems and incident response procedures to protect against data loss and security breaches.

While we implement industry-standard security measures, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security but continually update our security practices to align with current best practices and regulatory requirements.

5. Cookies and Tracking Technologies

We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. Cookies are small text files stored on your device that help us remember your preferences, maintain your shopping cart between sessions, and understand how you interact with our website. For detailed information about the specific cookies we use and how to manage them, please refer to our separate Cookie Policy.

6. Your Rights Under UK GDPR

You have the right to access, update, or delete your personal information. You can exercise these rights by logging into your account, contacting our customer service team, or emailing privacy@vapourism.co.uk. Specific rights include the right to know what personal data we hold, the right to rectification of inaccurate data, the right to erasure (subject to legal retention requirements), and the right to restrict or object to processing.

You have the right to data portability, meaning you can request a copy of your personal data in a structured, machine-readable format. You can withdraw consent for marketing communications at any time by clicking unsubscribe links in emails or updating your account preferences. These rights are subject to certain legal exceptions, such as our obligation to retain records for tax purposes or age verification compliance.

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority. We encourage you to contact us first so we can address your concerns directly.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Account information is retained while your account remains active and for a period afterward to comply with legal obligations, resolve disputes, and enforce agreements.

Order and payment data is retained for seven years in accordance with UK tax law requirements. Age verification records are maintained indefinitely to demonstrate compliance with legal obligations regarding age-restricted product sales. Marketing data is retained until you withdraw consent or request deletion.

8. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of any material changes by posting the new policy on this page with an updated effective date. For significant changes, we may provide additional notice through email or prominent website banners.

We encourage you to review this privacy policy periodically to stay informed about how we protect your information. Continued use of our services after policy changes constitutes acceptance of the updated terms.

9. Contact Us

If you have any questions about this privacy policy, want to exercise your data protection rights, or need assistance with privacy-related matters, please contact us at privacy@vapourism.co.uk or write to us at our registered address: Vapourism, 3 Hylton Drive, Cheadle Hulme, Stockport, SK8 7DH, United Kingdom.