🚚 FREE Standard Delivery on orders over £50 |📦 Same-day dispatch before 3pm

Privacy Policy

Your Privacy Matters

This privacy policy explains how we collect, use, and protect your personal information in compliance with UK GDPR and data protection laws.We are committed to protecting your privacy and handling your data responsibly.

1. Data Controller Information

Data Controller: Vapourism

Registered Address: [To be provided by client]

Contact Email: hello@vapourism.co.uk

Data Protection Officer: privacy@vapourism.co.uk

ICO Registration: [To be provided when registered]

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, date of birth
  • Billing Information: Billing address, payment card details (processed securely)
  • Delivery Information: Delivery addresses, delivery preferences
  • Age Verification: Government ID details for legal age verification
  • Communication: Messages, reviews, survey responses, customer service contacts

2.2 Information We Collect Automatically

  • Device Information: IP address, browser type, device identifiers
  • Usage Data: Pages visited, time spent, click patterns, search terms
  • Location Data: General location for delivery and compliance purposes
  • Cookies & Tracking: See our Cookie Policy for detailed information
  • Purchase History: Products bought, order frequency, preferences

2.3 Third-Party Information

  • Age Verification Services: Identity verification data from certified providers
  • Payment Processors: Transaction verification and fraud prevention data
  • Delivery Partners: Delivery status and tracking information
  • Social Media: Profile information if you connect social accounts

3. Legal Basis for Processing

Contract Performance

  • • Processing orders and payments
  • • Delivering products
  • • Customer service and support
  • • Account management

Legal Compliance

  • • Age verification (18+ legal requirement)
  • • VAT and tax obligations
  • • Anti-money laundering checks
  • • Product safety regulations

Legitimate Interests

  • • Fraud prevention and security
  • • Website analytics and improvement
  • • Business development
  • • Marketing to existing customers

Your Consent

  • • Email marketing communications
  • • Non-essential cookies
  • • Product reviews and testimonials
  • • Special promotional offers

4. How We Use Your Information

Primary Uses

  • Process and fulfill your orders
  • Verify your age and identity
  • Handle payments securely
  • Provide customer support
  • Send order updates and confirmations
  • Prevent fraud and ensure security
  • Comply with legal obligations
  • Improve our products and services
  • Personalize your shopping experience
  • Send marketing communications (with consent)

5. Information Sharing & Disclosure

We Share Information With:

✓ Necessary Partners

  • Shopify: E-commerce platform and hosting
  • Payment Processors: Stripe, PayPal for secure payments
  • Delivery Partners: Royal Mail, courier services
  • Age Verification: Certified ID verification services
  • Support Tools: Customer service platforms

⚠️ Legal Requirements

  • • Law enforcement when legally required
  • • Courts and regulatory authorities
  • • Tax authorities (HMRC)
  • • Trading standards officers
  • • In connection with legal proceedings

✗ We Never:

  • • Sell your personal data to third parties for profit
  • • Share your information for unsolicited marketing
  • • Provide data to non-essential third parties without consent
  • • Transfer data outside appropriate safeguards

6. Data Security & Protection

🔒 Security Measures

  • SSL encryption for all data transmission
  • Secure servers with regular security updates
  • Access controls and staff authentication
  • Regular security audits and penetration testing
  • Payment data handled by PCI DSS certified providers
  • Automated backups with encryption
  • Incident response and breach notification procedures
  • Staff training on data protection practices

7. Data Retention Periods

Data TypeRetention PeriodReason
Account InformationUntil account deletion + 7 yearsLegal and tax requirements
Purchase Records7 yearsTax, warranty, and audit requirements
Age Verification7 yearsLegal compliance and audit trail
Marketing ConsentsUntil withdrawn + 1 yearEvidence of consent management
Website Analytics26 monthsGoogle Analytics default retention

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

🔍 Right to Access

Request a copy of all personal data we hold about you

✏️ Right to Rectification

Correct any inaccurate or incomplete information

🗑️ Right to Erasure

Request deletion of your personal data (subject to legal requirements)

⏸️ Right to Restrict Processing

Limit how we use your data in certain circumstances

📦 Right to Data Portability

Receive your data in a machine-readable format

🚫 Right to Object

Object to processing based on legitimate interests

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@vapourism.co.uk
  • Response Time: Within 30 days of receipt
  • ID Verification: May be required for security

9. International Data Transfers

Some of our service providers may process data outside the UK/EEA:

  • Shopify (Canada/US): Covered by adequacy decisions and Standard Contractual Clauses
  • Google Analytics (US): Certified under EU-US Data Privacy Framework
  • Payment Processors: Certified under international data protection frameworks
  • All transfers include appropriate safeguards as required by UK GDPR

10. Cookies & Tracking

We use cookies and similar technologies to improve your experience. For detailed information about our cookie usage, please see our Cookie Policy.

Essential Cookies

Required for website functionality. Cannot be disabled.

Analytics Cookies

Help us understand website usage and improve performance.

Marketing Cookies

Enable personalized advertising and content recommendations.

11. Complaints & Regulatory Contact

Contact Us First

We aim to resolve any privacy concerns quickly:

  • Email: privacy@vapourism.co.uk
  • Phone: 0123 456 7890
  • Response: Within 30 days

Information Commissioner's Office

You can also contact the UK data protection regulator:

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Live Chat: Available on ICO website

12. Policy Updates

We may update this privacy policy from time to time. When we do:

  • We'll update the "Last Updated" date below
  • Significant changes will be communicated via email
  • Continued use constitutes acceptance of updated terms
  • You can always view the current version on our website

Last Updated: 24 September 2025

Version 1.0 - This privacy policy complies with UK GDPR and Data Protection Act 2018