The person responsible within the meaning of the DPA and GDPR is:
Chandos Business Centre,
Leamington Spa. CV32 4RJ
Scope of the processing of personal data
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you order products. The collection and use of your personal data regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by applicable law.
The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organisational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form; for example, we use SSL=Secure Socket Layer for communication via your Internet browser. You can recognise this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.
Purposes of processing and legal basis
We collect, process and use your personal data for the following purposes:
The processing of your personal data may be based on the following legal grounds:
Duration of storage and routine deletion of personal data
We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.
In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.
If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
The legal basis for this data processing is Article 6 (1) sentence 1 lit. b of the GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.
In addition, the data serve us to optimise our website and to ensure the security of our IT systems and the processing is based in this respect on Art. 6 para. 1 lit. f GDPR. For this reason, the data is stored for a maximum of 7 days as a technical precaution.
We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under “Your rights”).
To provide our website, we use the services of DreamHost owned by New Dream Network, LLC of PMB #257 417 Associated Road Brea, CA 92821. USA who process the above-mentioned data and all data to be processed in connection with the operation of my website (log files) on our behalf. The legal basis for the data processing is our legitimate interest in providing an appealing website (Art. 6 (1) f) GDPR).
We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.
a) Newsletter registration on our website
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e., at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.
After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection notice. If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending you the newsletter.
b) Dispatch due to the sale of goods
If you purchase goods or services on our website, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way.
We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We therefore measure and store opening and click-through rates in your usage profile, i.e., whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes.
In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimisation measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore Art. 6 para. 1 lit. f GDPR.
Of course, you can unsubscribe from receiving our information at any time, i.e., revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter. You can also contact us using email@example.com for a cancellation at any time.
The provider is Rocket Science Group LLC, (MailChimp). MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp’s servers in the USA.
Contacting us, registration or placing orders
a) Contacting us
When you contact us by e-mail, or via the contact form, the data you provide will be stored by us based on Art. 6 (1) lit. b of the GDPR, insofar as it is necessary to answer your questions. The contact is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and the facts concerned have been conclusively clarified.
On our website, we offer you the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of precontractual measures and is based on Art. 6 para. 1 lit. b GDPR. You can delete your customer account at any time on our website.
c) Age Verification on Delivery or on the website
In the UK it is illegal for someone under the age of 18 years to buy or attempt to buy Nicotine and Nicotine Containing Products. Equally, it is a criminal offence to use false or borrowed ID to buy Nicotine and Nicotine Containing Products. In this sense you will be required to proof your age upon delivery to the transport company commissioned or on the website when you first access our page (where applicable). The processing is carried out to comply with a legal obligation Art. 6 para. 1 lit. c GDPR.
We use the Age Verification system provided by AgeChecked Limited of 161-165 Farringdon Road Lower Ground Floor, London EC1R 3AL who are a data controller using data already held in their records to verify that you are over the age of 18 or to advise that they are unable to confirm this.
If you have set up an account with our website and log in to make your purchases we will only have to do this process once as you will be recorded as being over the age of 18. We do not store any other information from the age check apart from the result and information given in the check out process but age checked ltd may record that they have given a verification to us. We are advised by AgeChecked Limited that any such check will have no effect on your credit score.
d) Storage of data in the user account
For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen, depending on the individual case. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored there. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.
Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is therefore based on Art. 6 para. 1 lit. b GDPR.
e) Guest order
You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.
We collect, process and use the information you provide in the context of a guest order for the purpose of executing the contract in accordance with Art. 6 Para. 1 lit. b GDPR. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes.
f) Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary for the conclusion of the contract with you and is based on Art. 6 para. 1 lit. b GDPR.
g) Product Reviews
In the context of the review function on this website, in addition to your comment, information on the time of the creation of the comment and the comment name you have chosen will be stored and published on the website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the person concerned infringes the rights of third parties by posting a comment or posts illegal content. We need your e-mail address to contact you if a third party objects to your published content as being illegal. The legal basis for storing your data is Art. 6 para. 1 lit. b) and f) GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.
Based on Art. 6 para. 1 lit. c and f GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g. to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defence.
Disclosure of personal data to third parties
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.
a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact us with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.
b) Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.
c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
Data transfer to third countries
If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g. by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).
Of course, you have rights with regard to the collection of your data, which we are pleased to inform you of herewith. If you would like to make use of one of the following free rights, a simple message to us will suffice. For your own protection, we reserve the right, in the case of an existing enquiry, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the enquiry.
a) Right to information
You have the right to request information and/or copies of the personal data stored about you.
b) Right to rectification
You have the right to request that personal data relating to you be corrected and/or completed without delay.
c) Right to object to processing
You have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing.
d) Right to deletion
You have the right to request the erasure of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defence of legal claims.
e) Right to information
Where you have exercised the right to rectification, erasure, or restriction of processing, we will notify all recipients to whom personal data relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
f) Right to data portability
You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common, and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
g) Right of objection
Insofar as your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to the processing at any time pursuant to Article 21 (1) of the GDPR.
If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing.
h) Right to withdraw consent
You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime.
i) Right to complain to a supervisory authority
If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.
You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there.
j) Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
The Supervisory Authority
If you believe that the processing of your personal data is not lawful, you can lodge a complaint with a data protection supervisory authority. The UK`s Information Commissioner`s Office (ICO) is the for us relevant data protection supervisory authority. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
We are present in various “social media” platforms in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).
We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.
The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 para. 1 p.1 lit. f. GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us using firstname.lastname@example.org.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Personal information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.