At Vvapour Ltd we take privacy very seriously and are committed to safeguarding and preserving the privacy of our visitors.
Policy key definitions:
“I”, “our”, “us”, or “we” refer to the business, Vvapour Ltd
“you”, “the user” refer to the person(s) using this website.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
When handling any of your data we are the data controller, however, we rely on third-party data processors to manage this.
Sharing your information: We may share your personal information with third parties and they include;
Paypal – who handle are payment processing
Mailchimp – Who manage our email marketing.
Google Analytics – Who track our website analytics, they don’t have any personal information.
TidioChat – Our live chat facility on our website is provided by Tidio and as such we share the data exchanged over this chat service with TidioChat.
Yotpo – We use a third-party service called Yotpo to manage our customer and product reviews, this helps us ensure the authenticity but requires your email, name and review being shared with them.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
This website uses Google Analytics to provide our analytics and reporting services so we can estimate our traffic and website performance.
This requires two Google Analytics cookies.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
This website uses contact forms to allow you to submit emails to us. When doing so you will need to accept a checkbox that agrees to use storing your email and information in our email servers.
When you make a purchase and become a customer of Vvapour we collect your name, address (for delivery), email address (for communications only).
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Some cookies are required to enjoy and use the full functionality of this website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Cookies that we use are;
Google Analytics Cookies – Tracks website visits and visitor behavior on the site
WooCommerce Cookies – So we can keep a note of what products are in your cart in case you leave and come back later and while you are browsing through the website.
Mailchimp Cookies – To report on the open and click rates of any marketing messages.
Here is a list of cookies on our website.
_gat Google Analytics
_gid Google Analytics
_ga Google Analytics
If you want to revoke cookies then click below.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
In line with GDPR requirements if we experience a data breach we will immediately communicate this to those users affected by the breach. A notification must be sent within 72 hours under the GDPR regulations.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal date” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.
Our EMS provider is; MailChimp. We hold the following information about you within our EMS system;
Subscription time & date
Your consent data.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Emails that are sent to us are in some cases kept indefinitely so we know who we are talking to when customers get in touch.
Customer information is kept as long as the customer remains active and as long as we are legally obligated for tax reasons.
We are working to add automated and instant facilities to allow users to remove any of the information stored and currently have a manual system you can use to submit a request.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Customer information such as names and email addresses are shared with Paypal one of our payment processors.
Email addresses and names are shared with MailChimp who provide our email marketing services.
Email enquiries are stored with Google and ZXHost who provide our email services.
Live chat conversations are shared with Tidiochat who provide the live chat facilities on this website.
All of the above are GDPR compliant and trusted third parties. You can consult their respecitve privacy policies for further information on how they ensure the protection of your data.
How we protect your data
We ensure your data is secure at all times and processed over a secure connection. Always look for the padlock in the browser address bar to check if an SSL certificate is installed.
We only load our website over https only avoiding insecure connections.
What data breach procedures we have in place
If there is a data breach we commit to abiding by the GDPR regulations for informing those affected within 72 hours.
What third parties we receive data from
We receive data from Google Analytics that helps us determine the best performing content, times of the day etc, however, we do not collect any personal or private information. Everything is anonymized and gives us a holistic view instead of data on individuals.