My Cart
Loading...
Privacy and Cookie Policy
Introduction Welcome to Magic Vapes privacy notice.
Magic Vapes respects your privacy and is committed to protecting your personal data. This privacy notice will inform you about how we handle your personal data when you interact with us, explaining your privacy rights and the legal protections in place.
This privacy notice is provided in a layered format for your convenience. You can navigate to specific sections using the links provided, and please refer to the Glossary for the meaning of certain terms used in this privacy notice.
Important Information And Who We Are
Purpose of this privacy notice
This privacy notice provides information on how Magic Vapes collects and processes your personal data during your interactions with us. It is essential to read this notice along with any specific privacy or fair processing notices provided on certain occasions to fully understand how and why we use your data. This privacy notice complements other notices and does not override them.
Controller
Magic Vapes is the controller responsible for your personal data (referred to as "Magic Vapes," "we," "us," or "our" in this privacy notice).
Magic Vapes consists of various legal entities. This privacy notice is issued on behalf of the Magic Vapes Group, and when we mention "Magic Vapes," "we," "us," or "our," we are referring to the relevant company in the Magic Vapes Group handling your data. We will inform you about the specific entity responsible for your data when you make a purchase.
Contact Details
Data Protection Officer:
Magic Vapes, Email address: [email protected]
You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We encourage you to contact us first with any concerns before approaching the ICO.
Changes to the Privacy Notice and your duty to inform us of Changes
This version was last updated on 01st January 2024. Historic versions can be obtained by contacting us. Please keep us informed if your personal data changes during our relationship.
Third-party links
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit when leaving our site.
The Data We Collect About You
Personal data, or personal information, refers to any information about an individual from which that person can be identified. It excludes anonymous data where identity has been removed. We may collect, use, store, and transfer various personal data categories, including:
- Identity Data: first name, maiden name, last name, username, or similar identifier, marital status, title, date of birth, and gender.
- Contact Data: billing address, delivery address, email address, and telephone numbers.
- Financial Data: bank account and payment card details.
- Transaction Data: details about payments to and from you and other product or service-related details.
- Technical Data: IP address, login data, browser type, version, time zone setting, location, browser plug-in types, versions, operating system, and platform, and other technology on devices used to access our website.
- Profile Data: username, password, purchases or orders, interests, preferences, feedback, and survey responses.
- Usage Data: information about how you use our website, products, and services.
- Marketing and Communications Data: preferences in receiving marketing from us and third parties, and communication preferences.
We also collect, use, and share Aggregated Data, which is not considered personal data as it does not directly or indirectly reveal your identity.
We do not collect Special Categories of Personal Data (e.g., race, ethnicity, religious beliefs) or information about criminal convictions and offenses.
If you fail to provide personal data
When required by law or under a contract, failure to provide requested personal data may result in our inability to perform the contract or service requested.
How Is Your Personal Data Collected?
We use various methods to collect data from and about you, including:
- Direct interactions: Providing Identity, Contact, and Financial Data when applying for products or services, creating an account, subscribing to services, entering competitions, promotions, or surveys, and providing feedback.
- Automated technologies or interactions: Collecting Technical Data through cookies, server logs, and similar technologies during website interactions.
Third parties or publicly available sources may also provide personal data about you.
How We Use Your Personal Data
We only use your personal data when the law allows us to. Commonly, we use it in the following circumstances:
- To perform a contract with you.
- For our legitimate interests (or those of a third party) where your interests and fundamental rights do not override those interests.
- To comply with a legal or regulatory obligation.
We do not rely on consent as a primary legal basis for processing personal data except for third-party direct marketing communications. You can withdraw consent at any time.
Purposes for which we will use your personal data
See the table below for a description of all ways we plan to use your personal data, the legal bases, and our legitimate interests where applicable:
| Purpose/Activity | Type of Data | Lawful Basis |
|---|---|---|
| Register you as a new customer | Identity, Contact | Performance of a contract |
| Process and deliver your order | Identity, Contact, Financial, Transaction, Marketing and Communications | Performance of a contract, Legitimate interests (recovering debts) |
| Manage our relationship with you | Identity, Contact, Profile, Marketing and Communications | Performance of a contract, Legal obligation, Legitimate interests (record keeping) |
| Enable you to participate in activities | Identity, Contact, Profile, Usage, Marketing and Communications | Performance of a contract, Legitimate interests (product/service improvement) |
| Administer and protect our business and website | Identity, Contact, Technical | Legitimate interests (business security and continuity), Legal obligation |
| Deliver relevant content and advertisements | Identity, Contact, Profile, Usage, Marketing and Communications, Technical | Legitimate interests (marketing strategy) |
| Use data analytics to improve our services | Technical, Usage | Legitimate interests (business and service improvement) |
| Make suggestions and recommendations | Identity, Contact, Technical, Usage, Profile | Legitimate interests (business growth) |
Marketing
We aim to provide options for personal data control, based on legitimate interests, including:
- Receiving information about goods or services similar to prior purchases.
- Notifying you about changes to our products or services.
- Sending you relevant marketing communications.
Third-party marketing
We obtain your express opt-in consent before sharing personal data outside the Magic Vapes group for marketing purposes.
Opting out
You can opt-out of marketing messages at any time by following provided links or contacting us.
Cookies
You can set your browser to refuse cookies, but note that some website parts may become inaccessible. Refer to our cookie policy for details.
Change of purpose
We will only use your personal data for the purpose it was collected, notifying you if an unrelated purpose arises.
- Disclosures Of Your Personal Data We may share your personal data with the parties listed below:
- Internal Third Parties: entities within the Magic Vapes Group acting as joint controllers or processors based on our instructions.
- External Third Parties: service providers acting as processors, including delivery companies, payment service providers, marketing agencies, IT service providers, and professional advisors.
- Third parties involved in transactions: buyers or sellers in the event of a sale, merger, reorganization, dissolution, or similar event.
We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers to use your personal data for their purposes, and they can only process your personal data for specific purposes and in accordance with our instructions.
International Transfers We may transfer your personal data outside the European Economic Area (EEA) in specific circumstances. Whenever we do, we ensure that an adequate level of protection is in place. You can obtain further details by contacting us.
Data Security We have implemented security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed without authorization. We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need-to-know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have procedures to handle any suspected data breach and will notify you and any applicable regulator of a breach when legally required.
- Data Retention We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.
By law, we must keep basic information about our customers for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.
In some circumstances, we may anonymize your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
- Your Legal Rights Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
- Glossary Lawful Basis
Legitimate Interest means our interest in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Third Parties
Internal Third Parties refer to other companies in the Magic Vapes Group acting as joint controllers or processors based on our instructions.
External Third Parties refer to service providers acting as processors, including delivery companies, payment service providers, marketing agencies, IT service providers, and professional advisors.
Your Legal Rights
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal