Privacy Policy | Vape7Store UK

Introduction

Vape7Store is committed to protecting the privacy and personal data of every visitor and customer. This privacy policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and how we protect it. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all personal data collected through vape7store.co.uk, our checkout process, email communications, and customer service interactions. By using our website, you agree to the practices described in this policy. If you do not agree, please do not use our website or place orders.

Who We Are

Vape7Store is a UK-based online retailer specialising in rechargeable prefilled pod kits and nicotine salt e-liquids. For the purposes of UK data protection law, Vape7Store is the data controller responsible for your personal data. If you have questions about this policy or your personal data, you can contact us by email at the address listed on our Contact Us page.

What Personal Data We Collect

We collect different types of personal data depending on how you interact with our website. When you browse our website, we may collect your IP address, browser type, device information, pages visited, time spent on pages, and referral source. This data is collected automatically through cookies and similar technologies. When you create an account or place an order, we collect your full name, email address, delivery address, billing address, telephone number, and payment information. When you contact our customer service team, we collect the content of your messages, your email address, and any information you provide to resolve your enquiry. When you subscribe to our newsletter or marketing emails, we collect your email address and any preferences you indicate.

Age Verification Data

UK law prohibits the sale of nicotine-containing vaping products to anyone under the age of 18. We are legally required to verify the age of all customers before completing a purchase. As part of this process, we may collect your date of birth and, where required, request photographic identification such as a driving licence or passport. Age verification data is processed solely for the purpose of confirming you are 18 years or older. This data is handled in accordance with this privacy policy and is not used for any other purpose. We may use third-party age verification services to confirm your age. These services process your data securely and only for the purpose of age confirmation.

Why We Collect Your Data and Our Legal Basis

We process your personal data for specific purposes, each with a lawful basis under UK GDPR. To fulfil your orders — processing payments, dispatching products, and providing delivery updates — we rely on contractual necessity (Article 6(1)(b) UK GDPR). To comply with UK law — including age verification for restricted products, tax obligations, and product safety regulations under TRPR — we rely on legal obligation (Article 6(1)(c) UK GDPR). To send you marketing communications about new products, offers, and stock updates — we rely on your explicit consent (Article 6(1)(a) UK GDPR). You can withdraw consent at any time by clicking the unsubscribe link in any email or by contacting us directly. To monitor website performance, prevent fraud, and improve our services — we rely on legitimate interest (Article 6(1)(f) UK GDPR). Our legitimate interests do not override your rights and freedoms.

Cookies and Tracking Technologies

Our website uses cookies in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR) and UK GDPR. Strictly necessary cookies are essential for the website to function and do not require your consent. These include session cookies that remember your shopping basket, secure session identifiers, and authentication cookies that keep you logged in during your visit. Analytics cookies help us understand how visitors use our website — which pages are visited, how long visitors stay, and where they arrive from. We use these insights to improve our website. Analytics cookies are only placed with your consent. Marketing cookies track your browsing activity to deliver relevant advertisements. These cookies are only placed with your consent. You can manage your cookie preferences at any time through the cookie consent banner on our website or through your browser settings. You can also delete cookies already stored on your device through your browser. Disabling strictly necessary cookies may prevent the website from functioning correctly.

How We Share Your Data

We share your personal data only where necessary to operate our business and fulfil your orders. Our website is hosted on Shopify Inc., which provides our e-commerce platform. Shopify stores your data on secure servers and processes it in accordance with their privacy policy and PCI-DSS standards for payment card security. Payment processors handle your payment card data securely. All payment gateways used by Vape7Store adhere to PCI-DSS standards managed by the PCI Security Standards Council. Your card data is encrypted during transmission and is not stored by Vape7Store after your transaction is complete. Delivery partners receive your name and delivery address solely to fulfil your order. Age verification providers receive limited data — typically your name, address, and date of birth — solely to confirm you are 18 years or older. We do not sell, rent, or trade your personal data to any third party for their marketing purposes. We will disclose your personal data if required by law, regulation, legal process, or enforceable government request.

How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website uses SSL/TLS encryption to secure data transmitted between your browser and our servers. Payment card data is processed through PCI-DSS compliant payment gateways and is not stored on our servers. Access to personal data is restricted to authorised personnel who need it to perform their duties. Despite these measures, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Order and transaction data is retained for six years after your last purchase to comply with UK tax and accounting obligations under HMRC requirements. Account data is retained for as long as your account remains active. If your account is inactive for more than 24 months, we may contact you to confirm whether you wish to keep it open. Marketing consent records are retained for as long as you remain subscribed. If you unsubscribe, we retain a record of your withdrawal of consent to demonstrate compliance. Age verification records are retained only as long as necessary to demonstrate compliance with UK age restriction laws. Cookie data retention varies by cookie type. Session cookies are deleted when you close your browser. Persistent cookies expire according to their individual retention periods, which are detailed in our cookie consent settings.

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights regarding your personal data. You have the right of access — to request a copy of the personal data we hold about you. You have the right to rectification — to request correction of inaccurate or incomplete personal data. You have the right to erasure — to request deletion of your personal data where there is no compelling reason for us to continue processing it. You have the right to restrict processing — to request that we limit the processing of your personal data in certain circumstances. You have the right to data portability — to request a copy of your personal data in a structured, commonly used, machine-readable format. You have the right to object — to object to processing of your personal data based on legitimate interests or for direct marketing purposes. You have the right to withdraw consent — where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact us using the details on our Contact Us page. We will respond to your request within one month, as required by UK GDPR. If your request is complex, we may extend this period by up to two further months, and we will inform you of any extension within the first month. If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policy of every website you visit. Clicking a link to a third-party website does not mean we endorse or accept responsibility for that website's practices.

Children's Privacy

Vape7Store does not knowingly collect personal data from anyone under the age of 18. Our products are age-restricted under UK law, and our age verification processes are designed to prevent sales to minors. If we become aware that we have collected personal data from a person under 18, we will delete it promptly. If you believe we have inadvertently collected data from a minor, please contact us immediately.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes your acceptance of the updated policy. If we make significant changes that affect your rights, we will notify you by email or through a prominent notice on our website.

Contact Us

If you have questions about this privacy policy, your personal data, or wish to exercise any of your rights under UK GDPR, please contact us through the details listed on our Contact Us page. We aim to respond to all enquiries within 48 hours during business days.

Frequently Asked Questions

What personal data does Vape7Store collect?

We collect your name, email, delivery and billing address, phone number, and payment details when you place an order. We also collect browsing data through cookies and age verification data to comply with UK law prohibiting sales to under-18s.

Does Vape7Store sell my personal data?

No. We never sell, rent, or trade your personal data to any third party for marketing. We share data only with service providers who help us fulfil orders, process payments, deliver products, and verify age — all under strict data protection agreements.

Why does Vape7Store verify my age?

UK law prohibits selling nicotine-containing vaping products to anyone under 18. We are legally required to verify your age before completing any purchase. Age verification data is used solely for this purpose and handled in accordance with our privacy policy.

How can I exercise my UK GDPR rights?

You can request access to, correction of, or deletion of your personal data by contacting us through our Contact Us page. We respond within one month as required by UK GDPR. You can also lodge a complaint with the ICO at ico.org.uk.

How does Vape7Store use cookies?

We use strictly necessary cookies for website functionality (no consent required), analytics cookies to understand site usage, and marketing cookies for relevant ads. Analytics and marketing cookies are only placed with your explicit consent via our cookie banner.

How long does Vape7Store keep my data?

Order data is retained for six years to meet UK tax obligations. Account data is kept while your account is active. Marketing records are kept until you unsubscribe. Cookie data varies by type — session cookies are deleted when you close your browser.