We are committed to protecting your privacy and your personal data. Please read this Privacy Notice to understand how we use, share and store your personal information. We keep this Policy under regular review and make amendments from time to time. Please note that date at the foot of this page which will inform you when this Notice was last amended.
We are E Cigarette Direct Limited, a company registered in England and Wales and we trade under the name E-Cigarette Direct (“we” or “us””). We sell electronic cigarettes, e-liquids and vaping accessories via our website and our retail stores and to our wholesale customers. We are based in Swansea, in South Wales and you can find our contact details here.
We take your privacy seriously and safeguard your personal data to the best of our ability. Personal data is defined as information that relates to an identified or identifiable individual. You can find out more about personal data and data protection from the Information Commissioner’s Office (ICO) website.
This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:
In this Privacy Notice, you can also find out more about your rights as a Data Subject, how you can ask us about your personal data and what to do if you have a question or a complaint
When someone visits www.ecigarettedirect.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personal data through our website, we will be up front about this. We will make it clear when we collect personal data and will explain what we intend to do with it. If you do not wish Google Analytics to collect details of your visit, you can change your cookie settings on your internet browser. You can find out more about how to do this here.
We use a third party service, provided by Clerk.io (who are based in Denmark), to help you find the right products for you, quickly and easily. Clerk.io uses artificial intelligence to learn what our customers need and prefer and makes discreet suggestions. E.g. if you buy a new tank, Cerk might identify that other customers also bought e-liquid and/or coils. Clerk.io are fully GDPR compliant and all data is securely stored within the EU. Clerk.io conducts routine vulnerability scans and penetration tests of their entire platform. Their privacy policy can be found here. If you are not happy with Clerk.io processing your personal information, then you can ask us to ensure that your details are removed from their system by sending a “right to be forgotten” request to [email protected]. Your information will then usually be deleted within 30 days (to allow for back ups to be overwritten). If you do ask for your information to be deleted then we may also need to delete your website customer account.
You can read more about how we use cookies on our Cookies page.
Our website search is powered by Magento. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either ECD or any third party.
When you make a purchase, we need certain information from you in order to fulfil our contract with you. This includes your name and address, telephone number and payment information. We require your telephone number in case we need to get in touch with you about your order or if there are any issues verifying your age as below. We will not pass your personal information on to any third parties for marketing purposes or for any reason not connected with the fulfilment of your contract with us. We will not use your telephone number or email address to market our products to you without your specific consent, and you can withdraw your consent at any time by unsubscribing from emails, emailing [email protected] or calling our Customer Services team.
We also require your email address so we can send you order acknowledgments and updates. Your email address is used to create your customer account.
Age Verification
E-Cigarettes and liquids are an age-restricted product and are only for sale to persons over the age of 18. We are legally obliged to take steps to verify that customers purchasing from our website are over 18.
Age verification on our website is provided by AgeChecked Limited who are a data controller using data already held in their records in order to verify that you as a customer are over the age of 18 or to advise that they are unable to confirm this. If you hold a customer account with us, we record that your age has been successfully verified in your customer account so you don’t need to go through the process again on subsequent purchases provided you log in each time. We do not store information other than the result and information given to us as part of the checkout process but AgeChecked Limited may record that a verification has been provided to us. AgeChecked Limited's privacy information can be found here, including how they manage your personal data when a check is performed. We are advised by AgeChecked Limited that any such check will have no effect on your credit score.
We also work with, and recognise One Account Mobile Limited (1Account) age verification in order to verify that you meet the minimum age requirements as determined by relevant UK age restriction legislation. If you have an account with 1Aaccount, you can verify you are over 18 using your 1account ID. If you are not a 1account customer, and your information cannot be verified by AgeChecked Limited then we will usually make a further attempt to verify your age using information we collect from 1account. We will record that your age has been successfully verified so that you don’t need to go through the process again. 1account are a data controller based in the UK and they use data already held in their records in order to verify you are over the age of 18. 1Account’s privacy information can be found here.
If we are still unable to verify your age, a member of our experienced customer services team will try and get in touch with you to assist with the age verification process. You can also contact our customer services team at any time if you have any problems with these systems.
Who we share your information with
In circumstances where you have asked us to provide an age restricted product or service, we may share your information with either or both of AgeChecked Limited and or One Account Mobile Limited (1account) in order for them to verify that you meet the minimum age requirements as determined by relevant UK age restriction legislation. You can find information about AgeChecked Limited and how they manage your personal data by vising their website: agechecked.com:
You can find information about 1account and how they manage your personal data by visiting their website: 1account.net.
Our website hosting is managed by Rackspace who take privacy and security extremely seriously. A copy of their privacy policy can be viewed here.
Card payments are processed by Elavon Digital Europe Limited who trade as Opayo (previously known as Sage Pay) and by Worldpay, LLC, our card payment services providers in order to take payment and complete our contract with you. All card payment information is protected to Payment Card Industry Data Security Standards. We do not retain a copy of this on our systems. You can find Worldpay’s privacy policy here and Opayo’s privacy policy here. .
Your name and address will be shared with our delivery service providers which include Royal Mail and DPD in order to deliver your purchase. Delivery services act as data controllers in their right and may use any data provided in order to arrange delivery or to provide delivery or tracking information. This would include information such as individual recipients’ names and addresses, email addresses and mobile phone numbers if provided.
Royal Mail’s privacy policy is here and DPD’s privacy policy is here.
We use closed circuit television (CCTV) images to provide a safe and secure environment for employees and for visitors to our business premises, such as customers, contractors and suppliers, and to protect our property. We record images only. There is no audio recording i.e. conversations are not recorded on CCTV.
The purposes of installing and using CCTV systems include:
Cameras are located at strategic points throughout our premises, principally at the entrance and exit points. We have positioned the cameras so that they only cover communal or public areas on our premises and they have been sited so that they provide clear images. All cameras are also clearly visible. Appropriate signs are prominently displayed so that employees, clients, customers and other visitors are aware they are entering an area covered by CCTV.
Images may be recorded either in constant real-time (24 hours a day throughout the year), or only at certain times, as the needs of the business dictate. As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not held for more than one month. Once a hard drive has reached the end of its use, it will be erased prior to disposal.
Images that are stored on, or transferred on to, removable media such as CDs are erased or destroyed once the purpose of the recording is no longer relevant. In normal circumstances, this will be a period of one month. However, where a law enforcement agency is investigating a crime, images may need to be retained for a longer period.
Access to, and disclosure of, images recorded on CCTV is restricted. This ensures that the rights of individuals are retained. Images can only be disclosed in accordance with the purposes for which they were originally collected.
The images that are filmed are recorded centrally and held in a secure location. Access to recorded images is restricted to the operators of the CCTV system and to those managers who are authorised to view them in accordance with the purposes of the system. Viewing of recorded images will take place in a restricted area to which other employees will not have access when viewing is occurring.
When you make a purchase using a payment card, certain information will be processed by our EPOS system, provided by Futura Retail Solutions Limited, and Worldpay, LLC, our card payment services providers in order to take payment and complete our contract with you. All card payment information is protected to Payment Card Industry Data Security Standards. We do not retain a copy of this on our systems. You can find Worldpay’s privacy policy here and Futura’s privacy policy here.
We offer an in-store loyalty card scheme which allows you to earn points from your purchases which can be redeemed against future purchases (subject to terms and conditions). In order for you to join the scheme, we require your name and postcode. We also require your date of birth to confirm you are over the age of 18. By joining the scheme, you consent to us processing this personal data.
If you join the loyalty scheme, your personal information will be held on our electronic till system database. We will process your information for the purpose of running the scheme. From time to time, we may also analyse data collated by the scheme in order to better understand our business and customers. This data will be anonymised where possible before collation.
You may also consent to give us your email address but this is optional. We will ask if you consent to receiving our newsletters but you do not need to agree to this in order to join the loyalty scheme. If you do consent, you can opt out of receiving newsletters at any time by using the “unsubscribe” link provided. You may also leave our loyalty card scheme and request your data to be deleted by contacting [email protected]. Please note that we will take reasonable steps to verify your identity before proceeding with your request.
We offer a ‘live chat’ service as an option to contact our Customer Services team. If you choose to use our Live Chat service, we will record information about your query including your name, email address and information you give us about your order (if relevant). Our Live Chat service is provided by LiveChat, Inc., a US based company. LiveChat, Inc. are committed to data protection and have undertaken a full programme of compliance with GDPR. LiveChat’s privacy policy is here. Your personal information will be stored in LiveChat’s data centres in Frankfurt, Germany. If you wish your information to be erased following your query, please let us know by emailing [email protected]. We also remove personal data from the LiveChat service every 12 months.
When you call our customer services team we may record information about your call including your name and telephone number and the reason for calling. If you place an order over the phone for the first time or if you are having difficulties ordering online, we may take information from you for the purpose of carrying an age verification check which we are required to do by law before you can purchase electronic cigarette items from us.
Age verification is provided by AgeChecked Limited who act as a data processor on our behalf. We record the result but not the detailed information in your customer account (unless the information is also required for the purpose of completing your order, e.g. your name and address).
We use a third party provider, Hootsuite, to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.
We use Transport Layer Security (TLS) to protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We use a third party provider, Google Inc., to provide our email server. Here is a link to Google’s privacy policy. We have also entered into an agreement with Google who have undertaken to keep your personal information secure in line with European Union data protection standards and requirements.
We will only send you emails if you have demonstrated your consent by opting in (by ticking a box or clicking a button in an email). You may unsubscribe at any time by clicking the unsubscribe link in any of our emails.
We use a third party provider, Mailchimp to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. We have entered into a data processing agreement with Mailchimp where they have undertaken to comply with the GDPR and data protection legislation. For more information, please see Mailchimp’s privacy notice.
Any personal data collected will only be used for the purpose stated in the competition entry. For example, if you give us your name and email address for a prize draw, your personal information will only be used for the purpose of selecting a winner or winners and to contact you if you are a winner. We will not send you any marketing emails unless you have also chosen to subscribe to our email newsletters as part of your entry or otherwise.
If you respond to a survey or questionnaire and give us your personal information as part of your response, your personal information will be anonymised or pseudonymised before the remaining data is processed.
Gower Enterprises Limited is the data controller for the information you provide during the recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us at [email protected].
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
We use a third party Applicant Tracking System (ATS) provided by People Apps Limited to record and advertise our vacancies and applications. Here is a link to their Privacy Notice. We have a data processing agreement in place with People Apps Limited.
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Your information will be stored on our ATS and our recruitment team will have access to all of this information. The information on our ATS will be stored at a destination within the European Economic Area (“EEA”).
You may also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.
Information that you provide on a questionnaire, test or survey may be held temporarily on our Google Drive system before being transferred to our ATS or HR system. We use Google Forms and other services provided by Google Inc as part of the GSuite applications. In this case, your information may be transferred outside of the EEA to the United States. Google Inc. are registered under the EU/US Privacy Shield mechanism and we have entered into a data processing agreement with Google Inc., who undertake to comply with the GDPR using the EU Model Clauses.
We will ask you to attend telephone, video and/or face to face interviews to order to assess your suitability for the role. We might also ask you to participate in assessment days; complete tests and/or occupational personality profile questionnaires – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by ECD.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise. After six months, we would contact you to find out if you would like us to continue to keep your details in our talent pool. If not, or if we do not get a reply from you, your details will be deleted.
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff and their right to work in the United Kingdom. We will also seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
If we make a final offer, we will also ask you for the following:
Data processors are third parties who provide elements of our recruitment and human resources service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Our vacancies are advertised on the following websites (as well as our own website). If you create a job seeker account and or apply for a vacancy via one of these websites, they will be the data controller in respect of any information you input into their website (including your name, address, work history and so on). Please read their privacy notices as to how they will store and use your data:
A company based in Ireland as part of a US and international group of companies: https://www.indeed.co.uk/legal#privacy
A US based company who are signed up to the EU/US Privacy Shield: https://www.indeed.co.uk/legal#privacy
A UK company as part of an international group of companies: https://www.reed.co.uk/policies#privacyPolicy
For certain vacancies, we sometimes use the services of a recruitment agency to advertise the role, review applications and carry out assessments including questionnaires and telephone and/or video interviews. Use of a recruitment agency in any relation to any vacancy will always be made clear.
Information collected by a recruitment agency will be retained for 12 months following the end of our agreement.
If you accept an offer of employment from us, your personnel records will be held on PeopleHR which is an internally used HR records system. You will be given your own log in to this system which will allow you to view the majority of the information we hold about you. You will also be able to amend certain information if it is incorrect or becomes out of date (for example if you move house).
When you start working for us, if you meet the auto-enrolment criteria, we are legally obliged to enrol you into our Workplace Pension Scheme. You will subsequently have the right to opt-out of the scheme if you wish.
In order to meet our obligations, your details will be provided to Smart Pension an auto-enrolment platform who provide our Workplace Pension Scheme. If Smart Pension confirm you are eligible or if you are not eligible but are entitled to join the scheme and have opted to do so, you will be auto-enrolled into the pension scheme. Details provided to Smart Pension will be your name, date of birth, National Insurance number and salary.
Once you join us, you will be given a copy of our Employee Privacy Notice which will set out more information about the personal data process and why.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references. We will usually retain information about your name, job title and the dates that you were employed by us for a longer period of time but please refer to our Data Retention Policy for more information.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing [email protected]
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
If you need any more information or guidance about your rights, you can find this here on the ICO’s website: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
We try to be as open as we can be in terms of giving people access to their personal information. Web customers can view much of the information we hold about you in your online account. Individuals can find out if we hold any personal information by making a ‘data subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:
To make a request for any personal information we may hold about you, you need to put the request in writing addressing it to our Information Governance department, or writing to the address provided below. Before complying your request, we will need to confirm your identity as far as reasonably possible. For example, we may ask you to confirm details so we can check it against the data we hold.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Information Governance department.
If you wish to exercise your right to have your personal data deleted from our records (subject to certain restrictions as set out in the Data Protection Act 2018), please refer to our Right to Erasure Policy here and complete this form.
We have one calendar month from your request (or receipt of further information if required). Completing this form will help us locate and remove your data as quickly as possible.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of ECD’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information or if we have not been able to assist with your queries, you can contact the Information Commissioner’s Office which is the statutory body which oversees data protection law – www.ico.org.uk/concerns.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
We keep our privacy notice under regular review. This privacy notice was last updated on 16th May 2022.
If you want to request information about our privacy policy you can email us at [email protected] or write to:
Data Protection Team
RDN Group Limited
Units 4-5 Bell Court
Felinfach
Fforestfach
Swansea
SA5 4HP
| {{ key }} |
|---|
| {{entry[key]}} |
Sorry - we can't take online orders over £5000. Please remove some items from your cart, or contact customer services on 01792 852843 .
Go to checkout
Don't have account? Register below to check-out quickly