1.Introduction

At [Your Website Name], we are committed to protecting your privacy and personal data.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website, you agree to the collection and use of information in line with this policy.

2. Who We Are

Business Name: [Your Business Name]
Location: Romford, London, United Kingdom
Email: [your email address]

We are the data controller responsible for your personal data.

3. Information We Collect

We may collect and process the following personal data:

a) Information you provide directly

  • Full name

  • Email address

  • Phone number

  • Billing and delivery address

  • Order details and purchase history

b) Automatically collected information

  • IP address

  • Browser type and device information

  • Website usage data

  • Cookies and tracking data

Note: We do not store payment card details. Payments are processed securely by third-party providers.

4. How We Use Your Information

We use your personal data to:

  • Process and deliver orders

  • Communicate about your orders or enquiries

  • Verify age for age-restricted products

  • Improve website performance and user experience

  • Comply with legal and regulatory obligations

5. Legal Basis for Processing (UK GDPR)

We process your data under the following lawful bases:

  • Contractual necessity – to fulfil orders

  • Legal obligation – age-restricted sales, tax records

  • Legitimate interests – improving services

  • Consent – marketing or cookies (where applicable)

6. Age-Restricted Products

If you purchase tobacco or vape products, we may process additional data to:

  • Verify that you are 18 years or older

  • Comply with UK legal requirements

Failure to pass age verification may result in order cancellation.

7. Data Sharing

We do not sell or rent your personal data.

We may share data only with trusted third parties, including:

  • Payment processors

  • Delivery partners

  • Website hosting and IT providers

All third parties are required to comply with UK GDPR.

8. Data Security

We use appropriate technical and organisational measures to protect your personal data against:

  • Unauthorised access

  • Loss or misuse

  • Disclosure or alteration

However, no online system is 100% secure.

9. Data Retention

We retain personal data only for as long as necessary:

  • To fulfil orders

  • To meet legal or tax obligations

  • For legitimate business purposes

Data is securely deleted when no longer required.

10. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to or restrict processing

  • Withdraw consent at any time

To exercise your rights, contact us at [your email].

11. Cookies

Our website uses cookies to improve functionality and performance.
For full details, please see our Cookie Policy.

12. Third-Party Links

Our website may contain links to third-party websites.
We are not responsible for their privacy practices or content.

13. Changes to This Policy

We may update this Privacy Policy from time to time.
Any changes will be posted on this page with an updated date.

14. Contact Us

If you have questions about this Privacy Policy or your data, please contact:

📧 Email: [your email]
📍 Location: Romford, London, UK