Last update: May 2018
The EU General Data Protection Regulation (GDPR) 2014 governs how EU businesses’ & organisations work with User data by requiring that they are fair and transparent and that they explain fully, clearly and simply why and how an individuals (Users) data is (or will be) used. It replaces the UK Data Protection Act in EU & UK law,
The GDPR provides Users with much greater choice and control over how their personal data is used. Users must be asked to give consent and be provided with ability to alter or withdraw their consent at any time.
Through its business activities as an online retailer and wholesaler, Exhale requests, uses and stores User data. This document explains what data it requests & gathers, how that data is used, stored and protected. It also explains how User consent is requested and how Users can Opt in or Opt out at any time.
User Personal Identification Information
Exhale may collect User personal identification information in a variety of ways, including, but not limited to, when a User visits the Site, registers as a customer on the Site, places an order, fills out a form, subscribes to or Opts In or Out of receiving email communication and in connection with other activities, services, features or resources we make available on our Site.
Users may as appropriate to their activity on the Site be asked for their first name, last name, email address, billing & shipping addresses, telephone number and payment/credit card information. Users may, however, visit the Site and browse anonymously.
We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can if they wish to, refuse to supply personally identification information however, doing so may prevent them from engaging in certain Site related activities.
This means that on this Site a User cannot buy goods from Exhale anonymously. All customers wishing to purchase goods or services from Exhale/the Site MUST provide certain personal identifying data.
Non-personal Identification Information
Exhale may collect non-personal identification information about Users whenever they interact with the Site. Non-personal identification information may include the Users' browser name, the type of computer and technical information about Users means of connection to the Site, such as the operating system and the Internet Service Providers utilised and other similar non identifying information.
Exhale uses Paypal to process User payments and never sees any User financial data.
At the correct time during the checkout procedure the User is directed temporarily to PayPal’s highly secure environment. Here the User will enter their payment card number, expiry date and 3 digit security code or if the User is using their Paypal account to pay they will log in to that PayPal account to confirm payment. As soon as the payment is verified as successful the User is routed back to Exhale to submit their completed order.
Exhale receives a unique transaction code which appends to the order confirming that the payment has been made successfully. An icon within the order identifies the method of payment that has been used for that order.
At the appropriate point during a telephone order the Exhale agent uses a highly secure online Paypal terminal to process the payment that is due.
The User is asked to speak their card details to the Exhale agent who types them into the Paypal terminal. Those numbers are immediately replaced on the agents' screen by an asterisk (eg a full card number looks like this: **** **** **** ****). The agent asks for the expiry date and the 3 digit security code and for the User to confirm the Post Code of the card Billing Address.
When payment is confirmed by Paypal, the agent returns to the Site to confirm that payment has been verified and to submit the order.
Exhale Cigarette Ltd. never write down card details during a call, and we never store any User payment information.
Paypal Legal Documentation
Requested Data & How it is used
Scripted forms are used when a User registers to hold an online account with Exhale. Forms are also used during the ordering process or when a User uses the Contact Form.
Regardless if the User checks out s a Guest or is a registered customer personal identification data is gathered.
Exhale uses a Users’ personal information not only to provide supply of goods however, it is important to note that Exhale does not share a Users' Personal Identification data to any outside party except as is necessary to provide the service a User has purchased.
In the supply of goods Exhale will supply a User identity information only to the courier (Royal Mail) transporting that order to the supplied shipping name and address.
For further information about third parties please see the heading Third Parties further on in this document.
As well as for the purposes of supply of an order Exhale uses data supplied by a User for the following purposes:
- To improve its customer service
Your information helps us to more effectively respond to your customer service requests and to support your needs.
- To personalise User experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site. In this way we are using data to allow us to analyse our performance and improve the way in which we provide service.
- To improve our Site
We continually strive to improve our website offerings based on the information and feedback we receive from you, our customer.
- To send periodic emails as appropriate, according to Consent (see NOTE).
The email address a User provides for order processing, will be used to send them information and updates pertaining to the order.
User data may also be used to make or respond to an enquiry or other requests relating to an order or to respond to a query made via our online Contact Us form, or during/after a Live Chat.
Requested data may also used to reply to an email sent to us directly or through the Site "Email Us" link
NOTE: A User will only receive email if they have Opted in to give their express consent.
By contacting Exhale by email, or the use of a Contact Us form or Live Chat a User is implicitly giving their permission for us to make respond as appropriate.
When placing an order a User must accept Exhale's Terms and Conditions & give consent to receive order update emails.
Permission for Exhale to send a newletter, company service updates or special offer emails must be given by means of Opting in. During initial registration permission is requested as part of the scripted form. Permissions can be altered, given or withdrawn at any time by:
- clicking unsubscribe within an email they have received
- writing to support @exhalecigarette.co.uk
- visiting their account : https://www.exhalecigarette.co.uk/account
About Acquired Data & How it is used
To run its online store Exhale uses an eCommerce solution (Big Commerce). This is a fully integrated, highly secure system through which we manage all administration of our business. This system allows us to create product listings and manage inventory, to design webpages and populate our website with it with content. It provides the platform though which customers can register for and manage their accounts and through which Users can place their orders. Behind the scenes the system also allows us to manage the processing of all orders through our warehouse all the way to dispatch.
All data required by our business is managed and stored within this eCommerce platform. It is intricate, highly intelligent and secure.
Staff members and company appointees requiring access to the system can access it only via their sign in protocol with encrypted password-protected login and their access is assigned permissions allowing them only to access the part(s) of the system necessary and relevant to their specific job role.
eCommerce system are powerful tools which allow the automation and streamlining of many processes. They also allow for the data stored on them to be examined not only in real time but historically too. Data is used to identify trends, to create reports used to form strategies that allow for management and future business growth.
When any work is done data is gathered via a set of scripted forms which standardise how data is collected. The same if true for creating a product as it is to a customer opening an account of placing an order.
Each newly created order is automatically assigned with the next in line sequential number creating a record in which is stored various data. This is a mix of both consensual requested data as well as “invisibly” collected gathered data. This record becomes part of a customers' order history as well as Exhale's business history, used to help manage Exhale as a company.
In detail, the following is data requested/gathered during an order regardless of whether that order is placed online by the User or with a telephone agent during a call :
- for as Customer User ID to log into the store account at: https://www.exhalecigarette.co.uk/login
- to communicate status updates. Automatically generated email notifications are issued to the customer which have been triggered at specific progress events
- an alternate secondary method of communication and a means to correspond where we have failed to make telephone contact in the event of there being an order query that needs to be resolved before an order can be completed.
First & Last Name
- for identity during an incoming or outgoing customer service telephone call.
- the correct method of greeting/salutation printed onto the dispatch note and package label
- the correct method of greeting/salutation in an email communication.
Company Name (if applicable).
- this is an optional field on our online order or registration forms. It is mainly used by business’s customers to whom we are the Wholesaler.
- House/ Building Number, House/Building Name, Street, Suburb,Town, City, County & Postcode
- used during transaction processes. This information is used to safeguard & protect from identity theft and/or credit card fraud.
- House or Building Number, House or Building Name, Street Address, Suburb,Town, City, County & Postcode
- used for addressing outgoing packages/orders to ensure that they are delivered at the intended destination
- used by Royal Mail for tracking & delivery purposes.
- used for customer service to make an outgoing call to discuss an order issue. Telephoning is our preferred method of communication and is used to make an outgoing call in the event there is an order query. This allows us to avoid delay in dispatch/delivery.
- A list of products & quantities thereof that are required
Date and time stamp - this is the system time of the placement of an order
- This data is used to sort orders into precise chronological order.
- Could be used by the police during criminal investigations identifying criminal/ fraudulent activity
- Used by web technicians and IT departments, in the event of a system failure or a glitch a time stamp can useful in pinpointing when and how an issue occurred.
- Business analysis
Method of payment - this is automatically added based on the payment method chosen by a customer.
- We can accept either Paypal or Credit/Debit Card payments. An icon identifying payment type is marked inside of the order.
- There is also a unique transaction ID - This data is used to identify and monitor in the event of fraudulent, criminal activity.
- Exhale integrates with Paypal for card and PayPal payments.
- Paypal uses advanced encryption technology to ensure that both User & business data is secure from end to end
- Paypal monitors its systems 24/7 guarding Users and business from fraud, identity theft, scams & phishing,
Device IP address
- This data is used by the eCommerce system to verify the location on the customer to safeguard against fraudulent activity.
- During a telephone order the IP address data captured will be that of the agent taking the call.
System/device operating system used to place that order (Window, Apple Mac, Mobile Phone, Tablet).
- This data is used for business analysis purposes.
- During a telephoner order the System/Device data captured will be that of the agent taking the call
User order History
A registered customer can review their order history at any time from https://www.exhalecigarette.co.uk/account.php?action=order_status
Historical order data is or can be used to:
- identify products previously ordered can assist in the case of a return request as, under Exhale’s terms and conditions of sale, are time sensitive.
- an ‘aid memoire’ allowing review of past purchases for example, if a product name is forgotten, or to cross reference a model number helping to ensure that an accessory is correct, the same, compatible, or as a point of interest, to see how long an item has been in use.
- By the same token checking back to a product name may help the avoidance of a purchase that was unhappy such as a dislike of a flavour.
- Business analysis purposes
Exhale keeps order history records for minimum of 6 years before it is deleted from our system. This is used for record checking if required by inland revenue.
The User is taken through a series of scripted forms. During a telephone call a new client may request an online account. The same form set is used.
- Used for Account ID, Sign on and for correspondence/notifications etc (dependant on consents given.
- This is Encrypted. If a password is forgotten Exhale cannot retrieve it. A password would have to be reset by the user. After clicking on I’ve Forgotten My Password, the customer enters their registered email address after which a re-set link is sent via to that User’s email address.
- A telephone agent would set up a temporary password.The new User will later use the I’ve Forgotten My Password to perform a password reset privately for when they wish to order online.
- Used for salutation on an outgoing package as well as during any telephone call.
- Used for salutation on your outgoing package as well as during any telephone call.
- Used to make contact as appropriate such as in the event of an order query. Helps to prevent delays in order dispatch.
- This is an optional field most used by business wholesaler account clients or by Users who may have their order delivered to their place of work.
- This MUST be the same address as that to which the payment source is registered. Any attempt to pay with the incorrect access used here will not go through. The order remains unpaid and will not be processed.
- This is the address to which the goods are to be delivered.
Data Driven Service & Performance
At its simplest, data accumulated and stored is made useful to a customer who wants to order “what they had last time”, or a part to fit a product they have but do not know the specifications for, or it is used if a return is requested which for example must be made within a specific time period. In this way having personal identifiers attached to an order allows fast investigation so that past purchases can be recognised, reordered to parts purchased for it.
Other non identifying data allows Exhale to analyse performance or sales which provides a valuable insight which helps us to plan for the future and to make knowledge based purchasing decisions while monitoring of current trends helps us to shape future growth and development within the business.
Your Data, Third Parties, & Consent - Exhale’s Commitment to Protect, Respect, Consent
No matter what the data is, Exhale practices appropriate collection, processing, storage and security measures protecting against unauthorised access, alteration, disclosure or destruction of data information on the Site.
Your personal identifying information is available only to Exhale Cigarette Ltd. staff as necessary within the scope of their job role with the following exceptions.
As part of the provision of our services as an online retailer and wholesaler of vaping products it is necessary for us to share/disclose personal customer data/identifying information to a third party who is acting as courier. The courier we use is Royal Mail. The specific data we share with them is taken from the shipping detail section of an order as follows: name, company name (if applicable) and shipping address.
All sensitive & financial transactional data exchange between the Site and its User occurs of an encrypted over a SSL secured communication channel and is protected with digital signatures.
Your acceptance of our terms and conditions which we request each time you place an order with is during checkout gives your express consent to share the personal identifying details as specified.
Exhale does not, has never, will never sell, trade, or rent our Site Users ‘personal identification information to any third parties (except where this is appropriate to the provision of our service as described above).
We may share generic aggregated demographic information that is not linked to any personal identification information regarding visitors and Users with our business partners, trusted affiliates and advertisers for the purposes outlined.
We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys.
We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Our Site may use "cookies" to enhance User experience. Browser cookies are small amounts of data that are saved into the Users own web browser. One of their uses is to make it easier for a returning User to log in by automatically pre-filling the log in (sign in) box with their email address. They are also used to track a Users' surfing habits when on the Site and are used for analysing store performance. As an example of how we use a cookie to enhance your experience; the system is able to “remember” what products have been added to a shopping cart which allows the products to remain in your cart until you have passed through checkout no matter if you have left the store and come back to complete your shop on another day.
If you do not wish to accept cookies please be aware that some parts of the Exhale Site may not function properly.
Links to Exhale from another website
Where a User has arrived at www.exhalecigarette.co.uk during the course of their interaction with another website, Users should note that their online activity while on the originating website is subject to that website's terms and policies.
Also of note is that Exhale has no control as to the content, or the way links to Exhale appear on other websites.
We are not responsible for the practices employed by any other website who may provide a link(s) that bring Users to our Site.
Links From Exhale to a Third-Party Websites
During the course of browsing the Site Users may find a link(s) to third party website. Most often they will appear within a blog article or might be provided within our help pages where we have identified another website as having additional/better or more in-depth information than we can provide, or we may add it to give accreditation where we have obtained or quoted information from that other site.
Exhale is responsible only for the content and practices on its own Site. It cannot control or be held responsible for the content that a User might see on another website even if a User has arrived there after using a link we have given in an article. While we will have tested a link when we gave it, Users should be aware that online content is subject to change and therefore the text/subject our link pointed to may have been replaced with something else entirely.
Protection for those who are Under 18
No part of the Site has been structured to attract anyone who is below the age of 18. As standard we have a pop up which asked all users who visit the Site to verify that they are over 18 when they open the first page they land on during any visit to the Site. This pop up repeats at every new visit to the site no matter if the age of consent has been verified before.
Under The Tobacco Products Directive (TPD)/EuropeanTobacco Products Directive (EUTPD) (2014/40/EU) it is unlawful to sell or supply any vaping product to an individual who is under the age of 18.
Exhale has not and will never will sell or supply products to a User under the age of 18. Even if a person falsely verifies themselves as being over 18, part of the financial transaction cross checks to verify a person’s age and a transaction attempted by a person under 18 will not be accepted.
Your Right to Control
Registered customers can log in and view, amend or edit their personal data and consents online at any time from the Manage My Account section. Follow: https://www.exhalecigarette.co.uk/account.php
Should you wish to view the data we hold for you as a registered User you can log in and go to Manage My Account. Using the link provided where Users can access and amend personal details and view accumulated order history.
Data or Account Deletion
If you would like your account and its data to be removed from our system you can write and ask us to delete your account.
Users requesting deletion should note that deleting an account will also delete order history which cannot be recovered.
The GDPR regulation requires that email cannot be sent to a User without that User having expressed explicit consent.
Users may Opt In or Opt Out ensuring that they receive only email that is beneficial to them at any time and maintain control of this by
Exhale’s Email Types & When They Are/Would be Issued
Order Update Emails
Order Status emails are automated emails triggered at specific points during the lifetime of an order.
Order Status Awaiting Fulfilment - Order Acknowledgement
- Formal acknowledgement of an order being successfully accepted on our system. It will be triggered only if our eCommerce system has received confirmation from Paypal that a payment is complete.
- It provides the assigned unique order identifying number
Order Status Awaiting Fulfilment - Payment Receipt
- This is an electronic receipt of payment, thanking you for your prompt payment. This is triggered as the transaction number data is recorded within order.
Order Status updated to Awaiting Shipment.
- This email confirms that your order is now in the process of being picking, checked and packaged. It is triggered by Exhale staff printing the documentation for that order (picking note, delivery note, package/shipping label
Order Status Updated to Shipped or DS-Shipped*
- Confirms dispatch & contains the Royal Mail Tracking number to use at www.RoyalMail.Com/Track-Your-Item
- *DS-Shipped indicates that the order (or part of it) is being shipped from a holding warehouse.
Another email associated with an order and which is not automated would be sent by a member of Exhale staff if a telephone call that has been attempted to discuss an order query (such as to ask if a substitution is acceptable) had been unsuccessful.
Users are Opting In to receipt of these emails by accepting our Terms and Conditions at the time an order is placed.
Special Offers, Related Products, Service Updates, Newsletters
A User can choose to receive email that does not relate strictly to an order and while these communications do not advise an order status they might still be considered relevant or important to an individual. Email of this kind can be opted into or opted out of at will either during the registration process when signing up for a customer account, or by either clicking the unsubscribe link provided in an email or by writing to us at [email protected]
Special Offers/Related Products Emails:
News of flash or planned sales, discount codes, product promotions, add on offers or information about products that are related to an item(s) that has been recently purchased (such as accessories). By OPTING OUT Users may missing money saving deals.
Service Updates Emails:
Information relating to or about change &/or discussing the likely impact of forthcoming change. A good example of this is in the information we provided during the months leading up to, during and after the passing of the Tobacco Products Directive legislation.
Or, we might want to advise of major change being made to our website or business such as a new layout/redesign.
Or it might be urgent information such as to provide knowledge/explanation about of issues affecting normal business - this might be to advise on unavoidable interruption to service such as adverse weather causing delay to dispatch and delivery.
Or it might be advance notices about a planned, temporary closure such as would be necessary if our website needed to go offline for a planned period of time or if our warehouse needed to be closed for planned major works.
Or advanced Notification of upcoming changes to pricing such as to give warning of a shipping rate increase.
By OPTING OUT a User would not be aware of this kind of change or issue and therefore may be affected when they wished to place an order, and were faced with an insurmountable or unexpected issue.
This would be company news, to advise of new product lines, to send general editorial articles, blog , social engagement through competitions, polls etc. By OPTING OUT customers are choosing not to be engaged with Exhale in any other business excepting that of placing and receiving their order.
We encourage Users to regularly check this web page in order to stay informed about how Exhale are working actively to protect the personal information we collect.
Your acceptance of these terms
If you do not agree to this policy, please do not use our Site.
Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Exhale Cigarette Ltd.
Telephone: 01726 219066
Email: [email protected]
Correspondence Address: Exhale Cigarette Ltd. 4 Wesley Yard, Newquay, Cornwall, TR7 1LB
Registered Company Address: Exhale Cigarette Ltd. 7 Chesterton Place, Newquay, Cornwall, TR7 2RU