British American Tobacco HELLAS S.A., with registered office in Maroussi, Attica, 27 Agiou Thoma Street (hereinafter “ΒΑΤ” or “Company”), as Data Processor, wishes to inform its customers, whether current or future, regarding the purposes and the way of processing of their personal data:
The Company manages certain operations of the website via electronic platforms of associated third companies, where data are entered and kept of customers who place orders and complete their purchases online and provide their consent where required by the applicable legal framework for the purpose of receiving informative & promotional material and invitations to events and competitions.
Associated third companies, for the purposes of the General Data Protection Regulation (GDPR), as regards the specific operations they have undertaken in each case, act as data processors. For these operations, the Company remains responsible for the processing of your personal data and specifies the details of the processing, and has signed special contracts with the companies to which it has assigned the performance of processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any natural person can freely and without obstruction exercise his/her rights under the legal framework. The Company has legally ensured that the parties performing the processing on its behalf meet the requirements and provide sufficient assurances for the implementation of the appropriate technical and organizational measures, in order to protect your personal data.
CATEGORIES OF PERSONAL DATA COLLECTED FROM YOU
Depending on the circumstances we may collect some or all of the information listed below:
- Full name
- Invoice details (name of sole proprietorship company, professional activity, Tax Reg. No.), of our suppliers or customers in case of purchase of products from our physical stores network or from our website.
- Mail Address (which in case of an electronic transaction can be distinguished between shipping address and billing address)
- Characteristics of device which is the product of purchase or warranty (in combination with your other personal data)
- Date of birth
- Additional information which the customer or visitor of our website chooses to give us
We note in particular that the credit/debit card details potentially required for the completion of the online purchase are not stored in any database of our Company during the transaction, but are entered directly in a secure environment of the cooperating bank which is responsible for the confirmation and the general management of the financial transaction.
We collect the personal information you send us whenever:
- You place an order and make an online purchase, through our eshop that is available on our website;
- You purchase our products or repair your device in partner physical stores;
- You register your device on our website;
- You subscribe to our newsletter;
- You contact us by email, telephone or otherwise;
We may obtain data from other third-party sources, for example when our partners collect your data when you express interest in our products, or as mentioned above when you purchase products through our authorized partners, in the context of social or other promotional events, or when active customers recommend to us that we contact you, when we resolve problems related to the operation of the device or when you wish to receive information about our products.
The personal data we collect from you is necessary to allow us to fulfil our duties towards you or others. For example, when you make an online purchase you will be asked for information that is necessary for the conclusion and performance of the contract, while you may also be asked for information to facilitate the delivery of your order (e.g. shipping address). Also, when you subscribe to our Newsletter in order to receive email notifications, we must enter your email address, name and country of residence in order to be able to process your request. In addition, other information may be required to ensure the commencement and smooth development of our contractual relationship, such as your date of birth, in order to determine if you meet the legal requirements for nicotine use.
In the event that you refuse to disclose certain personal data to us, which are deemed necessary for meeting the purpose of the processing, we may not be able to provide the services you desire or we may not be able to satisfy a request you may have. We therefore inform you that the data relating to your identification, as well as your contact details are absolutely necessary and required for any transaction or contractual relationship with the Company. For details on the legal basis on which we rely to be able to use and process your personal data, please refer to the following section titled "Legal basis for processing".
LEGAL BASIS FOR PROCESSING
In accordance with European Regulation 679/2016 for the protection of personal data, there are specific reasons for which we may legally process your personal data. These reasons are:
When the processing of your data is done in the context of the provision of our services (sale, device warranty) and for the proper fulfilment of our contractual obligations.
For the purchase of our products with physical presence, from stores of our authorized partners, for the resolution of any problem you have encountered with your device, including the support of your device’s warranty, it is necessary to process your personal data, so that we can we complete your orders and offer support services for the products you have purchased. In the cases where you choose physical transactions, we can provide the above services to you through the network of our authorized partners’ physical stores.
When your data is processed for reasons of support and assurance of our legal interests
We can use your personal data when it is in our legal interest to do so, and such an action is not counterbalanced against any potential damage for you.
Indicatively, we process your personal data:
- So you can help us objectively evaluate and improve the products and services we offer. That's why we use your data (name, phone or email) to conduct customer satisfaction surveys or market surveys for the customers of Vuse.
- So you can help us better understand the needs of the visitors to our website and offer them information that is useful to them and the appropriate services.
- To ensure that our website works smoothly.
- So you can help us keep our systems secure and prevent any unauthorized access or cyber attacks
When you give us your consent to use your personal data
In specific cases, the processing of your personal data is carried out only after you have given your explicit consent. Failure to provide this information, however, will prevent us from processing many new opportunities for transactions and communication that we could develop, such as sending our newsletter to you so that you are the first to receive our offers and new services. Also, the non-consent by the user to receive personalized information prevents the improvement of our commercial offer and the sending of personalized updates relating to products and services of the user’s interest.
When you register on our website we ask for your consent so that we can process your data for specific purposes which are listed below indicatively. For any other activity of our company, which may emerge in the future and which relies on your consent, we will provide you with sufficient information before the start of the processing, so that you can decide whether or not you want us to process your data.
Specific cases where we will ask for your consent before using your data are indicatively: for sending invitations to events, newsletters, updates about our new products and special offers and for other promotions, which actions we will communicate to you using, either your e-mail or your mobile phone number (in case of sending SMS, Viber or by phone). We inform you that your consent statement is stored in our customer database and is our guide to the information you wish (or do not wish) to receive for all of our Company's products and services.
You have the right to withdraw your consent at any time. However, the withdrawal of the consent shall not affect the lawfulness of the processing based on the consent in the period prior to its withdrawal.
When the processing of your personal data is necessary in order to perform the contract concluded between us and to offer our services to you.
We process your personal data when you purchase our products online, through our eshop (www.vuse.com/gr), in order to prepare your order and send it to you to the address you wish. Therefore, in this context we process the data that you disclose to us and which are absolutely necessary for the conclusion and execution of the contract, while we may request additional information to facilitate the delivery of your order. We can also process your personal data when it is necessary in order to register your device on Vuse network of our company, in order to provide a warranty or when you wish to express any question or complaint regarding a specific product or service.
When the processing of your personal data is necessary in order to comply with the obligations imposed by law.
We are required to use your personal data when this is expressly mandated by a provision of the law or in the framework of regulatory compliance, for example the processing of your data for tax purposes.
PURPOSE OF PERSONAL DATA PROCESSING
Your personal data (first name, last name, e-mail address, telephone number, postal code, financial details, date of birth and, if you fill out survey questionnaires, the data provided in them) will be used in accordance with the principles of necessity, proportionality, lawfulness and transparency.
As regards the above purposes, your personal information is processed mainly electronically.
Your personal data is processed mainly electronically, for the following indicative purposes:
- a) Provision of services by physical transaction, or the execution of online orders for the purchase of products and the support of your requests: In order to help you complete your purchases through our eshop, to deliver your order, or to provide you with ongoing support with any problem you encounter regarding your device, we must process the personal data that you disclose to us, such as your name, your address, your date of birth, your contact details, etc.
- b) Newsletter when you agree to receive by email, telephone, SMS or Viber updates and news about BAT marketing initiatives, contests and other advertising and promotional materials. In addition, we will use your contact details to inform you about our promotional initiatives, invitation to events we organize, etc. for the development of our company's business activity.
- c) Creation of your consumer profile: with your prior consent, we process your personal data in order to collect consumer habits and send you personalized information.
When the processing of your personal data is based on the execution of the contract between us, your personal data are stored for as long as necessary for the execution of the contract or for as long as stipulated by law for the establishment, exercise, and/or support of legal claims under the contract.
For the purpose of product and services marketing activities, your personal data are kept until the withdrawal of the consent. You may withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing based on the consent given in the period prior to its withdrawal.
Personal information will be submitted to processing in accordance with applicable regulations and, in any case, in a way that guarantees their security and confidentiality, preventing their disclosure or unauthorized use, modification or destruction.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The Company uses third parties in certain cases that require the processing of your personal data.
The third parties involved in these activities are carefully selected, are specialised, competent, reliable and provide adequate guarantees as regards their compliance with the applicable data processing laws and regulations, including the security profile of such personal information.
The Company has appointed such third parties as Data processors or in each case has explicitly authorized them for the processing described in this statement. In addition, the Company has signed a contract that provides for the obligations imposed by the regulatory and national framework on the legal, transparent and secure processing of your data.
The Company will periodically check that third parties perform their respective duties and that they comply with the measures for the protection of personal information.
The Company cooperates with third companies, organized in a network of physical stores, in order to market its products to the physical market and to consumers who prefer physical transactions. When purchasing products, our authorized partners, resellers, process the personal data of our customers, in order to complete the purchase of products, or to resolve any problem the customer may encounter from the use of the device, or even to service the warranty of the purchased product, as well as to register on behalf of the Company the corresponding positive statements of consumers for receiving informative material through various channels, if the latter so wish.
In the case of an electronic transaction, the Company, in order to complete an online purchase through its website and to deliver the products to the customer, cooperates with third companies that forward, organize the order and invoice the products of the transaction, as well as with cooperating courier companies.
The Company may also forward your personal data to third parties, so that they are processed for the purpose of conducting market analysis and processing of data, statistical or targeted, for products that are for sale.
The Company may also provide access to your personal data to third party contractors for the purpose of technical support and maintenance of its database.
The Company may disclose your data, for processing and independent use, to other companies in the British American Tobacco Group based abroad, for the conduct of market analysis and processing, statistical or targeted, in relation to the products for sale by such third parties, and to identify promotional activities or offers.
You personal data will be forwarded outside the European Union only towards countries that guarantee adequate protection to the interested party based on a decision of the European Commission and/or in accordance with the adequate guarantees provided by EU Regulation 679/2016.
The Company may also disclose your personal information to public authorities, if required by laws, regulations, administrative or judicial measures, etc.
RIGHTS OF SUBJECTS - METHODS OF COMMUNICATION
We inform the user that the current European Data Protection Regulation and the relevant national legislation grant him special rights, including the right of access, correction, erasure, restriction, as well as opposition to the processing and transferability of data in accordance with Articles 13 to 22 of Regulation 2016/679 of the EU. More specifically:
Right to object to the processing:
This right allows you to object to the processing of your personal data when it is done for one of the following reasons:
- for the purposes of the legitimate interests we pursue
- to be able to perform a duty of public interest or
- for scientific, historical, research or statistical purposes.
Right to withdraw consent
If we have obtained your consent to the processing of your personal data for certain activities, you may revoke your consent at any time and we will stop processing your data for the purpose for which you consent, unless we consider that there is an alternative legal basis to justify the continued processing of your data for this purpose, in which case we will notify you of such processing.
For this purpose, you can send your request in writing to the E-mail: firstname.lastname@example.org. In addition, each advertising email has a link that allows you to disable the sending of our newsletters and other promotions.
You can ask us at any time for access to the information we hold about you in order to be fully aware and verify the lawfulness of the processing. Access to your information does not incur an additional charge, unless there is a specific situation which is set out in the Regulations. Where we are legally permitted to do so, we may reject your request. If we reject your request, we will respond to you with specific justification for the reasons of the rejection.
Right to erasure
You have the right to request that we erase your personal data in certain cases. The exercise of this right is justified in particular when:
- The data is no longer needed.
- You withdraw your consent for us to use your data and there is no other valid reason to continue
- The data has been processed illegally.
- It is necessary to erase the data in order to comply with our obligations under the law or
- You object to the processing and we are unable to prove compelling legal reasons for continuing our processing.
We may refuse to comply with your request for erasure only in limited cases by always explaining the reason, such as when a contract exists and is being executed between us.
When we comply with a valid data erasure request, we will take all reasonable steps to erase the relevant data.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal data in certain cases, for example if you dispute the accuracy of the personal data we keep about you or have objections to the processing of your personal data for our legitimate interests. If we have forwarded your personal data to third parties, we will inform them of your request to restrict the processing of your data, unless this is impossible or involves a disproportionate effort. In case of removal of any restrictions on the processing of your personal data, we will duly inform you in advance.
Right to correction
You have the right to request that we correct any inaccurate or incomplete personal data we keep about you. If we forward this personal information on to third parties, we will inform them of the correction, unless this is impossible or involves a disproportionate effort. In the event that we do not fulfil your request for some legal reason, we will respond to you and justify the reasons.
Right to data portability
If you so wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the information we keep about you to another third party. To be able to do this, we will provide your data in a widely used software format so that you can transfer the data. Alternatively, we can transfer the data directly on your behalf.
For any issue regarding the processing of personal data, you can directly contact the Data Protection Officer (DPO) PISTIOLIS-TRIANTAFYLLOS & ASSOCIATES LAW FIRM, ANDERSEN LEGAL, email: email@example.com
You can also contact us to submit questions or exercise your rights in the following ways:
- go to the CONTACT field of the page or
- by mail, at 27 Agiou Thoma Str., Maroussi, Attica, GR 15124 or
- By telephone, at 8005001450
We also inform the user that according to Article 77 of the EU Regulation, if you believe that the processing that relates to you infringes this Regulation, you have the right to lodge a complaint with the Hellenic Data Protection Authority:
- Address: 1-3 Kifissias St., GR 115 23 Athens, Greece
- Call Center: + 30-210 6475600
- E-mail: firstname.lastname@example.org