VUSE SOUTH AFRICA PRIVACY NOTICE
Make sure you don’t miss out on our subscription pricing.
Don’t forget, if you can always change the flavours you receive each month.
Welcome to Vuse. This Privacy Notice explains what we do with your personal information when you are visiting www.vuse.com/za (“Website”) or making a purchase on the Website, or engage with us over the phone. It describes how we collect, use and process your personal information, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your rights.
This Privacy Notice applies to the personal information of our consumers. If you are not a consumer, please contact us and we will advise you of the applicable Privacy Notice for your situation.
For the purpose of applicable data protection legislation British American Tobacco South Africa (Pty) Ltd, whose registered office is at 3 Dock road, Waterway House, V&A Waterfront, Cape Town, South Africa, 8000 and our affiliate Twisp (Pty) Ltd whose registered office is at 3 Dock road, Waterway House, V&A Waterfront, Cape Town, South Africa, 8000 (“we”, “our” or “us”) are the ‘controllers’ of your personal information. This means we decide why and how your personal information is used and are responsible for protecting it. Please refer to the end of this notice for our contact and company information.
We may amend this Privacy Notice from time to time. Please visit this page regularly as we will post any changes here. Where appropriate, we may also notify you of the changes by email. Please see further the section Changes below.
If you are dissatisfied with any aspect of this Privacy Notice, you may have legal rights which we have described below where relevant.
1. INFORMATION WE COLLECT ABOUT YOU
When you use the Website or interact with us offline we collect and use information about you in the course of providing you with our products and services and with customer support. We may collect some or all of the information listed below to help us with this:
- information that you submit online via the Website or give to us by phone, including your name, contact details, identity number, date of birth, age, your vaping history and preferences, login credentials and bank details. We collect this in a number of ways, including when you register for an account with us, participate in a promotion or competition and/or make a purchase online or offline;
- information that you submit via any contact forms on the Website and any correspondence we have with you over email or phone or via the webchat function on the Website;
- details of transactions you carry out or orders you place through the Website, or by phone or in-store;
- details of your marketing preferences;
- extra information that you choose to tell us; and
- technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Some of the personal information we collect from you are required to enable us to fulfil our contractual duties to you or to others. For example, when buying products from us, we need to collect your financial bank details in order to be able to process your payment and we need to verify your age to comply with laws that apply to us. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal information in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship with you.
For details of the legal bases that we rely on to be able to use and process your personal information , please see Our legal basis for using your information.
2. HOW WE USE YOUR INFORMATION
Use of your information
We use your information in the following ways:
- to carry out our obligations arising from any contracts with you when you make a purchase on the Website or by phone and for billing and delivery purposes;
- to ensure that the Website’s content is presented as effectively as possible for you;
- for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services;
- to notify you about changes to our services;
- to provide you with information about products or services that you request from us, or which we feel may interest you (where necessary, after obtaining your consent) – see details below;
- to tailor and personalise the marketing communications we send you. For example, we may send you marketing information at times such as your birthday;
- to create reports to assist with future marketing;
- to verify your age (please see below for further details);
- to authenticate you when logging into your account (if you have created one) and to allow you to register for other websites and services we or our BAT entities operate to make those registration processes more convenient for you;
- in the rare event that we stop providing the Website, to move and combine your personal information held within our databases relating to the Website with those of another similar or related online service (whether a Website or App) that we or one of our BAT entities operate. If we do so we will always email you to inform you of these changes in advance;
- to provide you with customer support, respond to your queries and resolve your complaints; and
- to enable you to participate in competitions or promotions we offer and to enable us to administer the competition or promotion, including responding to communications from you and contacting winners;
- to enable you to participate in the features of the Website, when you choose to do so.
As this Website relates to vaping and vaping products, we must ensure that all users are aged 18 years or over.
In order to enable us to do this we will require certain information about you. Our double age gate on site entry will require that you enter your date of birth and confirm that you are either under or over 18 years of age.
On delivery of any of our vapour products, the delivery partner will request that you verify your age by showing either an ID or driver’s licence.
In some cases, we may need to ask for further information in order to verify your age. If this is necessary, we will contact you to explain why.
We may collect your preferences to receive marketing information directly from us by email in the following ways:
- if you register for an account on the Website, we will ask you if you would like to opt in to receive marketing information directly from us;
- when you make an in-store purchase and request to receive your receipt via email, in that email, we will ask you if you would like to opt in to receive marketing information directly from us;
- if you click on the link on our Website to sign up to our newsletter; or
- if you place an order using the Website we may contact you with marketing information, except where you indicate you would prefer otherwise using the option we provide at the time.
If you do not complete a purchase and have not indicated that you would prefer otherwise, we may send a reminder to you about your incomplete purchase or ask why you did not complete the purchase so that we may better refine the service we offer.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.
Use of non-personal information
We may monitor your use of the Website and record your email address and/or IP address, operating system and browser type for system administration and to report aggregate information to our advertising partners. The information we report to our partners is statistical information about our users’ browsing actions and patterns which does not identify any individual.
We collect non-personal aggregated statistics data about visitors to the Website and sales and traffic patterns. This information does not identify users in any personal capacity and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Website.
3. OUR LEGAL BASIS FOR USING YOUR INFORMATION
There are different legal bases that we rely on to use your personal information, namely:
Entrance into and performance of a contract – the use of your personal information may be necessary to enter into a contract or perform a contract that you have with us. For example, when you buy a product from us, we need to use your personal information to process your order, send you your product, and respond to any requests you may have. We also need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.
Consent – we will rely on your consent, in certain cases, to send you marketing communications. You may withdraw your consent at any time.
Legal obligation – as explained above, we have a legal obligation to ensure that we do not sell our vaping products to people under 18 years old. We need to carry out age verification checks in order to comply with this obligation. We also may need to use your information to comply with other legal obligations that apply to us.
Legitimate interests – we have a legitimate interest in using your information in the other ways described in this Privacy Notice, for example to improve and personalise our products, services, and the Website, and to conduct certain marketing and market research activities.
We may make automated decisions about you based on your personal information in the following circumstances:
- to select personalised offers, discounts or recommendations to send you based on your shopping history, Website browsing history, and other information you provide to us (none of these will have a legal or other significant effect on you); and
- verify your age when you attempt to enter the website (see the explanation above for further information about this).
4. SHARING YOUR INFORMATION WITH THIRD PARTIES
5. SOCIAL MEDIA PLATFORMS
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:
Pages. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, Twitter and other social media platforms. We also use the Page Insights service for Facebook and Instagram to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.
- Facebook uses this information to provide services to us and also for further processing for its own business purposes. We and Facebook are joint controllers of the processing involved in collecting and sending your personal information to Facebook using cookies and similar technologies as each of us has a business interest in Facebook receiving this information. You can find out more about these technologies by visiting our Cookies Policy. The services we receive from Facebook that use this information are delivered to us through Facebook’s Business Tools, which include Facebook Pixel, Facebook Social Plugins and Website Custom Audiences. These tools allow us to target advertising to you within Facebook’s social media platform by creating audiences based on your actions on our Website and applications and allow Facebook to improve and optimise the targeting and delivery of our advertising campaigns for us.
Our relationship with Facebook. As we are joint controllers with these platforms for certain processing, we and each platform have:
- entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above
- agreed that we are responsible for providing to you the information in this privacy notice about our relationship with each platform; and
- agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.
Facebook also processes, as our processor, personal information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing these platforms carry out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to them. These advertisements may include forms through which we collect contact information you give to us.
Further information. The Facebook company that is a joint controller of your personal information is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For further information regarding these platforms and their use of your personal information, please see facebooks privacy notice, controller addendum and help page.
6. WHERE WE STORE YOUR INFORMATION
Your personal information may be transferred outside of the Republic of South Africa to the third parties described in Sharing your information with third parties.
We want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer data outside of the Republic of South Africa where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of an intra-group agreement between BAT entities;
- to countries that have equal or better data protection laws in place;
- by way of an agreement with a third party incorporating strict data protection and security clauses;
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
- where you have consented to the transfer.
Where we transfer your personal information outside South Africa and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Notice. You can ask to see these by contacting us using the contact details below.
7. HOW WE SAFEGUARD YOUR INFORMATION
We care about protecting your information. That‘s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal information.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by contacting our Information Officer on the details provided at the end of this notice.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to the Website and any transmission is at your own risk.
The Website may from time to time contain links to and from other websites. If you follow a link to any of those sites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those sites.
8. YOUR RIGHTS
You have a number of rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. We will endeavour to respond to you as soon as is reasonably practicable and in any event within any time limits stipulated by law. In some instances, we may be able to charge a fee for responding to your request and will advise you of this and any applicable amount prior to responding.
You should be aware that certain information is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege.
You should also be aware that in some instances, if you do not provide information or you exercise any rights regarding the deletion or restriction of your information or object to the processing of your information or withdraw consent, we may not be able to process your order for products sold via the Website, process your job application or engage you as a supplier.
Right to object
This right enables you to object to us processing your personal information for direct marketing purposes or where we have relied on the justification that our processing protects your legitimate interest or our own or a third party’s legitimate interest. If you wish to exercise this right, you must submit your request in the prescribed form (Form 1 of the Regulations to POPI) to the email address stated below.
Right to withdraw consent
Where we have obtained your consent to process your personal information for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
To withdraw your consent to marketing communications, please use the unsubscribe tool in the relevant communication or update your preferences in the account section on the Website.
Right of access (Data Subject Access Requests)
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
If you would like to request access to your information, it would assist us with dealing with your request if you could use the subject heading ‘Data Subject Access Request’. You are also required under the Promotion of Access to Information Act to submit your request in the prescribe Form 2 of the Regulations thereto.
Right to correction, destruction and/or deletion
You have the right to request the correction or deletion of your personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully. You furthermore have the right to request that we delete or destroy personal information that is no longer necessary for us to retain.
If you wish to rectify, erase or restrict the processing of your personal information exercise any of these rights, you must submit your request in the prescribed form (Form 2 of the Regulations to POPI) to please contact us at the email address stated below.
We would only be entitled to refuse to comply with your request in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request we will take all reasonably practicable steps to delete the relevant data.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
You can access and update certain parts of your information by logging into your account on the Website.
Right to complain
You have the right to lodge a complaint with the Information Regulator. You can contact them in the following ways:
The Information Regulator (South Africa)
316 Thabo Sehume Street,
Tel: 012 406 4818
Fax: 086 500 3351
How to exercise your rights
If you would like to exercise any of these rights, please contact us on the details provided under How to contact us. Please note that we may keep a record of your communications to help us resolve any issues that you raise.
We may make changes to this Privacy Notice at any time by posting a copy of the modified notice on the Website or, where appropriate, by sending you an email with that notice. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Website, whichever is the earlier.
10. HOW TO CONTACT US
If you have any queries about this Privacy Notice, including your rights in relation to your personal information , please contact the Head of Compliance by post or by email at:
British American Tobacco South Africa (Pty) Ltd,
3 Dock road,
When contacting us by email or post, please use the subject heading ‘Data protection query’ so that we can direct your query to the appropriate department and deal with it promptly.