Welcome to NYTE. This Privacy Notice explains what we do with your personal information when you are visiting our website and social media pages, making a purchase on the website, and when you are interacting with us offline at one of our events. It describes how we collect, use and process your personal information, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your rights.
This Privacy Notice applies to the personal information of our consumers customers. If you are not a consumer, please contact us and we will advise you of the applicable Privacy Notice for your situation.
We work with other, more independent, organisations in connection with some of the processing activities described in this notice, such as social media platforms and our group companies. Where that information is collected and sent to other organisations for processing that is in both our and their interests, we will be making decisions together in relation to that particular processing and will be ‘joint controllers’ with the organisations involved. As joint controllers, we and the other organisations involved in making these decisions will be jointly responsible to you under data protection laws for this processing. In other circumstances, the organisation receiving your information will be separately responsible to you and use your personal information in the ways described in its privacy statement (and not ours).
We may amend this Privacy Notice from time to time. Please visit this page regularly as we will post any changes here.
CONTENTS
- Information we collect about you
- How we use your information
- Verifying your age
- Marketing
- Use of device and software usage information
- Cookies
- Automated decision-making
- Sharing your information with third parties
- Events
- Social Media Platforms
- Where we store your information
- How we safeguard your information
- How long we keep your information
- Your rights
- Changes
- How to contact us
- INFORMATION WE COLLECT ABOUT YOU
When you use the Website or interact with us offline we collect and use information about you in the course of providing you with our products and services and with customer support. We may collect some or all of the information listed below to help us with this:
- Information that you submit online via the Website, including your name, contact details, social media handle, date of birth, age, your vaping history and preferences, your subscription history, login credentials (including login credentials that you have instructed third parties to send to us) and bank details;
- Information that you submit via any contact forms on the Website and any correspondence we have with you over email;
- Details of transactions you carry out or orders you place through the Website;
- Details of your marketing preferences;
- Details when you enter a competition or prize draw, including any personal information contained in the entry itself;
- Information required for the fulfilment of a prize from one of our competitions; such as in order to attend an event or receive your prize at your preferred address;
- Your social media handle, any information you post on our social media pages or posts in which you include a hashtag or mention relating to us and information regarding your activities on our social media pages generally (for example, the time and date of your posts);
- Details we collect relating to our loyalty programme including points for when you purchase our products and points usage history;
- Additional details that you provide at one of our events, including images, information provided in surveys and the last four digits of your current valid personal identification;
- Interest-based groups, including those we create or use from social media or other sources, to understand our audience and which we use to send the more relevant and targeted communications;
- Extra information that you choose to tell us;
- Details of any adverse reaction on incident experienced whilst using our products that you disclose to us over email;
- The content of the reviews you leave of our products;
- Technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
We also automatically collect information about how visitors use our Website by using cookies and similar technologies if, where they are not essential to make the Website work, you have consented to their use. The data we collect automatically includes information, such as your IP address, pixel ID, device type, unique device identification number, browser type, operating system, broad geographic location and other technical information. We also collect information about how your device has interacted with our Website, including the pages accessed, current URL, time you visited the Website and links clicked. Collecting this information enables us to better understand the visitors who come to our Website, where they come from and what content on our Website is of interest to them. We use this information for our internal analytics purposes, and to improve the quality and relevance of our Website to our visitors.To learn more about how we use cookies and how to switch them off please see our Cookies Notice.
Some of the personal information we collect from you is required to enable us to fulfil our contractual duties to you or to others. For example, when buying products from us, we need to collect your financial bank details in order to be able to process your payment and we need to verify your age to comply with laws that apply to us. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal information in question and the legal grounds (i.e. the ‘lawful bases’) on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship with you.
We may receive personal information about you from third party data providers including your contact details and your status as a smoker or vaper. Where possible, we will contact you with details of the personal information we have received from such providers, together with that provider’s details.
- HOW WE USE YOUR INFORMATION
We may rely on consent to use your name and image for publicity purposes. For example, we may rely on consent to feature winners in advertising for future competitions or prize draws.
You may withdraw your consent at any time.
The use of your personal information may be necessary to perform a contract that you have with us or perform steps you request to enter into a contract. For example, when you buy a product from us, we need to use your personal information to process your order, to send you the product, for billing purposes and to respond to any requests you may have. We also need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.
We will use your personal information to comply with our legal obligations, including where the law requires us:
- to respond or assist the public authorities or the police and other criminal investigation bodies;
- to identify you when you contact us or to authenticate you when logging into your account;
- to verify the accuracy of data we hold about you;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request); and
- to carry out age verification checks (please see verifying your age for further details).
Where it is in your VITAL INTERESTS
We will use your personal information to notify you of any product safety or product recall issues.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue the following legitimate interests(whether ours, in connection with our business, or that of a third party), for the following purposes:
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns
- to communicate marketing information to you;
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to tailor and personalise our marketing communications based on your attributes;
- to identify and record when you have received, opened or engaged with the Website or electronic communications (please see our Cookies Notice for more information);
- to use mathematical and statistical methods to create information and offers customised for you based on your information, including by making predictions about your behaviour. This may include predicting your preferences, suitable product recommendations, your likelihood of making another purchase or your loyalty to a brand or product;
- to contact you in respect of providing your review of a recently purchased product of ours (including reminding you to provide such a review), in order to understand how our products are perceived;
- to contact you with targeted advertising delivered online through social media and other platforms operated by other companies, unless you object. You may receive advertising based on information about you that we have provided to the platform or allowed the social media platform to collect using cookies on our Website. You may also receive advertising because, at our request, the platform has identified you as falling within a group whose attributes we have selected as Segments (defined above) or a group that has similar attributes to the individuals whose details it has received from us (or a combination of the two).
Processing necessary for us to support Website visitors and customers with their enquiries
- to respond to correspondence you send to us and fulfil the requests you make to us relating to our products and services;
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
- to analyse, evaluate and improve our products and services so that your visit and use of the Website and social media pages are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
- to carry out (or instruct a third party to carry out on our behalf) market research and analysis (including contacting you with customer surveys) so that we can better understand you and your needs as a customer but only where we do not rely on your consent (i.e. during any period which the Website does not present you with an opt-in option for this purpose);
for product development and statistical and scientific research purposes;
to ensure that the Website’s content is presented as effectively as possible for you;
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
- to notify you about changes to our services;
- to administer the Website and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to correspond or communicate with you in relation to administrative, legal and business matters;
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies;
- for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services;
- in the rare event that we stop providing the Website, to move and combine your personal information held within our databases relating to the Website with those of another similar or related online service (whether a Website or App) that we or one of our BAT entities operate. If we do so we will always email you to inform you of these changes in advance; and to enable you to participate in the features of the Website, when you choose to do so;
- to assess and improve our service to customers through recordings of any calls with our contact centres; and
- for other general administration including managing your queries (including through social media), complaints, or claims, and to send service messages to you.
Processing necessary for the fulfilment of prizes and events
- to obtain your preferred delivery address, date of birth and contact details for the delivery of a prize you may have won from entering into one of our competitions;
- to obtain a copy of your government issued ID and contact details in order for you to attend an event you have won tickets to;
- to obtain any relevant health data from you which is required for the fulfilment of a prize or attendance at an event, to ensure required adjustments are made for you.
2.2 Personal information relating to your health
The details you provide to us relating to adverse reactions or incidents experienced whilst using our products will include personal information relating to your health. Such personal information is considered a ‘special category’ under data protection laws and as such, attracts a higher standard of care.
The purposes for which we use your Health Data and the lawful basis and conditions under data protection laws on which we rely to do this are explained below:
Where there is a LEGITIMATE INTEREST and it is necessary for SCIENTIFIC RESEARCH OR STATISTICAL PURPOSES
It is in our legitimate interests as a business and that of our customers (as well as in the substantial interests of consumers and the public generally) to ensure that we take every opportunity possible to improve the safety of our products and processes, including using the Health Data we receive.
Accordingly, we may process Health Data when conducting research and statistical analysis:
- to allow us to evaluate and improve the safety of our products
- to manage and improve our business processes from a consumer or public safety perspective (such as assessing whether a product needs to be improved or is faulty); or
- to assist you with any adverse reactions or incidents you may experience using our products (such as assessing whether a product needs to be improved or is faulty).
Where there is a LEGITIMATE INTEREST and it is necessary to ESTABLISH, BRING OR DEFEND LEGAL CLAIMS
It is in our legitimate interests to protect our business and our rights by establishing, bringing or defending legal claims where these relate to reports of adverse reactions or incidents that we receive.
Accordingly, we may process Health Data relating to adverse reactions or incidents at our events and to our products to allow us to establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- VERIFYING YOUR AGE
As this Website relates to nicotine and nicotine products, we are legally obliged to make sure that users paying by debit card only are verified on the Website and are aged 18 years or over. Failing age verification will mean you cannot complete a purchase.
In order to enable us to do this we will require certain information about you. This will then be passed to our service provider, who will check it against public sources of information to deliver confirmation, usually in real time.
In order to verify your identity, we may also require you to provide demographic information (such as your gender and birth date) and other personal information which may be used by us and our service provider to verify your details and may include your passport number or driving licence number. This information is checked against secure independent data sources, such as the electoral roll, in order to help verify your identity.
The verification process may include disclosing your information to third party data providers including credit reference agencies. The data providers may check the details supplied against any particulars on any database (public or otherwise) to which they have access for verification purposes.
Any verification check with a credit reference agency will be registered as an ‘unrecorded enquiry’ on your credit report. An unrecorded enquiry means that the search was not made for lending purposes and it is only included on your credit report so that you know the search was made. It is not visible to lenders so it does not affect your credit rating or score when you apply for credit. As part of this process, we will not receive any additional information from the credit reference agency about you.
In some cases, we may need to ask for further information in order to verify your age. If this is necessary, we will contact you to explain why.
- MARKETING
We may collect your preferences to receive marketing information directly from us by email or SMS in the following ways:
- if you register for an account on the Website, we will ask you if you would like to opt in to receive marketing information directly from us; or
- if you click on the link on our Website to sign up to our newsletter.
If you do not complete a purchase and you have opted-in to receive marketing information, we may send a reminder to you about your incomplete purchase or ask why you did not complete the purchase so that we may better refine the service we offer.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time.
- USE OF DEVICE AND SOFTWARE USAGE INFORMATION
We may monitor your use of the Website and record your IP address, operating system and browser type for system administration purposes.
We collect aggregated statistics data about visitors to the Website and sales and traffic patterns. This information does not identify users in any personal capacity and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Website.
- COOKIES
A cookie (and other technologies like pixels and beacons) is a small data file that is placed on your browser or the hardware of your computer or other device to allow a website to recognise you as a user when you return to the website.
We use non-essential cookies when you consent for us to do so and essential cookies on the Website. Please see our cookies notice for more information about the type of cookies and tracking technologies that we use on the Website and why, and how to accept and reject them.
- AUTOMATED DECISION MAKING
We may make automated decisions about you based on your personal information to verify your age when you attempt to buy nicotine products from us (see the explanation above for further information about this). We are legally required to verify your age in respect of the nicotine products we make available for sale.
We do not make any other automated decisions about you which have a legal or other significant effect on you.
- SHARING YOUR INFORMATION WITH THIRD PARTIES
We will share your information primarily to ensure that we provide you with the most exciting and up to date products. We may share your information with any of the following groups:
- any of our partner entities, where this is necessary, and in accordance with laws on data transfers;
- our payment providers when you make a purchase on this Website. Our payment processor operates a secure server to process your payment details. They encrypt your credit or debit card information and authorise payment directly. We only keep the last four digits of your credit or debit card in order for you to recognise and choose your payment method without having to type in payment details each time;
- tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- lawyers who provide us with legal and regulatory advice;
- external consultants who provide industry insights, market research and technical support;
- auditors and accountants who prepare and examine financial records, assess financial operations and assist in becoming more efficient;
- IT technical support functions, IT consultants and third-party analytics service providers who carry out testing, research and development work on our business technology systems;
- third parties for the purposes of credit card clearance, credit reference, order fulfilment, delivery, customer support services and storage services;
- third parties, for the purposes of moderating and uploading online reviews of our products which you may from time to time submit;
- third party outsourced IT providers where we have an appropriate data processing agreement (or similar protections) in place;
- third party data service providers who help us to create Segments and understand our audience by providing additional information so that we can send the more relevant and targeted communications to you and other users;
- third party fulfilment partners for the purpose of delivering your prizes from any competitions entered;
- third party agencies for the purpose of arranging events and experiences that you may attend;
- social media platforms such as Facebook, Instagram, Twitter and Youtube (collectively “Social Media Platforms”);
- if an entity merges with or is acquired by another business or company in the future, we may share your personal information with the new owners of the business or company, as well as with any administrators or insolvency practitioners, where they are involved (and provide you with notice of this disclosure);
- if we have to share your information to comply with legal or regulatory requirements (for example, for age verification purposes), or if we have to enforce or apply our terms and conditions or any other agreements or to protect our rights, property or our customers, etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- EVENTS
We will process your personal information for events and experiences in the following ways:
(a) Attending an event. We use your personal information, including your home address, contact details, date of birth and government issued id in order to send you your tickets for the event. We may also share this information with our third party agencies who are organising the event.
(b) Attending an overseas event. We use your personal information, including your contact details, passport details, home address in order to arrange accommodation for you at an overseas location in order to attend one of our events or experiences. We may share this information with our third party agencies in order to make arrangements for your overseas stay.
(c) Attending an event that requires your health information. We use your health information such as any food allergies that you may have, so you may enjoy all elements of our events. We may share this information with our third party partners who are hosting the event in order to ensure that adjustments are made for you in accordance with any health requirements you may have.
- SOCIAL MEDIA PLATFORMS
We use a number of different social media platforms to communicate with you and to promote products and services. We process your personal information using these platforms in a variety of ways, as follows:
We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, Twitter and other social media platforms. We also use the Page Insights service for Facebook and Instagram to view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content. Where those interactions are recorded and form part of the information we access through these Page Insights services, we and the relevant platform are joint controllers of the processing necessary to provide that service to us.
We use cookies and similar technologies in our Website to collect and send information to Facebook about actions you take on our website and applications. In particular:
- Facebook uses this information to provide services to us and also for further processing for its own business purposes. We and Facebook are joint controllers of the processing involved in collecting and sending your personal information to Facebook using cookies and similar technologies as each of us has a business interest in Facebook receiving this information. The services we receive from Facebook that use this information are delivered to us through Facebook’s Business Tools, which include Facebook Pixel, Facebook Social Plugins and Website Custom Audiences. These tools allow us to target advertising to you within Facebook’s social media platform by creating audiences based on your actions on our Website and applications and allow Facebook to improve and optimise the targeting and delivery of our advertising campaigns for us.
As we are joint controllers with these platforms for certain processing, we and each platform have:
- entered into agreements in which we have agreed each of our data protection responsibilities for the processing of your personal information described above;
- agreed that we are responsible for providing to you the information in this privacy notice about our relationship with each platform;
- agreed that each platform is responsible for responding to you when you exercise your rights under data protection law in relation to that platform’s processing of your personal information as a joint controller.
Facebook also processes, as our processor, personal information that we submit for the purposes of matching, online targeting, measurement, reporting and analytics purposes. These services include the processing these platforms carry out when they display our advertisements to you in your news feed at our request after matching contact details for you that we have uploaded to them. These advertisements may include forms through which we collect contact information you give to us.
The Facebook company that is a joint controller of your personal information is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
- WHERE WE STORE YOUR INFORMATION
Your personal information may be transferred outside of the UK and the European Economic Area (EEA) to the third parties.
We want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer data outside of the UK and EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of an intra-group agreement, incorporating the current standard contractual clauses adopted by the European Commission, the UK Information Commissioner’s Office or other competent body for the transfer of personal information to jurisdictions without adequate data protection laws;
- by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission, the UK Information Commissioner’s Office or other competent body for the transfer of personal information to jurisdictions without adequate data protection laws;
- by transferring your data from entities within the UK and EEA to entities in other jurisdictions by way of a valid international transfer framework;
- by transferring your data to a country where there has been a finding of adequacy by the European Commission, the UK Information Commissioner’s Office or other competent body in respect of that country's levels of data protection via its legislation;
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
- where you have consented to the transfer.
Where we transfer your personal information outside the UK and EEA and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Notice.
- HOW WE SAFEGUARD YOUR INFORMATION
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of your personal information.
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by contacting our Customer Services Manager using the details provided at the end of this notice.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to the Website and any transmission is at your own risk.
The Website may from time to time contain links to and from other websites. If you follow a link to any of those websites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those websites.
- HOW LONG WE KEEP YOUR INFORMATION
We will keep your information relating to orders you have placed with us as required by law or other regulation (for example, because of a request by a tax authority or in connection with any anticipated litigation).
We will store your personal information for as long as required by law.
When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems (either by erasing or anonymising that data). After that time, we may retain aggregated data (from which you cannot be identified) and retain it for analytical and statistical purposes.
- YOUR RIGHTS
You have a number of rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either: (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your personal information for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your personal information.