HiVapes

Privacy Policy

Last updated: May 2026

1. Who We Are

HiVapes ("we", "us", "our") is a UK-based online retailer of vaping products. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or place an order with us.

2. Information We Collect

We may collect and process the following personal data:

  • Identity Data: Full name, date of birth (for age verification).
  • Contact Data: Email address, phone number, delivery address, billing address.
  • Financial Data: Payment card details are processed securely by our payment provider and are not stored on our servers.
  • Transaction Data: Details of products purchased, order history, and payment records.
  • Technical Data: IP address, browser type, device information, and browsing behaviour collected via cookies.
  • Marketing Data: Your preferences for receiving marketing communications from us.

3. How We Use Your Data

We use your personal data for the following purposes:

1

Order Fulfilment — Processing, shipping, and delivering your orders.

2

Age Verification — Confirming you meet the legal age requirement of 18+.

3

Customer Support — Responding to enquiries, returns, and complaints.

4

Legal Compliance — Meeting regulatory obligations under UK law.

5

Marketing — Sending promotional offers (only with your explicit consent).

4. Legal Basis for Processing

We process your data under the following legal bases as defined by UK GDPR:

  • Contract: Processing necessary to fulfil your order.
  • Legal Obligation: Age verification and compliance with TRPR.
  • Consent: Marketing communications (you can withdraw consent at any time).
  • Legitimate Interest: Improving our website, fraud prevention, and analytics.

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Courier and delivery partners for order fulfilment.
  • Payment processors for secure transaction handling.
  • Age verification service providers.
  • Law enforcement or regulatory bodies when required by law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Order records are retained for a minimum of 6 years for tax and accounting purposes.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your data.
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.
  • Right to withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@hivapes.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Security

We use industry-standard security measures including SSL encryption, secure payment processing, and access controls to protect your personal data. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Contact Us

For any privacy-related enquiries, please contact our Data Protection team at privacy@hivapes.co.uk