Subscribe to our emails
Access the latest product news and exclusive offers.
Ploom products contain tobacco and are intended for use by existing smokers aged 18 or over. Please note, we will need to confirm your age during the checkout process.
More information can be found here
Gallaher Limited (trading as “JTI UK”) is a company incorporated in England and Wales with company registration number 01501573 and whose registered office is at Members Hill, Brooklands Road, Weybridge, Surrey KT13 0QU England ("JTI”, “we”, “us”, “our”) are committed to protecting and respecting your data protection and privacy rights.
For the purposes of the UK General Data Protection Regulation, and any other applicable data protection legislation, the data controller is JTI.
3. YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
4. INFORMATION WE MAY COLLECT
Where you provide financial and credit card information on our Platforms, please note that we do not access or store this personal data. We use trusted third parties to process your payment and we have no access to your financial and credit card information.
We may collect personal data about you either directly from you or from other sources, in the following ways:
5. WHERE WE OBTAIN PERSONAL DATA DIRECTLY FROM YOU
You may give us information about you in a number of ways, including when you:
6. WHERE WE OBTAIN PERSONAL DATA FROM OTHER SOURCES
As well as obtaining personal data directly from you, we may also collect your personal data indirectly in the following ways:
If you have provided your personal data to marketing agencies, and in doing so consented to being contacted by third parties with information or products relevant to you, we may contact you if we feel we have a legitimate interest to do so.
7. INFORMATION WE RECEIVE FROM YOU AS PART OF THE AGE VERIFICATION PROCESS
We are legally required to verify your age. You will therefore be required to complete age verification process conducted on our behalf by a third party, GB Group plc, to prove to our satisfaction that you are at least 18 years old before you can order any of our products. Your personal data collected from you as part of this process is only shared with GB Group plc for the purposes of verifying your age.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you at the time.
8. LAWFUL GROUNDS AND PURPOSES FOR WHICH WE USE YOUR INFORMATION
We will only use your information where the law allows us to. Most commonly, we will use your information where we have a lawful ground to do so. In particular,
The above justifications of the uses of your personal data are known as “lawful grounds”. Note that we may process your information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Please note that we do not use any automated decision-making.
Purpose for processing
Legal basis/lawful ground for processing
It is necessary to process personal data to comply with our legal obligations to verify your age and only sell age restricted products to adults.
To comply with legal or regulatory obligations
We use personal data to process and discharge our contractual obligations to you as a buyer of our products, including fulfilling orders, sending receipts, processing payments and providing warranty services.
To perform the contract we are about to enter into, or have entered into, with you
Providing sales-related services including dealing with your queries and requests, general administration, troubleshooting and corresponding with you. We may also use your data for administering trial, warranty and loyalty programs.
Where the processing of your personal data is not necessary for performing our contractual obligations but relates to general customer and sales services, we have a legitimate business interest in providing sales-related services to our customers that is not overridden by your interest, rights and freedoms to protect information about you.
Market our products to you (where permitted by law) by email, direct mail, telephone, SMS or via social media, or through display pop-ups on other Platforms including:
We use this data on the basis that we have a legitimate business interest to market our products, to operate Platforms and micro-sites, and to customize your experiences, in these ways that is not overridden by your interests, rights and freedoms to protect information about you.
Market our products to you (where permitted by law) by email, direct mail, telephone, SMS or via social media, including:
We will process your data in this way if we have obtained your consent to do so.
You have the right to withdraw consent where we are relying on consent to process your data. You can do this by updating your contact preferences on your account or clicking the unsubscribe option on the communications you receive from us. If you withdraw your consent for us to contact you with marketing communications by a certain method you will no longer receive those communications by that particular type of communication. Please note that it may take up to 30 days for us to process your request.
Support for all the above purposes, including:
We use your data on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of our products; where we administer your account to show you our products, we are supporting marketing and so we use it on the grounds that we have a legitimate business interest to market our products that is not overridden by your interests, rights and freedoms to protect information about you, and so on.
Business analytics and improvements to allow us to inform you of potential opportunities to get involved in promoting our products or other services (where permitted by law).
We use it on the grounds that we have a legitimate business interest to assess and to improve our business performance, our products, Platforms and other touchpoints, to invite you to promote JTI products or services, where this is not overridden by interests, rights and freedoms to protect information about you.
9. MARKETING (WHERE PERMITTED BY LAW)
We will contact you only by electronic or postal means (e-mail, SMS or mail, as determined by you when you select your contact preferences in your account, sign up to our mailing lists or share your marketing preferences with our retailers and partners) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you.
If you have not purchased any products or services from JTI, we will contact you by electronic or postal means about goods and services we think that may be of interest to you only if you have previously consented to this.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic or postal means only if you have consented to this.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please ensure your Contact Preferences, in your account, are updated. If you wish to unsubscribe from our mailing list please use the “unsubscribe” button in the email, or if you have an account sign in to change your Contact Preferences. Please note that it may take up to 30 days for us to process your request.
10. LINKS TO OTHER WEBSITES
11. DISCLOSURE OF YOUR INFORMATION WITH THIRD PARTIES
We may share information about you with third parties, where required or permitted by law, including:
12. WHERE WE STORE YOUR PERSONAL DATA
Depending on the nature of the personal data and the purposes of data processing, the personal data we collect may be transferred from the UK to a third party country outside of teh European Economic Area.
Some of these third countries to which personal data may be transferred may not provide the same level of data protection as that provided in the UK. However, whenever we undertake such transfers, we ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the safeguards is implemented:
In some occasional circumstances, we may rely on a derogation to the data protection laws that apply to transfers of personal data to third countries. For example, if such transfers are based on your consent or necessary for the performance of a contract between us.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data to third countries.
If you want more information on where your data is processed, please use the Contact Us Form.
13. DATA SECURITY
Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access, and to prevent your information from being accidentally lost. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platforms. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
14. HOW LONG WE WILL KEEP YOUR INFORMATION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You can contact us and ask us for details of the retention periods for different aspects of your personal data in case you want to learn more.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
15. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your information, though these are subject to exemptions.
If you wish to exercise any of the rights set out above, please use the Contact Us Form, or write to us at Ploom Customer Contact Centre, or call 0800 876 6594.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
EFFECTIVE July 2021 v1.2