Gallaher Limited (trading as “JTI UK”) is a company incorporated in England and Wales with company registration number 01501573 and whose registered office is at Members Hill, Brooklands Road, Weybridge, Surrey KT13 0QU England ("JTI”, “we”, “us”, “our”) are committed to protecting and respecting your privacy.

This Privacy Policy ("Privacy Policy") (together with our Website Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the General Data Protection Regulation, and any subsequent data protection legislation, the data controller is JTI.

Questions, comments and requests regarding this Privacy Policy are welcomed and you can contact us using the Contact Us Form.

YOUR DUTY TO INFORM US OF CHANGES

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

INFORMATION WE MAY COLLECT

We may collect the following data about you, in the following ways:

Information you give us.

You may give us information about you in the following ways:

• When you register to be a member of our databases (e.g. in person or online);
• Purchase our products in a retail store or other unit that sells our products, or at an event organised by ourselves or one of our business partners;
• Use our website;
• Filling in forms on our site www.ploom.co.uk, our associated micro-sites;
• Register a device with us;
• Register to receive email alerts or marketing communications (where permitted by law); or
• Participate in surveys or (where permitted by law) competitions or promotions;
• Signing up to the 21 Day Ploom Trial; or
• By corresponding with us via our website, phone, e-mail, social media or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, enter a competition or survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number and financial and credit card information.

Information we collect about you.

With regard to each of your visits to our site and contact with us we may automatically collect the following information:

• Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, traffic data, browser plug-in types and versions, operating system and platform; and
• Information about your visit, including through the use of cookies and tracking technologies. Strictly necessary cookies will always be switched on and you may also enable additional cookies as well. For more information on cookies and how to accept or refuse cookies, please see our Cookie Policy here.
• any phone number used to call our Customer Contact Centre.
• Notes of conversations with you made in phone calls or using our Chatbot or Livechat or Trial SMSs;
• details of your visit to our website or telephone call (such as time and duration);
• details of your visit to a retail store or at an event, how frequently you visit, which areas you visit and for how long, and which purchases you make;
• Information concerning you and your account such as your profile, purchases made, feedback you have given and other sales data;
• Information collected for market research;

Information we receive from you as part of the age verification process.

We are legally required to verify your age. You will therefore be required to complete age verification process conducted on our behalf by a third party, GB Group plc, to prove to our satisfaction that you are at least 18 years old before you can order any of our products. Your personal data collected from you as part of this process is only shared with GB Group plc for the purposes of verifying your age. For more details on age verification process please visit

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you at the time.

Information we receive from other sources.

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive e.g. name and address).

If you have provided your personal data to marketing agencies, and in doing so consented to being contacted by third parties with information or products relevant to you, we may contact you if we feel we have a legitimate interest to do so.

USES MADE OF THE INFORMATION AND PURPOSES FOR WHICH WE USE YOUR INFORMATION

We will only use your information where the law allows us to. Most commonly, we will use your information in the following circumstances:

• Where we need to perform the contract we are about to enter into, or have entered into, with you
• Where we need to comply with a legal or regulatory obligation
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we require your consent to process your data.
• These are known as “lawful grounds”. Note that we may process your information for more than one lawful ground depending on the specific purpose for which we are using your data.
• Please note that we do not use any automated decision making.

Purpose for processing	Legal basis/lawful ground for processing
To comply with a legal or regulatory obligations  by verifying your age.	It is necessary to process this data to comply with our legal obligations to only sell age restricted products to adults.
to perform the contract we are about to enter into, or have entered into, with you including fulfilling orders, sending receipts, processing payments and providing warranty services.	We use this information to discharge our contractual obligations to you as a buyer of our products.
Providing sales-related services including dealing with your queries and requests, general administration, troubleshooting and corresponding with you. We may also use your data for administering trial, warranty and loyalty programs.	We have a legitimate business interest in providing sales-related services to our customers that is not overridden by your interest, rights and freedoms to protect information about you.
Market our products to you (where permitted by law) by email, direct mail, telephone, SMS or via social media, or through display pop-ups on other websites including: understanding your preferences (such as what products, website content or events may be of interest to you) and, where permitted by law, market to you. customizing your experience (for example, to personalize your visit to our website, such as with products, website content or events that might interest you) provide you with information about, and to manage, products and services, administer trial and loyalty programs invite you to participate in, and administer, surveys or market research campaigns for market research develop marketing strategies administer marketing campaigns	We use this data on the basis that we have a legitimate business interest to market our products, to operate websites and micro-sites, and to customize your experiences, in these ways that is not overridden by your interests, rights and freedoms to protect information about you.
Market our products to you (where permitted by law) by email, direct mail, telephone, SMS or via social media, including: to contact you regarding marketing relating to our products; to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you; to make suggestions and recommendations to you about goods or services that may interest you.	we will process your data in this way if we have obtained your consent to do so. You have the right to withdraw consent where we are relying on consent to process your data. You can do this by updating your contact preferences on your account or clicking the unsubscribe option on the communication. If you withdraw your consent for us to contact you with marketing communications by a certain method you will no longer receive those communications by that particular type of communication. Please note that it may take up to 30 days for us to process your request.
Support for all the above purposes, including: to administer this site, our systems and for internal operations, including troubleshooting, data analysis, testing, research and statistical purposes to measure or understand the effectiveness of marketing we serve to you and others (where permitted by law), and to deliver relevant marketing material to you where you have opted in to this; to allow you to participate in interactive features of our service, when you choose to do so; to improve our site to ensure that content is presented in the most effective manner for you and for your computer; to notify you about changes to our service, changes to our site or other changes which might otherwise affect you; and as part of our efforts to keep our site safe and secure; to enable you to remain logged in to sections of our websites or other micro-sites that are reserved for authorized users only, ) corresponding with you	We use your data on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of our products; where we administer your account to show you our products, we are supporting marketing and so we use it on the grounds that we have a legitimate business interest to market our products that is not overridden by your interests, rights and freedoms to protect information about you, and so on.
Business analytics and improvements to allow us to inform you of potential opportunities to get involved in promoting our products or other services (where permitted by law).	We use it on the grounds that we have a legitimate business interest to assess and to improve our business performance, our products, websites and other touchpoints, to invite you to promote JTI products or services, where this is not overridden by interests, rights and freedoms to protect information about you.

 

MARKETING (WHERE PERMITTED BY LAW)

We will contact you only by electronic or postal means (e-mail, SMS or mail, as determined by you when you select your contact preferences in your account or sign up to our mailing lists) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you.

If you wish to unsubscribe from our mailing list please use the “unsubscribe” button in the email, or if you have an account sign in to change your Contact Preferences

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic or postal means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please ensure your Contact Preferences, in your account, are updated.Please note that it may take up to 30 days for us to process your request;

You have the right to ask us not to process your personal data for marketing purposes. If you do not wish to receive marketing materials from us any longer, please update your contact preferences on your account.

LINKS TO OTHER WEBSITES

Our site may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and read the Privacy Policy applicable to the website in question before proceeding to use that website.

Please note that if you are using our Refer a Friend service, this is hosted on a separate platform and your data will be processed by Yotpo whose Privacy Policy can be found at https://www.yotpo.com/privacy-policy/  and https://smsbump.com/page/privacy-policy

DISCLOSURE OF YOUR INFORMATION WITH THIRD PARTIES

We may share your information with third parties in the following ways:

• We receive information from our website provider and their related third parties we may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with other third parties (including, for example, other JTI group companies, hosting providers, payment service providers, delivery providers, retailers, customer services providers, product assistants, loyalty and review platform providers, information services providers, age verification providers, events organisers, consumer feedback providers, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
• In order to provide you with a more tailored and effective customer service experience certain of our service providers will, on a secure basis, pool the information we provide to them with information provided by other companies to which you have also provided information. Our service providers analyse this information and provide technical data which enables you to receive an enhanced customer experience, including being contacted at times which are most convenient for you. If you wish to receive further information regarding the information collected for this purpose, please contact support@voicesage.com.
• We may share information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; and in the context of organisational restructuring.
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If JTI or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• In the event that we need to disclose your personal data to external professional advisers such as accountants, bankers, insurers, auditors and lawyers.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). We will always do so in a compliant way.

If you want more information on where your data is processed, please use the Contact Us Form.

DATA SECURITY

Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access, and to prevent your information being accidentally lost. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

HOW LONG WE WILL KEEP YOUR INFORMATION

We will only keep your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To decide the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your information, though these are subject to exemptions.

• Request access to your personal data (known as a “data subject access request”).
• Request correction of your personal data where there is incomplete or inaccurate information.
• Request erasure of your information where there is no good reason for us to be processing your information, or where you have successfully exercised your right to object to processing of information.
• Object to processing for direct marketing purposes, as referred to above.
• Object to processing of your information where we are relying on legitimate interest (or those of a third party) and you believe this impacts on your fundamental rights and freedoms. (Note, we may have compelling legitimate grounds to process information which override your rights and freedoms).
• Request restriction of processing your information in the following circumstances: (a) if you want us to establish the accuracy of your information; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
• Request transfer of your information to you or a third party.
• You have the right to withdraw consent where we are relying on consent to process your data. You can do this by updating your contact preferences on your account or clicking the unsubscribe option on the communication. If you withdraw your consent for us to contact you with marketing communications by a certain method you will no longer receive those communications by that particular type of communication. Please note that it may take up to 30 days for us to process your request.
• Right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this, but please allow us the opportunity to resolve your complaints or queries first by using our details as set out above.

 If you wish to exercise any of the rights set out above, please use the Contact Us Form, or write to us at Ploom Customer Contact Centre, or call 0800 876 6594.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

EFFECTIVE NOVEMBER  2020 v1.1