E-CIG-A-RUS

E-CIG-A-RUS

E-CIG-A-RUS

E-CIG-A-RUS

Privacy Policy — ECIGARUS NL LTD

Last updated: 04/01/2026

ECIGARUS NL LTD (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what data we collect, how we use it, and the rights you have under UK data protection law.

By using ECIGARUS.COM, creating an account, or placing an order, you agree to the practices described in this policy.

1. Who We Are

ECIGARUS NL LTD

Company number: SC872147

Registered address: 217 Main Street, Bellshill, ML4 1AJ, Scotland

Contact email: support@ecigarus.com

We are the data controller responsible for your personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Customer identity data: name, date of birth, age‑verification data
  • Contact details: email address, phone number, billing and delivery address
  • Order information: items purchased, order history, transaction details
  • Payment information: processed securely by SquareUp (we do not store card numbers)
  • Account information: login details, account preferences
  • Technical data: IP address, browser type, device information
  • Usage data: pages visited, time spent on the site, interactions
  • Marketing data: opt‑in status and communication preferences
  • Cookies and tracking data: limited to essential functions such as orders, accounts, and security

3. How We Collect Your Data

We collect data through:

  • Account creation
  • Checkout and order processing
  • Age‑verification checks
  • Cookies and essential tracking
  • Google Analytics and WooCommerce Analytics
  • Contact forms and customer support
  • Fraud‑prevention tools (Google reCAPTCHA)

4. How We Use Your Data

We use your personal information to:

  • Process and deliver your orders
  • Verify your age (18+ requirement)
  • Manage your account
  • Provide customer support
  • Improve website performance and security
  • Comply with legal and tax obligations
  • Send marketing communications (only if you opt in)
  • Prevent fraud and protect our website

5. Legal Bases for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract — to process your orders and manage your account
  • Legal obligation — to maintain tax and accounting records
  • Legitimate interests — fraud prevention, website security, analytics
  • Consent — for marketing communications and optional cookies

6. Age Restriction (18+)

We sell age‑restricted products and therefore require all customers to confirm they are 18 or over before placing an order.

We use WooCommerce Age Verification to check age.

We do not knowingly collect data from anyone under 18.

If a user lies about their age, we are not knowingly processing a minor’s data.

7. Automated Decision‑Making

We use automated tools for:

  • Age‑verification
  • Fraud prevention (Google reCAPTCHA)
  • Security and risk‑based checks

These tools help protect our business and customers.

They do not produce legal or significant effects on individuals.

8. Payment Processing

All card payments are handled by SquareUp.

SquareUp processes your payment information securely.

We do not store or have access to your full card details.

9. Third‑Party Services We Use

We share data only with trusted service providers who help us operate our business:

  • Payment processor: SquareUp
  • Hosting provider: Unlimited Web Hosting
  • Website tools: WooCommerce, Elementor
  • Shipping partner: Royal Mail
  • Age‑verification: WooCommerce Age Verification
  • Analytics: WooCommerce Analytics, Google Analytics
  • Fraud prevention: Google reCAPTCHA

These providers only receive the information necessary to perform their services.

10. Cookies and Tracking

We use cookies that are essential for:

  • Account login
  • Checkout and order processing
  • Security and fraud prevention

We also use analytics cookies (Google Analytics, WooCommerce Analytics) to understand website performance.

We do not use third‑party advertising cookies.

11. Marketing Communications

We may send marketing emails only if you have opted in.

You can unsubscribe at any time by clicking the link in any marketing email or contacting us at support@ecigarus.com.

We do not sell or share your data for marketing purposes.

12. Data Retention

We keep your data only as long as necessary:

  • Order records: 6 years (legal requirement)
  • Customer accounts: until you request deletion
  • Age‑verification records: 1–3 years
  • Analytics data: 14–26 months
  • Support emails: 12–24 months
  • Cookies: session‑based or short‑term persistent

13. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your data
  • Restrict or object to processing
  • Withdraw consent (for marketing or optional cookies)
  • Request a copy of your data (data portability)

To exercise any of these rights, email us at support@ecigarus.com.

14. Data Security

We take appropriate technical and organisational measures to protect your data, including:

  • Secure hosting
  • Encrypted connections (HTTPS)
  • Access controls
  • Fraud‑prevention tools
  • Regular security monitoring

15. International Transfers

We primarily store and process data within the UK.

If any third‑party service transfers data outside the UK, they must comply with UK GDPR safeguards such as adequacy decisions or standard contractual clauses.

16. Changes to This Policy

We may update this Privacy Policy from time to time.

Any changes will be posted on this page with an updated “Last updated” date.

17. Contact Us

If you have any questions about this Privacy Policy or your data rights, contact us at:

support@ecigarus.com  

ECIGARUS NL LTD

217 Main Street, Bellshill, ML4 1AJ, Scotland