Privacy Policy

Last Updated: 17/04/2026

Who We Are

Easytek Ltd ("we", "us", "our"), trading as Vape Superstore, is committed to protecting your privacy. This Privacy Policy explains how we collect, use and protect your personal data when you use https://www.vapesuperstore.co.uk/ (the "Service").

By using the Service, you agree to the practices described in this Privacy Policy.

Data Controller:
Easytek Ltd
Unit 19 Lockwood Industrial Estate
London N17 9QP
United Kingdom
Email: support@vapesuperstore.co.uk
Telephone: 020 3394 0152
ICO Registration: ZB134459

We do not sell products or provide services to children, nor do we market to children. If you are under the age of 18 you are not permitted to use our website, or access our products or services through any other available channel.

We may collect and process the following data about you:

1.0 – Data Collection

1.1 – Information You Give Us

Information that you provide by filling in forms on our site vapesuperstore.co.uk, or information provided to us by you via phone, e-mail or otherwise. This includes information provided at the time of registering to use our site, subscribing to our service, surveys, placing an order with us when you report a problem with our site and any details of transactions you carry out through our site and of the fulfilment of your orders. This will typically include name, email, address, comments, date of birth, gender, feedback, marketing opinions, competition entries. We do not store payment card information.

If you have applied for a role to work at Easytek Ltd or any of our group companies, information you provide and information that we gather through the interview and assessment process will be used to assess your suitability for opportunities with our Company. You may be asked to provide equal opportunities information. This is not mandatory information – and it will not affect your application if you do not provide this. This information will be used to produce and monitor equal opportunities statistics. If you are unsuccessful following assessment for the position you have applied for, we may retain your details in our talent pool for a period of up to two years so we can contact you should any suitable opportunities arise and for recruitment monitoring.

1.2 – Information We Collect About You

We collect information when you interact with us, including when you visit our website, visit our store or in correspondence with us. In particular, we collect the following data:

Details of your visits to our site including the full Uniform Resource Locators (URL), but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

Internet protocol (IP) address used to connect your computer to the Internet. Including where available your IP address, operating system and browser type and time zone setting. IP addresses are not linked to personally identifiable information.

Cookies. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. Cookies are pieces of data stored on your hard drive, so your privacy is in no way compromised. You may deactivate cookies in your web browser or clear them from your browsing data. Please see our Cookie Policy for full details.

CCTV. We use CCTV in our premises for the prevention and detection of crime and for safety and security reasons.

If there is an incident, we log information about it.

If you post information online about us or provide feedback, we keep a record of this.

Location Data. If you allow location access in your browser or device, we may use this information to improve or tailor your experience on the Service. You can disable location access at any time in your device or browser settings.

1.3 – Information from Third Parties

We use information available from certain third parties as detailed in this policy.

We work with a number of trusted third-party service providers to operate our business. These include: Shopify for our ecommerce platform and hosting; Omnisend for email and SMS communications; Gorgias for customer support and helpdesk services; Smile for loyalty rewards and referrals; Algolia for site search functionality; and Brightpearl/ControlPort for order management and fulfilment with our third-party logistics partners. These providers are only permitted to use your personal data to perform services for us and are required to keep it secure.

1.4 – Age and Identity Verification (1account)

Where you have asked us to provide a restricted product or service, we may collect information from One Account Mobile Limited (1account) and third-party providers of identity data to 1account. This is necessary for 1account to verify that you meet the minimum age and identity verification requirements as determined by relevant UK age restriction and other legislation. We will record that you have been successfully verified so that you do not need to go through the process again. You can find information about how 1account manage your personal data and view their privacy policy by visiting their website: 1account.net. See also our Age Verification Policy.

2.0 – Data Use

We use information held about you in the following ways:

2.1 – To Fulfil a Contract We Have with You

When you buy or request something from us, we will use your information to fulfil our contract with you.

This will include tools to determine whether or not to grant you access to the site or to allow you to purchase products from the site by undertaking searches with a third-party age verification service for the purposes of verifying your identity and age. To do so, the third-party age verification service may check the details you supply against any particulars on any database (public or otherwise) to which they have access. They may also use your details in the future to assist other companies for verification purposes. A record of the search will be retained.

2.2 – To Pursue Our Legitimate Interest

Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our products and services may interest you, improving our site and apps, and services, developing new products and services, and telling you about them and conducting market research or general marketing activities. To run and promote our business, we use your information:

  • To provide and improve our products and services and to respond to you if you contact us.
  • To record communications including incoming and outgoing calls and emails, for staff training, quality improvement and establishing facts to deal with complaints or issues that you may raise.
  • To notify you about changes to our products or service, changes to our site or other changes which might otherwise affect you.
  • To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
  • To identify visitors to our sites including any social media platforms or online services including capturing information where you post any comments in order to contact you and to use it to improve our products or services.
  • To understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us.
  • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you.
  • To administer our site and for internal operations, including troubleshooting, data analysis, testing, market research, statistical and survey purposes.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, including where we are required to do so by law, we:
    • Monitor transactions, review CCTV, record communications including incoming and outgoing calls and emails.
    • Use other organisations to review information such as validity of card/payment information and/or age verification.
  • To comply with law, assess and uphold legal or contractual rights and claims, and for monitoring, auditing and training on compliance matters:
    • We may pass information to our insurers.
    • We monitor transactions, review CCTV, record communications including incoming and outgoing calls and emails.
    • We verify identity including age.
    • We keep records to comply with health and safety legislation, logging incidents.

2.3 – When You Consent to It

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means if you have consented to this.

Use cookies or similar technologies on the website and in digital marketing, including analytic cookies. For more details on our use of such technologies, please see our Cookie Policy.

Use data for other purposes where we explain that purpose when we ask for your consent.

When you give consent, you are able to withdraw consent at any time by sending an email to support@vapesuperstore.co.uk. If you do so we can only continue to use your data if another legal basis applies, such as when we're required to do something by law.

2.4 – To Comply with the Law

When the law requires us to process your data, we will do so. This can include:

  • Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
  • When you exercise your rights under data protection legislation, including when you ask to unsubscribe from our marketing communications.

2.5 – Legal Bases for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a contract: for example to process and deliver your orders, manage your account and provide customer support.
  • Legal obligation: for example to comply with tax, accounting and age restriction laws and to respond to lawful requests from authorities.
  • Legitimate interests: for example to operate and improve the Service, prevent fraud, keep the Service secure and send certain marketing to existing customers.
  • Consent: for example when you choose to receive certain types of marketing communications where consent is required.

You can withdraw your consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.

2.6 – Automated Decision Making

Some of our third-party providers use automated tools to help keep payments secure and ensure legal compliance. This may include:

  • Fraud prevention and risk assessment by payment providers.
  • Age and identity checks by verification providers.
  • Credit and eligibility decisions by Klarna when you choose Klarna payment options.

These automated processes help protect customers, reduce fraud and ensure that age restricted products are sold lawfully. Where required by law, you can request human review of an automated decision that has a legal or similarly significant effect on you. To do this, please contact us.

3.0 – Data Transfer

We hold your data within the EU, but we may need to transfer your personal information outside of the country in which we collected or obtained it, including outside the European Economic Area or to an international organisation. It may be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.

Where we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following:

  • Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner's Office and approved by the European Commission in accordance with relevant law.
  • Where you have given explicit consent to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards.
  • Where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person.

As a UK-based business, we also ensure international data transfers comply with UK data protection law. These steps may include:

  • Using the UK International Data Transfer Agreement (IDTA).
  • Using the UK Addendum to the EU Standard Contractual Clauses (SCCs).
  • Putting in place other safeguards approved under UK data protection law.

These measures are designed to ensure that your personal data is given the same level of protection as in the UK.

4.0 – Data Security and Retention

All information you provide to us is stored on our secure servers. We use reasonable efforts to ensure that data is accurate, complete, current and reliable for its intended use. We use appropriate technical and organisational measures and safeguards to help protect your personal data from unauthorised access, misuse, alteration or loss, which will include but is not limited to: Physical measures such as locking away of confidential material and IT equipment, secure offices, key card access etc., and IT measures such as password access to hardware and systems. Our internal policies and procedures are designed to help ensure we safeguard the privacy and accuracy of all data we collect or process. To the extent that we disclose personal data to clients or third parties, we request that they properly protect the security and confidentiality of such information and otherwise process such data in accordance with applicable law.

Any payment transactions will be processed securely using Checkout.com and/or Klarna.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We will generally keep your personal data for no longer than ten years, after which it will be destroyed if it is no longer required for the purpose(s) for which it was obtained. CCTV data is typically stored for a period of up to 30 days unless required for longer due to an incident.

4.1 – Payments

When you purchase products or services from us, your payment will be processed by one or more third-party payment providers. These providers enable us to accept card payments and alternative payment methods and to manage fraud and security checks.

We do not store or collect your full payment card details. This information is provided directly to our payment providers, who process your personal data as independent data controllers. They may collect information such as your name, contact details, billing and delivery address, payment card details, transaction amount, IP address and other technical data needed to process the payment, verify your identity, prevent fraud and comply with legal and regulatory obligations.

Our payment providers adhere to the security requirements of the Payment Card Industry Data Security Standard (PCI DSS). They may share your personal data with banks, card schemes, alternative payment method providers and other organisations involved in the payment process.

Klarna: In order to offer Klarna's payment options, we will pass to Klarna certain aspects of your personal information, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor those options for you. Your personal data is handled in accordance with applicable data protection law and Klarna's privacy policy. See also our Klarna Payment FAQs.

Checkout.com: Where we use Checkout.com to process your payment, they will process your personal data for payment processing, fraud prevention, identity verification and regulatory compliance. They may share your data with banks, card schemes and payment method partners as necessary to process your transaction. Please review Checkout.com's privacy policy for further details.

We encourage you to read the privacy notices of each payment provider you use, as their processing of your personal data is governed by their own terms and policies.

5.0 – Your Rights

This policy provides you with information about how we use your data. You have the right to obtain access to your personal data (including for the purpose of portability and transfer to another entity); to have it updated or corrected if it is inaccurate or incomplete; to request that we restrict its processing; to withdraw consent that has previously been provided or remove your data entirely from our system. When asked to remove a record from our database, we will retain minimal information to ensure we do not contact you or collect such information again. Whilst every effort will be made to not contact you under these circumstances, where your information is available from a third party we cannot guarantee this.

You also have the right to object to certain types of processing including direct marketing, to request the transfer of your personal data to another organisation where technically feasible, and where we carry out automated decision making that has a legal or similarly significant effect on you, to request human review of that decision.

If you don't wish us to hold any data on you or would prefer that we do not contact you for any reason, please contact us at support@vapesuperstore.co.uk or write to our Data Protection Officer at dpo@vapesuperstore.co.uk.

We do not charge a fee for the processing of a subject access request, however reserve the right to charge a fee if you request further copies following a request. We will normally respond to requests within 30 days of receipt.

If you have any questions, comments or requests please contact us at support@vapesuperstore.co.uk.

You also have the right to make a complaint to the Information Commissioner's Office (ICO) if you are unhappy with how we use your data. We would appreciate the chance to deal with your concerns first, so please contact us in the first instance if you can.

6.0 – Links to Other Websites

Our Service may contain links to websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's website. We strongly advise you to review the Privacy Policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

7.0 – Children's Privacy

Our Service is intended for use by adults who are 18 years of age or older. We do not knowingly collect personally identifiable information from anyone under the age of 18.

If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a person under 18 without appropriate verification, we will take steps to remove that information from our records.

8.0 – Statement Updates

We review this Privacy Policy at least annually to ensure it remains accurate and up to date.

If changes are made, the updated version will be published on this page.

Last reviewed: 17 April 2026
Outcome of review: Updated to reflect changes to our payment processing provider information
Last materially updated: 17 April 2026

9.0 – Contact Us

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at:

Vape Superstore
Easytek Ltd
Unit 19 Lockwood Industrial Estate
London, N17 9QP
Telephone: 020 3394 0152
Email: support@vapesuperstore.co.uk
Data Protection Officer: dpo@vapesuperstore.co.uk