Company Details

Business Name: VapSolo
Business Type: Vape Wholesale & Retail

Contact Information

Address: 3rd Floor, Building 1, Antuo Mountain Science and Technology Park, Shajing, Bao'an District, Shenzhen City
Email: [email protected]
Phone: +86 195 7659 1280
DPO Email: [email protected]

• Business Information: Company name, business registration number, VAT number, business license details
• Contact Details: Business address, phone number, email address
• Representative Information: Name, title, contact information of authorized representatives
• Financial Data: Payment information, credit terms, banking details for B2B transactions
• Account Data: Username, password (encrypted), account preferences, order history
• Age Verification: Documents verifying business authorization to sell age-restricted products

• Personal Information: Full name, date of birth, email address, phone number
• Address Information: Billing and shipping addresses
• Age Verification: Identity documents to verify you are 18+ years old
• Payment Information: Credit/debit card details, payment method preferences
• Account Information: Login credentials, preferences, wishlist, order history
• Communication Data: Records of customer service interactions, support tickets

• Website Usage: IP address, browser type, device information, operating system
• Cookies & Tracking: Session cookies, preference cookies, analytics cookies
• Log Data: Access logs, error logs, security logs
• Performance Data: Page load times, user interactions, conversion tracking

Contractual Necessity

Processing necessary to fulfill wholesale/retail contracts, process orders, and provide customer support.

Legal Compliance

Age verification for vape products, tax reporting, anti-money laundering, and regulatory compliance.

Legitimate Interest

Fraud prevention, website security, business analytics, and improving our services.

Consent

Marketing communications, non-essential cookies, and optional data processing activities.

4.1 Order Processing & Fulfillment

• Processing and fulfilling wholesale and retail orders
• Managing inventory and stock allocation
• Coordinating shipping and delivery
• Handling returns, refunds, and exchanges
• Providing order tracking and status updates

4.2 Legal & Regulatory Compliance

• Age verification for vape product purchases (18+ requirement)
• Business license verification for wholesale customers
• Tax calculation and reporting (VAT, excise duties)
• Anti-money laundering (AML) compliance
• Regulatory reporting to relevant authorities

4.3 Customer Service & Support

• Responding to inquiries and support requests
• Resolving technical issues and complaints
• Providing product information and guidance
• Managing warranty claims and product issues

4.4 Business Operations & Analytics

• Website performance monitoring and optimization
• Fraud detection and prevention
• Security monitoring and threat detection
• Business analytics and reporting (anonymized where possible)
• Product development and service improvement

• Payment Processors: Secure payment processing (Stripe, PayPal, etc.)
• Shipping Partners: Order fulfillment and delivery services
• Cloud Services: Website hosting, data storage, and backup services
• Email Services: Transactional and marketing email delivery
• Analytics Providers: Website analytics and performance monitoring
• Customer Support: Help desk and live chat services

• Law Enforcement: When required by court order, warrant, or legal process
• Regulatory Bodies: Tax authorities, customs, tobacco/vape regulators
• Fraud Prevention: Financial crime prevention agencies
• Legal Proceedings: In connection with legal claims or disputes

EU/EEA Processing: We primarily process data within the EU/EEA. When transfers outside the EU/EEA are necessary, we ensure:

• European Commission adequacy decisions are in place
• Standard Contractual Clauses (SCCs) are implemented
• Binding Corporate Rules (BCRs) where applicable
• Explicit consent for transfers where required

🍪 What Are Cookies?

Cookies are small text files stored on your device when you visit our websites. They help us provide better user experience and website functionality.

Consent Management: You can manage cookie preferences through our cookie banner or privacy settings.

Browser Settings: Most browsers allow you to refuse or delete cookies through their settings.

Opt-Out Tools: Use industry opt-out tools for advertising cookies.

Impact of Disabling: Some website features may not work properly if essential cookies are disabled.

🔒 Technical Safeguards

• Encryption: SSL/TLS encryption for data transmission, AES-256 for stored data
• Access Controls: Multi-factor authentication, role-based access permissions
• Network Security: Firewalls, intrusion detection systems, DDoS protection
• Regular Updates: Security patches, software updates, vulnerability assessments
• Data Backup: Encrypted backups with secure off-site storage

👥 Organizational Measures

• Staff Training: Regular data protection and security awareness training
• Access Management: Principle of least privilege, regular access reviews
• Incident Response: Data breach response procedures and notification protocols
• Vendor Management: Due diligence and contractual safeguards for third parties
• Regular Audits: Security assessments and compliance reviews

⚠️ Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours
• Inform affected individuals without undue delay when high risk is involved
• Provide clear information about the breach and our response measures
• Offer guidance on steps you can take to protect yourself

Retention Schedule

• Required Documents: Government-issued photo ID (passport, driver's license, national ID card)
• Verification Process: Automated age verification system with manual review if needed
• Data Storage: Secure storage of verification records for 7 years
• Privacy Protection: Document images are encrypted and access-controlled

• Business License: Valid tobacco/vape retail license where required
• Age Verification: Proof that business is authorized to sell age-restricted products
• Representative ID: Identity verification for business representatives
• Compliance Records: Documentation of regulatory compliance status

📧 Email Marketing

• Consent Required: We only send marketing emails with your explicit consent
• Content: Product updates, special offers, industry news, educational content
• Frequency: Maximum 2-3 emails per week, with preference controls available
• Unsubscribe: Easy one-click unsubscribe in every email
• Age Compliance: All marketing complies with tobacco/vape advertising regulations

📱 SMS Marketing

• Opt-In Required: Separate consent for SMS marketing communications
• Content: Order updates, delivery notifications, exclusive offers
• Opt-Out: Reply STOP to any SMS to unsubscribe immediately
• Compliance: Full compliance with SMS marketing regulations

🎯 Targeted Advertising

• Retargeting: Show relevant ads based on website visits (with consent)
• Lookalike Audiences: Reach similar customers through advertising platforms
• Age Targeting: All ads restricted to 18+ audiences only
• Opt-Out: Use ad platform opt-out tools or contact us directly

🇪🇺 GDPR (EU/EEA)

Full compliance with General Data Protection Regulation for all EU/EEA customers, including data transfer safeguards and individual rights.

🇬🇧 UK GDPR

Compliance with UK Data Protection Act 2018 and UK GDPR for customers in the United Kingdom.

🇨🇭 Swiss DPA

Adherence to Swiss Federal Data Protection Act for Swiss customers and data processing.

🌍 Other Jurisdictions

We monitor and comply with emerging data protection laws in other jurisdictions where we operate.

Filing a Complaint with Us

If you have concerns about how we handle your personal data:

• Email: [email protected]
• Subject Line: "Privacy Complaint - [Your Name]"
• Information to Include: Your contact details, description of the issue, desired resolution
• Response Time: We will acknowledge within 48 hours and resolve within 30 days

Supervisory Authority Rights

You have the right to lodge a complaint with your local data protection authority:

• EU/EEA: Contact your national Data Protection Authority
• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Our Lead Authority: [Your Lead Supervisory Authority based on main establishment]
• When to Complain: If you're unsatisfied with our response or believe we've violated data protection laws

📅 Update Process

• Regular Reviews: We review this policy annually or when business changes occur
• Notification Methods: Email notification, website banner, account dashboard notice
• Advance Notice: 30 days' notice for material changes affecting your rights
• Continued Use: Continued use of our services constitutes acceptance of updates
• Withdrawal Option: You may withdraw consent or close your account if you disagree with changes

Version History

• v2.0 - January 2024: Updated for enhanced GDPR compliance and new business processes
• v1.5 - October 2023: Added wholesale customer provisions and age verification details
• v1.0 - June 2023: Initial privacy policy implementation

🏢 Data Controller

VapSolo
3rd Floor, Building 1, Antuo Mountain Science and Technology Park, Shajing, Bao'an District, Shenzhen City
Shenzhen, 518104, China
Email: [email protected]
Phone: +86 195 7659 1280

🔒 Data Protection Officer

DPO Contact:
Email: [email protected]
Phone: +86 195 7659 1280
Availability: Monday-Friday, 9 AM - 5 PM CET
Languages: English, [Other Languages]