Last Updated: October 18, 2024

At VEAYEA (“we,” “us,” or “our”), we prioritize the privacy and data security of users visiting our cross-border e-cigarette independent website (https://www.veayea.com, “the Site”)—especially those in European and American markets. This Privacy Policy outlines what personal data we collecthow we use and protect itwho we share it with, and your rights over your data, fully aligning with strict regional regulations like the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA). By using the Site, you acknowledge and agree to the practices described below.

1. What Personal Data We Collect

We only collect personal data that is necessary to provide, improve, and secure our services (e.g., processing orders, enhancing your browsing experience). The data we collect falls into two categories:

A. Data You Voluntarily Provide

  • Account & Order Information: Name, email address (e.g., your contact email for order updates), phone number, shipping/billing address, payment details (e.g., credit card information—processed securely via third-party payment providers like PayPal or Stripe, so we never store full card data), and order history (e.g., e-cigarette products purchased, quantities, and delivery status).
  • Communication Data: Messages you send via our contact form, email (sales@veayea.com), or live chat (e.g., questions about e-cigarette flavors, nicotine strengths, or return policies) and our responses.
  • Marketing Opt-In Data: If you subscribe to our newsletter (e.g., to receive updates on new e-cigarette launches or exclusive promotions), we collect your consent to send marketing communications.

B. Data Collected Automatically

When you use the Site, we may collect non-identifiable or pseudonymized data through cookies, web beacons, and server logs (as detailed in our Cookies Policy):

  • Device & Browsing Data: IP address (anonymized where required by law), browser type (e.g., Chrome, Safari), operating system (e.g., iOS, Windows), device model, screen resolution, and pages visited (e.g., which e-cigarette product pages you view, time spent on each page).
  • Usage Data: Search queries (e.g., “50000 puffs e-cigarette”), click-through rates (e.g., links to product details or promotions), and purchase intent signals (e.g., items added to your cart but not purchased).

2. How We Use Your Personal Data

We use your data only for legitimate purposes, with a clear legal basis (e.g., your consent, fulfilling orders, or our legitimate business interests). Key uses include:

  • Process & Fulfill Orders: Verify your identity, process payments, ship e-cigarette products to your address, and send order confirmations/tracking updates.
  • Enhance User Experience: Personalize the Site (e.g., show you e-cigarette flavors or nicotine strengths matching your past purchases), fix technical issues, and optimize page load times for European/American regions.
  • Send Relevant Communications:
    • Transactional emails (e.g., order delays, delivery confirmations)—these are mandatory and not subject to opt-out.
    • Marketing communications (e.g., newsletters about new e-cigarette models or limited-time discounts)—only if you explicitly consent (you can unsubscribe at any time via the “Unsubscribe” link in emails).
  • Ensure Site Security: Detect and prevent fraud (e.g., unauthorized payment attempts), protect against cyberattacks, and comply with age verification requirements (critical for e-cigarette sales, as most E.U. and U.S. regions restrict sales to adults 18+).
  • Comply with Legal Obligations: Respond to requests from European/American regulatory authorities (e.g., tax agencies or consumer protection bodies) and maintain records for legal compliance (e.g., invoicing and order history).

3. Who We Share Your Personal Data With

We never sell your personal data to third parties. We only share data with trusted partners who help us operate the Site and serve you—all of whom are bound by strict data protection agreements:

  • Third-Party Service Providers:
    • Payment processors (e.g., PayPal, Stripe) to securely handle payments (they only receive data needed to process transactions).
    • Shipping carriers (e.g., DHL, UPS) to deliver e-cigarette orders (they receive your name, shipping address, and order number).
    • Analytics tools (e.g., Google Analytics) to track Site performance (data is anonymized to avoid identifying you).
    • Email service providers (e.g., Mailchimp) to send newsletters (only if you consented to marketing).
  • Legal & Regulatory Authorities: We share data if required by law (e.g., to comply with a court order in the EU or US) or to protect our legal rights (e.g., investigating fraud).
  • Business Transfers: If we merge with, acquire, or sell assets to another company, your data may be transferred as part of the transaction (the new entity will be bound by this Privacy Policy).

4. How We Protect Your Personal Data

We implement industry-standard security measures to prevent unauthorized access, loss, or misuse of your data—meeting the high standards expected by E.U. and U.S. customers:

  • Technical Security: Encryption (e.g., SSL/TLS for data transmitted between your device and our Site), secure server storage, and regular software updates to patch vulnerabilities.
  • Operational Security: Access controls (only authorized VEAYEA staff can access your data), employee training on data protection (including GDPR/CCPA requirements), and regular security audits.
  • Data Retention: We retain your data only for as long as needed to fulfill the purposes outlined in this Policy (e.g., order history is kept for 7 years to comply with tax laws; marketing consent data is kept until you unsubscribe). After this period, data is securely deleted or anonymized.

5. Your Data Rights (EU & US Focus)

Under GDPR (EU) and CCPA/CPRA (California, US), you have robust rights over your personal data. We make it easy to exercise these rights:

RightDescriptionHow to Exercise
Right to AccessRequest a copy of the personal data we hold about you (e.g., your order history or contact details).Email sales@veayea.com with “Data Access Request” in the subject line.
Right to RectificationCorrect inaccurate or incomplete data (e.g., update your shipping address).Log into your VEAYEA account to edit details, or email us with “Data Rectification Request.”
Right to Erasure (“Right to Be Forgotten”)Request deletion of your data (where legally permitted, e.g., if you no longer use our services).Email us with “Data Erasure Request” (note: we may need to retain some data for legal compliance).
Right to Opt-Out of MarketingUnsubscribe from marketing emails or stop targeted advertising.Click the “Unsubscribe” link in any marketing email, or email us with “Marketing Opt-Out Request.”
Right to Data PortabilityRequest your data in a machine-readable format (e.g., CSV file) to transfer to another service provider.Email us with “Data Portability Request.”
Right to Restrict ProcessingAsk us to stop using your data (e.g., if you dispute the accuracy of your data).Email us with “Data Restriction Request.”

We will respond to all valid requests within 30 days (or 45 days for complex requests, as permitted by GDPR/CCPA). We may ask for proof of identity to ensure your data is protected.

6. Special Notes for Minors

E-cigarette products are restricted to adults (18+ in most 欧美 regions; 21+ in some US states). We do not intentionally collect personal data from minors. If you are a parent/guardian and believe your child has provided data to us, please email sales@veayea.com with “Minor Data Request” to request deletion.

7. International Data Transfers

VEAYEA operates globally, but we only transfer your data outside the EU/US if:

  • The destination country has been deemed “adequate” by the EU Commission (e.g., Canada, Japan) or meets CCPA standards.
  • We use approved safeguards (e.g., EU-US Data Privacy Framework, Standard Contractual Clauses) to ensure data protection is maintained.

8. Updates to This Privacy Policy

We may update this Policy to reflect changes in regulations (e.g., new GDPR amendments), Site features (e.g., adding a loyalty program for e-cigarette customers), or business practices. We will post the revised date at the top of this page and notify you via email (if you have an account) or a Site banner for significant changes. We encourage you to review this Policy periodically.

9. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your personal data, please reach out to us:

  • Email: sales@veayea.com (include “Privacy Policy Inquiry” in the subject line)
  • Website: https://www.veayea.com