Privacy Policy

The EU General Data Protection Regulation („GDPR“) is by 25. May 2018 came into force.

The new regulation aims to do this, to harmonize data protection laws and processing across the EU and give people more rights to access and control their personal data.

Our commitment

Myvapesite commits, to ensure the protection of any personal information we hold and to provide and protect all such information. We are aware of our obligation, to update and expand this program, to comply with GDPR requirements.

Myvapesite strives, protect the personal information we control and maintain a system, that meets our obligations under the new regulations. Our practice is summarized below.

How we prepared for GDPR

Myvapesite already has uniform data protection- and security levels across our organization, however, we have introduced new measures, to ensure compliance.

  • Information Audit – We have conducted and ensured an audit of the information previously held, that they comply with the new regulations.
  • Policies and procedures – we have revised privacy policies and procedures, to comply with the requirements and standards of the GDPR and all relevant data protection laws, including:
    • Data protection – our most important guidelines- and procedural document on data protection has been revised, to comply with the standards and requirements of the GDPR. Accountability and governance measures are in place, to ensure, that we understand and adequately disseminate and demonstrate our duties and responsibilities. with a particular focus on privacy and individual rights.
    • Data retention and deletion – we have updated our retention policy and schedule, to ensure, that we comply with the principles of “data minimization” and “storage limitation” and that personal data is stored in accordance with our obligations, archived and destroyed. We have procedures, to comply with the new “right to erasure” obligation.
    • Data breaches – our procedures ensure, that we have security measures in place, to detect data breaches as early as possible, to evaluate, to investigate and report. Our approach was explained to all employees.
    • International data transfers and disclosures to third parties – if Myvapesite
    • stores or transfers personal data outside the EU, we have strict procedures, to ensure the integrity of the data. Our procedures include continuous review of countries with sufficient adequacy decisions, as well as binding rules or standard data protection clauses for those countries without sufficient adequacy decisions.
    • Subject Access Request (SAR) – we have revised our SAR procedures, to reflect the revised 30-day time frame for providing the requested information and making that provision free of charge
  • Privacy Statement/Policy – ​​We have our Privacy Policy(in) revised, to comply with and ensure GDPR, that all people, whose personal data we process, be informed about it, why we need them, how they are used, what rights they have and who they are information is disclosed and what security measures are in place to protect their information.
  • Obtaining consent – ​​We have revised our consent mechanisms for collecting personal data, to ensure, that individuals understand, what they provide, why and how we use them, and to be clear, to provide defined options for consent to the processing of your data by us
  • Direct marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for unsubscribing and providing opt-out functionality for all subsequent marketing materials.
  • Data protection impact assessments (DPIA): When we process personal data, that are classified as high risk, We have developed rigorous procedures for conducting impact assessments, which meets the requirements of article 35 fully comply with the GDPR. We have implemented documentation processes, who log every review, enable us, assess the risk posed by the processing activity and take remedial action, about the risk for those affected(n) Person(in) to reduce.
  • Processor agreements – When we engage third parties to process personal data on our behalf (z. B. Payroll, Recruitment, hosting etc.), We have developed compliant processor agreements and due diligence procedures, to ensure, that they comply with and understand their/our GDPR obligations .

Rights of the data subject

On our website we provide easily accessible information about an individual's rights, access all personal data, which Myvapesite processes through you, and request information about:

  • what personal data we store about you
  • the purposes of the processing
  • which categories of personal data are affected
  • the recipients, to whom the personal data was/will be disclosed
  • How long we would like to store your personal data
  • unless we have collected the data directly from you, Information about the source
  • the right to correct or complete incomplete or inaccurate data about you and the procedure for requesting this data
  • the right, the deletion of personal data (if applicable) to request or restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about the automated decision-making we use
  • the right, to file a complaint or seek legal redress, and who you can contact in such cases.

Information security and technical and organizational measures

Myvapeste takes the privacy and security of individuals and their personal information very seriously and takes all appropriate measures, to protect and secure the personal data we process. We have strict information security policies and procedures, to protect personal data from unauthorized access, the change, to protect disclosure or destruction.