Forward Vaping Ltd - PRIVACY POLICY

Date last revised: 15th May 2018

FORWARD VAPING LIMITED (we/us/our) take privacy and the protection of personal data very seriously. We recognise that personal data does not belong to us; it belongs to you (the customer) and you have loaned it to us for specific purposes.

Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you or in the way you ask us to, and we will give it back to you at any time.

  1. This policy
    1. This privacy policy, together with our terms and conditions of sale, set out how we will process your personal data.
    2. This policy applies to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
    3. By visiting our Website, purchasing our products, or by otherwise providing your personal data to us, you understand, accept and consent to the practices described in this policy.
    4. Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
    5. For more information relating to your rights under this policy, please see section 8.
    6. If you have any queries relating to this policy, please contact us at contact@forwardvaping.com in the first instance.
  2. Who we are and who we work with
    1. For the purposes of the act, the data controller is Forward Vaping Limited. We are a UK registered company (number 10690033) and our registered office is at 251 Holly Lane, Erdington, Birmingham B24 9LE.
    2. We are an appointed reseller for iQOS “heat-not-burn” (or heated tobacco) products, including “HEETS” tobacco sticks, manufactured by Philip Morris Products S.A. and distributed in the UK by Philip Morris Limited (PML) (UK number 03619145), both companies being part of the Philip Morris International (PMI) group of companies.
    3. We also work closely with Pod Staffing Limited (Pod), a company registered in the UK (number 07420729) with registered address on the 5th Floor, 85 The Strand, London WC2R 0DW, who supply promotional representatives and brand ambassadors to promote products. Pod also provide personnel (known as “iQOS Coaches”) to provide tutorials and operational support relating to the products. Some iQOS Coaches are also supplied directly by PMI.
    4. We are registered with the ICO to process your personal data and our registration number is ZA343787.
  3. What data we collect and why we need it
    1. We only collect the following categories of personal data from you:
      • First and last names;
      • Date of birth;
      • Contact telephone number;
      • Email address; and
      • Home address (including postcode).
    2. We need your personal data to supply the relevant product(s) to you. We also may need to contact you in relation to enquiries or requests you raise with us (from time to time) in relation to the products you are using.
    3. We use your postcode to locate and track the nearest iQOS coach to you, for the purposes of offering you convenient trials and tutorials in relation to the products.
    4. We need your date of birth to verify your age so that we, or our partners, do not sell our products to anyone who is prohibited by law.
    5. We may also use your personal data to send you information, by email, about us and our products, that are similar to those you have either already purchased or enquired about. We only do this where you have given us express permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
    6. We consider that the personal data we obtain is reasonable and necessary for the purposes outlined in this section. However, we review this intermittently and remove any inaccurate or obsolete data.
  4. How we capture your data
    1. Your personal data is not initially captured directly by us. Your data may have been referred to us by either or a combination of the following parties:
      • a promotional agent in person. Pod connect us with two UK-based personnel agencies who supply promotional representatives and brand ambassadors to promote our products. They have been trained on our products and are aware of how your personal data must be protected when selling them to you;
      • an independent retailer. We supply our products to many independent retailers across the UK. Where you are a customer of theirs, they may refer your details to us (with your consent) so that we can provide you with information about the products we offer;
      • an e-cigarette (or “VAPE”) customer service attendant in our partnering VAPE stores in the UK. We supply our products to many high street stores and they may refer your details to us (with your consent) for the same reasons as those for independent retailers; or
      • a private referral from an associate of ours or Pod employee (who may be a friend, colleague or acquaintance) who reasonably considers that you may be interested in our products.
    2. Those categories of persons listed in section 4.1 will have permission to access our portal and can upload your personal data directly to it.
  5. How and why we disclose your data
    1. Any data referred to us by those categories of persons listed in section 4.1 will either be:
      1. used by us to provide the products to you directly (including verifying your age);
      2. passed to PML who can direct a local IQOS COACH to you for the purposes of offering you a tutorial or trial in relation to the product;
      3. passed to PML for future communications about IQOS and for ongoing Customer Care purposes (with your consent only); or
      4. accessed by PML members of staff, through our portal via their own unique log-in details and authentication credentials, for the purposes of data monitoring and analysis services (including stock control).
    2. Where you purchase our products, we will then automatically pass your data to PML. This is to allow them to contact you in relation to their IQOS products (which are supplied by us) and for Customer Care purposes.
    3. Any personal data we pass to PML will be stored subject to PML’s privacy policy, a copy of which is available at https://www.iqos.co.uk/privacy-policy. PML will be a data sub-processor, appointed on our behalf in relation to the personal data you have provided to us. Their privacy policy is different from ours.
    4. Your iQOS Coach (or business development executive) will ask you for feedback throughout your tutorial of the product. Where you do not wish to purchase our products at the end of such trial period, they will ask for your feedback. Where your feedback states that you are:
      • not interested in buying the product, and will not be at any time in future, we will mark your data as “closed” on our portal, and you will not be contacted by us or PML;
      • not currently interested in buying the product, but may be in future, you will be asked to “opt-in” to future marketing so that PML can notify you about any future related offers and promotions (in case you are persuaded in future). We will not contact you unless you opt-in. However, if you do not opt-in, we will not be able to contact you (in accordance with the Regulation) and will also mark your data as “closed” on our portal (until you tell us otherwise).
    5. Your feedback and personal data will be retained by us and automatically passed to PML for data monitoring and analysis purposes only. With your consent (collected by the relevant IQOS COACH after your trial), your personal data will be passed to PML for future communications about IQOS and for ongoing Customer Care.
  6. Your consent
    1. We initially capture and process your personal data solely on the basis of your consent. All persons who initially source your personal data and transfer it to our portal (listed in section 4.1) verify that they have your consent to pass your data to us and for us to process that data in accordance with this privacy policy (which they are required to notify you of and you must accept prior to the referral).
    2. Your personal data is only used for marketing purposes (either by us, or PMIL where you have directly consented to this. Any consent to marketing is entirely separate to your consent given to us in relation to your products purchased from us, and can be withdrawn at any time (without affecting our contract with you in relation to the relevant product).
    3. Your consent is freely given, on the basis of clear and plain language that is presented to you at the time your personal data is collected. The wording to which you consent accurately describes the purposes for which we process your personal data (as contained in this policy).
    4. Your consent may be withdrawn at any time. Where you wish to do this, don’t hesitate to contact us on the details contained in section 1.6, and we will update our database and remove your data as soon as reasonably practicable (in any event, within 48 hours).
  7. Security and retention
    1. Access to our portal is restricted only to those to whom we have granted express permission and use is regulated by our portal’s terms and conditions, a copy of which is available at legal.forwardvaping.com/terms-and-conditions
    2. Users with permission each have unique login details and access credentials to gain access to the portal, which are subject to duties of confidentiality and non-disclosure to prevent unauthorised disclosure or access.
    3. All personal data that we capture in relation to our customers is stored on our internal portal, hosted by Amazon Web Services, Inc (AWS) from servers based in Ireland. AWS participates in the EU-US Privacy Shield and their privacy policy is available at https://aws.amazon.com/privacy/?nc1=f_pr.
    4. Once collected, your personal data will be retained by us only for as long as is necessary for us to provide you with the relevant products, or to market our services to you (where requested). After this point, your data will be securely deleted and we will not contact you without your permission.
    5. Where you do not wish to purchase a product from us, we will mark your details as “closed” on our portal, so that those who have access to your data are aware that you may not not wish to be contacted in relation to our products.
  8. Your rights
    1. In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
      1. not to process your personal data for marketing purposes (or not to pass (or to recall) your personal data to (or from) third parties for such purposes);
      2. to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
      3. to amend any inaccurate data we hold about you;
      4. to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
      5. to only process your personal data in limited circumstances, for limited purposes.
    2. We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
    3. If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
    4. Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.

Philip Morris International - PMI TRADER PRIVACY NOTICE

Date last revised: 27th March 2018

We take privacy seriously. This notice tells you who we are, what information about you we collect, and what we do with it. Click on “find out more” in each section for further information.

Please also read our terms of use relating to the service you are interested in. They provide more information about the way we do business, and any restrictions on eligibility that may apply.

We have a commercial relationship with you or your employer, for example, because you or your employer sell, promote or distribute PMI products (or support those activities). This notice provides you with details of the information we collect about you in connection with our relationship and how we use that information.

Who are we?

We are Philip Morris Limited, 10 Hammersmith Grove, London, W6 7AP, United Kingdom, and we are a member of Philip Morris International. Our details will have been given to you separately at the time of the collection of information about you, for example, in a notice on an app or a website, in an e-mail, or in a contract between us, containing a link to this notice.

How do we collect information about you?

We may collect information about you in various ways.

In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical (for example, PMI offices, retail outlets and events), and digital (for example, e-mail correspondence, apps and websites).

We may collect information that you provide directly. Typically this will happen when you:

We may collect information about you automatically. Typically this will happen when you:

We may also collect information about you automatically through the use of cookies and similar tracking technologies on digital PMI touchpoints. The specific cookies and technologies used will depend on the PMI touchpoint in question. To learn about the cookies (including Google analytics cookies) and similar technologies used on a touchpoint, including how you can accept or refuse cookies, please see the cookie notice made available on or through that touchpoint.

Where permitted by law, we may acquire information about you from third parties. This may include information shared between PMI affiliates, publicly-available profile information (such as your preferences and interests) on third party social media sites (such as LinkedIn, Facebook and Twitter), and marketing lists acquired from third party marketing agencies.

We may also collect information in other contexts made apparent to you at the time.

What information about you do we collect?

We may collect various types of information about you:

Information that we collect from you directly will be apparent from the context in which you provide it. For example:

Information that we collect automatically will generally concern:

Information that we collect from third parties will generally consist of publicly-available information (such as your preferences and interests), for example from public social media posts.

For what purposes do we use information about you, and on what legal basis?

In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not use information about you for those purposes in that country.

Subject to the above, we use information about you for the following purposes:

The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):

The purposes for which we use information about you, with corresponding methods of collection and legal basis for use, are:

Purpose Method of collection and legal basis for Processing

Comply with regulatory obligations

  • verify your age, identity and retailer status
  • tax and business accounting obligations
  • trade sanctions
  • background checks
  • health and safety management
  • legal and regulatory disclosure requests
  • conflicts of interest
  • keeping contracts and associated documents in which you may be referred to
  • investigation of reported allegations of misconduct

This information is generally provided to us by you directly.

We use it because it is necessary for us to comply with a legal obligation to trade only with adults and to run our business in a compliant way (including in relation to company law and tax compliance), keep financial and tax records, comply with trade sanctions, comply with health and safety laws (which may include keeping records of incidents), produce reports, comply with requests for information from competent authorities and manage any conflicts of interest, or, in countries where there is no such legal obligation, because we have a legitimate business interest to trade only with adults and to run our business in accordance with good practice requirements that is not overridden by your interests, rights and freedoms to protect information about you.

Sell our products

  • fulfil your orders (including sending receipts)
  • process your payments
  • provide warranty services

This information is generally provided to us by you directly or via your employer as applicable (typically, name, role, address, e-mail address, payment information, correspondence).

We use it to discharge our contractual obligations to you or your employer as a buyer of our products.

Provide sales-related services

  • deal with your inquiries and requests
  • correspond with you
  • general administration and troubleshooting
  • administer loyalty programs
  • relationship management

This information is generally provided to us by you directly or via your employer.

We use it because we have a legitimate business interest in providing sales-related services to you or your employer that is not overridden by your interests, rights and freedoms to protect information about you.

Business promotion and relationship management (where permitted by law)

  • inform you of relevant updates, promotions and events
  • manage our relationship
  • register adult consumers in our databases
  • help you to help adult consumers with their accounts
  • understand your preferences (such as what products or events may interest you or may be better tailored to your needs)
  • administer loyalty programs
  • invite you to participate in, and administer, surveys or market research campaigns
  • for market research
  • develop marketing strategies
  • administer marketing campaigns
  • customize your experience of PMI touchpoints (for example, to personalize your visit, such as with greetings or suggestions that might interest you)

This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology to monitor use of PMI touchpoints) and (where permitted by law) information that we acquire from third parties (such as public social media posts).

We use it on the grounds that we have a legitimate business interest to manage our relationship and tell you about our business, products and events, to operate PMI touchpoints, and to customize your experiences, in these ways that is not overridden by your interests, rights and freedoms to protect information about you.

Business promotion and relationship management (where permitted by law)

  • provide you with information about, and to manage, PMI affiliates, their promotions, products and services, outlets, events and the regulation of tobacco products; and to develop and improve tools to pursue these purposes

This will typically be a combination of information that you provide to us (for example, your name and contact details, your social media handles); information that we collect automatically (for example, using cookies and similar technologies) and (where permitted by law) information that we acquire from third parties (such as public social media posts).

We use it on the grounds that we have a legitimate business interest to inform you about these things that is not overridden by your interests, rights and freedoms to protect information about you.

In certain countries, where required by law, we will send you these materials in electronic format only with your consent.

Business administration

  • general organizational management and business record keeping
  • trader lifecycle management (from engagement to departure)
  • visitor administration and record keeping
  • administering and running events, training and compliance programmes
  • correspondence in relation to our relationship with you or your employer, including to deal with your inquiries and requests
  • IT systems development, implementation, operation and maintenance
  • maintaining the security of systems, devices and buildings
  • the operation of contact databases and collaboration tools
  • operating a safe work environment
  • maintaining the security and safety of PMI affiliates’ staff, customers, suppliers, visitors and the property of each

This information is generally provided to us by you directly or via your employer.

We use it because we have a legitimate business interest to run our business, manage our relationship with you or your employer and maintaining the security and integrity of our buildings and IT systems that is not overridden by your interests, rights and freedoms to restrict use of information about you.

Security and systems monitoring

  • authentication and access controls and logs, where applicable
  • monitoring of PMI systems, devices, internet and e-mail to which you are granted access
  • monitoring of access to PMI premises, deliveries to PMI affiliates, and security-related processes at our premises

This information is collected automatically through various means such as automated systems and device monitoring, and CCTV recording and audio recording of some telephone calls at our premises.

We use it because we have a legitimate business interest in ensuring the confidentiality, integrity and security of our physical and digital infrastructure and premises that is not overridden by your interests, rights and freedoms to protect information about you.

Support for all the above purposes

  • administering your accounts
  • enabling you to use PMI touchpoints (for example, allowing you to remain logged in to sections of a touchpoint that are reserved for authorized users only, administering your language preference, associating your shopping cart with you)
  • corresponding with you
  • enhancing your experiences, such as suggesting orders of products that might be suitable for you (for example, based on previous orders)
  • administration and troubleshooting

This will typically be a combination of information that you provide to us (typically, name, password (or equivalent)) and information that we collect automatically (for example, information about your device, and cookies and similar tracking technologies).

We use it on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of our products; where we administer your account to update you on our products or where we suggest orders that might be suitable for you, we are supporting business development and so we use it on the grounds that we have a legitimate business interest to market our products that is not overridden by your interests, rights and freedoms to protect information about you, and so on.

Business analytics and improvements

  • allowing us or our business partners to inform you of potential opportunities to get involved in promoting PMI products
  • for business analytics and improvements (including for PMI products, systems, processes, offices, outlets that sell PMI products, training, events, digital PMI touchpoints and the information that we (or our affiliates) provide to you, your employer or our customers)

This will typically be a combination of information that you provide to us; information that we collect automatically; and (where permitted by law) information that we acquire from third parties.

We use it on the grounds that we have a legitimate business interest to analyze and to improve our business performance, our products, systems, processes, offices, outlets, training, events, PMI touchpoints and the information we provide and to invite others to get involved in promoting PMI products, that is not overridden by interests, rights and freedoms to protect information about you.

Where we do not base our use of information about you on one of the above legal bases, we will ask for your consent before we process the information (these cases will be clear from the context).

In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

Who do we share your information with, and for what purposes?

We may share information about you with:

Sharing data with other PMI affiliates

Details of PMI affiliates and the countries in which they are established are available here

Sharing data with Third Parties

Where might information about you be sent?

As with any multinational organisation, PMI affiliates transfer information globally. Accordingly, information about you may be transferred globally (if your information is collected within the European Economic Area, this means that your information may be transferred outside it).

When using information as described in this notice, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards.

PMI affiliates within the European Economic Area (“EEA”) will transfer personal information to PMI affiliates outside the EEA. For example, to facilitate the operation of a global business. In all cases, the transfer will be:

In all cases, appropriate security measures for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.

How do we protect information about you?

We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.

How long will information about you be kept?

We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

Typically, we retain data based on the criteria described in the table below:

Type Explanation/typical retention criteria
  • information relating to managing the commercial relationship with the trader (trader using digital touchpoints and contactable)
Most of the information in your trader profile is kept for the duration of our trader relationship with you. However, some elements of your profile, such as your history of completed tasks, your prize redemption history, or your purchase history, naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them.
  • information relating to managing the commercial relationship with the trader (trader inactive on digital touchpoints)
This scenario is the same as above, save that you have ceased to use the digital touchpoint for a long period (typically 2 years), we will remove your access to the digital platform and delete the records we still have relating to your use of it (unless it falls within another purpose of processing, such as records of your orders). The reason is that in these circumstances, we assume you would prefer not to use the digital platform.
  • trader (not contactable)
If you are registered with us as a trader, but the information you give us to contact you doesn’t work, we will retain your information for a period of typically only 6 months to allow you to return and correct it.
  • trader (incomplete registrations)
If you commence registering yourself as a trader, but do not complete the process, we will not retain your data at all.
  • business and payment records
We keep records of invoices, sales, purchases, payments made and received and supporting documents (such as contracts and e-mails) in accordance with company and tax requirements, typically 11 years. We also keep records of checks carried out on suppliers for as long as we are required to comply with our legal and regulatory obligations.
  • visitor records
If you visit our buildings, visitor records are retained typically for a period of three years.
  • CCTV
If you visit our buildings, CCTV records retained typically for a period of only a few days, up to a few weeks, depending on the specific purpose for the recording.
  • market researc
If you are not registered in our database, and we use publicly available information about you in order to understand the market or your preferences, we will retain the information about you for a short period in order to perform the particular item of market research.
  • purchases and warranty
If you purchase goods, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes). If you also register for a warranty for a PMI product, we will retain details of this for so long as relevant to the warranty.
  • customer care

If you contact customer care, we will make a record of the matter (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if you need us to advise you on how to use a digital touchpoint, or if your recent enquiries are relevant. Other records relevant to customer care (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made, and will be retained only temporarily.
  • system audit logs
System audit logs are retained typically for a period of only a few months.
  • business analytics
Business analytics data is typically collected automatically when you use PMI touchpoints and anonymised/aggregated shortly afterwards.

What rights and options do you have?

You may have some or all of the following rights in respect of information about you that we hold:

We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive or by using the contacts in the paragraph “who should you contact with questions?” at the end of this notice.

Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.

The rights you have depend on the laws of your country. If you are in the European Economic Area, you will have the rights set out in the table below. If you are elsewhere, you can contact us (see the paragraph “who should you contact with questions?” at the end of this notice) to find out more.

Right in respect of the information about you that we hold Further detail (note: certain legal limits to all these rights apply)
  • to request us to give you access to it
This is confirmation of:
  • whether or not we process information about you;
  • our name and contact details;
  • the purpose of the processing;
  • the categories of information concerned;
  • the categories of persons with whom we share the information and, where any person is outside the EEA and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the information;
  • (if we have it) the source of the information, if we did not collect it from you;
  • (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
  • the criteria for determining the period for which we will store the information.
On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others).
  • to request us to rectify or update it
This applies if the information we hold is inaccurate or incomplete.
  • to request us to erase it
This applies if:
  • the information we hold is no longer necessary in relation to the purposes for which we use it;
  • we use the information on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all information about you in which case we will respect your wishes);
  • we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it;
  • the information was unlawfully obtained or used; or
  • to comply with a legal obligation.
  • to request us to restrict our processing of it
This right applies, temporarily while we look into your case, if you:
  • contest the accuracy of the information we use; or
  • have objected to our using the information on the basis of legitimate interest
(if you make use of your right in these cases, we will tell you before we use the information again).
This right applies also if:
  • our use is unlawful and you oppose the erasure of the data; or
  • we no longer need the data, but you require it to establish a legal case.
  • to object to our processing it
You have two rights here:
  1. if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
  2. if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
  • to withdraw your consent to our using it
This applies if the legal basis on which we use the information about you is consent. These cases will be clear from the context.
  • to data portability
If:
  1. you have provided data to us; and
  2. we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,
then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so.
  • to lodge a complaint with the supervisory authority in your country
Each European Economic Area country must provide for one or more public authorities for this purpose.
You can find their contact details here:
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
For other countries please consult the website of your country’s authority.

Country-specific additional points

According to which country you are in, you may have some additional rights.

If you are in France...

Who should you contact with questions?

If you have any questions, or wish to exercise any of your rights, please notify your Philip Morris representative. Contact details will also be given in any communications that a PMI affiliate sends you.

If your country has a data protection authority, you have a right to contact it with any questions or concerns. If the relevant PMI affiliate cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.

Changes to this notice

We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of the changes where required by law to do so.