Privacy Policy

We understand that most people don’t read privacy policies unless they have a reason to. Still, if you’re sharing your personal information with us, your name, address, maybe your date of birth, you deserve to know exactly how it’s used. Here, we try to explain it clearly and honestly.

We are Ma Vapour, a vape shop out of North Wales. We sell legally to adults in the UK. We ask for the information we need to send your order, reply to your emails, and occasionally let you know about something useful, if you've said you want that. We don’t watch, profile, or pester.

This policy covers anyone who visits our site, places an order, opens an account, or gets in touch for any reason at all. If you're here, this applies to you. And if there’s anything in here that feels muddy, write to us. We’ll explain it properly.

Who We Are

We trade under the name of Criska Limited and we’re based at 11 Cefn Rd, Old Colwyn, Colwyn Bay, LL29 9PN. The shop, the website, the shipping, everything is run from the UK and built for UK customers. If you're browsing from abroad, you're welcome to look, but we're not set up to serve you just yet. Orders placed from outside the UK won’t be processed. We don’t deliberately collect overseas data either.

Under UK law, we’re the "data controller," which means we’re responsible for looking after your personal data. That’s not just a box-ticking job for us. It matters that we handle it properly. If you need to ask anything, the email address is Ma Vapour email.

What Information We Collect

We don’t hoard data just for the sake of it. The only reason we collect your information is that the shop cannot function without it. If you’re buying something, we need your name, your address, a way to contact you, and a record of what you ordered. If you’re opening an account, we need a login. If you write to us, we keep the message in case we need to follow up or sort something out.

Some technical information gets collected automatically when you land on the site, data like your IP address, what browser you’re using, that kind of thing..
We’ve listed the types of data we might end up with, depending on what you do:

  • Your name, date of birth, and title: That helps us identify you, and more importantly, confirm you’re legally old enough to buy what we sell.
  • Billing and delivery addresses: We need to know where to send your order.
  • Email and phone number: To confirm orders, send tracking info, or sort out any issues.
  • Login details, if you’ve created an account: Your password is encrypted. Only you know it.
  • Purchase history: What you’ve bought, when, and how often.
  • Any messages you’ve sent: Whether by email, web form, or social media.
  • Technical data like your IP address and browser type: Collected when you visit the site.
  • Your preferences around marketing: And whether you've opened or clicked any of our emails.

That’s the list. There is no fishing going on for personal beliefs, medical background, or anything intimate. If something sensitive turns up in a message, we don’t file it away. It gets deleted.

How We Collect It

Most of your data comes directly from you. When you fill out a form, place an order, make an account, or send us a message, you’re choosing to give us certain details. We only collect what we need to make things work.

Some data gets picked up automatically. That’s typical of how websites operate. For example, our server may log your IP address when you visit, along with some basic info about your browser and device. It helps us keep the website running properly.

We’re not currently using cookies for advertising or behavioural tracking. If we do add any third-party tools like that, we’ll make it clear and give you the option to say no.

Why We Collect Your Data

There are a few different reasons we might need to hold onto your data, and they usually fall into one of three categories: we need it to do what you’ve asked us to do, we’re legally required to have it, or it helps us run the shop better without stepping on your rights.
Here are the main ways your information might be used:

  • To take and dispatch your order
  • To manage your account, if you’ve set one up
  • To make sure you're old enough to legally buy vape products
  • To reply to your emails or messages
  • To send updates about your order or account
  • To let you know if something changes in our terms or privacy policy
  • To spot technical issues or make the site easier to use
  • To meet legal requirements, like keeping tax records

If you’ve signed up for marketing, we’ll use your contact details to send the kinds of updates you’ve asked for. That might include product news, special offers, or general shop updates. Nothing too frequent. You can unsubscribe whenever you like.

We don’t use your data for profiling or any kind of automated decision-making. No algorithms are deciding anything about you here.

Age Verification

UK law doesn’t allow us to sell vape products containing nicotine to anyone under 18. We take this requirement seriously. At checkout, you’ll be asked to confirm that you’re over 18. That’s a basic step, but it’s not the only one.

If we have any reason to doubt the age given or if your order raises a red flag, we may follow up by asking for ID. This could be a passport, driving licence, or another recognised form of identification. If we can’t confirm your age, we won’t be able to complete the sale, and we’ll let you know straight away.

We do not knowingly collect any data from individuals under the age of 18. If we discover that we have mistakenly done so, we will delete the data promptly.

Our Legal Grounds for Processing

The law says we need a valid reason to collect and use your personal data. The reasons we rely on are listed in the UK General Data Protection Regulation.
Here’s how that applies to us:

  • When you buy something from us, we need your details to complete the transaction. That falls under what’s called a contractual obligation.
  • For things like age verification and tax compliance, we are required by law to collect and hold certain pieces of information.
  • Sometimes we have a legitimate interest in using your data, such as protecting against fraud, improving customer service, or understanding how people use our website.
  • If you’ve chosen to sign up for marketing, we rely on your consent. You can withdraw it at any time.
  • We don’t use consent as a cover for other forms of data use. Where consent is the basis, we ask for it clearly and only use your information for that purpose.

Who Has Access to Your Information

We don’t sell your data. We don’t rent it. We don’t give it to anyone for their own advertising. But to get your order to you or to run our website, we do sometimes need to share limited information with service providers we work with.
These include:

  • Please note that we only accept payments via bank-issued debit or credit cards
  • Delivery companies, such as Royal Mail or DPD, to send your order
  • Web developers and hosting services who manage the website’s performance
  • Age verification providers, if and when we use them in the future

Any company we work with is required to treat your information confidentially. They can’t use it for anything other than the task we’ve hired them for. If we’re ever required to share data by law or by a court order, we will do so, but only under those circumstances.

Marketing and Communication Preferences

If you sign up to receive updates from us, we’ll send you occasional emails about new products, discounts, or other shop-related news. We try to keep things relevant and not overdo it. You’ll always have control over whether you receive these messages.

You can unsubscribe by clicking the link at the bottom of any marketing email or by contacting us directly. We’ll process the change as soon as possible and make sure you’re no longer contacted for promotional reasons.

Even if you opt out of marketing, you’ll still get emails related to your orders or important changes to your account.

Cookies and Tracking Tools

At the time of writing, we don’t use advertising or analytics cookies. The website uses a small number of essential cookies to keep your shopping cart working and your login secure, but that’s about it.

If, in the future, we decide to introduce tools that use additional cookies or track your visit to our website, we’ll update this section accordingly. You’ll also be given the choice to accept or decline tracking when you visit the website. We won’t collect extra data without your permission.

How We Keep Your Data Secure

Security is our top priority. We store your data on secure servers, and we use SSL encryption to protect information sent through our website.

Your password is encrypted using strong algorithms. Staff access to data is limited and based on role, and we don’t allow third parties to view it without a clear purpose and strict safeguards.

We monitor our systems for vulnerabilities and update them regularly. While no system is 100 per cent immune to breaches, we do everything we reasonably can to prevent problems and respond quickly if and when they happen.

How Long Do We Keep Your Information

We don’t hold on to your data indefinitely. The amount of time we keep it depends on what the data is and why we collected it in the first place.

Order information is retained as long as your account is active and in accordance with applicable tax laws. In line with the UK GDPR, personal data is only kept for as long as necessary to fulfil the original purpose for which it was collected.

Customer service messages are stored for a reasonable time in case we need to refer back to them.

Marketing preferences are stored until you ask us to remove them.

If you close your account or ask us to delete your data, we will remove it unless we’re legally required to keep it. In some cases, we may anonymise certain data so it can be used for business reporting without identifying you.

Your Rights

You have the right to know what personal data we hold about you and what we’re doing with it. You can ask us to correct it, delete it, or send you a copy. You can also object to how we use it or ask us to stop using it in certain ways.

To make a request, contact us at (info@mavapour.co.uk) We aim to respond within one month. If your request is complicated or unusually large, we might need a little more time, but we’ll keep you informed.

If you’re unhappy with how we handle your data, you can also raise a complaint with the Information Commissioner’s Office at www.ico.org.uk.

Contact Us

For anything to do with this policy or your personal data, you can reach us at:

info@mavapour.co.uk

We trade under the name of Criska Limited

11 Cefn Rd, Old Colwyn, Colwyn Bay, LL29 9PN, United Kingdom

Opening times:

Mon to Fri 9-6pm

Saturday 9- 5pm

Sunday 10-4pm

Updates to This Policy

We may update this policy from time to time if laws change or if we change how we handle data. Any updates will be posted on this page. If the change is significant, we may also notify you directly.

We recommend checking this page occasionally to stay informed.