1. Scope and purpose
This policy explains how The Vape Desk Ltd collects, uses, stores, and protects personal data when adult users browse our guidance pages, submit contact requests, or engage support services. It is designed for transparency in the UK context and aligns our communication practices with lawful, proportionate processing principles.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
2. Data controller details
The data controller is The Vape Desk Ltd, registered in the United Kingdom, located at 42 Commercial Street, London E1 6LP, United Kingdom. For privacy enquiries, contact hello@thevapeshopdubai.com or call +44 20 7946 0831. VAT: GB472918365. Company Number: 12847392.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
3. Data we collect
We collect contact details you provide directly, including name, email, phone number, selected support plan, and message content. We may also collect non-identifying technical logs such as browser type and page request timestamps required for site operation and service continuity.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
4. How data is collected
Data is collected through website forms submitted voluntarily by adult users and through routine server-level logs generated by page requests. We do not use third-party behavioural ad trackers, external analytics pixels, or hidden profiling scripts on this site.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
5. Legal basis for processing
Primary legal bases include consent where you submit contact information for guidance, and legitimate interest where we maintain service quality, security, and response consistency. Processing is limited to necessary operational purposes tied to your request.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
6. Service delivery usage
Submitted details are used to triage your request, prepare relevant guidance, and deliver follow-up responses linked to your selected support tier. We do not use your message content to run unrelated marketing campaigns or automated ad audience expansion.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
7. Communication and retention
Contact records are retained for a limited operational period to maintain continuity and quality assurance. Typical retention is twelve months from last meaningful interaction unless legal or accounting obligations require longer storage. Data no longer needed is securely deleted.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
8. Data sharing boundaries
We do not sell personal data. We only share information with narrowly scoped service providers when necessary for secure communication or infrastructure maintenance, under contractual controls requiring confidentiality and appropriate technical safeguards.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
9. International transfers
Where infrastructure suppliers process data outside the UK, we apply suitable transfer safeguards and review vendor commitments to ensure equivalent protection standards. Transfer scope remains limited to necessary service operation contexts.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
10. Security measures
We apply layered security controls including access restriction, role-based handling, encrypted data transmission over HTTPS, and internal process discipline around request handling. Security is reviewed periodically and adjusted to current operational risk.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
11. Your rights
Subject to applicable law, you may request access, correction, deletion, processing restriction, or objection in specific circumstances. You may also request a copy of data you provided. We respond within lawful timelines and may verify identity before disclosure.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
12. Cookies and local storage
This site does not deploy behavioural advertising cookies or third-party remarketing tags. Essential technical storage may be used only where required for basic interface behaviour, such as menu state or form convenience in your active session.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
13. Adults-only service context
Our services are intended for adults. We do not knowingly solicit personal data from minors. If we become aware that non-adult information was submitted inappropriately, we take prompt steps to delete relevant records.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
14. Policy updates
We may update this policy to reflect legal, operational, or process changes. Material updates are published on this page with revised effective date language so users can review current terms before submitting new requests.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
15. Complaints and escalation
If you are dissatisfied with our response, contact us first so we can resolve concerns directly. You may also escalate through relevant UK supervisory channels where permitted under applicable data protection frameworks.
Where practical, we keep explanations in plain language so users understand exactly what information is processed, why it is processed, and how long it remains in controlled systems. This approach supports informed participation and reduces confusion often found in generic policy templates. We also cross-reference operational pages like contact, services, and pricing to keep policy context connected to real service flows.
Effective date: 2026-06-26.