1. Information We Collect

When you interact with Candy Cloud, whether browsing our vaping devices, e-liquids, accessories, or placing an order, we may collect the following:

Understanding what personal data we collect is essential for transparency. Our privacy policy clearly outlines all categories of information we gather during your interactions with our website. This collection is necessary to provide you with excellent service, process your orders, and comply with legal obligations such as age verification (see our age policy for more details).

Personal Information

Personal information refers to any data that can identify you as an individual. We collect this information when you create an account, place an order, subscribe to our newsletter, or contact our support team. The personal data we collect includes:

• Full Name: Required for order processing, shipping labels, and account identification.
• Email Address: Used for order confirmations, shipping updates, marketing communications (with your consent), and account recovery.
• Billing and Shipping Address: Essential for processing payments and delivering your orders. We verify addresses to prevent fraud and ensure accurate delivery.
• Phone Number: Used for order updates, delivery coordination, and customer support communications.
• Payment Information: Credit/debit card details, PayPal account information, and other payment method data. Note that we do not store full payment card numbers on our servers; this information is processed securely through our payment gateway partners.
• Purchase History and Preferences: Records of your orders, product preferences (e.g., vape kits, e-liquids, coils, accessories), favorite items, and browsing behavior to personalize your shopping experience.
• Account Credentials: Username, password (encrypted), and security questions for account access and protection.
• Date of Birth: Required for age verification to comply with regulations regarding the sale of vaping products.

Non-Personal Information

Non-personal information cannot directly identify you but helps us understand how our website is used and improve user experience. This category includes:

• Browser Type and Version: Helps us optimize website compatibility and troubleshoot technical issues.
• Device Type and Operating System: Enables us to provide a responsive experience across desktop, tablet, and mobile devices.
• IP Address: Used for security purposes, fraud prevention, and geographic analysis. We may use IP addresses to detect suspicious activity and protect against unauthorized access.
• Cookies and Usage Data: Detailed information about how you interact with our website, including pages visited, time spent on pages, click patterns, and navigation paths. See our “Cookies and Tracking” section below for comprehensive details.
• Referral Sources: Information about how you arrived at our website (e.g., search engines, social media, direct links).
• Session Data: Temporary information stored during your browsing session, such as items in your shopping cart.

Special Categories of Data

Under GDPR, certain types of personal data are considered “special categories” and require additional protection. While we generally do not collect sensitive personal data, we may process information related to age verification for regulatory compliance. This processing is necessary to comply with legal obligations regarding the sale of age-restricted products. For more information, please review our age verification policy.

2. How We Use Your Information

We use the collected information to provide and improve our services at Candy Cloud. Our privacy policy ensures that all data processing is lawful, transparent, and purposeful. Below, we detail the specific purposes for which we use your personal information:

• Order Fulfillment: To process and deliver your products efficiently. This includes verifying your identity, processing payments, preparing orders for shipment, generating shipping labels, and coordinating with delivery partners. We use your shipping address to ensure accurate delivery and may contact you via phone or email if delivery issues arise. For details about our shipping practices, visit our delivery policy.
• Customer Support: To assist with inquiries, returns, or exchanges. When you contact our customer service team, we use your account information and order history to provide personalized assistance. This includes handling refunds, processing returns (see our return policy), resolving disputes, and answering product questions. We maintain records of customer communications to ensure continuity of service and quality improvement.
• Marketing: To send offers, promotions, and updates (you can opt out at any time). With your consent, we may send you marketing emails about new products, special offers, seasonal promotions, and company news. We use your purchase history and preferences to personalize these communications. You can unsubscribe at any time using the link in our emails or by contacting us directly. We never sell your information to third parties for marketing purposes.
• Payment Processing: To securely process transactions made on our website. We work with trusted payment processors to handle credit card transactions, PayPal payments, and other payment methods. Your payment information is encrypted and processed according to PCI DSS standards. We do not store full credit card numbers on our servers.
• Service Improvement: To enhance your shopping experience and website usability. We analyze usage data to understand how customers interact with our website, identify areas for improvement, and develop new features. This includes A/B testing, website optimization, and user experience research.
• Legal Compliance: To comply with applicable laws and regulations, including tax obligations, age verification requirements, and data protection laws. We may process your information to fulfill legal obligations, respond to legal requests, or protect our legal rights.
• Fraud Prevention: To detect and prevent fraudulent transactions, unauthorized access, and other security threats. We use various security measures, including IP address analysis, device fingerprinting, and transaction monitoring, to protect both you and our business.
• Account Management: To create and manage your account, authenticate your identity, and provide access to account features such as order history, saved addresses, and wish lists.

All data processing activities are conducted in accordance with our privacy policy and applicable data protection laws, including the GDPR for European customers. We only process personal data when we have a lawful basis, such as your consent, contractual necessity, legal obligation, or legitimate interest.

3. How We Protect Your Information

Candy Cloud prioritizes the security of your data. Our privacy policy reflects our commitment to implementing robust security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. We use a multi-layered approach to security that includes technical, administrative, and physical safeguards.

• Encryption: Sensitive data is protected using SSL (Secure Sockets Layer) and TLS (Transport Layer Security) technology. All data transmitted between your browser and our servers is encrypted using industry-standard encryption protocols. This ensures that your personal information, including payment details and login credentials, cannot be intercepted by unauthorized parties during transmission.
• Secure Payment Gateways: Payments are processed through trusted providers that comply with PCI DSS (Payment Card Industry Data Security Standard) requirements. We work with reputable payment processors that use tokenization and encryption to protect payment information. We never store full credit card numbers on our servers.
• Regular Monitoring: We routinely assess our website for vulnerabilities through automated scanning, penetration testing, and security audits. Our security team monitors for suspicious activity, unauthorized access attempts, and potential data breaches. We have incident response procedures in place to quickly address any security issues.
• Access Controls: We implement strict access controls to ensure that only authorized personnel can access personal data. Employees are granted access on a need-to-know basis and are required to use strong passwords and multi-factor authentication. All access is logged and regularly reviewed.
• Data Backup and Recovery: We maintain regular backups of our systems to protect against data loss. Backups are encrypted and stored securely. We test our recovery procedures regularly to ensure we can quickly restore services in the event of a system failure.
• Secure Infrastructure: Our servers and databases are hosted on secure, monitored infrastructure with firewalls, intrusion detection systems, and other security measures. We work with hosting providers that maintain high security standards and compliance certifications.
• Employee Training: Our staff receives regular training on data protection, security best practices, and privacy policy compliance. We ensure that all employees understand their responsibilities regarding personal data handling.

We aim to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for residents of Ireland and the EU. Our privacy policy is designed to meet GDPR requirements, and we regularly review and update our practices to ensure ongoing compliance. For more information about GDPR, visit the European Commission’s data protection website.

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you become aware of any security vulnerability or data breach, please contact us immediately at sales@yourcandycloud.com.

4. Cookies and Tracking Technologies

Candy Cloud uses cookies to enhance your experience. Cookies are small files stored on your device that help us remember your preferences and improve functionality. Our privacy policy explains how we use cookies and similar tracking technologies to provide you with a better shopping experience while respecting your privacy choices.

What are cookies? Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow the website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies are widely used to make websites work more efficiently and provide information to website owners.

Types of Cookies We Use

Our website uses several types of cookies, each serving a specific purpose. We categorize cookies based on their function and duration:

• Essential Cookies: These cookies are strictly necessary for the website to function properly. They enable core functionality such as security, network management, and accessibility. Essential cookies are used for features like maintaining your shopping cart, remembering your login status, and processing secure transactions. Without these cookies, services you have requested cannot be provided. These cookies do not require your consent as they are necessary for the website to operate.
• Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They allow us to recognize and count the number of visitors, see how visitors move around the site, and understand which pages are most popular. This information helps us improve website functionality, user experience, and content. Analytics cookies may be set by third-party services such as Google Analytics.
• Marketing Cookies: These cookies are used to track visitors across websites to display relevant advertisements. They are also used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Marketing cookies may be set by advertising networks with our permission. They remember that you have visited our website and may share this information with other organizations such as advertisers.
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. Functional cookies remember choices you make (such as language preferences, region, or username) and provide enhanced, more personalized features.
• Session Cookies: These are temporary cookies that are deleted when you close your browser. They are used to maintain your session while you browse the website, such as keeping items in your shopping cart.
• Persistent Cookies: These cookies remain on your device for a set period or until you delete them. They are used to remember your preferences and settings for future visits.

Third-Party Cookies

In addition to our own cookies, we may also use various third-party cookies to report usage statistics, deliver advertisements, and provide other services. These third-party cookies are subject to the privacy policies of the respective third parties. We do not control these cookies, and you should review the privacy policies of these third parties to understand how they use cookies.

Managing Cookies

You have the right to accept or reject cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. You can manage or disable cookies in your browser settings, but note that doing so may limit website functionality. If you choose to disable cookies, some features of our website may not work properly, including the ability to add items to your shopping cart or complete purchases.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org. You can also opt out of certain third-party cookies by visiting the Network Advertising Initiative’s opt-out page or the Digital Advertising Alliance’s opt-out page.

5. Sharing Your Information

Candy Cloud does not sell your personal information. Our privacy policy clearly states that we never sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information with trusted third-party service providers for specific purposes that are necessary to provide our services and improve your experience. All third-party sharing is conducted in accordance with our privacy policy and applicable data protection laws.

We carefully select and vet all third-party service providers to ensure they meet high standards for data protection and security. All third parties are contractually obligated to protect your information and use it only for the purposes we specify. They are not permitted to use your personal information for their own purposes.

• Payment Processing: To securely process your transactions, we share payment information with trusted payment processors such as PayPal, Stripe, and other payment gateway providers. These companies are PCI DSS compliant and use encryption and tokenization to protect your payment data. They process transactions on our behalf and are not permitted to use your information for any other purpose.
• Shipping Providers: To deliver your orders, we share your name, shipping address, and phone number with shipping carriers such as An Post, DPD, and other courier services. This information is necessary to generate shipping labels, track packages, and coordinate delivery. For more details about our shipping practices, see our delivery policy.
• Marketing Platforms: With your consent, we may share your email address and preferences with marketing platforms such as Mailchimp to send promotional emails, newsletters, and targeted advertisements. You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us directly.
• Website Analytics: We may share anonymized usage data with analytics providers such as Google Analytics to understand how visitors use our website and improve user experience. This data is aggregated and cannot identify you personally.
• Customer Support Tools: We may use third-party customer support platforms to manage inquiries and provide assistance. These platforms may have access to your account information and order history to help us serve you better.
• IT Service Providers: We work with IT service providers who help us maintain and secure our website, databases, and systems. These providers may have access to personal data as necessary to perform their services, but they are bound by strict confidentiality agreements.
• Legal and Professional Advisors: We may share information with our legal advisors, accountants, and other professional service providers when necessary for business operations or legal compliance.

We may also disclose information when required by law or in response to valid legal processes. This includes responding to court orders, subpoenas, or other legal requests from government authorities. We may also disclose information if we believe it is necessary to protect our rights, property, or safety, or that of our customers or others. In such cases, we will only disclose the minimum amount of information necessary to comply with the legal requirement.

In the event of a business transfer, such as a merger, acquisition, or sale of assets, your personal information may be transferred to the new owner. If such a transfer occurs, we will notify you and provide information about your rights regarding your personal data.

6. Your Rights and Choices

As a customer of Candy Cloud, you have rights regarding your personal data, particularly under GDPR. Our privacy policy is designed to ensure you have full control over your personal information. We are committed to helping you exercise these rights and will respond to your requests promptly and transparently.

What are the 4 elements of privacy? Privacy rights typically encompass four key elements: (1) the right to know what data is collected, (2) the right to access your data, (3) the right to correct inaccurate data, and (4) the right to delete your data. Our privacy policy addresses all these elements and provides you with comprehensive control over your personal information.

• Right of Access: You have the right to request a copy of the personal information we hold about you. This includes information about what data we collect, how we use it, and who we share it with. We will provide this information in a clear, structured format within one month of your request (or two months for complex requests).
• Right of Rectification: You have the right to request corrections to inaccurate or incomplete data. If you notice any errors in your account information, order history, or other personal data, please contact us and we will update it promptly. You can also update much of your information directly through your account settings.
• Right of Erasure (Right to be Forgotten): You have the right to request that we delete your data, subject to certain conditions. We will delete your personal information if it is no longer necessary for the purposes for which it was collected, if you withdraw consent, or if you object to processing and there are no overriding legitimate grounds. However, we may retain certain information if we have a legal obligation to do so (e.g., for tax records, order history for warranty purposes).
• Right to Restrict Processing: You have the right to request that we limit how we use your personal data in certain circumstances. For example, if you contest the accuracy of your data, you can request that we restrict processing until we verify the data’s accuracy.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. This right applies when processing is based on consent or contract and is carried out by automated means.
• Right to Object: You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.
• Right to Withdraw Consent: When processing is based on consent, you have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal. You can withdraw consent for marketing communications by using the unsubscribe link in our emails or contacting us directly.
• Right to Opt-Out of Marketing: You can opt out of marketing communications at any time. Use the “unsubscribe” link in our marketing emails, update your preferences in your account settings, or contact us directly at sales@yourcandycloud.com. We will process your opt-out request promptly and stop sending marketing communications within a reasonable timeframe.
• Right to Lodge a Complaint: If you have concerns about how we handle your data, you have the right to lodge a complaint with a supervisory authority. For customers in Ireland, this is the Irish Data Protection Commission. For customers in other EU countries, you can contact your local data protection authority. We encourage you to contact us first so we can address your concerns directly.

To exercise any of these rights, please contact us at sales@yourcandycloud.com or use our contact form. We will respond to your request within one month (or two months for complex requests) and may ask for verification of your identity to protect your privacy. There is no charge for exercising your rights, unless your request is manifestly unfounded or excessive.

If you have concerns about how we handle your data, you may lodge a complaint with the Irish Data Protection Commission or your local data protection authority. However, we encourage you to contact us first so we can address your concerns and resolve any issues.

7. Third-Party Links

Our website may include links to third-party sites, including social media platforms, payment processors, shipping providers, and other service providers. Candy Cloud is not responsible for the privacy practices of external sites. When you click on a third-party link, you will be directed to that third party’s website, which has its own privacy policy and terms of service.

We recommend reviewing the privacy policies of any third-party sites you visit. Our privacy policy only applies to information collected by Candy Cloud through our website and services. We do not control how third parties collect, use, or protect your information when you visit their websites or use their services.

Some third-party links on our website may include affiliate links or referral links. If you make a purchase through these links, the third party may collect information about your transaction. We encourage you to read the privacy policies of these third parties to understand how they handle your information.

If you have questions about how third parties handle your information, please contact them directly or review their privacy policies. We are not responsible for the content, privacy practices, or security of third-party websites.

8. Children’s Privacy

Candy Cloud does not knowingly collect personal information from individuals under the age of 18. Our products are age-restricted, and we have strict age verification procedures in place to prevent sales to minors. Our privacy policy reflects our commitment to protecting children’s privacy and complying with applicable laws regarding the collection of information from minors.

If you are under 18, please do not use our website or provide any personal information to us. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at sales@yourcandycloud.com, and we will delete such information promptly.

We use age verification systems to confirm that customers are of legal age to purchase our products. This may include requesting date of birth, government-issued identification, or using third-party age verification services. For more information about our age verification procedures, please see our age policy.

If we become aware that we have collected personal information from a minor without appropriate consent, we will take steps to delete that information as quickly as possible. We are committed to protecting children’s privacy and ensuring compliance with laws such as the Children’s Online Privacy Protection Act (COPPA) and GDPR provisions regarding children’s data.

9. International Transfers

Since Candy Cloud may serve customers internationally, your data may be processed on systems located outside Ireland and the European Economic Area (EEA). Our privacy policy addresses how we handle international data transfers to ensure your personal information is protected regardless of where it is processed.

When we transfer personal data outside the EEA, we take steps to ensure that appropriate safeguards are in place to protect your information. This may include:

• Standard Contractual Clauses: We may use standard contractual clauses approved by the European Commission to ensure that third parties outside the EEA provide adequate protection for your personal data.
• Adequacy Decisions: We may transfer data to countries that have been deemed by the European Commission to provide an adequate level of data protection.
• Certification Schemes: We may rely on certification schemes such as the EU-U.S. Privacy Shield Framework (where applicable) or other recognized frameworks that ensure adequate data protection.
• Consent: In some cases, we may transfer your data with your explicit consent after informing you of the risks and safeguards in place.

Where applicable, we take steps to ensure transfers comply with GDPR standards. We regularly review our data transfer practices and update our safeguards as needed to comply with evolving data protection laws and regulations.

If you have questions about international data transfers or would like more information about the safeguards we have in place, please contact us at sales@yourcandycloud.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. Our privacy policy is a living document that evolves with our business and the regulatory landscape. When we make changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

How to create a privacy policy? Creating a privacy policy involves several steps: (1) identify what data you collect, (2) explain how you use the data, (3) describe how you protect the data, (4) outline user rights, and (5) provide contact information. Our privacy policy follows these best practices and is regularly reviewed to ensure it remains accurate and comprehensive.

Material changes to our privacy policy will be communicated to you through prominent notices on our website or via email. We encourage you to review this privacy policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our website after changes are posted constitutes acceptance of the updated privacy policy.

If you do not agree with any changes to our privacy policy, you may stop using our services and request that we delete your personal information in accordance with your rights under GDPR. However, please note that we may need to retain certain information for legal or business purposes even after you stop using our services.

We maintain a version history of our privacy policy, and you can request access to previous versions if needed. For questions about changes to our privacy policy, please contact us at sales@yourcandycloud.com.

11. Contact Us

If you have questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us. Our privacy policy is designed to be transparent and accessible, and we are committed to addressing any questions or concerns you may have about how we handle your personal information.

Are you legally required to have a privacy policy? Yes, in many jurisdictions, including the European Union under GDPR, websites that collect personal information are legally required to have a privacy policy. Our privacy policy ensures compliance with these legal requirements and demonstrates our commitment to protecting your privacy.

Candy Cloud
Email: sales@yourcandycloud.com
Phone: +353 89 946 4278

For general inquiries, you can also use our contact form. If you have specific questions about data protection or wish to exercise your privacy rights, please email us with “Privacy Policy Inquiry” in the subject line. We aim to respond to all privacy-related inquiries within one month.

For more information about our services and policies, visit our about page, review our return policy, or check our delivery information. We also provide resources about CBD benefits and other wellness topics.

If you need to file a complaint about how we handle your personal data, you can contact the Irish Data Protection Commission or your local data protection authority. However, we encourage you to contact us first so we can address your concerns directly and work toward a resolution.