Privacy Policy

 

ASH Smoke Sales, LLC. (‘ASH’) is committed to protecting the privacy of all individuals who utilize the www.ashsmoke.com website (the “Site”). Please read the following policy to understand how we collect, use and safeguard the information you may provide to us via this Site. This Privacy Policy may be revised from time to time, so please revisit this page often to remain fully informed of our policies.


 


SECTION 1 – COMPLIANCE WITH SAFE HARBOR FRAMEWORK[(S)]

The United States Department of Commerce and each of the European Commission and Switzerland have agreed on a set of data protection principles regarding the collection, use, and retention of personal information to enable U.S. companies to satisfy European Union (EU) and Swiss law requirements for adequate protection of personal information transferred from the European Economic Area (EEA) and Switzerland to the United States (collectively, the “Safe Harbor Privacy Principles”). EP has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view EP’s certification, please visit http://export.gov.


 


 


SECTION 2 - WHAT INFORMATION DO WE COLLECT FROM YOU AND WHAT DO WE DO WITH IT?

Our online store is hosted on Squarespace. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Accordingly, when you submit personal information in connection with purchases made via the Site, such information is not collected by EP but rather is sent directly to Squarespace. When you purchase something from our store, as part of the buying and selling process, Squarespace collects the following personal information: your first name, last name, company name, mailing address and billing address, phone number, email address, purchase information, gender and credit card payment information. We also may keep interactions with our Customer Services Team, or visits to our website/store. Please see Section 4 for more information on Squarespace’s policies.


 


We collect information in the following circumstances:

When you register to or use our website

When you register to or use our in-store WIFI

When you allow social media sites to provide your data to us

When you enter any event, prize draws or competitions run by us

When completing any of our surveys or leaving us a review

When completing any forms for transactional, employment or other purposes

When you buy products or gift cards/vouchers

When you've given a third party permission to share with us the information they hold about you

The Site allows you to register with us for an account through the Create Account page on the Site. When you register for an account via the Site, you will be providing us with your first name, last name and email address. Such registration information enables us to make the purchase of products quicker and easier.


 


When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system, and your activity while using the Site. See Section 8 –COOKIES below, for information on technical information we collect as a result of your use of the Site and how we use such information.


 


In addition, the Site permits you to subscribe to our newsletter via the Subscribe page on the Site. With your permission, we may send you emails about our store, new products and other updates. In order to sign up to receive the newsletter, you need only provide us your email address. You may opt out of receiving our newsletter or other communications from us by following the opt-out link provided in any email received or by un-checking the applicable box on the Check Out page hosted by Squarespace.


The Site permits you to reach out to various ASH Smoke departments through email. Whenever you send us an email, you will be providing us with your email address and any information you choose to provide in the text of your message. For example, you may choose to provide your full name, mailing address or other information necessary or helpful for us to address your query or concern. Your personal information will be used to respond to your communications.


 


We use your personal data in the following ways:

To enable us to personalize your shopping experience on our sites.

To allow us to handle your orders, deliver products and process your payments and refunds (including to ensure secure payment and prevent fraud).

To respond to your questions, refund requests and complaints.

To keep a record of when and why you contact us and to keep your contact details up-to-date.

For statistical, analytical or survey purposes - so we can improve our websites and the services we offer you.

To enable third parties to carry out technical, logistical or other business functions on our behalf such as advertising on social media sites you might use and visit (our ability to do this will depend on the privacy settings you have on your social media accounts).

Where you are an existing customer (or you have otherwise given us your data) and have not opted out, or where you have consented, we use your data to send you information about our business and products we think you might like and to notify you of products or special offers that may be of interest to you.

To process your application when you enter a competition promotion or prize draw. (If there are other purposes specific to that competition promotion or prize draw, these will be explained in the applicable competition terms & conditions).

In order to help us manage our customer relationships, we use third party platforms. These platforms assist us to do lots of things, including: conduct email marketing campaigns, advertise online, undertake customer analytics, plan and put on events, fulfill orders, make deliveries, returns and refunds etc. We therefore pass on your personal data to these third parties, on the condition that they agree to handle your information in line with this notice.

 


Why are we allowed to handle and store your personal data?

There are a number of legal bases which allow us to use your personal data. The following sets out more detailed explanations of the bases we rely on to collect and process your personal data:


 


1. Consent

If you visit our site and are not an existing customer, or if you fill in any in-store materials, such as prize-draw entries, we might ask for your consent to process your data, so that we can send you our special offers and news.


 


2. Contractual obligations

Our primary use of this basis is when you purchase our products. In this situation it is necessary for us to process your personal data in order to fulfill your order and send your goods to you.


 


3. Legal compliance

In some circumstances, we may be legally required to collect and process your data e.g. to pass it on to the police if criminal activity is suspected.


 


4. Legitimate Interest

It may be necessary to use your data to help us run our business. For example, to action any changes to your account that you request, or to personalize the services we provide - with the aim of improving your customer experience. We will only use your data in these instances, where doing so does not materially impact your rights, freedom or interests.


 


How Long do we keep your personal data for?

We only keep your personal data for as long as we deem necessary for the purpose for which it was collected (subject to any legal requirements). Once it is no longer necessary, we will either delete the data, or anonymize it. The use of anonymized data helps us to optimize our customer service.


 


ACCESS TO YOUR INFORMATION/ACCURACY OF INFORMATION

You may obtain from us, by mail or email, the personal information contained in our records. We strive to maintain the accuracy of any personally identifiable information that may be collected from you, and will use our commercially reasonable efforts to respond promptly to update our database when you tell us the information in our database is not accurate. However, it is your responsibility to ensure that any personal information you provide to us via the Site is accurate, complete and up-to-date. If you wish to make any changes to any personal information you have provided to us, you may do so at any time by contacting us at info@ashsmoke.com .


 


SECTION 3 - CONSENT

How do you get my consent?


By using the Site and voluntarily providing us (or Squarespace) with your personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, subscribe to our newsletter or contact us via an email link on the Site or for other purposes, you consent to the collection and use of such personal information as described in this Privacy Policy (including, when you purchase products via the Site, consent to the collection and use of your information by Squarespace in accordance with Squarespace’s privacy policies).


 


If we ask for your personal information for a secondary reason, like marketing, or for a purpose incompatible with the purpose for which it was originally collected, we will either ask you directly for your expressed consent, or provide you with an opportunity to say “no.”


You have the right to correct any information we store which might be incorrect, incomplete, or out of date. You can do this yourself by logging into your account, or by contacting our Customer Services Team who will give you step-by-step advice on how to do this. You can contact them by emailing: info@ashsmoke.com


 


How do I withdraw my consent?

If we are processing your personal data on the basis of our legitimate interest, you have the right to ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.


You have the right at any time to stop us from sending you marketing material. You can do this in the following ways:


Click the 'unsubscribe' link in any email communication that we send you. We will then stop any further emails from that particular division.


Contact our Customer Services Team by emailing: info@ashsmoke.com or visit the link.


If you have an account, log into your account and change your preferences


You can unsubscribe from receiving push notifications by disabling the relevant options in your phone ‘settings'


Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.


Please note that if you follow a link which clicks through to a third party site, this notice will not apply and you will need to review that third party's privacy terms and conditions.


You have the right to ask us what data we hold which concerns you. Such requests are usually free, but we will ask you to submit your query in writing and include the following:


Full name (we will ask you to verify your identity)

Full address

Email address

Phone number

Specific details on what you require or are requesting

We will process your request and will either respond within 30 days, or contact you to gather more information before we fulfill your request. In the event that we might refuse to fulfill your request (for example if it is unreasonable), we will give a full explanation as to why.


Please submit your requests through the following channels: info@ashsmoke.com


 


What can you do if you are unhappy with how we handle your data?

Your first port of call should be to contact our Data Protection Officer as outlined above. However, if you still feel that your data is not being handled appropriately, you have the right to lodge a complaint with the Federal Trade Commission or Information Commissioner's Office. If you are outside of the US or UK, please contact the relevant data protection regulator in your country of residence.


 


SECTION 4 - Squarespace

Your data is stored through SquareSpace’s data storage, databases and the general Squarespace application. Squarespace uses your customers’ personal information to block certain transactions that appear to be fraudulent through automated decision-making. The information squarespace collects from you is governed by squarespace’s privacy policY (See: http://www.squarespace.com/privacy). According to such policies,


Squarespace protects credit card information according to the Payment Card Industry Data Security Standard (PCI-DSS), a set of security requirements managed by the PCI Security Standards Council, which is a joint effort of the payment brands, including Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by merchants and service providers. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. The description above is qualified in its entirety by the terms and conditions of Squarespace’s privacy policies, and you should review the policies posted on Squarespace’s site to be fully informed.


 


SECTION 5 – THIRD PARTY SERVICES; SHARING YOUR INFORMATION

We do not sell or rent your personally identifiable information to third parties. We share your information only with our affiliates and service providers or as otherwise described herein in order to provide you with our products and services.


We will do this in the following circumstances:


To process your order e.g. with delivery drivers, or with third party payment service providers

To handle complaints e.g. with our Customer Services call centre

To detect any fraudulent activity, or assist law enforcement authorities

To help us offer you a more personalised shopping experience by sending you offers and updates

When we share information with third parties, we will ensure that:

We only provide the data they need to perform their specific function

They only use the data provided as intended

They have the requisite measures in place to protect your data and delete it once the function has been performed, or delete it when we cease working with them

 


In general, our agreements with third party providers used by us require that they only use and disclose your information to the extent necessary to allow them to perform the services they provide to us.


 


Once you leave our Site or are redirected to a third party website or application, you are no longer governed by this Privacy Policy or our Site’s Terms of Service. For example, as noted above, you may be redirected to the sites of certain third party service providers, such as Squarespace and/or other payment gateways or payment transaction processors, in order to complete your product purchases. Such third party websites have their own privacy policies with respect to the information required for your purchase-related transactions and under no circumstances is EP responsible or liable for the third party’s compliance therewith.


 


The Site may also reference or provide links to other third party websites, such as advertisers. For these third parties, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.


 


In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.


As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the USA Patriot Act (P.L. 107-56).


 


Additionally, some of our partners and third parties who may receive your personal data are based outside of the European Economic Area. In such cases, we ensure that our partners are contractually-bound to protect your data to the same degree that is required in the European Union.


 


We may share aggregated, non-personally identifiable information gathered by us with then-current or potential business partners and/or advertisers to provide them with information about our Site, our visitors and our customers. In addition, we may disclose your personal information if we are required by law to do so, or may disclose such information in response to a request from a law enforcement agency or authority or any regulatory authority. We may also disclose your personal information (i) to protect the integrity or security of the Site or the interests, rights, or property of EP; or (ii) to enforce the Site’s Terms of Use.


 


SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow common industry practices to guard against such information being lost, misused, accessed, disclosed, altered or destroyed. We use security technologies and internal procedures to ensure that your data is kept safe and secure. Please be aware, however, that Internet data transmission and computer networks are not always secure and we cannot and do not guarantee that information you transmit utilizing the Site is secure.


 


SECTION 7 - COOKIES

In order to personalize and enhance your experience on the Site, we may also collect information through “cookies.” Cookies are small strings of text that are sent by the Site to your browser and then stored by your browser on your computer’s hard drive. We use cookies to help diagnose problems with our servers and to administer the Site. We also use cookies to gather broad demographic information and to help identify you in respect to visits to the Site so that we may improve your user experience, and to determine whether you visited the Site from a particular Internet link or advertisement. While a code in the cookie file enables the Site to label you as a particular user, including identifying you by name or other personally identifiable information, such cookie files are encrypted in order to protect your information. Most web browsers automatically accept cookies, but it is possible to change your browser setup so that it does not accept cookies. However, rejecting cookies may prevent you from taking advantage of certain portions of the Site. To help you determine whether you want to opt-out of cookies or not, below is a list of certain cookies that, as of the date of this Privacy Policy, we use. However, this list is subject to change.


session_id, unique token, sessional, Allows Squarespace to store information about your session (referrer, landing page, etc).

_Squarespace_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_Squarespace_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

_storefront_digest, unique token, indefinite, If the shop has a password, this is used to determine if the current visitor has access.

 


SECTION 8 – TRACKING

EP keeps track of the web pages our users visit within the Site, in order to determine what EP products are the most popular. Please note, however, we do not engage in the collection of personal information about your online activities over time and across third party websites or online services. Accordingly, we do not currently process or comply with any web browser’s “do not track” signal or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third party websites. Further, we have not knowingly authorized third parties to collect personally identifiable information about your online activities over time and across different websites when you use the Site.


 


SECTION 9 - AGE OF CONSENT

In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501-06 and 16 C.F.R. §§ 312.1-312.12, we do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register with us. If you are under 13, please do not attempt to register with the Site or send any information about yourself to us, including your name, address, mobile device number, or email address. By using this Site, you represent that (i) you are not under 13 years of age, and (ii) you are at least the age of majority in your state or province of residence.


 


SECTION 10 – EFFECTIVENESS; CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of March 26, 2019. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Site. If we make material changes to this policy, we will provide a special notice on our Site for a certain period of time so that you have the opportunity to educate yourself as to what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.


 


SECTION 11 - BUSINESS TRANSFER

Please also note that if we are acquired or merged with another company, your personal information and/or technical information we obtain from you via the Site may be disclosed to any potential or actual purchasers and/or may be transferred to the new owners so that we may continue to sell products to you.


 


SECTION 12 – UNRESOLVED PRIVACY COMPLAINTS

EP uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Safe Harbor Privacy Principles. In compliance with the Safe Harbor Privacy Principles, we endeavor to resolve all complaints about privacy and the collection or use of customer information. If you have questions about our participation in the Safe Harbor program or have a complaint, please send an e-mail to info@ashsmoke.com .


 


Under the Safe Harbor program, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the ICDR/AAA Safe Harbor Program, which is operated by the International Centre for Dispute Resolutions, the international division of the American Arbitration Association. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICDR/AAA Safe Harbor Program website at https://apps.adr.org/webfile for more information on how to file a complaint.by into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.