1. What does this Privacy Statement cover?
This Privacy Statement explains how JTI Ireland Limited (“we” or “JTI”) use Personal Data we collect through Nordicspirit.ie and when you place an order in accordance with Terms and Conditions of Sale [insert the HYPERLINK]. “Personal Data” is information about living individuals from which you or another person is identifiable.
Personal Data may be provided to us by you directly or by a third party.
2. Personal Data we hold
Personal Data we may hold and process includes:
|Type of Personal Data||Examples|
|Contact information||Name, address, business address, email and telephone number, confirmation that contacts are over 18 years of age.|
|Telephone recordings||Recordings of telephone calls|
|Marketing preferences, marketing activities and customer feedback||Marketing preferences or responses to voluntary customer satisfaction surveys|
|Online activity information||We may receive Personal Data about you when you use the Website; this may include your IP address and other online identifiers (to the extent that they are Personal Data), and other Personal Data that you provide to us online.|
|Supplemental information from other sources||We and our service providers may supplement the Personal Data we collect with information obtained from other sources (for example, publicly available information, third party commercial information sources, and information from our business partners)|
3. How we use Personal Data
We use Personal Data to carry out our business activities. The main purposes include using Personal Data to:
3.1 communicate with you (including in respect of Statement issues and your order/purchase);
3.2 provide our products and services;
3.3 improve the quality of our products and services (for example, for this purpose we may record or monitor phone calls);
3.4 carry out research and analysis, including analysis of our customer base and other individuals whose Personal Data we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business;
3.5 conduct competitions for entry and communicate with winners;
3.6 provide marketing information in accordance with preferences you have told us about (marketing information may be about products and services offered by our third party partners subject to your preferences where we obtain your consent);
3.7 personalise your experience when you use the Website including by identifying you to anyone to whom you send messages through the Website;
3.8 manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; data and Website hosting; data analytics; business continuity; records management; document management; and auditing;
3.9 manage complaints, feedback and queries;
3.10 comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to public health and Nicotine Pouches, comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence); and
3.11 establish and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our Terms and Conditions of Sale; and pursue available remedies or limit our damages.
4. Sharing of Personal Data
In connection with the purposes described above, we may need to share your Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them). These third parties may include:
|Type of third party||Examples|
|Our service providers||External third party service providers, such as security professionals, auditors and other professional advisors; IT systems, marketing agents, support and hosting service providers; advertising, marketing and market research, and data analysis service providers; and other third party vendors and outsourced service providers and group companies that assist us in carrying out business activities.|
|Government authorities and third parties involved in court action||We may also share Personal Data with: (a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.|
|Other third parties||Group companies of JTI.|
5. Processing of Personal Data
Due to the global nature of our business, for the purposes set out above we may, from time to time transfer Personal Data to parties (including Group companies) located in other countries (countries that have data protection regimes which are different to those in the EU, including countries which have not been found by the European Commission to provide adequate protection for Personal Data).
We may transfer information internationally to our service providers, business partners and government or public authorities.
When making these transfers, we will take steps to ensure that your Personal Data is adequately protected and transferred in accordance with the requirements of data protection law.
This may involve the use of data transfer agreements in the form approved by the European Commission or another mechanism recognised by data protection law as ensuring an adequate level of protection for Personal Data transferred outside the EEA (for example, the standard contractual clauses).
For further information about these transfers and to request details of the safeguards in place, please contact us using the details below.
6. Security of Personal Data
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us.
7. Legal justification for our use of Personal Data
To comply with the law, we need to tell you the legal justification we rely on for using your Personal Data for our purposes.
JTI uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Data secure.
While the law provides several legal justifications, the table below describes the main legal justifications that apply to our purposes for using Personal Data.
|Purposefor use of Personal Data||
Legal Justifications for use of Personal Data
|Consent||Needed to perform a contract with you or to enter into a contract with you or a contract to which you are a party||Needed to comply with legal requirements||In our legitimate interests or those of a relevant third party|
|To communicate with you||✔
e.g. for marketing purposes and to contact you in relation to this Privacy Statement issues, and to respond to your queries or feedback
e.g. collection of contact details of customers,
e.g. contact details of consumers, contacting you for ordering, marketing and this Privacy Statement purposes
|To provide products and services||✔||✔|
|To improve the quality of our products and services, for training, and to maintain information security||✔|
|To manage commercial risks||✔||✔||✔|
|To carry out research and analysis||✔||✔|
|To provide marketing information||✔
(where we obtain your consent)
(where we give you a right to object)
|To personalise your experience when using the Website||✔
This includes cookie use
|To manage our business operations and IT infrastructure||✔||✔|
|To manage complaints, feedback and queries||✔||✔||✔||✔|
|To comply with applicable laws and regulations||✔
e.g. personal data required for, confirmation of customer details and age for compliance with public health and legislation on e-cigarettes category; data disclosed in the context of legal proceedings or orders
|To establish and defend legal rights||✔||✔||✔|
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Data, our legitimate interests will usually be as set out in the table above and below:
7.1 pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing where we obtain your consent);
7.2 compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out age gating or preventing, detecting or investigating fraud);
7.3 improvement and development of our business operations and service offering, or those of a third party;
7.4 analysing competition in the market for our services (for example, by carrying out research, including market research).
8. Recording and monitoring communications
We may record telephone calls with you so that we can:
8.1 improve the standard of service that we provide by providing our employees with feedback and training;
8.2 address queries, concerns or complaints;
8.3 analyse and manage other commercial risks; and
8.4 comply with our legal and regulatory obligations.
In addition, we monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:
(a) identifying and dealing with inappropriate communications; and
(b) looking for and removing any viruses, or other malware, and resolving any other information security issues.
9. Retention of Personal Data
We will keep Personal Data for as long as is necessary for the purposes for which we collect it.
Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
Where we hold Personal Data in order to provide a product or service, we will keep the information for at least as long as we provide the product or service, and for a number of years thereafter. The number of years varies depending on the nature of the product or service provided and will be retained for a longer period in the event of legal or prospective legal proceedings.
For further information about the period of time for which we retain your Personal Data, please contact us using the details below
10. Personal Data Rights?
The following is a summary of the data protection rights available to individuals in the EEA in connection with their Personal Data. These rights may only apply in certain circumstances and are subject to certain legal exemptions.
|Description||When is this right applicable?|
|Right of access to Personal Data
You have the right to receive a copy of the Personal Data we hold about you and information about how we use it.
|This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).|
|Right to rectification of Personal Data
You have the right to ask us to correct Personal Data we hold about you where it is incorrect or incomplete.
|This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).|
|Right to erasure of Personal Data
This right entitles you to request that your Personal Data be deleted or removed from our systems and records. However, this right only applies in certain circumstances.
|Examples of when this right applies to Personal Data we hold include (subject to certain exemptions):
|Right to restrict processing of Personal Data
You have the right to request that we suspend our use of your Personal Data.
Where we suspend our use of your Personal Data we will still be permitted to store your Personal Data, but any other use of this information will require your consent, subject to certain exemptions.
|You can exercise this right if:
|Right to data portability
This right allows you to obtain your Personal Data in a format which enables you to transfer that Personal Data to another organisation.
You may have the right to have your Personal Data transferred by us directly to the other organisation, if this is technically feasible.
|This right will only apply:
|Right to object to processing of Personal Data
You have the right to object to our use of your Personal Data in certain circumstances. However, we may continue to use your Personal Data, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Data in connection with any legal claims.
|Right to withdraw consent to processing of Personal Data
Where we have relied upon your consent to process your Personal Data, you have the right to withdraw that consent.
|This right only applies where we process Personal Data based upon your consent.|
|Right to complain to the relevant data protection authority
If you think that we have processed your Personal Data in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator. If you live or work in an EEA member state, you may complain to the regulator in that state.
|This right applies at any time.|
If you wish to exercise your rights, please contact us using the details below.
11. Who to contact about your Personal Data
If you have any questions or concerns about the way your Personal Data is used by us, you can contact us by e-mail at: firstname.lastname@example.org
This Privacy Statement was last updated on 16th December 2020. We may review this Statement and make changes from time to time.
We review this Privacy Statement regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process Personal Data.
Get updates in
Get updates in