Privacy policy

Stand: September 2025
Responsible person: vexvape.com

This privacy policy informs you about the type, scope and purpose of the processing of personal data on our website vexvape.com. We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations.

1. data collection and processing

1.1 Personal data

We collect and process the following personal data from you:

Master data:

  • Full name (first name and surname)
  • E-mail address
  • Telephone number
  • Complete postal address (street, postcode, city, country)

Processing purposes:

  • Proper processing of your orders
  • Secure shipping of e-cigarette products and accessories
  • Professional customer service and support
  • Age verification in accordance with legal requirements

Legal basis: The processing is carried out for the fulfilment of a contract (Art. 6 para. 1 lit. b GDPR) and for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR).

1.2 Automatically collected data

Each time you visit our website, technical information is automatically collected:

Technical data:

  • Device type and operating system
  • IP address (anonymised after 24 hours)
  • Browser type and version
  • Access times and dwell time
  • Pages and subpages accessed
  • Referrer URL (previous website)

Processing purposes:

  • Optimisation of the user experience and website performance
  • Ensuring IT security and system stability
  • Adherence to legal regulations and compliance
  • Detection and defence against cyber attacks

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in the proper functioning and security of our website.

2. purposes of data processing

2.1 Contract processing and fulfilment

  • Order processing: Receipt, checking and processing of your product orders
  • Product delivery: Coordination and realisation of secure shipping
  • Customer service: Answering enquiries, complaint handling and technical support
  • Payment processing: Coordination with payment service providers for secure transactions

2.2 Customer communication

  • Order-related communication: Status updates, dispatch notifications, delivery confirmations
  • Product information: Important information on purchased products and their safe use
  • Marketing communication: Information about new products, special offers and promotions (only with your consent)
  • Safety messages: Important information on product safety or recalls

2.3 Service optimisation and analysis

  • Website optimisation: Analysis of user behaviour to improve user-friendliness
  • Product development: Evaluation of customer feedback for product range expansion
  • Quality assurance: Monitoring and improving our services

3. transfer of data to third parties

3.1 Permitted transfer

Your personal data will only be passed on to third parties in the following cases:

Contractual partners and service providers:

  • Logistics company: DHL, UPS, DPD for product delivery
  • Payment service provider: PayPal, Stripe and others for secure payment processing
  • IT service provider: Hosting providers and technical service providers (under order processing contracts)

Legal obligations:

  • In the event of official enquiries or court orders
  • To fulfil retention obligations under tax and commercial law
  • In the prosecution of criminal offences or administrative offences

Corporate transactions:

  • In the event of a merger, takeover or sale of parts of the company
  • When business areas are transferred to third parties

3.2 Principle of data minimisation

No disclosure without a legal basis: Your data will never be passed on or sold without your express consent or legal basis.

4. data security

4.1 Technical protective measures

We use modern security technologies to protect your data:

  • SSL/TLS encryption: Secure data transmission for all sensitive processes
  • Firewall systems: Protection against unauthorised access and cyber attacks
  • Regular safety assessments: Continuous review and improvement of safety measures
  • Access control: Strict restriction of data access to authorised employees

4.2 Organisational measures

  • Employee training: Regular data protection and security training
  • Data protection impact assessments: Assessment of risks for new processing activities
  • Incident response plan: Structured procedures for dealing with security incidents

4.3 Note on Internet communication

Despite all security measures, absolute security cannot be guaranteed when transmitting data via the Internet. We recommend that you also take appropriate precautions.

5. your rights as a data subject

You have the following rights under the GDPR:

5.1 Right to information (Art. 15 GDPR)

You have the right to receive information about the personal data processed by us at any time, including the processing purposes and recipients.

5.2 Right to rectification (Art. 16 GDPR)

You can demand the immediate correction of incorrect or the completion of incomplete personal data.

5.3 Right to erasure (Art. 17 GDPR)

You have the right to erasure of your personal data, provided that there are no statutory retention obligations to the contrary.

5.4 Restriction of processing (Art. 18 GDPR)

Under certain circumstances, you can request the restriction of the processing of your data.

5.5 Data portability (Art. 20 GDPR)

You have the right to receive your data in a structured, machine-readable format.

5.6 Right to object (Art. 21 GDPR)

You can object to the processing of your data at any time on grounds relating to your particular situation.

5.7 Revocation of consent

You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out until the revocation.

6. cookies and tracking technologies

6.1 Use of cookies

Our website uses cookies and similar technologies:

Technically required cookies:

  • Session cookies for the shopping basket function
  • Security cookies to protect against CSRF attacks
  • Preference cookies for language settings

Analysis and marketing cookies:

  • Only with your express consent
  • To improve the website experience
  • For personalised advertising and offers

6.2 Cookie management

You can manage cookies in your browser settings:

  • Complete deactivation: Possible, but may impair website functions
  • Selective control: Via our cookie banner or the browser settings
  • Automatic deletion: Configuration of automatic deletion when closing the browser

7 Special provisions

7.1 Protection of minors and age verification

Age limit: Our products and services are intended exclusively for persons aged 18 and over. In some areas, stricter age limits apply (21 years).

No data collection from minors: We do not knowingly collect personal data from persons under the age of 18.

Immediate measures: If we become aware of data of minors, these will be deleted immediately and completely.

Mandatory reporting: Parents and legal guardians can contact us at any time if they suspect that we are processing the data of their underage children.

7.2 International data transfers

When using service providers outside the EU, we use suitable guarantees (standard contractual clauses, adequacy decisions) to ensure that an appropriate level of data protection is guaranteed.

8. changes to this privacy policy

8.1 Updating procedure

  • This privacy policy may be updated due to legal changes or new business processes
  • Significant changes are published prominently on our website
  • In the event of significant changes, affected users will be informed by e-mail

8.2 Version control

  • The date of the last update can be found at the beginning of this declaration
  • Earlier versions are available on request

8.3 Recommendation

We recommend that you check this privacy policy regularly to stay informed of any changes.

9. contact and complaint options

9.1 Data protection contact

For all questions regarding data protection or the exercise of your rights, please contact:

e-mail: datenschutz@vexvape.com
Subject: Data protection enquiry
Response time: Within 30 days

9.2 Supervisory authority

You have the right to complain to a data protection supervisory authority about our processing of personal data. You can find the supervisory authority responsible for us in the public directories.

9.3 Out-of-court dispute resolution

In the event of data protection complaints, various arbitration bodies are available to you before legal action is taken.

This privacy policy was last updated on September 2025.

If you have any questions or concerns about data protection, please do not hesitate to contact us at any time.