Privacy Policy

Vape Lyfe Ltd Privacy Policy

Welcome to the privacy notice for Vape Lyfe Ltd.

Vape Lyfe Ltd respects your privacy and is committed to protecting your personal data. This notice explains how we look after your personal data when you visit www.zombievapes.co.uk (regardless of where you visit from), and tells you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can jump to specific sections:

  • Important Information & Who We Are

  • The Data We Collect About You

  • How Your Personal Data Is Collected

  • How We Use Your Personal Data

  • Disclosures Of Your Personal Data

  • International Transfers

  • Data Security

  • Data Retention

  • Your Legal Rights

  • Glossary

1) Important Information & Who We Are

Purpose of this Privacy Notice

This notice gives you information on how Vape Lyfe Ltd collects and processes your personal data through your use of www.zombievapes.co.uk, including any data you provide when you create an account, sign up to our newsletter, or purchase a product.

Our website and products are not intended for anyone under 18 and we do not knowingly collect data relating to persons under 18.

Please read this notice together with any other privacy or fair processing notices we may provide on specific occasions. This notice supplements those and is not intended to override them.

Controller

Vape Lyfe Ltd is the controller and responsible for your personal data (collectively referred to as “Vape Lyfe”, “we”, “us” or “our” in this notice).

We have appointed a data privacy manager responsible for questions about this notice. To exercise your rights or ask questions, please contact us using the details below.

Contact Details

Legal entity: Vape Lyfe Ltd
Website: www.zombievapes.co.uk
Email: info@zombievapes.co.uk
Postal address: Vape Lyfe Ltd, 11 Middlewich Road, Sandbach, Cheshire, CW11 1DH, United Kingdom

You have the right to make a complaint at any time to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk. We would appreciate the chance to address your concerns before you contact the ICO, so please reach out to us first.

Changes to this notice & your duty to inform us

Last updated: 7 September 2025.
Please keep us informed if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, plug-ins and applications (e.g., review platforms or payment providers). Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit.

2) The Data We Collect About You

“Personal data” means any information about an individual from which that person can be identified. It does not include anonymous data.

We may collect, use, store and transfer different kinds of personal data about you, including:

  • Identity Data: first name, last name, title, date of birth, age-verification results, account identifiers.

  • Contact Data: billing and delivery addresses, email address, telephone numbers.

  • Transaction Data: details about products you purchased, returns/refunds, and order history.

  • Technical Data: IP address, login data, browser type/version, time zone, browser plug-ins, operating system/platform, device identifiers.

  • Usage Data: information about how you use our website and services.

  • Marketing & Communications Data: your preferences for receiving marketing and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data by law if it does not directly or indirectly reveal your identity. If we combine or connect Aggregated Data with your personal data so it can identify you, we treat the combined data as personal data.

We do not collect Special Categories of Personal Data (e.g., health, ethnicity, religious beliefs, biometric data) or information about criminal convictions/offences.

If you fail to provide personal data

Where we need to collect personal data by law (e.g., to verify you are over 18) or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract (e.g., fulfil your order). If so, we may have to cancel a product or service, but we will notify you at the time.

3) How Your Personal Data Is Collected

We use different methods to collect data, including:

  • Direct interactions: You may provide Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or via our website. This includes when you:

    • create an account or place an order

    • subscribe to our newsletter

    • request marketing to be sent to you

    • give feedback or contact customer support

  • Automated technologies or interactions: As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns via cookies, server logs and similar technologies (see “Cookies” below).

  • Third parties or publicly available sources: We may receive personal data about you from analytics providers (e.g., Google Analytics), payment and delivery providers (e.g., PayPal, card processors, couriers), fraud/identity/age-verification providers, and publicly available sources (e.g., Companies House, electoral register).

4) How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use it:

  • to perform a contract with you (e.g., process and deliver your order)

  • where necessary for our legitimate interests (and your interests and fundamental rights do not override those interests)

  • to comply with a legal or regulatory obligation

We generally do not rely on consent as a legal basis other than for sending direct email marketing, where required. You may withdraw consent at any time by contacting us or using unsubscribe links.

Purposes for which we will use your data (summary)

  • Register you as a new customer (contract).

  • Process and deliver orders, including payments, fees and charges; collect and recover money owed (contract; legitimate interests).

  • Manage our relationship, e.g., notify you about changes to terms or privacy policy (contract; legal obligation).

  • Enable participation in promotions, prize draws, surveys (contract; legitimate interests).

  • Administer and protect our business and website (troubleshooting, data analysis, testing, maintenance, support, reporting, hosting) (legitimate interests; legal obligation).

  • Deliver relevant content/ads and measure effectiveness (legitimate interests).

  • Use analytics to improve our site, products/services, marketing, and customer experiences (legitimate interests).

  • Make recommendations about goods/services that may interest you (legitimate interests).

Marketing

You will receive marketing from us if you have requested information or purchased goods and have not opted out. You can opt out at any time using the unsubscribe link in emails or by contacting info@zombievapes.co.uk.

Cookies

You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may not function properly. We use necessary and analytical cookies to understand site usage and improve performance. Our “remember me” feature (if enabled) uses a cookie to facilitate automatic login—avoid using this on shared devices.

Change of purpose

We will only use your personal data for the purposes we collected it for unless we reasonably consider we need to use it for another compatible purpose. If we need to use it for an unrelated purpose, we will notify you and explain the legal basis.

5) Disclosures of Your Personal Data

We may share your personal data with:

  • Internal recipients within Vape Lyfe Ltd who need access to perform their roles.

  • External service providers acting as processors (e.g., hosting, IT support, analytics, marketing platforms, payment processors, age/identity verification, couriers).

  • Professional advisers (lawyers, bankers, auditors, insurers).

  • HMRC, regulators and authorities where required.

  • Third parties to whom we may sell, transfer, or merge parts of our business. If this happens, the new owner may use your personal data in the same way as set out in this notice.

We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our processors to use your personal data for their own purposes and only permit processing for specified purposes and in accordance with our instructions.

6) International Transfers

Where we use service providers located outside the UK/EEA, we will ensure appropriate safeguards are in place (e.g., adequacy decisions or standard contractual clauses) to protect your personal data. Details are available on request.

7) Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed unauthorisedly, altered or disclosed. Access is limited to those employees, agents, contractors and other third parties who have a business need to know and are subject to confidentiality obligations.

We have procedures to deal with any suspected personal data breach and will notify you and the ICO where legally required.

8) Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting or reporting requirements.

To determine retention, we consider the amount, nature and sensitivity of the data, potential risk of harm from unauthorised use or disclosure, the purposes of processing and whether we can achieve those purposes by other means, and legal requirements.

By law, we may need to keep basic information (Identity, Contact, Financial, Transaction Data) for six years after you cease being a customer for tax purposes.

In some circumstances you can ask us to delete your data (see “Your Legal Rights” below). We may anonymise your data (so it can no longer identify you) for research or statistical purposes; in that case we may use this information indefinitely without further notice.

9) Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data.

  • Request correction of the personal data we hold about you.

  • Request erasure of your personal data.

  • Object to processing where we rely on legitimate interests (including profiling) and for direct marketing.

  • Request restriction of processing.

  • Request transfer of your personal data (data portability).

  • Withdraw consent at any time (where we rely on consent).

If you wish to exercise any of these rights, please contact info@zombievapes.co.uk.

No fee usually required. You will not have to pay a fee to exercise your rights, but we may charge a reasonable fee or refuse to comply if your request is unfounded, repetitive or excessive.

What we may need. We may need to request specific information to confirm your identity and ensure your right to access your data (or exercise your other rights). This helps ensure personal data is not disclosed to anyone who has no right to receive it.

Time limit to respond. We aim to respond to all legitimate requests within one month. It may take longer if your request is particularly complex or you have made a number of requests; we will notify you and keep you updated.

10) Glossary

Lawful Basis

  • Legitimate Interest: Our interest in conducting and managing our business to give you the best service/product and a secure experience, balanced against your rights and interests.

  • Performance of Contract: Processing your data where necessary to perform a contract with you or to take steps at your request before entering such a contract.

  • Comply with Legal/Regulatory Obligation: Processing where necessary for compliance with a legal/regulatory obligation.

Third Parties (examples)

  • Service providers (UK/overseas): cloud hosting, website support, analytics, marketing platforms, age/identity verification, payment gateways (e.g., PayPal/card processors), and couriers.

  • Professional advisers (UK): lawyers, bankers, auditors, insurers.

  • Authorities (UK): HMRC, regulators and law-enforcement where required.

Contact us
Questions about this notice or your data? Email info@zombievapes.co.uk or write to Vape Lyfe Ltd, 11 Middlewich Road, Sandbach, Cheshire, CW11 1DH, United Kingdom.