This notice supplements the information contained in our online Privacy Policy and describes additional rights provided to residents of the European Economic Area (EEA) under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) with regard to the personal information Bidi Vapor, LLC (“Data Controller”, “we,” “us,” or “our”) collects and processes, either online or offline.
The GDPR requires that we inform you of the legal bases we rely on to process your personal data (referred to herein and in our Privacy Policy as “personal information”). Personal information means any information about an identified or identifiable natural person. The legal bases for processing are set forth below.
The servers where personal information is stored may be located in the United States and/or other countries that have not been deemed by the European Commission to provide an adequate level of protection for personal information. In addition, we may share personal information with service providers and third parties located outside of the EEA. In particular, the servers where we store the data gathered through any of our websites are located in the United States – meaning that when you use our websites you also explicitly consent to the data being gathered, kept and further processed in the United States.
We will keep your personal information in a form which permits us to identify you as a data subject for no longer than is necessary for the purposes for which the personal information was gathered, and in all cases no longer than until you withdraw your consent (in cases where consent is the legal basis for processing of data) or object to processing your data (in cases when you have such a right and we cannot demonstrate compelling legitimate grounds to keep processing your personal information).
The GDPR provides residents of the EEA certain rights with respect to their personal information. You may:
You can exercise these rights by sending an email to privacy@bidivapor.com with a description of your request. We will endeavor to fulfill your request to exercise these rights, but we may have legal grounds or obligations to reject your request. We will respond within one month after we have verified that you are the data subject or are authorized to make the request on behalf of the data subject. If necessary, we may extend our response time by an additional two months to respond properly, but we will notify you if that is the case within one month.
If we decide not to fulfill your request, we will tell you the reasons why. If you disagree with our response to your request, you have the right to lodge a complaint with a data protection regulator in Europe. Should you have any concerns, we request that you contact us first so we can investigate, and hopefully resolve, your concerns.