EUROTRACE

Privacy Policy

Last Updated: May 15, 2024

1. Introduction

EUROTRACE ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tobacco product tracking and tracing system, website, and related services (collectively, the "Service").

We recognize the importance of maintaining the confidentiality of personal information and are committed to maintaining the privacy of our users in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable regulations.

Please read this Privacy Policy carefully. By accessing or using the Service, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. If you do not agree to this Privacy Policy, please do not access or use our Service.

2. Information We Collect

We collect information that is necessary to provide our tobacco tracking and tracing services in accordance with EU regulations and to optimize our business operations.

2.1 Information You Provide to Us

We may collect the following categories of information:

  • Account Information: When you create an account, we collect your name, email address, company name, job title, phone number, and password.
  • Business Information: Information about your business, including business address, VAT number, economic operator identifier code (EOID), facility identifier codes (FIDs), and machine identifier codes (MIDs).
  • Product Information: Data related to tobacco products, including unique product identifiers (UPUIs), aggregated unit identifiers (AUIs), product details, manufacturing information, and supply chain data.
  • User Content: Information you provide when you use our Service, such as when you fill out forms, respond to surveys, or communicate with our support team.
  • Payment Information: If you make purchases through our Service, we may collect payment information, including credit card numbers, billing addresses, and other financial account information. This information is processed by our payment processors, and we do not store complete credit card information on our servers.

2.2 Information We Collect Automatically

When you use our Service, we may automatically collect certain information, including:

  • Device Information: We collect information about the device you use to access our Service, including device type, operating system, browser type, IP address, and mobile device identifiers.
  • Usage Information: We collect information about how you use our Service, including the actions you take, the features you use, the time, frequency, and duration of your activities.
  • Log Information: Our servers automatically log information, including your IP address, browser type, operating system, referring/exit pages, and timestamps.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For more information, please see our Cookie Policy.

3. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing the Service: To operate, maintain, and provide you with all features of our tobacco tracking and tracing system, including compliance with EU regulations.
  • Regulatory Compliance: To comply with Articles 15 and 16 of the Tobacco Products Directive 2014/40/EU (TPD) and its implementing regulations, including transmitting required data to the EU secondary repository.
  • Account Management: To create and manage your account, provide customer service, process payments, and send administrative communications.
  • Improving the Service: To analyze, improve, and optimize our Service, develop new features, and ensure its technical functioning.
  • Security and Fraud Prevention: To protect the security and integrity of our Service, prevent fraud and unauthorized access, and enforce our Terms of Service.
  • Communication: To communicate with you about your account, respond to your inquiries, and provide technical support.
  • Analytics: To understand how users access and use our Service, and to measure the effectiveness of our Service and business strategies.
  • Marketing: With your consent, to send you marketing communications, newsletters, and promotional materials about our products and services.
  • Legal Obligations: To comply with legal obligations, resolve disputes, and enforce our agreements.

4. How We Share Your Information

We may share your information with third parties in the following circumstances:

4.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and storage providers
  • Payment processors
  • Customer support services
  • Analytics providers
  • Email and communication service providers
  • Security and fraud prevention providers

These service providers are authorized to use your information only as necessary to provide services to us and are required to maintain the confidentiality and security of your information.

4.2 EU Secondary Repository

As required by EU tobacco regulations, we transmit certain tracking and tracing data to the EU secondary repository operated by Dentsu International Switzerland AG (appointed by the European Commission). This data transmission is mandatory to comply with the technical specifications defined in Commission Implementing Regulation (EU) 2018/574.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

  • Enforce our Terms of Service and other agreements
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information and provide choices regarding your information.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Service. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

For tobacco traceability data, we adhere to the retention periods specified in EU tobacco regulations. According to Article 15(5) of the Tobacco Products Directive 2014/40/EU, records of relevant tobacco products must be maintained for a period of at least five years from the date of manufacture.

When we no longer need personal information, we will delete or anonymize it or, if this is not possible, we will securely store your personal information and isolate it from any further use until deletion is possible.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You may request access to your personal information and obtain a copy of the personal information we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal information we hold about you.
  • Erasure: You may request that we delete your personal information in certain circumstances.
  • Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
  • Data Portability: You may request to receive your personal information in a structured, commonly used, and machine-readable format.
  • Objection: You may object to our processing of your personal information in certain circumstances.
  • Withdraw Consent: If we process your personal information based on your consent, you may withdraw your consent at any time.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Employee training on data security and privacy
  • Physical and environmental security controls for our servers
  • Incident response procedures

8. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Whenever we transfer your personal information out of the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as using Standard Contractual Clauses approved by the European Commission or UK authorities.

9. Children's Privacy

Our Service is not directed to children under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact us to request deletion.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@eurotrace.com

Phone: +44 (0) 20 1234 5678

Address: EUROTRACE Ltd., 123 Compliance Street, London, EC1A 1BB, United Kingdom

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO at dpo@eurotrace.com.

13. Complaints

If you have a complaint about our use of your personal information, please contact us in the first instance, and we will try to resolve your complaint. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.