This communication is for the information of tobacco traders only. This product is not risk free. For adult use only. HEETS are specifically designed to be used with IQOS.
This website contains content that is intended for tobacco traders over the age of 18 only.
Are you a tobacco trader over the age of 18?
This site is designed for retailers onlyReturn to previous screen
This communication is for the information of tobacco traders only. These products are not risk free and are addictive. For adult use only. HEETS are specifically designed to be used with IQOS.
We take privacy seriously. This notice tells you who we are, what information about you we collect, and what we do with it.
We have a commercial relationship with you or your employer, for example, because you or your employer sell, promote or distribute PMI products (or support those activities). This notice provides you with details of the information we collect about you in connection with our relationship and how we use that information.
We are Philip Morris Limited, 10 Hammersmith Grove, London, W6 7AP, United Kingdom, and we are a member of Philip Morris International. Our details will have been given to you separately at the time of the collection of information about you, for example, in a notice on an app or a website, in an e-mail, or in a contract between us, containing a link to this notice.
In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical (for example, PMI offices, retail outlets and events), and digital (for example, e-mail correspondence, apps and websites). We may collect information that you provide directly. Typically this will happen when you:
We may collect information about you automatically. Typically this will happen when you:
Where permitted by law, we may acquire information about you from third parties. This may include information shared between PMI affiliates, publicly-available profile information (such as your preferences and interests) on third party social media sites (such as LinkedIn, Facebook and Twitter), and marketing lists acquired from third party marketing agencies.
We may also collect information in other contexts made apparent to you at the time.
We may collect various types of information about you:
Information that we collect from you directly will be apparent from the context in which you provide it. For example:
In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not use information about you for those purposes in that country. Subject to the above, we use information about you for the following purposes:
The legal basis for our use of information about you is one of the following:
The purposes for which we use information about you, with corresponding methods of collection and legal basis for use, are:
|Purpose||Method of collection and legal basis for Processing|
Comply with regulatory obligations
This information is generally provided to us by you directly.
We use it because it is necessary for us to comply with a legal obligation to trade only with adults and to run our business in a compliant way (including in relation to company law and tax compliance), keep financial and tax records, comply with trade sanctions, comply with health and safety laws (which may include keeping records of incidents), produce reports, comply with requests for information from competent authorities and manage any conflicts of interest, or, in countries where there is no such legal obligation, because we have a legitimate business interest to trade only with adults and to run our business in accordance with good practice requirements that is not overridden by your interests, rights and freedoms to protect information about you.
Sell our products
This information is generally provided to us by you directly or via your employer as applicable (typically, name, role, address, e-mail address, payment information, correspondence).
We use it to discharge our contractual obligations to you or your employer as a buyer of our products.
Provide sales-related services
This information is generally provided to us by you directly or via your employer.
We use it because we have a legitimate business interest in providing sales-related services to you or your employer that is not overridden by your interests, rights and freedoms to protect information about you.
Business promotion and relationship management(where permitted by law)
This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology to monitor use of PMI touchpoints) and (where permitted by law) information that we acquire from third parties (such as public social media posts).
We use it on the grounds that we have a legitimate business interest to manage our relationship and tell you about our business, products and events, to operate PMI touchpoints, and to customize your experiences, in these ways that is not overridden by your interests, rights and freedoms to protect information about you.
Business promotion and relationship management (where permitted by law)
This will typically be a combination of information that you provide to us (for example, your name and contact details, your social media handles); information that we collect automatically (for example, using cookies and similar technologies) and (where permitted by law) information that we acquire from third parties (such as public social media posts).
We use it on the grounds that we have a legitimate business interest to inform you about these things that is not overridden by your interests, rights and freedoms to protect information about you.
In certain countries, where required by law, we will send you these materials in electronic format only with your consent.
This information is generally provided to us by you directly or via your employer.
We use it because we have a legitimate business interest to run our business, manage our relationship with you or your employer and maintaining the security and integrity of our buildings and IT systems that is not overridden by your interests, rights and freedoms to restrict use of information about you.
Security and systems monitoring
This information is collected automatically through various means such as automated systems and device monitoring, and CCTV recording and audio recording of some telephone calls at our premises.
We use it because we have a legitimate business interest in ensuring the confidentiality, integrity and security of our physical and digital infrastructure and premises that is not overridden by your interests, rights and freedoms to protect information about you.
This will typically be a combination of information that you provide to us (typically, name, password (or equivalent)) and information that we collect automatically (for example, information about your device, and cookies and similar tracking technologies).
We use it on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of our products; where we administer your account to update you on our products or where we suggest orders that might be suitable for you, we are supporting business development and so we use it on the grounds that we have a legitimate business interest to market our products that is not overridden by your interests, rights and freedoms to protect information about you, and so on.
Business analytics and improvements
This will typically be a combination of information that you provide to us; information that we collect automatically; and (where permitted by law) information that we acquire from third parties.
We use it on the grounds that we have a legitimate business interest to analyze and to improve our business performance, our products, systems, processes, offices, outlets, training, events, PMI touchpoints and the information we provide and to invite others to get involved in promoting PMI products, that is not overridden by interests, rights and freedoms to protect information about you.
In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.
We may share information about you with:
Details of PMI affiliates and the countries in which they are established are available here.
As with any multinational organisation, PMI affiliates transfer information globally. Accordingly, information about you may be transferred globally (if your information is collected within the European Economic Area, this means that your information may be transferred outside it).
When using information as described in this notice, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards. PMI affiliates within the European Economic Area (“EEA”) will transfer personal information to PMI affiliates outside the EEA. For example, to facilitate the operation of a global business. In all cases, the transfer will be:
In all cases, appropriate security measures for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.
We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.
Typically, we retain data based on the criteria described in the table below:
|Type||Explanation/typical retention criteria|
|information relating to managing the commercial relationship with the trader (trader using digital touchpoints and contactable)||Most of the information in your trader profile is kept for the duration of our trader relationship with you. However, some elements of your profile, such as your history of completed tasks, your prize redemption history, or your purchase history, naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them.|
|information relating to managing the commercial relationship with the trader (trader inactive on digital touchpoints)||This scenario is the same as above, save that you have ceased to use the digital touchpoint for a long period (typically 2 years), we will remove your access to the digital platform and delete the records we still have relating to your use of it (unless it falls within another purpose of processing, such as records of your orders). The reason is that in these circumstances, we assume you would prefer not to use the digital platform.|
|trader (not contactable)||If you are registered with us as a trader, but the information you give us to contact you doesn’t work, we will retain your information for a period of typically only 6 months to allow you to return and correct it.|
|trader (incomplete registrations)||If you commence registering yourself as a trader, but do not complete the process, we will not retain your data at all.|
|business and payment records||We keep records of invoices, sales, purchases, payments made and received and supporting documents (such as contracts and e-mails) in accordance with company and tax requirements, typically 11 years. We also keep records of checks carried out on suppliers for as long as we are required to comply with our legal and regulatory obligations.|
|visitor records||If you visit our buildings, visitor records are retained typically for a period of three years.|
|CCTV||If you visit our buildings, CCTV records retained typically for a period of only a few days, up to a few weeks, depending on the specific purpose for the recording.|
|market research||If you are not registered in our database, and we use publicly available information about you in order to understand the market or your preferences, we will retain the information about you for a short period in order to perform the particular item of market research.|
|purchases and warranty||If you purchase goods, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes). If you also register for a warranty for a PMI product, we will retain details of this for so long as relevant to the warranty.|
|customer care||If you contact customer care, we will make a record of the matter (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if you need us to advise you on how to use a digital touchpoint, or if your recent enquiries are relevant. Other records relevant to customer care (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made, and will be retained only temporarily.|
|system audit logs||System audit logs are retained typically for a period of only a few months.|
|business analytics||Business analytics data is typically collected automatically when you use PMI touchpoints and anonymised/aggregated shortly afterwards.|
You may have some or all of the following rights in respect of information about you that we hold:
We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive or by using the contacts in the paragraph “who should you contact with questions?” at the end of this notice.
Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.
The rights you have depend on the laws of your country. If you are in the European Economic Area, you will have the rights set out in the table below. If you are elsewhere, you can contact us (see the paragraph “who should you contact with questions?” at the end of this notice) to find out more.
|Right in respect of the information about you that we hold||Further detail (note: certain legal limits to all these rights apply)|
|to request us to give you access to it||
This is confirmation of:
|to request us to rectify or update it||This applies if the information we hold is inaccurate or incomplete.|
|to request us to erase it||
This applies if:
|to request us to restrict our processing of it||
This right applies, temporarily while we look into your case, if you:
|to object to our processing it||
You have two rights here:
(i) if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and
(ii) if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection.
|to withdraw your consent to our using it||This applies if the legal basis on which we use the information about you is consent. These cases will be clear from the context.|
|to data portability||
(i) you have provided data to us; and
(ii) we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you,
then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so.
According to which country you are in, you may have some additional rights.
If you are in France, you have the right to give us instructions regarding information we hold about you in the event of your death (specifically, whether we should store or delete it, and whether others should have the right to see it). You may:
(A) issue general instructions to a digital service provider registered with the French data protection supervisory authority (called “CNIL”) (these instructions apply to all use of information about you); or (B) give us specific instructions that apply only to our use of information about you.
Your instructions may require us to transfer information about you to a third party (but where the information contains information about others, our obligation to respect also their privacy rights might mean that we can’t follow your instructions to the letter). You may appoint a third party to be responsible for ensuring your instructions are followed. If you do not appoint a third party in that way, you successors will (unless you specify otherwise in your instructions) be entitled to exercise your rights over information about you after your death:
(i) in order to administer your estate (in which case your successors will be able to access information about you to identify and obtain information that could be useful to administer your estate, including any digital goods or data that could be considered a family memory that is transferable to your successors); and
(ii) to ensure that parties using information about you take into account your death (such as closing your account, and restricting the use of, or updating, information about you).
You may amend or revoke your instructions at any time. For further information on the processing of information about you in the event of your death, see Article 40-1 of the law 78-17 dated 6 January 1978. When you die, by default, you will stop using your account and we will delete information about you in accordance with our retention policies (see the paragraph “How long will information about you be kept?” for details).
If you have any questions, or wish to exercise any of your rights, please notify your Philip Morris representative. Contact details will also be given in any communications that a PMI affiliate sends you.
If your country has a data protection authority, you have a right to contact it with any questions or concerns. If the relevant PMI affiliate cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
We may update this notice (and any supplemental privacy notice), from time to time. We will notify you of the changes where required by law to do so.
Last modified 27 March 2018.