Privacy Policy
Your privacy matters to us
Last Updated: February 5, 2026
Table of Contents
- 1. Introduction
- 2. Accountability
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Consent
- 6. Limiting Collection
- 7. Disclosure to Third Parties
- 8. Data Retention
- 9. Accuracy
- 10. Security Safeguards
- 11. Your Privacy Rights
- 12. Cookies & Tracking
- 13. Electronic Communications (CASL)
- 14. Age Verification
- 15. Changes to This Policy
- 16. Contact Us
1. Introduction
Vapeshop Mania ("we," "us," "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make a purchase, or otherwise interact with our business.
This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and other applicable Canadian privacy laws.
By using our website or services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with these practices, please do not use our website or services.
PIPEDA Compliance
This policy adheres to PIPEDA's 10 Fair Information Principles: Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use/Disclosure/Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance.
2. Accountability
Vapeshop Mania is responsible for the personal information under our control. We have designated a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws.
Our Privacy Officer is responsible for:
- Implementing policies and procedures to protect personal information
- Establishing procedures to receive and respond to privacy complaints and inquiries
- Training staff on privacy obligations and proper handling of personal information
- Developing information to explain our policies and procedures
To contact our Privacy Officer, please see the Contact Us section below.
3. Information We Collect
We collect various types of personal information depending on how you interact with us. "Personal information" means any information about an identifiable individual.
Information You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Identity Information | Full name, date of birth | Account creation, age verification, purchases |
| Contact Information | Email address, phone number, mailing address | Account creation, checkout, contact forms |
| Payment Information | Credit/debit card details, billing address | Checkout (processed by secure payment processors) |
| Government ID | Driver's licence, passport, provincial ID | Age verification at delivery, in-store pickup |
| Communication Data | Emails, chat messages, phone call records | Customer support interactions |
Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device Information | IP address, browser type, operating system | Security, fraud prevention, website optimization |
| Usage Data | Pages visited, time spent, click patterns | Improving user experience |
| Location Data | General geographic location (from IP) | Compliance, shipping estimates |
| Cookies & Trackers | Session cookies, analytics identifiers | Website functionality, analytics |
Information from Third Parties
We may receive personal information from:
- Payment processors: Transaction confirmation and fraud indicators
- Age verification services: Verification results
- Shipping carriers: Delivery status and confirmation
4. How We Use Your Information
We identify the purposes for collecting personal information at or before the time of collection. We use your personal information only for the purposes identified below:
Order Fulfillment & Service Delivery
- Processing and fulfilling your orders
- Verifying your age as required by Canadian law
- Shipping products and providing delivery updates
- Processing payments and preventing fraud
- Providing customer support and responding to inquiries
- Managing returns, refunds, and exchanges
Legal Compliance
- Complying with age verification requirements for vape products
- Maintaining records as required by tax and business laws
- Responding to lawful requests from law enforcement or regulatory bodies
- Protecting our legal rights and preventing illegal activities
Business Operations
- Managing your account and preferences
- Analyzing website usage to improve our services
- Detecting and preventing security threats and fraud
- Administering promotions, contests, or surveys (with your consent)
Marketing Communications (With Your Express Consent)
- Sending promotional emails about products, sales, and offers
- Providing personalized product recommendations
- Notifying you about new products or services
Important
We will not use or disclose your personal information for purposes other than those for which it was collected, except with your consent or as required by law.
5. Consent
We obtain your consent before collecting, using, or disclosing your personal information, except where permitted or required by law. The form of consent we seek (express or implied) depends on the sensitivity of the information and your reasonable expectations.
Express Consent
We obtain your express consent (opt-in) for:
- Marketing and promotional communications
- Sharing your information with third parties for their marketing purposes
- Collection of sensitive personal information
- Uses of your information beyond what is necessary for your transaction
Implied Consent
We may rely on implied consent when:
- You voluntarily provide information for an obvious purpose (e.g., providing your address for shipping)
- You make a purchase or register an account
- The collection is clearly in your interest and consent cannot be obtained in a timely way
Withdrawing Consent
You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent:
- Marketing emails: Click the "unsubscribe" link in any email
- Account deletion: Contact us to delete your account
- Other purposes: Contact our Privacy Officer
We will inform you of the implications of withdrawing consent. Note that withdrawing consent may affect our ability to provide certain services to you.
6. Limiting Collection
We limit the collection of personal information to what is necessary for the purposes we have identified. We collect personal information by fair and lawful means.
We do not collect personal information indiscriminately. We only collect information that is directly related to:
- Fulfilling your orders and providing our services
- Complying with legal requirements (especially age verification)
- Communicating with you (with your consent for marketing)
- Improving our website and services
We do not collect personal information through deceptive means or purchase contact lists for marketing purposes.
7. Disclosure to Third Parties
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your personal information only as follows:
Service Providers
We share information with trusted third parties who assist us in operating our business:
| Service Provider Type | Purpose | Information Shared |
|---|---|---|
| E-commerce Platform (Shopify) | Host our online store, process orders | Account info, order details, payment data |
| Payment Processors | Process transactions securely | Payment details, billing address |
| Shipping Carriers (Canada Post) | Deliver your orders | Name, shipping address, phone |
| Age Verification Services | Verify legal age for purchase | Name, date of birth, ID verification |
| Email Service Providers | Send transactional and marketing emails | Name, email address |
All service providers are contractually required to protect your information and use it only for the services they provide to us.
Legal Requirements
We may disclose your information when required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Requests from law enforcement or regulatory authorities
- Protection of our legal rights or safety
- Investigation of suspected fraud or illegal activity
Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such change and your choices regarding your information.
Cross-Border Transfers
Some of our service providers may be located outside of Canada (e.g., in the United States). When your personal information is transferred outside Canada, it may be subject to the laws of those jurisdictions. We take steps to ensure that your information receives an adequate level of protection.
8. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Type of Information | Retention Period | Reason |
|---|---|---|
| Transaction Records | 7 years after transaction | Tax and accounting requirements |
| Age Verification Records | 7 years | Legal compliance, dispute resolution |
| Account Information | Duration of account + 2 years | Service provision, legal claims |
| Marketing Consent Records | Duration of consent + 3 years | CASL compliance records |
| Customer Support Records | 3 years | Service improvement, dispute resolution |
| Website Analytics | 26 months | Website optimization |
When personal information is no longer needed, we securely destroy, erase, or anonymize it.
9. Accuracy
We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date for the purposes for which it is used.
You can help us maintain accurate information by:
- Updating your account information when it changes
- Notifying us of any errors or outdated information
- Responding to our requests to verify your information
If you believe any information we hold about you is inaccurate, please contact us and we will correct it promptly.
10. Security Safeguards
We protect your personal information with security safeguards appropriate to the sensitivity of the information.
Technical Safeguards
- SSL/TLS Encryption: All data transmitted to and from our website is encrypted
- Secure Payment Processing: We use PCI-DSS compliant payment processors
- Firewalls & Intrusion Detection: Systems to prevent unauthorized access
- Data Encryption: Sensitive data is encrypted at rest
- Regular Security Updates: Systems are kept up-to-date with security patches
Organizational Safeguards
- Access Controls: Only authorized personnel can access personal information
- Staff Training: Employees are trained on privacy and security practices
- Confidentiality Agreements: Staff sign agreements to protect information
- Incident Response Plan: Procedures to address security breaches
Physical Safeguards
- Secure facilities for any physical records
- Controlled access to offices and storage areas
- Secure disposal of physical documents containing personal information
Breach Notification
In the event of a security breach involving your personal information that poses a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.
11. Your Privacy Rights
Under PIPEDA, you have important rights regarding your personal information:
Right of Access
Request access to the personal information we hold about you and receive a copy.
Right to Correction
Request correction of inaccurate or incomplete personal information.
Right to Know
Know how your information is collected, used, disclosed, and retained.
Right to Withdraw Consent
Withdraw your consent to collection, use, or disclosure at any time.
Right to Challenge Compliance
Challenge our compliance with privacy laws and file a complaint.
Right to Deletion
Request deletion of your account and personal information (subject to legal requirements).
How to Exercise Your Rights
To exercise any of these rights, contact our Privacy Officer using the information in the Contact Us section. We will respond to your request within 30 days. In complex cases, we may extend this by an additional 30 days with notice to you.
We may require you to verify your identity before processing your request. There is generally no fee for access requests, but we may charge a reasonable fee for requests that are manifestly unfounded or excessive.
Filing a Complaint
If you are not satisfied with our response to your concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:
- Website: www.priv.gc.ca
- Toll-Free: 1-800-282-1376
12. Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience on our website.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you use the site.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality (shopping cart, checkout, login) | Session / up to 1 year |
| Functional Cookies | Remember your preferences and settings | Up to 1 year |
| Analytics Cookies | Help us understand how visitors use our website | Up to 26 months |
| Marketing Cookies | Track effectiveness of our advertising (with consent) | Up to 1 year |
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to:
- See what cookies are stored and delete them individually
- Block third-party cookies
- Block all cookies from specific websites
- Block all cookies from being set
- Delete all cookies when you close your browser
Please note that blocking essential cookies may affect website functionality and your ability to make purchases.
13. Electronic Communications (CASL)
We comply with Canada's Anti-Spam Legislation (CASL) regarding commercial electronic messages.
Types of Communications
Transactional Messages: We will send you emails related to your purchases, including order confirmations, shipping updates, and customer service responses. These do not require consent under CASL.
Marketing Messages: We will only send you promotional emails, newsletters, or marketing messages if you have given us your express consent (opt-in).
Your Rights Under CASL
- We will not send commercial electronic messages without your consent
- Every marketing email includes clear identification of Vapeshop Mania as the sender
- Every marketing email includes our contact information
- Every marketing email includes a clear and easy unsubscribe mechanism
- We will process unsubscribe requests within 10 business days
Unsubscribing
You can unsubscribe from marketing communications at any time by:
- Clicking the "Unsubscribe" link at the bottom of any marketing email
- Contacting us directly at info@vapeshopmania.ca
- Updating your communication preferences in your account settings
Unsubscribing from marketing emails will not affect transactional communications related to your orders.
14. Age Verification
As a retailer of vaping products, we are legally required to verify that all customers are of legal age to purchase these products in their province or territory.
Legal Age Requirements
The legal age to purchase vaping products varies by province:
- 19 years: British Columbia, New Brunswick, Newfoundland and Labrador, Northwest Territories, Nova Scotia, Nunavut, Ontario, Prince Edward Island, Saskatchewan, Yukon
- 18 years: Alberta, Manitoba, Quebec
How We Verify Age
- At Purchase: Age confirmation checkbox during checkout
- At Delivery: Government-issued photo ID verification by the delivery carrier
- In-Store Pickup: Photo ID verification by our staff
Use of Age Verification Data
Information collected for age verification purposes is used solely for compliance with legal requirements. We do not use this information for marketing or other purposes. Date of birth information may be retained as required to demonstrate compliance with age verification laws.
Important
We do not knowingly collect personal information from individuals under the legal age for purchasing vaping products. If we learn that we have collected information from a minor, we will delete it immediately.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For significant changes, we will provide prominent notice (such as an email or website banner)
- We will obtain new consent where required by law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:
Privacy Officer
Vapeshop Mania
765 Cameron St Unit B
Hawkesbury, ON K6A 2B7
Canada
Email: info@vapeshopmania.ca
We are committed to working with you to resolve any concerns about your privacy. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.
Questions About Your Privacy?
Our team is here to help answer any questions about how we handle your information.