Privacy policy

Privacy Statement

B2B.PJCARROLL

Privacy Notice

INTRODUCTION

Welcome to B2B.PJCARROLL.IE This Privacy Notice explains what we do with your personal information when you are visiting https://b2b.pjcarroll.ie/ (“Website”) or making a purchase on the Website or by phone. It describes how we collect, use and process your personal information, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your rights.

The Website is intended for use by incorporated and non-corporate business customers only.

For the purpose of applicable data protection legislation, PJ Carroll and Company Limited (“we”, “our” or “us”) is the ‘controller’ of your personal information. This means we decide why and how your personal information is used and are responsible for protecting it. Please refer to the end of this notice for our contact and company information.

We may amend this Privacy Notice from time to time. Please visit this page regularly as we will post any changes here. Where appropriate, we may also notify you of the changes by email. Please see further the section Changes below.

If you are dissatisfied with any aspect of this Privacy Notice, you may have legal rights which we have described below where relevant.

CONTENTS

  1. Information we collect about you
  2. How we use your information
  3. Our legal basis for using your information
  4. Sharing your information with third parties
  5. Where we store your information
  6. How we safeguard your information
  7. How long we keep your information
  8. Your rights
  9. Changes
  10. How to contact us

1. INFORMATION WE COLLECT ABOUT YOU

When you use the Website or communicate with you by phone we collect and use information about you in the course of providing you with our products and services and with customer support. We may collect some or all of the information listed below to help us with this:

  • information that you submit online via the Website or to us over the phone, including your name, contact details, date of birth, age, details of the organisation for whom you work, login credentials and, if you are not a corporate purchaser, your bank details. We collect this in a number of ways, including when you register for a trade account with us and/or make a purchase online or offline;
  • information that you submit via any contact forms on the Website and any correspondence we have with you over email or phone;
  • details of transactions you carry out or orders you place through the Website or by phone;
  • details of your marketing preferences;
  • extra information that you choose to tell us; and
  • technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

We also automatically collect information about how visitors use our Website by using cookies and similar technologies. It is possible to switch off cookies by setting your browser preferences. To learn more about how we use cookies and how to switch them off please see our Cookie Policy.

Some of the personal information we collect from you are required to enable us to fulfil our contractual duties to you or to others. For example, when buying products from us, we need to collect your financial bank details (if you are not a corporate purchaser) in order to be able to process your payment and we need to verify your age to comply with laws that apply to us. Other items may simply be needed to ensure that our relationship can run smoothly.

Depending on the type of personal information in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship with you.

For details of the legal bases that we rely on to be able to use and process your personal information, please see Our legal basis for using your information.

  1. HOW WE USE YOUR INFORMATION

Use of your information

We use your information in the following ways:

  • to carry out our obligations arising from any contracts with you (or the organisation for whom you work) when you make a purchase on the Website phone and for billing and delivery purposes;
  • to ensure that the Website’s content is presented as effectively as possible for you;
  • for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services;
  • to notify you about changes to our services;
  • to provide you with information about products or services that you or your organisation requests from us, or which we feel may interest you (where necessary, after obtaining your consent) – see details below;
  • to tailor and personalise the marketing communications we send you;
  • to create reports to assist with future marketing;
  • in the rare event that we stop providing the Website, to move and combine your personal information held within our databases relating to the Website with those of another similar or related online service (whether a Website or App) that we or one of our BAT entities operate. If we do so we will always email you to inform you of these changes in advance;
  • to verify your age (please see below for further details);
  • to authenticate you when logging into your account (if you have created one) and to allow you to register for other websites and services we or other British American Tobacco PLC companies within the PJC Group may sell or operate (“BAT Entities”);
  • to provide you with customer support, respond to your queries and resolve your complaints; and
  • to enable you to participate in the features of the Website, when you choose to do so.

Marketing

We may collect your preferences to receive marketing information directly from us by email, SMS or phone in the following ways:

  • if you register for an account on the Website, we may contact you with marketing information, except where you indicate you would prefer otherwise using the option to unsubscribe we provide in your account; or
  • if you click on the link on our Website to sign up to our newsletter.

From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see Your rights below for further details on how you can do this.

Use of non-personal information

We may monitor your use of the Website and record your email address and/or IP address, operating system and browser type for system administration and to report aggregate information to our advertising partners. The information we report to our partners is statistical information about our users’ browsing actions and patterns which does not identify any individual.

We collect non-personal aggregated statistics data about visitors to the Website and sales and traffic patterns. This information does not identify users in any personal capacity and we do not use this information to build profiles on individual users: it just contains generalised information about the users of the Website.

  1. OUR LEGAL BASIS FOR USING YOUR INFORMATION

There are different legal bases that we rely on to use your personal information, namely:

  • Performance of a contract – the use of your personal information may be necessary to perform a contract that you, as a non-corporate purchaser, have with us. For example, if you are a sole proprietor, when you buy a product from us, we need to use your personal information to process your order, send you your product, and respond to any requests you may have. We also need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.
  • Consent – we will rely on your consent, in certain cases, to send you marketing communications. You may withdraw your consent at any time.
  • Legal obligation We may need to use your information to comply with other legal obligations that apply to us.
  • Legitimate interests – we have a legitimate interest in using your information in the other ways described in this Privacy Notice, for example to improve and personalise our products, services, and the Website, and to conduct certain marketing and market research activities. If you are making a purchase on behalf of an incorporated business, we rely on this legal basis to use your personal information to process the order you place, send the ordered products, and respond to any requests you may have. We also rely on this basis if we need to use your personal information to enable you to use some parts of the Website, and to notify you about changes to our services.

Automated decision-making

We may make automated decisions about you based on your personal information in the following circumstances:

  • to select personalised offers, discounts or recommendations to send you based on your shopping history, Website browsing history, and other information you provide to us (none of these will have a legal or other significant effect on you); and
  1. SHARING YOUR INFORMATION WITH THIRD PARTIES

We will share your information primarily to ensure that we provide you with the most exciting and up to date products. We may share your information with any of the following groups:

  • any of our BAT Entities, where this is necessary, and in accordance with laws on data transfers;
  • tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
  • third party service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants, technical support functions, analytics and IT consultants carrying out testing and development work on our business technology systems);
  • third parties for the purposes of credit card clearance, credit reference, order fulfilment, delivery, customer support services and storage services;
  • third party outsourced IT providers where we have an appropriate data processing agreement (or similar protections) in place;
  • if a BAT Entity merges with or is acquired by another business or company in the future, we may share your personal information with the new owners of the business or company (and provide you with notice of this disclosure); and
  • if we have to share your information to comply with legal or regulatory requirements (for example, for age verification purposes), or if we have to enforce or apply our Terms and Conditions or any other agreements or to protect our rights, property or our customers, etc. This may involve exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may share the non-personal aggregated statistics data about visitors to the Website with third parties for analytics and statistical purposes.

We do not send any personal information that we collect about you on the Website to any social media sites that you link to your account, e.g. Facebook, nor do we share that information with such sites. We do not collect any personal information about you from those sites.

  1. WHERE WE STORE YOUR INFORMATION

Your personal information may be transferred outside of the European Economic Area (EEA) to the third parties described in Sharing your information with third parties.

We want to make sure that your personal information is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of an intra-group agreement between BAT Entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information to jurisdictions without adequate data protection laws;
  • by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal information to jurisdictions without adequate data protection laws;
  • by transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal information from entities within the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions;
  • by transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
  • where you have consented to the transfer.

Where we transfer your personal information outside the EEA and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Notice. You can ask to see these by contacting us using the contact details below.

  1. HOW WE SAFEGUARD YOUR INFORMATION

We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal information.

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures, including encryption measures and disaster recovery plans.

If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by contacting our Data Protection Officer on the details provided at the end of this notice.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will apply our normal procedures and comply with legal requirements to protect your information, we cannot guarantee the security of your information transmitted to the Website and any transmission is at your own risk.

The Website may from time to time contain links to and from other websites. If you follow a link to any of those sites, please note that those sites ought to have their own privacy policies and that we do not accept any responsibility or liability for those sites or for their privacy policies. Please check those privacy policies before you submit your information to those sites.

 

 

  1. HOW LONG WE KEEP YOUR INFORMATION

We will not keep your information for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation).

If you have registered an account with us: we will store your personal information for as long as your account is open. If you no longer wish to hold an account with us, please contact us at info@pjcarroll.ie to request that your account is deleted. By doing so, we will delete your account and remove you from our mailing list if you are on there. However, as noted above, we may still retain details of orders you have placed with us for legal or regulatory reasons.

If you have signed up to receive email marketing from us: we will store your personal information for as long as you are subscribed to our email marketing list (unless your account has been closed). If you unsubscribe or are otherwise removed from our marketing list , we will keep your email address on our suppression list to ensure that we do not send you marketing emails.

If you have contacted us with a complaint or query: we will store your personal information for as long as is reasonably required to resolve your complaint or query.

The exceptions to the above are where:

  • we have carefully considered whether we need to retain your personal information after the periods described above to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;

 

  • we actually bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;

 

  • you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Right to restrict processing below);
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Right to erasure below); or

 

  • in limited cases, a court or regulator requires us to keep your personal information for a longer or shorter period.

When it is no longer necessary to retain your data, we will delete the personal information that we hold about you from our systems. After that time, we may aggregate the data (from which you cannot be identified) and retain it for analytical purposes.

  1. YOUR RIGHTS

You have a number of rights in relation to your information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.

Right to object

This right enables you to object to us processing your personal information where we do so for one of the following reasons:

  • where we rely on our legitimate interests to do process your information;
  • to enable us to perform a task in the public interest or exercise official authority;
  • in certain circumstances, to send you direct marketing materials; or
  • for scientific, historical, research, or statistical purposes.

Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

Right to withdraw consent

Where we have obtained your consent to process your personal information for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

To withdraw your consent to marketing communications, please use the unsubscribe tool in the relevant communication or update your preferences in the account section on the Website.

Right of access (Data Subject Access Requests)

You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

If you would like to request access to your information, it would assist us with dealing with your request if you could use the subject heading ‘Data Subject Access Request’, or quote this over the phone, when contacting us. Please note that this is not mandatory and we will still deal with any requests without this reference.

Right to erasure

You have the right to request that we "erase" your personal information in certain circumstances. Normally, this right exists where:

  • the data is no longer necessary;
  • you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
  • the data has been processed unlawfully;
  • it is necessary for the data to be erased in order for us to comply with our obligations under law; or
  • you object to the processing of your data and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

Right to restrict processing

You have the right to request that we restrict our processing of your personal information in certain circumstances, for example if you dispute the accuracy of the personal information that we hold about you, you object to our processing of your personal information for our legitimate interests or you require us to keep it in connection with legal proceedings. If we have shared your personal information with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal information.

We may only process your information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal information that we hold about you. If we have shared this personal information with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal information to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

You can access and update certain parts of your information by logging into your account on the Website.

Right of data portability

If you wish, you have the right to transfer your personal information between service providers where we rely on your consent or the performance of your contract as the legal basis to use that information. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you if technically possible.

Rights relating to automated decisions

In certain circumstances, you may contest a decision made about you based on automated processing.

Right to complain

You also have the right to lodge a complaint with your local supervisory authority whch is the Data Protection Commissioner in Ireland. You can contact them in the following ways:

  • Email info@dataprotection.ie
  • Telephopne +353 761 104 800 or Lo Call Number: 1890 252231
  • Postal Address: Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois R32 AP23

How to exercise your rights

If you would like to exercise any of these rights, please contact us on the details provided under How to contact us. Please note that we may keep a record of your communications to help us resolve any issues that you raise.

  1. CHANGES

We may make changes to this Privacy Notice at any time by posting a copy of the modified notice on the Website or, where appropriate, by sending you an email with that notice.  Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Website, whichever is the earlier.

  1. HOW TO CONTACT US

If you have any queries about this Privacy Notice, including your rights in relation to your personal information, please send a letter addressed to the attention of the Head of Legal and External Affairs at the following address:

One Eton Street

Richmond Upon Thames

London,

England

TW9 1EF

 

If you wish to contact us with any general queries or concerns, you can use our Contact Us page or otherwise email us at info@pjcarroll.ie or write to us via post at PJ Carroll & Co. Unit 6B Mountainview, Leopardstown, Dublin 18. When contacting us by email or post, please use the subject heading ‘Data protection query’ so that we can direct your query to the appropriate department and deal with it promptly.

 

 

Privacy Policy - Trading Platform - logo

We use cookies (and other similar technologies) on this website to ensure its proper operation, improve it, analyze user behavior and offer personalized marketing communication on this basis. By clicking "I accept all", you consent to our use of all of the above. types of cookies. To decide for yourself which types of cookies you accept, select "More options". You can change these settings at any time by clicking on the link in the footer. More information in the Cookies Policy.

Manage your cookie technology preferences

Classification of Strictly Necessary Cookies

These are the files necessary for the proper functioning of the website.

Cookie

Expiry

Purpose

ApplicationGatewayAffinity

Session

Used by Microsoft Azure for load balancing of hosting load.

 

ApplicationGatewayAffinityCORS

Session

Used by Microsoft Azure for load balancing of hosting load.

 

ASP.NET_SessionId

Session

The cookie is used by the Microsoft .NET Framework to deliver the application content for the visitor. When a user browses a website, a unique session ID will be associated with them.

 

cookies_accepted

30 days

Registers a unique ID that is used by application to identify cookie policy acceptance status and cookie custom settings.

 

.EDITOUSER

Session

Registers a unique ID that is used by the application to maintain a user session on the platform.

 

GameToken

Session

Registers a unique ID that is used by the application to identify gameplay in games embedded from external sources.

 

access-token

Session

Registers a unique TOKEN that is used by application in every HTTP request to your server to authorize the request.

 

access-refresh

Session

Registers a unique TOKEN that is used by application to get a new access-token cookie value when it expires.

 
Classification of Functional Cookies

Technical cookies remember who you are, your preferences (language, regional settings), so you can conveniently use the website and its settings. You cannot opt out of them, but you can set your browser preferences to decline all cookies. However, this may result in the website not displaying properly or some features not working.

Cookie

Expiry

Purpose

ai_session

1 year

Registers a unique ID that is used by Microsoft Application Insights software to maintain information for apps built on the Azure cloud platform.

 

ai_user

1 year

Registers a unique ID that is used by Microsoft Application Insights software to maintain information for apps built on the Azure cloud platform.

 

languageVersion

1 year

Registers a value that is used by the application to identify the preferred language version (on multilingual platforms).

 

popup_banners

30 days

Register a value that is used by application to identify position of pop-up box (hidden / visible).

 

__zlcmid

1 year

Registers a unique ID that is used by Zendesk (United Call Center) to identify a user on the platform.

 
Classification of Analytics Cookies

By using these cookies, we only collect anonymous information. Thanks to them, we determine how users use our website and find out if there are any errors in it and we can improve its performance.

Cookie

Expiry

Purpose

_ga

2 years

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

 

_gid

24 hours

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

 

_gat

1 minute

Used by Google Analytics to throttle request rate.

 

_ga_{CONTAINERID}

2 years

Used by Google Analytics to persist session state.

 

_vis_opt_exp_{CAMPAIGNID}_goal_{GOALID}

100 days

This cookie is created when a campaign goal is triggered. This cookie, when created, will always have a value of 1.

 

_vis_opt_test_cookie

Expires on browser close

This cookie is created to detect if the cookies are enabled on the visitor’s browser or not. It also helps in tracking the number of browser sessions a visitor has gone through. The value of this cookie is always 1.

 

_vis_opt_exp_{CAMPAIGNID}_combi

100 days

This cookie is created when a visitor is chosen for a particular variation for a test. This cookie makes sure that visitors see the same variation when they revisit the page in the future. Here the Control has a value of 1, Variation #1 has a value of 2, Variation #2 has a value of 3, and so on.

 

_vis_opt_exp_{CAMPAIGNID}_exclude

100 days

This cookie is created when a visitor has been excluded from a Test Campaign due to the traffic percentage specifications. The value is always 1.

 

_vis_opt_exp_{CAMPAIGNID}_split

100 days

This cookie is created when one of the variations is chosen for the visitor, but the visitor is not yet redirected to the variation page. It exists so that VWO can verify that the variation page corresponds to the chosen variation after landing on the page. The value is >=2 (as 1 corresponds to Control and it’s not created in case the Control is chosen).

 

_vis_opt_s

100 days

This cookie tracks session created for a visitor, i.e., the number of times the browser was closed and reopened. The value is >=1, followed by a pipe sign. For example, the value of 2 indicates that the visitor restarted the browser once while 3 means twice.

 

_vis_opt_out

10 years

This cookie indicates that the visitor should not be made part of any campaign. Its value is 1.

 

_vwo_uuid

10 years

This cookie generates a unique id for every visitor and is used for the report segmentation feature in VWO, and it also allows you to view data in a more refined manner.

 

_vwo_uuid_{CAMPAIGNID}

10 years

This cookie is created for each cross-domain campaign. It generates a unique id for every visitor and is used for the report segmentation feature in VWO, and it also allows you to view data in a more refined manner.

 

_vwo_ds

Depends on the retention period of the account

This cookie stores persistent visitor-level data for VWO Insights.

 

_vwo_sn

30 mins and reset again to 30 mins on visitor activity

This cookie stores session-level information.

 

_vwo_uuid_v2

366 days

This cookie calculates unique traffic on a website.

 

_vis_opt_exp_{CAMPAIGNID}_combi_choose

Persists until campaign changes are applied

This cookie stores the chosen combination. It’s a temporary cookie that gets deleted when the campaign changes are applied.

 

_vwo_referrer

15 seconds

This cookie stores referral info allowing VWO to identify the original Traffic source in case of the Split URL campaign.

 

_vwo

Expires in 2096 years

This cookie is a jar of all the cookies. It is currently created only for the Safari browser. In the future, it would replace all the cookies. The actual expiry of a cookie doesn’t matter as it stores the expiry of cookies set in it and keeps on expiring them.

 

_vwo_global_opt_out

100 days

This cookie is persisted when a visitor opts out of vwo on all websites in a given browser.

 

_vwo_ssm

3650 days

This cookie is used for testing and is created only on sites that use the HTTP protocol. This is used to check if VWO can create cookies on them, post which this cookie is deleted.