Who are we?
We are an affiliate member of Philip Morris International, a collective group of businesses. All affiliate members of the group are listed here along with relevant contact points and details of our data protection officer where applicable. Please use these details if you wish to contact us in relation to the processing of your personal data.
Our details (name, address, etc.) will have been given to you separately at the time of (or to confirm) the collection of information about you, for example, in a notice, on an app or a website, or in an e-mail containing a link to this notice.
How do we collect information about you?
We may collect information about you in various ways.
- You may provide us with information directly (e.g. filling in a form, making a call to us, or uploading information to us via a mobile app).
- We may collect information from a PMI electronic device, if you choose to send information to us.
- We may collect information automatically when you interact with our systems or we communicate with you (e.g. when you use a PMI app or website or, where we use technologies to observe when you receive or open e-mails or receive SMS messages).
- We may also collect information from third parties (e.g. publicly-available information, information on social media platforms such as Meta and X). For example, where permitted by law, we may infer information about you from aggregated information we acquire from third parties. By way of example, this may include statistical information about people in certain geographical areas.
In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical touchpoints (for example, retail outlets (these include both PMI owned and controlled retail outlets and third-party retail outlets), events (these include events arranged by PMI and third-party events at which PMI is present), consumer contact centres), and digital touchpoints (for example, apps, social media and websites).
What information about you do we collect?
We may collect various types of information about you such as:
- information about your orders, including information necessary to fulfil them
- information necessary to provide warranty services
- information about the referrals you make
- information you give us in forms or surveys, and similar information that you give to third parties to be transferred to us
- information about your location, where you choose to share it with us (for example, on your mobile phone)
- information about your visits to our outlets or events (or outlets or events of others with whom we work)
- information you give us in communications (e.g. letters, calls, chats, e-mails, SMS and instant messages)
- information about your preferences and interests (including information that we infer from other information, for example from statistical information)
- information necessary to verify your age such as identification documents or using AI analysis of your face
- information generated by your electronic device (for example, IQOS), if you choose to share it with us
- information about your experience of using our products and services
- statistical information about you (for example, statistical information about people in certain geographical areas)
- information that may relate to adverse events (such as any unwanted health effect when using one of our products) when you report them to us
- information about you that we acquire from third parties, where you agreed that the third party can share your data with others.
For what purposes do we use information about you, and on what legal basis?
In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not process information about you for those purposes in that country.
Subject to the above, we process information about you for the following purposes:
- To comply with regulatory obligations, such as verifying your age and status as a user of our products or to report data related to adverse events.
- To lend or sell our products to you, including fulfilling your orders and processing your payments
- To provide sales-related and product support services to you, including dealing with your inquiries and requests, and providing warranty and support services including personalized support and insights on the use of our products
- To market our products and services (where permitted by law), including administering loyalty programs and referral programs, product improvement, market research (including demonstrating fair practices in market research), developing marketing strategies, creating personalized offers and communications, administering marketing campaigns, creating and executing targeted digital advertising on websites that you visit or to build lookalike audiences to target prospective customers (who may have similar interests or demographics to you), customizing your interactions and experience with us, for example at outlets that sell PMI products, events customizing the content of messages we send to you or advertisements or marketing we show you
- To understand whether you are still engaged with our marketing and whether you wish to continue to receive it
- For us or our business partners to inform you of potential opportunities to get involved in marketing or promoting PMI products
- To enable you to use, and improve your experience of, PMI touchpoints and PMI electronic devices
- To support all the above, including administering your accounts, corresponding with you, managing your appointments with us or with someone supporting our products or services (for example, regarding a new product, or after-sales service), customizing your experience of PMI touchpoints, fraud prevention (for example in the context of our promotions, competitions and surveys, to ensure that they are not taken more than once by the same person, or in the context of e-commerce to protect cardholder and account information), personnel training and quality control, and administration and troubleshooting
- For business analytics, statistical or scientific purposes, including improving PMI products (for data collected from PMI electronic devices, this will apply if you have chosen to send the information to us for these purposes or if you return a device to us) and services, outlets and events, and the information that we (or our affiliates) provide to you
- For other purposes that we notify you of, or will be clear from the context, at the point information about you is first collected
The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):
- compliance with a legal obligation to which we are subject;
- the performance of a contract to which you are a party;
- a legitimate business interest that is not overridden by interests you have to protect your data;
- where none of the above applies, or where the law requires it, your consent (which we will ask for before we process the information).
Where might information about you be sent?
As with any multinational organisation, we transfer information globally to our affiliates and service providers. Your data may therefore be transferred to other countries as part of our standard operations. Whenever we transfer your data abroad, we will limit access to your data only to those who need to see it, process your data in accordance with our internal data protection standards, protect it appropriately and only transfer information in compliance with applicable data privacy laws. When data is transferred, we will require the receiving party to keep your data confidential, delete it when it is no longer required and act in accordance with this privacy notice. Accordingly, information about you may be transferred outside of your jurisdiction. For example, if you live in the EEA, UK, Australia or Japan, your data may be processed in another country.
How do we protect information about you?
We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we use reasonable means to protect your information, we cannot guarantee its absolute security or confidentiality.
Where we have given you (or where you have chosen) a password which enables you to access any portal or account, you are responsible for keeping this password confidential. We ask you not to share your password(s) with anyone.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Please raise your concern by contacting us (using these Details), in the first instance, and we will investigate the matter and update you as soon as possible on next steps.
How long will information about you be kept?
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected in accordance with our internal data retention standards. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.
What rights and options do you have?
You may have some or all of the following rights in respect of information about you that we hold:
- request us to give you access to it;
- request us to rectify it, update it, or erase it;
- request us to restrict our using it, in certain circumstances;
- object to our using it, in certain circumstances;
- withdraw your consent to our using it;
- data portability, in certain circumstances;
- opt out from our using it for direct marketing; and
- lodge a complaint with the supervisory authority in your country (if there is one).
We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.
Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.
Country-specific additional points
According to which country you are in, you may have some additional rights.
Who should you contact with questions?
If you have any questions, or wish to exercise any of your rights, you can find contact details for the relevant PMI affiliate, and if applicable data protection officer, linked to at the top of this notice. Contact details will also be given in any communications that a PMI affiliate sends you.
If your country has a data protection authority, you have a right to contact it with any questions or concerns. If the relevant PMI affiliate cannot resolve your questions or concerns, you may also have the right to seek judicial remedy before a national court.
Changes to this notice
We may update this notice (and any supplemental privacy notice), from time to time. Where the law requires it, we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.
Last modified 01 June 2025. You can find previous versions of this notice.