Privacy Policy
Last updated: 26 February 2026
1. Introduction
MokaCigar (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
3. Information We Collect
3.1 Information You Provide Directly
- Identity data: name, date of birth, gender.
- Contact data: email address, telephone number, delivery address, billing address.
- Financial data: payment-card details (processed securely by our payment provider).
- Transaction data: order history, amounts paid, delivery details.
- Account data: username, password (encrypted), preferences.
- Communications data: feedback, correspondence, support-ticket content.
3.2 Information Collected Automatically
- Technical data: IP address, browser type and version, operating system, device identifiers.
- Usage data: pages viewed, navigation paths, time on page, referring URLs.
- Cookie data: see our Cookie Policy for full details.
3.3 Information from Third Parties
- Payment processors (transaction confirmations, fraud checks).
- Umami (aggregated usage insights when you opt in on our cookie banner).
- Social-media platforms (where you interact with our social accounts).
4. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your orders | Performance of a contract |
| Age verification | Legal obligation |
| Sending marketing communications | Consent |
| Improving site performance and user experience | Legitimate interests |
| Umami (traffic and events, if you accept analytics cookies) | Consent |
| Fraud prevention and security | Legitimate interests / legal obligation |
| Responding to enquiries and providing support | Legitimate interests / contract |
| Complying with tax, accounting, and regulatory requirements | Legal obligation |
5. Age Verification
You must be 18 or over to purchase from MokaCigar. We reserve the right to request proof of age and may use third-party electronic age-verification services (e.g. electoral roll, credit reference data) to confirm eligibility.
6. Marketing Communications
We will only send you marketing emails where you have given us explicit consent. You may unsubscribe at any time by clicking the link in any marketing email or by contacting support@mokacigar.com.
7. Sharing Your Information
We do not sell, rent, or trade your personal data. We may share your information with:
- Payment processors for secure transaction handling.
- Logistics and courier partners for order fulfilment and age-verified delivery.
- IT and hosting providers for infrastructure and security.
- Umami when you consent, for aggregated site-usage statistics (see Umami's privacy policy).
- Professional advisers (accountants, lawyers) where necessary.
- Regulatory authorities where required by law.
8. International Data Transfers
Where we transfer personal data outside the UK we ensure appropriate safeguards are in place, including adequacy decisions and standard contractual clauses approved by the Information Commissioner’s Office (ICO).
9. Data Retention
- Transaction records: 7 years (tax and accounting obligations).
- Account data: duration of account plus 2 years after closure.
- Marketing-consent records: duration of consent plus 3 years.
- Analytics data (Umami): as described in Umami's privacy policy and our Umami hosting configuration (cloud or self-hosted).
10. Your Rights Under UK GDPR
You have the right to:
- Access the personal data we hold about you.
- Rectification of inaccurate or incomplete data.
- Erasure of your data in certain circumstances.
- Restrict processing of your data.
- Data portability — receive your data in a structured, commonly used format.
- Object to processing based on legitimate interests.
- Not be subject to automated decision-making including profiling with legal effects.
To exercise any of these rights, contact support@mokacigar.com. We will respond within one calendar month.
11. Right to Complain
If you are unhappy with how we handle your data you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
12. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption on all pages.
- PCI DSS-compliant payment processing.
- Role-based access controls and staff training.
- Regular security assessments and penetration testing.
13. Third-Party Links
Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated “Last updated” date. Where changes are significant we will notify you by email where appropriate.