Last modified: 12/7/20
TABLE OF CONTENTS
12. DATA SECURITY
This Policy describes the types of information we may collect from you when you visit the Website and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This Policy applies to information we collect:
On our Website.
Through email, text, and other electronic messages between you and the Company.
When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
Offline, including through events, contests, and promotional sweepstakes.
This Policy does not apply to information collected by:
Any other website operated by the Company or any third party including our affiliates and subsidiaries; or
Any third party including our affiliates and subsidiaries, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Our Website is not intended for children under thirteen (13) years of age. No one under age thirteen (13) may provide any personal information through the Website. We do not knowingly collect personal information from children under age thirteen (13). If you are under age thirteen (13), do not use or provide any information on the Website or through any of its features, use any of the interactive features of the Website, or provide any information about yourself to us, including without limitation your name, address, telephone number, or email address. If we learn we have collected or received personal information from a child under age thirteen (13) without verification of parental consent, we will delete that information. If you believe we might have collected any information from or about a child under age thirteen (13) without the consent of the child’s legal guardian, please contact us at email@example.com.
and How We Collect It
The information we collect on or through our Website may include:
Information that you provide by filling in forms on our Website. This includes information provided at the time you subscribe for informational updates or request further services. We may also ask you for information when you enter a contest or promotion sponsored by us, or when you report a problem with our Website.
Records and copies of correspondence from you (including email addresses), if you contact us.
Your responses to surveys that we might ask you to complete for research purposes.
As you access, view, navigate through, and interact with our Website, we may use automatic data collection technologies to collect certain information about your computer equipment, browsing actions, and patterns, including:
Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
Information about your computer and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). We do not comply with to “do not track” browser settings and similar mechanisms.
The information we collect automatically contains primarily statistical data, but we may maintain this data or associate it with personal information about you that we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to estimate our audience size and usage patterns.
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Website may use local stored objects (or “Flash cookies”) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION below.
Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
within the past 12 months
Some of the information we collect is “personal information” that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996.
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|Personal Information Category||Examples|
|A: Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.|
|B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.|
|C: Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.|
We obtain the categories of personal information listed above from the following categories of sources:
Directly from you, for example, from forms you complete.
and Other Tracking Technologies
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see YOUR Choices About How We Use and Disclose Your Information below.
We may use or disclose the personal information we collect from you for one or more of the following purposes:
To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request information about our products or services, we will use that personal information to respond to your inquiry.
To provide, support, personalize, and develop our Website, products, and services.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To personalize your experience with our Website and to deliver content and product and service offerings relevant to your interests, including targeted offers and advertisements through our Website, third-party sites, and via email or text message (with your consent, where required by law).
To help maintain the safety, security, and integrity of our Website, products, services, business, databases, and other technology assets.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users is among the assets transferred.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
In any other way we may describe when you provide the information.
To fulfill any other purpose for which you provide it.
For any other purpose with your consent.
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
|Personal Information Category||Business Purpose Disclosures|
|A: Identifiers.||We may share this information with subsidiary organizations, affiliates, and advertising networks to offer you information on our goods and services at your request.|
|B: California Customer Records personal information categories.||We may share this information with subsidiary organizations, affiliates, and advertising networks to offer you information on our goods and services at your request.|
|C: Internet or other similar network activity.||We may share this information with data analytic providers, subsidiary organizations, affiliates, and advertising networks to offer you information on our goods and services based on your interactions with our Website.|
We may disclose aggregated information about our users, and information that does not identify any individual, household, or device, without restriction.
We do not sell any personal information to any third parties and have not done so in the preceding twelve (12) months.
and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created the following mechanisms to provide you with the following control over your information:
Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by clicking the unsubscribe link, found at the bottom of every email, or by sending your request to firstname.lastname@example.org.
Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out by sending us an email stating your request to email@example.com.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way.
You may contact us at firstname.lastname@example.org to correct or request access to or deletion of any personal information that you have provided to us. We reserve the right to deny a request to change information if we believe the change would cause the information to be incorrect or violate any law or legal requirement.
The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding their personal information. This section of the Policy applies only to California residents. If you are a California resident, this section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose and make available certain information to you about our collection and use of your personal information over the past twelve (12) months. This information includes the following:
The categories of personal information we have collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting your personal information.
The categories of third parties with whom we have shared your personal information.
If we shared your personal information with a third party for a business purpose, identifying the personal information categories that we shared with each category of third-party recipients.
The specific pieces of personal information we collected about you (also called a “data portability” request).
Upon receipt of such a request from you pursuant to the CCPA Request Instructions below and our verification of your identity, we will comply with your request and provide the requested information pursuant to the CCPA.
We do not provide a right to know or data portability disclosure for information provided on a business-to-business basis.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Upon receipt of such a request from you pursuant to the CCPA Request Instructions below and our verification of your identity, we will comply with your request and delete the requested information and direct our service providers to take similar action pursuant to the CCPA unless there is an applicable exception allowing us to retain the information. Pursuant to the CCPA, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for information provided on a business-to-business basis.
Send us a written request to
Wai Kai Commercial Development, LLC, 91-1621 Keone‘ula Boulevard, ‘Ewa Beach, Hawai‘i 96706. In order for us to properly understand, evaluate, and respond to your request, you must include:
Your full name and any contact information (e.g., phone number, email address) that you provided to us through a form on the Website or separate correspondence.
Your physical address.
The nature of your request (i.e., disclosure of information, erasure of information, or both).
The specific types of information (from the list in the Right to Know and Data Portability section above) that you are asking us to disclose and/or erase.
Although not required, your request is more likely to be verified if you also provide your IP address.
Only you, or someone legally authorized to act on your behalf, may make a CCPA Request. We cannot respond to a CCPA Request or provide you with the information requested if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. We will rely only on the contents of the written request to verify the requestor’s identity and authority to make such a request.
You may not submit a CCPA Request to the Company more than twice within a twelve (12) month period, and we are not required to comply with or respond to any request that violates this provision.
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please send your written request again, including reference to the date of your original written request. We suggest you send such a follow-up request by both mail and email using the contact information above. We endeavor to substantively respond to a verifiable CCPA Request within forty-five (45) days of its receipt. If we require more time, we will inform you in writing of the reason and the extension period, which will not exceed an additional forty-five (45) days.
Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your request. If we cannot or are not required to comply with your request in whole or in part, we will explain the reasons why. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We will not charge a fee to process or respond to your verifiable CCPA Request unless it is excessive, repetitive, or manifestly unfounded. If we determine that your request warrants a fee, we will advise you of the cost and will complete your request once payment has been received.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services, charge you or suggest that you may receive different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with or suggest that you may receive a different level or quality of services as a result of your exercise of your CCPA rights.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us a written request to 91-1621 Keone‘ula Boulevard, ‘Ewa Beach, Hawai‘i 96706.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers. The safety and security of your information also depends on you. We urge you to be careful about giving out information in public areas, both online and offline. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Data Controller: The entity that makes decisions about how your data are used is Wai Kai Commercial Development, LLC.
The legal bases for the Company’s processing activities include processing such information as necessary to comply with our contractual obligations, compliance with our legal obligations, protecting the safety of our employees, guests, and others, for our legitimate business interests described below, and pursuant to your consent.
The particular legal basis for the processing of your personal information varies depending on the purpose for which such information was provided or collected as follows:
Forms: Completion of fillable form pages on the Website is voluntary. We process the information obtained from the Website forms on the basis of your consent and in furtherance of our business interests, including marketing, service improvements, and analytics.
Social Media: Participation in Company-sponsored social media activities and offerings is voluntary. We process information obtained from social media participation on the basis of your consent and in furtherance of our related business interests, including for marketing, service improvements, and analytics and service personalization.
Promotions and Sweepstakes: Participation in sweepstakes, contests, and other promotional offerings, if any, is voluntary. We process the information obtained from such participation based on your consent and as necessary to administer the offering. We also use certain data for our business purposes, including for marketing, service improvements, analytics and service personalization.
Direct Marketing: We use your personal information to send you marketing messages on the basis of your consent. You may withdraw your consent for direct marketing communications at any time by contacting us at email@example.com or by following the unsubscribe instructions in the marketing message.
Retention: We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. Our retention policies reflect applicable statute of limitation periods and legal requirements.
Data Subject Rights: Residents of the EEA have the following rights:
Access, Correction and Erasure Requests
You have the right to:
ask us to confirm whether we are processing your personal information
receive information on how your data is processed
obtain a copy of your personal information
request that we update or correct your personal information
request that we delete personal information in certain circumstances
Right to Object to Processing
You have the right to request that the Company cease processing of your personal information:
for marketing activities, including profiling for statistical purposes
where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise, or defense of a legal claim
Right to Restrict Processing
You have the right to request that the Company limit the processing of your personal information:
- while the Company is evaluating or in the process of responding to a request by you to update or correct your personal information where such processing is unlawful and you do not want the Company to delete your data
- where the Company no longer requires such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request
Where we limit the processing of your personal information pursuant to your request, we will inform you prior to re-engaging in such processing.
Data Portability Requests
You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
Right to Withdraw Consent
You have the right to withdraw your consent to any processing that we conduct solely based on your consent (such as sending direct marketing materials to your personal email account). You may withdraw your consent to marketing activities by following the instructions on any marketing emails, or contacting
Submitting Requests: Your requests may be submitted to
We will respond to all such requests within thirty (30) days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to sixty (60) days to respond. We will inform you if we expect our response to take longer than thirty (30) days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of data that you request.
If you have concerns about our data practices or the exercise of your rights, you may either contact the Company at firstname.lastname@example.org or the supervisory authority in the Member State of your residence.
European Commission Standard Contractual Clauses
We use Standard Contractual Clauses (also known as Model Contractual Clauses) as the legal basis for transferring personal data to countries outside the EEA, including the United States. We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards.
Privacy Shield Principles
On July 16, 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield. We no longer use the Privacy Shield Frameworks as the legal basis for transferring personal data to the United States. However, we continue to apply these principles for additional protection.