Privacy Policy

Updated June 4, 2024

1. DEFINITIONS

Capitalized terms refer to the following definitions:

The “Company” or “we ” refers to Hawaikii, a sole proprietorship, operating under SIREN number 952 337 152, VAT number 46952337152 and whose head office is located in Tonnay Charente.

The “Site” refers to the website(s) accessible from the link https://hawaikii.com and their possible sub-sites allowing access to a content consultation area, a space reserved for customers, etc. which are provided by the Company.

“You ” means the persons concerned by the Processing carried out on the Site (users, prospects, customers, etc.).

“ Policy ” means this Privacy Policy.

“ Data ” means any information about an identified or identifiable natural person (the “ data subject ”), directly or indirectly, in particular by reference to an identifier (name, identification number, location data, online identifier, etc.) or to one or more elements specific to their identity.

“ Processing ” corresponds to any operation applied to Data (collection, recording, organization, conservation, adaptation, communication by transmission, diffusion, erasure, etc.).

A “ Data Controller ” is the person who, alone or jointly with others, determines the purposes and means of the processing and a “ processor ” is the person who processes Data on behalf of the Data Controller. On the Site, unless otherwise stated, we are the Data Controller.

A “ Recipient ” is the natural or legal person, public authority, service or any other body to which personal data is disclosed, whether or not a third party.

The “ Regulations ” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (''GDPR''); Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms; the rules applicable to commercial prospecting provided for by the Postal and Telecommunications Code, and more generally the laws and regulations applicable to the Data Processing that we carry out.

SHOWCASE SITE AND COMMERCIAL PROSPECTING

The Site presents the activities of our Company and various forms (contact, newsletter subscription, etc.). By completing the forms and communicating with us via the Site, you transmit the following categories of information to us:

• Identity data : title/gender; surname; first name; and optionally, we may ask you for your date of birth to offer birthday offers;
• Contact details and correspondence: email address; postal address (address, postcode, city); telephone number; in the event of a request to customer service, the nature of your request and the content of your request.
• Data of opinions and contributions : pseudonym, date of the opinion, content of the opinion, product or service concerned, if applicable profile photo attached to the opinion; The Company may enrich its Site by collecting and republishing the opinions and contributions issued relating to its offers by its customers on other sites (in particular social networks) when these contributions are freely accessible to the public;
• Data necessary for carrying out loyalty, prospecting, study, survey, product testing and promotion actions;
• Data relating to the organization and processing of competitions, lotteries and any promotional operation;
• Data collected through the actions of exercising the rights enshrined in the Regulations.

In accordance with our legitimate interest, and where applicable when necessary for the execution of pre-contractual measures taken at your request or a contract, we carry out processing on the aforementioned Data for the following purposes:

• Presentation of the Company’s products and services;
• Management, processing and monitoring of requests and exchanges with the Company, via the Site (where applicable by offering you a chatbot, a call booking tool, etc.);
• Prospect relationship management;
• Management of people's opinions on the Company's products, services or content;
• Prospecting and/or sending information, management of technical prospecting operations, choice of people to carry out loyalty actions, prospecting, survey, product testing;
• Organization of competitions, lotteries or any promotional operation on the Site.

The data used for the purposes of managing commercial prospecting are kept for a maximum of three years from the last active contact from the prospect or customer, and before in the event of withdrawal of your consent to receive messages from us. The Data of opinions and contributions are kept for the duration of public access to the opinion on the Site.

In accordance with our legal obligations, identity and contact data will also be processed for the following purposes:

• Updating of its prospecting files by the body responsible for managing the telephone canvassing opposition list, in application of the provisions of the consumer code
• Management of requests for the right of access, rectification and opposition, and more generally of the rights described in the Policy.

2. ACTIVATING LOCALIZATION

The legal basis for Processing for localization purposes is the consent of the Data Subject.

You can enable geolocation on the Site by giving your consent in the window provided for this purpose. You can block it when requesting.

In this case, you authorize your browser provider (Firefox, Chrome, Safari...) to process the following Data:

• access to your location from information about nearby wireless access points;
• and your IP address.

The browser provider sends them to its geolocation service provider to get an estimate of its location.

This location estimate is shared with the Company to provide the location features authorized by the User as part of their navigation on the Site and, where appropriate, adapt the Site's features according to your location.

You have the option to revoke your location authorization to a website from your browser settings.

The Company has no control over the general conditions of internet browsers and their geolocation service providers, such as, for information purposes:

• https://support.mozilla.org/fr/kb/firefox-partage-t-il-ma-position-avec-sites-web
• https://support.google.com/chrome/answer/142065
• https://support.apple.com/fr-fr/HT5403

3. ONLINE SALE

The Site allows you to make purchases, which leads us to carry out Processing on the following Data:

• Identity and contact data
• Data relating to the contractual and commercial relationship : Details of the content of the order; Pre-contractual and order-related exchanges (subject, date, etc.); Communications with the Company.
• Payment and transactional data: transaction date, amount, payment method, order number, billing data;

This information is necessary for the management of our customer-prospect file, and more specifically for the following purposes in accordance with our General Terms and Conditions accepted when ordering on the Site and our legal obligations:

• Carry out operations relating to the management of files concerning: contracts including registrations; orders; delivery of the product or service; legal and commercial guarantees; invoices; accounting and monitoring of the commercial relationship (after-sales service) including for opinions on the Company's offers;
• Prevention and fight against fraud and payment methods, particularly against bank card fraud;
• Management of unpaid debts and disputes, provided that it does not involve offences and/or does not result in the person being excluded from the benefit of a right, service or contract.

Secure payment. All transactions made on our Site are secure. Payments by credit card are handled by our payment service providers ("PSP"), as indicated in our general terms and conditions or on the order page for our products and services. We therefore have an SSL encryption system to protect your personal data and the means of payment used. At no time are we directly in possession of your bank details through this process.

Retention periods. The personal data we process is retained for the periods set out in the table below.

Data concerned	Shelf life
Data processed for commercial prospecting purposes	3 years from the last active behavior of the prospect or collection of Data
Data necessary for processing your order and managing contractual and commercial relations	3 years from the last active behavior of the customer or, failing that, from the end of the contractual relationship. For accounting documents (purchase orders, delivery notes, customer invoices): 10 years from the end of the financial year
Order contracts for an amount less than 120.00 euros	5 years from the conclusion of the contract.
Order contracts for an amount greater than 120.00 euros	10 years from the date of delivery or provision of service.
Bank details: in case of single payment	13 months for immediate debit payment cards and 15 months for deferred debit payment cards from the debit date (for the purpose of responding to any dispute)
Bank details: in the event of a subscription with automatic renewal	13 months for immediate debit payment cards and 15 months for deferred debit payment cards from the debit date of the last payment due date, occurring at the end of the subscription (for the purpose of responding to any dispute)

The Identity and Contact Data provided when creating the account will be used with your consent to inform you about the Company's products and services.

The Company may provide tools for creating a profile by adding optional information to your account (identity, social networks, age, profile photo, profession, etc.).

4. DELIVERY OF MATERIAL PRODUCTS

To deliver the products ordered on the Site, we will ask you for your postal delivery address, if this is different from the billing address. If the delivery of a good is to a third party, you confirm that you have authorization to transmit their identity and delivery data. This Data will be transmitted to the carrier responsible for the delivery.

Other information necessary for delivery will be processed in accordance with our General Terms and Conditions and our legitimate interest (delivery method, package size, delivery tracking information, delivery date, receipt, signature of the receipt, etc.).

The carrier responsible for delivery applies its own confidentiality policy to the Data transmitted to it as part of the order or which it is required to collect during delivery.

5. SOCIAL NETWORKS AND THIRD PARTY SITES

Social media interactions. We may contact you or answer your questions via social media, if you initially contacted us through this channel. You are informed that the use of social media results in the processing of personal data by the providers of these networks (see their privacy policy).

Public information. The information about you that you have provided to us may possibly be enriched for commercial, prospecting, communication, solicitation or marketing purposes, using other sources of information such as social networks. This includes so-called "public" information or information to which we may have access as administrator of a page or group. The legal basis for this processing is our legitimate interest as a commercial company.

Interconnection. In the event that your member area can connect to another service (for example, a social network) to make cross-sendings, then the third-party service may communicate to us information that you have authorized the disclosure of. You are informed that the publishers of third-party services may also collect information concerning the consultation and/or use of the Site, in accordance with their own personal data processing policy. More information on registering on the Site from a third-party account, for:

6. EXERCISING YOUR RIGHTS

For any request to exercise the above rights or for further information, you can contact the Company at the address indicated in the header by post.

In accordance with the Regulations, you have the following rights over your Data:

• Right of access to your Data, including the right to request a copy, and to the information provided in this privacy policy (art. 15 GDPR). When the legal basis for data processing is our legitimate interest, you have the possibility to request information relating to the balancing we have carried out between the interests of our customers and those of the Company prior to this processing.
• Right to rectification (art. 16 GDPR) and updating of your data that we have.
• Right to erasure of your Data (art. 17 GDPR) when the data is no longer necessary for us, you have withdrawn your consent to their Processing (if it was based on our consent) or you object to the Processing based on our legitimate interest or to the processing carried out for prospecting purposes or for profiling purposes related to prospecting.
• Right to withdraw your consent at any time (Art. 13-2c GDPR) for all data processing based on the legal basis of your consent. Furthermore, in terms of commercial prospecting, you have the possibility to unsubscribe from our mailing lists at any time by clicking on the unsubscribe link in our communications or by contacting us to no longer receive solicitation messages.
• Right to restriction of Processing, which, unless there are compelling reasons, may only be implemented with your consent (art. 18 GDPR) when:
• You contest the accuracy of the data, for the time necessary for their verification,
• If the data processing is unlawful but you oppose the erasure of the data and choose instead the restriction of the processing,
• When we no longer need the data but you still need it to establish, exercise or defend your legal rights.
• Where you have objected to processing based on our legitimate interest, for the period necessary to balance our respective interests.
• Right to portability of Data directly provided by the data subject when they are subject to automated processing based on your consent or on a contract (art. 20 GDPR). This right means that you have the possibility to request the communication of these data in a structured, commonly used and machine-readable format so that they are communicated to another data controller.
• Right to object (art. 21 GDPR) to the processing of your data when this Processing has our legitimate interest as its legal basis.
• Right to define the fate of your Data after your death (art. 40-1 of law 78-17 of January 6, 1978) and to possibly choose a trusted third party to whom the Company must entrust them.

You can also get more information on the CNIL website .

In the event of a request for exercise, the Company reserves the right to ask you to clarify your request and provide proof of identity (which will be kept for one year in the event of exercising the right of access or rectification and three years in the event of exercising the right of opposition). If our response does not fully satisfy you, you always have the option of filing a complaint with the Personal Data control and protection authority to which you belong (in France, the CNIL).

7. RETENTION PERIODS

Commitments. Means for effective deletion of Data are put in place as soon as the retention or archiving period necessary for the accomplishment of the determined or imposed purposes is reached, in particular after deletion of your account with our Company or at the end of the contract with our Company.

Minimization. In any event, the Data subject to Processing are not kept beyond the time necessary for the execution of the obligations defined when the contract is concluded, or imposed by the legislation in force. Beyond this, they may be anonymized and kept for statistical purposes, in particular in an aggregated form.

Litigation. Similarly, we may archive information demonstrating the performance of our contractual obligations until the expiry of the limitation/foreclosure periods applicable to legal actions, and this for the proper defense of our interests before the courts in the event of subsequent litigation. This concerns in particular but not exclusively the durations provided for by the Commercial Code, the Civil Code and the Consumer Code.

8. RECIPIENTS

Commitments. We undertake to ensure that any data recipient provides sufficient and appropriate contractual guarantees to respect your rights, so that the processing meets the requirements of the GDPR when this regulation applies (in particular with regard to subcontracting). Based on our legal obligations, your Data may be disclosed in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority.

The information you provide to us is for internal use by authorized persons, it is strictly confidential and may not be disclosed to third parties, except under the conditions provided for by the Regulations in the event of express agreement or if you have decided to make it public.

Subcontracting. Our external service providers (e.g. suppliers, carriers, etc.) may, as part of the processing described above, be recipients of personal data when this is necessary for the performance of their mission.

Transfer outside the EU . We undertake to ensure compliance with the applicable regulations relating to data transfers to countries located outside the European Union and in particular according to the following methods:

• We will transfer visitor, prospect and customer data to countries recognized as offering an adequate level of protection;
• When the destination country does not benefit from an adequate level of protection, we supervise the flows using transfer tools that comply with regulations (standard contractual clauses of the European Commission, in particular).

Aggregation of non-personal data. We may publish, disclose and use aggregated information (information relating to site users, prospects, customers, etc.) that we combine in such a way that no natural person is individually identifiable. This processing is carried out in accordance with our legitimate interest for statistical purposes, industry and market analysis, presentation of our activities, promotional and advertising purposes and other commercial purposes.

9. COMPUTER SECURITY

Commitments. We undertake to implement appropriate technical and organizational measures through physical and logistical security means to limit the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data.

Warnings. We invite you to remain cautious about what you decide to make public on the internet. With regard to personal data including data relating to your private life or sensitive data made public at your initiative or deduced via your contributions, comments and positions of any nature whatsoever on the Site, or even social networks on groups and/or conversations with other users of the Site.

Https protocol. The URL address of the Site is accompanied by a closed padlock or a key appears at the bottom right of your browser indicating the existence of the Https security protocol, applicable to data storage in particular. This means that you are in a secure browsing area, in particular when your credit card number is requested.

Data Breach. In the event of an event resulting in the realization of the risks of modification, disappearance or unauthorized access to the Data, we undertake to:

• Examine the causes of the incident;
• Take the necessary measures to limit the negative effects and damages that may result from said incident;
• Notify the incident to the competent authority and/or the persons concerned as soon as possible where this meets a legal requirement.

Under no circumstances may the commitments defined in the point above be equated with any recognition of fault or liability for the occurrence of this incident.

10. GENERALITIES

Mandatory or optional nature. On the Site, you are informed of the mandatory nature of the responses by the presence of an asterisk or any other type of mention. In the event of an incomplete request (for example: online registration or order, request for information, etc.), the Company reserves the right to request additional information or to exclude by any technical means the possibility of validating the form concerned.

Hyperlinks. The Site may provide links to other sites, applications and services than its own, which may be operated by third-party companies. We are not responsible for the processing of personal data carried out by these third-party sites, or sites linking to the Site, whose users are invited to consult the personal data protection policies for more information. The Policy is applicable only to the activities of the Company, which cannot be held responsible for the failure of a third party to comply with its obligations regarding the protection of personal data.

Scope of application. The Policy is not exhaustive of all processing operations and we reserve the right to supplement it by any means.

Language. The Policy is written in French. In the event that it is translated into one or more languages, only the French text shall be authentic in the event of a dispute.

Non-waiver. The temporary or permanent non-application of one or more clauses of this document shall not constitute a waiver on its part of the other clauses of this document, which shall continue to produce their effects.

Modifications - Updates. We reserve the right to modify this privacy policy. Data subjects will be notified when this is required by applicable regulations. The update date is indicated in the header and we invite you to consult it regularly.

INFORMATION ON COOKIES

 

Presentation: Cookies and trackers (hereinafter "cookies") refer to connection witnesses and more generally, any file - deposited during the consultation of a website or a mobile application, the installation or use of software in the user's terminal equipment - intended to read or write information in this equipment. Cookies allow us to collect Site consultation Data (IP address, Internet access provider, hardware configuration, software configuration, browser type and language, etc.).

Cookies may be placed by the Company or by third-party companies without your consent when they are strictly necessary for the operation of the site or to facilitate communication to the public online, for example when they are intended for authentication, to store the contents of a shopping cart, to generate traffic statistics, or to limit free access to a sample of content requested by users.

Duration : The maximum retention period for cookies is 13 months after their first deposit in your terminal and this period is not extended with each visit.

Personalized advertising : The Company uses tracers to display personalized advertising based on your browsing and your profile.