Privacy Policy
1. Introduction
At Hula SF (“Company,” “we,” “us,” or “our”), accessible via hulasf.com, we are committed to maintaining the highest standards of privacy and data protection. Safeguarding your personal information is central to our operations, and we process data strictly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and protect personal data provided to us or collected through your use of our website.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through our website (hulasf.com), related services, and communications. We operate as the data controller for the data collected and processed through our sites and platforms. As data controller, Hula SF determines the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a) Usage Data:
Includes information automatically collected when you visit our website, such as IP address, browser type, operating system, device type, session duration, and user interaction patterns with the site.
b) Account Data:
Includes personal identifiers such as full name, billing/shipping addresses, email address, and phone number when creating or updating an account.
c) Profile Data:
Includes user preferences, browsing behavior, previous purchases, saved items, and user-generated content or reviews.
d) Communication Data:
Includes contents of correspondence with our support team, responses to surveys, email threads, and contact history.
e) Technical Data:
Includes device model, geolocation (if permitted), system settings, language preference, and system configuration.
f) Transaction Data:
Comprises payment details (processed securely by third-party processors), transaction history, order number, billing details, and shipping status.
g) Preference Data:
Covers marketing communication choices, product or service interests, and participation in loyalty or promotional programs.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your personal data:
– Contractual Necessity: When processing is required to fulfill a service or product transaction with you.
– Consent: When you expressly grant us permission, especially for marketing communications or use of cookies beyond essential types.
– Legal Obligation: When required to comply with applicable laws or requests from competent authorities.
– Legitimate Interest: When processing is conducted to improve our services, secure our systems, or enhance the user experience, provided such interests do not override your personal rights and freedoms.
5. Your Rights
Subject to applicable law, you have the following rights over your personal information:
– Right of Access: You may request details of personal data we hold about you.
– Right to Rectification: You may correct any inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal information, subject to retention obligations.
– Right to Restriction: You may restrict the processing of your personal data in certain circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format or have it transferred to another service provider.
To exercise any of these rights, please contact us at [email protected]. We may require verification of identity before processing requests.
6. Security Measures
We employ robust administrative, technical, and organizational measures to protect your data, including but not limited to:
– End-to-end encryption of sensitive data during transmission and storage
– Role-based access control and continuous monitoring
– Secure data backup and recovery systems
– Comprehensive staff training on privacy and security best practices
7. International Transfers
As part of our operations, personal data may be transferred to and processed in jurisdictions outside your country of residence. We ensure that such transfers comply with applicable data protection laws and are safeguarded by approved mechanisms, including Standard Contractual Clauses and equivalent regulatory provisions, to ensure adequate levels of protection.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected or as required under applicable law:
– Account and Profile Data: Retained for the duration of account activity and up to 3 years after account closure
– Transaction Data: Retained for 7 years for fiscal auditing and regulatory compliance
– Communication Data: Retained for 2 years from date of correspondence
– Technical, Usage, and Preference Data: Retained for analysis and improvement purposes for a maximum of 2 years
Data is securely deleted or anonymized when no longer needed.
9. Cookie Policy
Like most websites, hulasf.com uses cookies and similar technologies to enhance functionality and user experience. Cookies are small data files placed on your device. We categorize them as follows:
– Essential Cookies: Required for core services and security, including session management and cart functionality.
– Functional Cookies: Enhance usability by remembering user settings and preferences.
– Analytics Cookies: Help us understand user behavior, page performance, and areas for improvement.
– Performance Cookies: Optimize website responsiveness and load handling.
10. Cookie Management and Compliance with GDPR & CCPA
Upon first visit to our website, you will encounter a cookie banner, prompting your consent for non-essential cookies. You can update or withdraw your consent at any time by modifying your browser settings or through our Cookie Preferences Center.
Under CCPA, California residents also have the right to opt out of the “sale” of their personal information, if applicable. Although we do not sell your data in the traditional sense, we honor all opt-out requests via the “Do Not Sell My Personal Information” link on our website as required.
11. Special Protections for Children
Our services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children without verified parental consent. If we discover that a child under 13 has submitted personal data, we will delete such information promptly. Parents or guardians may reach out to [email protected] to request review or removal of a child’s information.
12. Policy Updates & User Notifications
We reserve the right to update this Privacy Policy to reflect changes in our practices, technologies, or legal obligations. Material changes to the policy will be communicated via prominent notice on hulasf.com or by direct email communication when appropriate. Continued use of the website after such updates constitutes acceptance of the revised terms.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:
Hula SF
Email: [email protected]
We are committed to full compliance with applicable privacy laws and to ensuring your personal information is handled transparently and responsibly. Please contact us with any concerns or questions related to privacy.