Hawaiian Shirt Shop is committed to safeguarding your privacy
By interacting with this website, shopping with us and/or otherwise contacting us, you consent to the processing of your Personal Data as described in this Privacy Notice.
Please get in touch if you have any questions regarding the use of your Personal Data and we will gladly assist you.
Table of Contents
- Definitions used in this Policy
- Data protection principles we follow
- Your Rights in connection with the Personal Data we collect
- Exercising your Rights / Who to contact
- The Personal Data we collect
- How we use your Personal Data
- Who has access to your Personal Data?
- How we store & secure your data
- Information about cookies
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person (a human being) whose Personal Data is being Processed.
We/us – Hawaiian Shirt Shop Limited.
Data Protection Principles
We promise to observe with the following data protection principles:
- Our data processing activities have lawful grounds. We always consider your rights before processing Personal Data. We will provide you information regarding processing upon request.
- Our processing activities fit the purpose for which Personal Data was gathered.
- We only collect and process the minimal amount of Personal Data required for any purpose.
- We will not store your Personal Data for longer than necessary.
- We will do our best to ensure the accuracy of Personal Data we hold on you.
- We will do our best to ensure the integrity and confidentiality of the Personal Data we hold on you.
You (the Data subject) have the following rights:
|1. Right to be informed||meaning you have the right to know about the collection and use of your Personal Data; what data is collected, for what purpose, by whom it is Processed and how long it will be retained. If the Personal Data has not been supplied by you then you have the right to know where it was obtained from.|
|2. Right of access||meaning you have the right to request and obtain a copy of the Personal Data and supplementary information collected about you.|
|3. Right to rectification||meaning you have the right to request rectification of your Personal Data should it be inaccurate or incomplete.|
|4. Right to erasure||meaning in certain circumstances you can request for your Personal Data to be erased from our records, also known as ‘the right to be forgotten’.|
|5. Right to restrict processing||meaning you have the right to request the restriction or suppression of your Personal Data processing; this is not an absolute right and only applies in certain circumstances.|
|6. Right to data portability||meaning you can request your Personal Data in a machine-readable format or, if it is feasible, as a direct transfer from one data processor to another.|
|7. Right to object||meaning you can object to the processing of your Personal Data for uses such as direct marketing, and we must immediately stop unless we can demonstrate legitimate or legal grounds not to|
|8. Right to withdraw consent||meaning you have the right to withdraw any given consent for the processing of your Personal Data|
|9. Right to lodge a complaint||meaning that in the event that we refuse any request under your Right of access and you are dissatisfied with the way your request has been handled, or if you consider that the processing of your Personal Data infringes the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. In the UK that is the Information Commissioners Office (ICO)|
Exercising Your Rights / Who to Contact
If at any time you would like to know what personally identifiable data has been collected about you, to make any changes to any inaccurate data we hold, withdraw your consent to its use, ask us to delete your personal data, or exercise any other right under the General Data Protection Regulation (GDPR), please just let us know:
If you are dissatisfied with our response to a request to exercise your Rights under the GDPR, you can lodge a complaint with the Supervisory Authority, in the UK this is:
Personal Data we collect
Information you provide us with
- Should you choose to contact us by email, via our contact form or by telephone we will collect Personal Data that will include but may not be limited to your name, email address and telephone number – all personally identifiable information that is necessary for responding to you in connection with your enquiry and/or to providing you a product/service. We will store the information you provide us in order to carry out those functions.
- Should you order goods from us we will collect that same Personal Data plus your shipping and billing address, and payment information. We use this information to process your order, for authentication and fraud screening.
- We use PayPal and Stripe to process eCommerce payments; at no time do we have access to (so do not collect or process) any personal financial information such as a credit or debit card number.
Information automatically collected about you
For further details please see our Information about cookies
How we use your Personal Data
We use your Personal Data on legitimate grounds and/or with your consent in order to identify and to interact with you, and to fulfil an obligation under contract
On the grounds of entering into a contract or fulfilling contractual obligations, we process your Personal Data for the following purposes:
- to fulfil an order for products placed through our website
- to communicate with you in relation to an order for products purchased through our website
On the grounds of legitimate interest we may process your Personal Data for the following purposes:
- to administer and analyse our client base in order to improve the quality, variety, and availability of products we offer
- to notify you of any such improvements
If you choose to opt-in to our marketing newsletters during the checkout process, we consider offering you products/services that are similar or the same to those we already supply to you to be our legitimate interest.
Who has access to your Personal Data?
Simon Kennedy, owner of the Hawaiian Shirt Shop has access to your Personal Data.
Our website, email and eCommerce hosting provider, of necessity, processes Personal Data on our behalf and will have access to it. That company is a trusted third party processor, based in the UK, and we are assured of the high level of privacy and security afforded to your Personal Data.
We will never sell, share or rent any part of your Personal Data with any third party unless required to do so by law or where in good faith we believe such action is necessary to comply with a legal process.
How we store & secure your data
We are committed to ensuring that your information is secure. We employ safe protocols for website browsing, encrypted communication and transfer of Personal Data (such as HTTPS and SSL/TLS). In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
- Your Personal Data is stored with a trusted third party for Processing in order for us to provide a full eCommerce service. We only work with Processing partners who can ensure an adequate level of protection to your Personal Data.
- When you contact us, your Personal Data and message content is collected and stored in an encrypted format directly on a secure server for approximately one year. All routes and devices used to access such data are password-protected.
- When you place an order with us, the Personal Data we have collected is securely stored in electronic format on this website.
- When you place an order with us, the Personal Data we have collected is securely stored in the form of a paper invoice for a period of seven years, to meet standard business and tax requirements.
- No Personal Data is held in electronic format directly on any office-based or mobile device owned & operated by Hawaiian Shirt Shop.
- If you subscribe to our marketing newsletter when you place an order with us your personal data (name and email address) will be stored on a password-protected database within our email marketing account with MailChimp. It is not used for any other purpose and will be erased when you choose to ‘unsubscribe’ to our newsletters (there is that option at the bottom of every newsletter).
Despite our best efforts we cannot absolutely guarantee the security of our systems, our server or our online 3rd Party accounts & databases. We do however promise to notify yourself as the Data subject and the necessary authorities of any data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
We reserve the right to make changes to this Privacy Notice from time to time.
First published 8th May 2018, last modified 5th June 2018.