Last Updated: May 13, 2020
We only use and store your Personal Data if we have a legal basis for doing so, including where you have given us your express consent, where we have a legitimate business interest or pursuant to the contractual relationship between you and Company.
Facebook® and Instagram® are registered trademarks of Facebook, Inc. (“Facebook”). TripAdvisor® is a registered trademark of TripAdvisor, Inc. (“TripAdvisor”). Twitter® is a registered trademark of Twitter, Inc. (“Twitter”). Yelp® is a registered trademark of Yelp, Inc. (“Yelp”). YouTube® is a registered trademark of Google, Inc. (“Google”). Please be advised that Company is not in any way affiliated with Facebook, Google, TripAdvisor, Twitter or Yelp, nor are the Site Offerings endorsed, administered or sponsored by any of the foregoing entities.
Your California Privacy Rights
Shine the Light. Company will never share, sell, rent, exchange or barter your Personal Data to or with any third-party for financial gain or marketing purposes. Nevertheless, we may, in certain limited instances, share your Personal Data with third parties who perform administrative functions on our behalf. If you are a resident of the State of California and would like to learn how your “personal information” (as defined in the Shine the Light Law, Cal. Civ. Code § 1798.83) is shared with third parties, what categories of personal information that we have shared with third parties in the preceding year, as well as the names and addresses of those third parties, please e-mail us at: [email protected]; call us at: (808) 249-8811; or send us U.S. mail to: Pacific Whale Foundation, 300 Maʻalaea Road, Suite 211, Wailuku, HI 96793.
California Consumer Privacy Act of 2018 (“CCPA”). In addition to the foregoing, if you are a resident of the State of California certain other privacy-related rights may apply to you in accordance with the CCPA, including the right to opt-out of our sale of your personal information, as well as the right to know what personal information about you we have collected, whether your personal information was shared with third-parties in the preceding year and, if so, what categories of personal information were shared, as well as the categories of third parties with whom we shared that personal information. Please see our “Privacy Provisions for California Residents” below for a more complete description of your rights under the CCPA as a California resident.
Use and Sharing of Personal Data
Non-Personal Data Collection and Use
Security of Your Personal Data
Individual Rights: Deleting, Modifying and Updating Your Personal Data
Your Nevada Privacy Rights:
If you are a resident of the State of Nevada and would like to opt-out from the sale of your personal information to any third party data broker, please call us at: (808) 249-8811; e-mail us at: [email protected]; or send us U.S. mail to: Pacific Whale Foundation, 300 Maʻalaea Road, Suite 211, Wailuku, HI 96793.
Personal Data Collected
Please see our Privacy Provisions for California Residents below for additional details regarding the categories of Personal Data collected.
Use and Sharing of Personal Data
Please see our Privacy Provisions for California Residents below for details regarding our use and sharing of Personal Data.
Company will never share, sell, rent, exchange or barter your Personal Data to or with any third-party for financial gain or marketing purposes. By making that Personal Data available Company, you grant Company the right, subject to applicable law, to use that Personal Data (other than Sensitive Information) to contact you by telephone and email regarding your use of the Site Offerings (including in connection with the Booking Services, Membership, Donation and/or purchase of any Merchandise). If you wish to stop receiving future communications from us, please follow the instructions at the end of each such marketing message or see the “Opt-Out/Unsubscribe” section below.
We will also use your Personal Data for customer service, to provide you with information that you may request, to customize your experience with the Site Offerings and/or to contact you when necessary in connection with your use of the Site Offerings. We may also use your Personal Data for internal business purposes, such as analyzing and managing our service offerings including, without limitation, the Site Offerings.
We may also employ other companies and individuals to perform certain functions on our behalf. Examples include sending direct and electronic mail, removing duplicate information from user lists, analyzing data and providing marketing analysis. The agents performing these limited functions on our behalf shall have access to our users’ Personal Data solely as needed to perform these functions for us, but we do not permit them to use user Personal Data for other purposes.
At times, we may want to contact you via telephone regarding your use of the Site Offerings. To enable us to contact you by telephone regarding your use of the Site Offerings, you agree that by submitting your Personal Data by and through the Site Offerings, and where you provide your consent as required under the GDPR, such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact you via telemarketing in accordance with the Rule and applicable state do-not-call regulations.
We reserve the right to release current or past Personal Data, including Sensitive Information: (i) in the event that we believe that the Site Offerings are being or have been used in material violation of the Site’s Terms and Conditions or to commit unlawful acts; (ii) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and opportunity to challenge the subpoena, prior to disclosure of any Personal Data pursuant to a subpoena; (iii) to comply with a legal obligation, including sharing your name/e-mail address with third-parties to assist you with your opt out requests in compliance with applicable law, including the GDPR and the CAN-SPAM Act of 2003, as amended from time-to-time; (iv) to protect and defend the rights or property of Company and/or its users; (v) to act in urgent circumstances to protect the personal safety of our users or the public; or (vi) if we are sold, merge with a third-party, are acquired or are the subject of bankruptcy proceedings; provided, however, that if Company is involved in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the Site of any change in ownership or uses of your Personal Data, as well as any choices that you may have regarding your Personal Data.
Credit Card Transactions
Social Media Websites
If you engage in any interaction with Company, other users or any third-party on any Social Media Pages, you should be aware that: (a) the personal information that you submit by and through such Social Media Pages can be read, collected and/or used by other users of these websites/services (depending on your privacy settings associated with your accounts with the applicable Social Media Websites), and could be used to send you unsolicited messages or otherwise to contact you without your consent or desire; and (b) where Company responds to any interaction on such Social Media Pages, your account name/handle may be viewable by any and all members/users of Company’s social media accounts. We are not responsible for the personal information that you choose to submit on any Social Media Websites.
In addition, the Site contains Social Media Website widgets and buttons (“Widgets”), such as the Facebook® and Twitter® share buttons. These Widgets may collect your IP address, as well as which page you are visiting on our Site, and may set a Cookie on your browser to enable the Widget to function properly. The Widgets are owned and operated by the applicable Social Media Websites. The Social Media Websites operate independently from Company, and we are not responsible for such Social Media Websites’ interfaces or privacy or security practices.
Your interactions with the Social Media Pages and Widgets are governed by the privacy policies of the applicable Social Media Websites. We encourage you to review the privacy policies and settings of the Social Media Pages and/or Widgets with which you interact to help you understand those Social Media Websites’ respective privacy practices. If you have questions about the security and privacy settings of any Social Media Pages and/or Widgets that you use, please refer to the applicable Social Media Website’s privacy notices or policies.
Non-Personal Data Collection and Use
Please see our Privacy Provisions for California Residents below for more details regarding the categories and types of non-Personal Data collected.
IP Addresses/Browser Type
We may collect certain non-personally identifiable information about you and your desktop computer and/or mobile device when you visit many of the pages of the Site. This non-personally identifiable information includes, without limitation, the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), your IP address, the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet service provider (e.g., Verizon, AT&T). We use the non-personally identifiable information that we collect to improve the design and content of the Site Offerings and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze usage of the Site Offerings.
Cross Device Tracking
Company tracks users’ use of the Site Offerings across various devices, including your personal computer and mobile device, in order to optimize and personalize your Site Offerings experience. Company may collect certain of your personal information across various devices. If you would like to opt-out of having your use of the Site Offerings tracked across multiple devices, please e-mail us at: [email protected] Please be advised that where you opt-out of having your use of the Site Offerings tracked across devices, you may need to upload certain information multiple times and/or input your log-in information multiple times.
Company reserves the right to transfer and/or sell aggregate or group data about users of the Site Offerings for lawful purposes. Aggregate or group data is data that describes the demographics, usage or other characteristics of Site Offerings users as a group, without disclosing personally identifiable information.
The Site may contain links to third-party owned and/or operated websites including, without limitation, the Social Media Websites. Company is not responsible for the privacy practices or the content of such websites. In some cases, you may be able to make a purchase through one of these third-party websites. In these instances, you may be required to provide certain information, such as a credit card number, to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Company has no responsibility or liability relating to them.
Security of Your Personal Data
We endeavor to safeguard and protect our users’ Personal Data. When users make Personal Data available to us, their Personal Data is protected both online and offline (to the extent that we maintain any Personal Data offline). Where our registration/application process prompts users to enter Personal Data, and when we store and transmit such Personal Data, that information is encrypted with advanced TLS (Transport Layer Security).
Access to your Personal Data is strictly limited, and we take reasonable measures to ensure that your Personal Data is not accessible to the public. All of our users’ Personal Data is restricted in our offices, as well as the offices of our third-party service providers. Only employees or third-party agents who need the Personal Data to perform a specific job are granted access to Personal Data. Our employees are dedicated to ensuring the security and privacy of all user Personal Data. Employees not adhering to our firm policies are subject to disciplinary action. The servers that we store Personal Data on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of Personal Data under our control.
Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet or via wireless networks can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your Personal Data, and technological bugs, errors and glitches may cause inadvertent disclosures of your Personal Data; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your Personal Data will be absolutely secure. Any transmission of data at or through the Site, other Site Offerings or otherwise via the Internet or wireless network, is done at your own risk.
In compliance with applicable federal and state laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your Personal Data. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
Visitors under eighteen (18) years of age are not permitted to use and/or submit their Personal Data at the Site. Company does not knowingly solicit or collect information from visitors under eighteen (18) years of age. Company encourages parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.
Please see our Privacy Provisions for California Residents below for instructions on how California Residents can opt-out of the sale of their Personal Data to third parties.
To opt-out of receiving e-mail communications from us, you can follow the instructions at the end of the applicable e-mail message or e-mail us at: [email protected] To restrict the processing of your Personal Data, please e-mail us at: [email protected]
Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to: (a) the fulfillment of our contractual relationship (including in connection with your purchase of a Membership, purchase of Merchandise, use of the Donation Services and/or use of the Booking Services); (b) your request for Site Offerings; and (c) to respond to any inquiry or request made by you. To opt-out of receiving Site Offerings-related and/or inquiry response-related messages from Company, you must cease requesting and/or utilizing the Site Offerings and/or cease submitting inquiries to Company, as applicable.
Individual Rights: Deleting, Modifying and Updating Your Personal Data
Please see our Privacy Provisions for California Residents below for instructions on how California Residents can access and/or delete Personal Data that we have collected.
At your request, we will: (a) inform you of what Personal Data we have on file for you, in a machine-readable format; (b) amend the Personal Data that we have on file for you; and/or (c) completely remove Personal Data that you have provided to us, or that we have collected, from our servers/databases. You may make such a request by e-mailing us at: [email protected] We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests.
Please be advised that deleting your personal information may terminate your access to certain of the Site Offerings. If you wish to continue using the full complement of Site Offerings, you may not be able to delete all of the personal information that we have on file for you.
Filing a Complaint with the Federal Trade Commission
To file a complaint regarding our privacy practices, please Click Here.
Security of Payment Information
The security of your payment information is important to us. We use industry standard encryption technology to make the transfer of data secure for all our ecommerce transactions. It encrypts all of your personal information, including credit card number, name, and address, so that it cannot be read while in transit. Your credit card information is not stored on the Site’s server(s).
We are proud to display the Authorize.Net Verified Merchant Seal on the Site. Our customers can be confident that their ecommerce transactions on the Site are being processed securely by Authorize.Net, one of the most trusted names in the online payments industry. Click on the seal on the right to verify our active status.
As part of our continued emphasis on security, the Site undergoes third-party scanning and testing of our servers. Please click the Security Metrics badge on the right to learn more about how we keep your information secure by meeting PCI data security requirements.
Categories of Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular CA User or device (“personal information”). In particular, we have collected the following categories of personal information from CA Users within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, telephone number or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, postal address, telephone number, passport number, driver’s license or State identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status or genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered or other purchasing or consuming histories or tendencies.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a CA User’s interaction with a website, application or advertisement.||YES|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.||YES|
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources (with the specific categories of personal information indicated in parenthesis):
Use of Personal Information
We may use or disclose the personal information that we collect for one or more of the following business purposes (with the specific categories of personal information indicated in parenthesis):
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated or incompatible purposes without providing you with notice.
Sharing Personal Information
We may share your personal information with third parties for the business purposes set forth above.
When we disclose personal information to a third party service provider or other entity, we enter into a contractual relationship that describes the purpose for which such third party may use the personal information and requires that third party to both keep the personal information confidential and not use it for any purpose other than the performance of its services under the applicable contract. Please note, we do not collect information from CA Users that we actually know are less than eighteen (18) years of age and we do not share or sell the personal information of CA Users that we actually know are less than eighteen (18) years of age. Without limiting the foregoing, we have not shared or sold the personal information of CA Users that we actually know are less than sixteen (16) years of age in the preceding twelve (12) months.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Commercial information.
Category D: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activities.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties (with the specific categories of personal information indicated in parenthesis):
In the preceding twelve (12) months, we have not sold personal information to third parties.
Your Rights and Choices
The CCPA provides CA Users (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Opt-Out from the Sale of Your Personal Information
We do not sell your personal information to third parties. If we determine in the future that we would like to sell your personal information, we will only do so when you affirmatively opt-in to such sales, and we will provide you with the means to opt-out of such sales as required by the CCPA.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable CA User request, we will disclose to you:
Deletion Request Rights You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable CA User request, we will delete (and direct our service providers to delete) your personal information from our (their) records, unless an exception applies; provided, however, that in some cases, strictly for regulatory compliance purposes and to better evidence/honor opt-out/unsubscribe requests (and for no other purposes), we may retain certain items of your personal information on a de-identified and aggregated basis in such a manner that the data no longer identifies you.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Exercising Access, Data Portability and Deletion Rights
To exercise your access, data portability and/or deletion rights described above, please submit a verifiable CA User request to us by either:
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable CA User request related to your personal information.
You may only make a verifiable CA User request for access or data portability twice within a 12-month period. The verifiable CA User request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable CA User request does not require you to create an account with us. We will only use personal information provided in a verifiable CA User request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to all verifiable CA User requests within forty-five (45) days of the receipt thereof. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the receipt of your verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable CA User request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Changes to these Provisions
We reserve the right to amend these Provisions in our discretion and at any time. When we make changes to these Provisions, we will notify you by email or through a notice on the Site’s homepage.
Aloha, We Are Open! Our PacWhale Eco-Adventures are open for booking as we welcome visitors back to Maui. Quarantine restrictions were lifted on Oct. 15th for those following the state’s pre-arrival COVID-19 testing requirements.