In 2018 California passed the California Consumer Protection Act, a measure that works to put the control of your data in your hands. This act applies to any company doing business with persons residing in California.
Our complete CCPA compliance policy is provided below, as are links to help you submit legal data requests. Hilo Hattie has tools that allow you to easily submit CCPA requests. We ask that you review the CCPA policy below to understand how the law affects you and what rights you have when submitting requests.
In 2018 California passed the California Consumer Protection Act (CCPA), a privacy-centric bill aimed at protecting the privacy of California consumers, effective January 1, 2020. This bill sets requirements for how businesses handle consumers’ Personally Identifiable Information (PII) and gives rights to consumers in controlling how that data is used. Hilo Hattie has always taken the privacy and security of customer data seriously and has implemented steps that empower you in compliance with the CCPA.
Under the CCPA, consumers have the right to request access to information of theirs we hold, request that the data be deleted, a disclosure of our data collection practices and how the data is used, and request to opt-out of the sale of their data to third parties. Hilo Hattie does not and will never sell or rent the types of information outlined in this document.
The CCPA requires that businesses disclose the following: how information is used and, if/how it may be shared with third-party services, how the business’ website responds to “Do Not Track” signals from a web browser.
Consumers also have the right to not be discriminated against for exercising their rights under the CCPA.
While the California Consumer Protection Act legally only applies to consumers in California, we have standardized this process and will honor requests made by consumers who have interacted with Hilo Hattie in any state. We are committed to providing the same privacy protections to our customers and potential customers, whether in California or in other states within the U.S.
Details for how to submit CCPA requests and detailed information on how we use consumer data outlined below also apply to any consumer located in the U.S.
Hilo Hattie collects both personally identifiable information (PII) and non-personally identifiable information when consumers contact us with interest in Hilo Hattie offerings and during the ensuing communications to service these requests. This data is stored for the purposes of communication, advertising, and providing agreed-upon or contracted delivery of products and services. We may, at times, share this information with trusted third parties for advertising and marketing purposes, services that we require to conduct regular business, or services that allow us to enhance the services provided to consumers both online and offline.
The information we may collect is as follows and the specific information we collect from each person will depend on the types of interactions and communications that are chosen by that person. Some items below may not be individually considered personally identifiable information but maybe when combined with other items.
We may receive additional information voluntarily provided by you when requesting information about products and services offered by Hilo Hattie, or participate in the sales process.
Under the CCPA, California consumers may have the right to make personal information requests, known as the “Right of Access” and “Right of Deletion.” The CCPA requires that businesses respond to all requests within 45 days, and these requests are as follows:
Protecting the data of consumers from fraudulent requests is the highest priority in Hilo Hattie’s CCPA compliance procedures. All CCPA requests must be validated through strict measures to ensure that the individual submitting the request is the owner of the information in question. Confirmation methods may include, but are not limited to, the following:
Hilo Hattie will confirm and validate any and all requests made for both Right of Access and Right of Deletion requests while protecting the personally identifiable information related to the request itself. If we are unable to validate and confirm the identification of the individual submitting a CCPA request, Hilo Hattie is legally obligated and reserves the right to deny that request. Requests must be made by the individual whose data is the subject of request exclusively - the CCPA does not allow for other members of the household to request data on behalf of others within that household unless they are a legal parent or guardian of the minor for which the request is being made. For the purposes of the CCPA, a minor is defined as a person 13 years of age or younger.
There are circumstances that exist which may limit or prevent Hilo Hattie’s ability and legal requirement to fulfill a Right of Deletion request. According to the CCPA, a deletion request cannot be fulfilled for a Hilo Hattie customer where personally identifiable information is required for conducting ongoing business or fulfilling standing contractual obligations.
Hilo Hattie may also reject requests for Right of Deletion and Right of Access if reasonable steps have been taken to confirm the identity of the individual making that request yet are unable to determine that the request is being made by the owner of the personal data. This provision protects both consumers and companies from fraudulent and malicious requests by third parties.
The CCPA has been interpreted to state that a Right of Deletion request implies that the individual is also opting out of any further use or collection of that data in the future. However, there may be situations where that, in complying with a Right of Deletion request, Hilo Hattie would not be in possession of any data that would allow us to ensure that the information we receive or collect was subject to any requests made regarding that data previously. In the event that you believe we have come into possession of your data either directly or indirectly, please contact us to submit another Right of Access or Right of Deletion request.
If you have a question regarding requests involving Hilo Hattie that you believe may be affected by these provisions, please contact us by sending an email to firstname.lastname@example.org or by calling our phone number at (xxx) xxx-xxxx
Yes. Hilo Hattie keeps an anonymized ledger of requests made so that any individual who has made a request, person/organization legally representing an individual who has made a request, or government entity can confirm and verify that a request was received and fulfilled. All confirmation inquiries are also subject to identity verification to ensure that the person or organization submitting a confirmation request is qualified to receive this information. The records of fulfillment are created using a method of one-way encoding for data that could be classified as PII, which allows us to log CCPA requests while remaining in compliance in not retaining any personally identifiable information.
To create and maintain verifiable records, every request is recorded with the following information:
This information will be provided to a properly verified individual or organization in response to a request as described above. These confirmation requests will also be recorded.
Maintains ledgers that make use of salted/hashed values for the contact information used to fulfill the request made. This allows us to store a record of the transaction without requiring that we retain any personally identifiable information. When a value (such as an email address or phone number) is hashed, it cannot be “unhashed.” The result is an encrypted version of the original value. No two hashes are alike, and when the same original value is hashed again, it will always result in the same encrypted string.
By using this method, we are able to convert contact information to an encrypted string, delete the records we have, and at a later date, provide a lookup of that record by re-hashing the information an individual provides and then searching for that anonymized value in our request logs. For reference, this secure method of data storage is how the passwords you use on websites and apps are stored and protected.
For more details on what hashing is and how it works, read more here: https://en.wikipedia.org/wiki/Hash_function
In compliance with the CCPA, Hilo Hattie provides more than one method to submit a CCPA request. Methods include calling our dedicated toll-free number, sending an email to our CCPA address, or submitting a request via a secure online form. The online form simplifies the request process by allowing the individual making the request to provide information upfront that can help expedite its review and fulfillment. However, we welcome communication via any method and will service all requests equally. If you are ready to submit a request, please ensure that you are familiar with the information located here. If you have questions about making a request or would like more information, please call or email us for assistance.
The Hilo Hattie dedicated CCPA phone number:
The Hilo Hattie dedicated CCPA email address:
Last updated 8/22/2023