Privacy Policy
Applies To: All visitors, shoppers, and account holders on BebeHawaii.com (United States market)
This website is owned and operated by BebeHawaii LLC.
1. Introduction
Welcome to BebeHawaii, where we craft premium, made-to-order Hawaiian shirts. This Privacy Policy explains, in clear language, what personal information we collect, why we collect it, how we use and protect it, and what choices & rights you have.
We follow applicable U.S. privacy laws (e.g., CCPA/CPRA) and international best practices (GDPR) and meet the transparency standards required by Google Merchant Center / Google Shopping.
2. Scope & Purpose
This policy covers data collected through:
- BebeHawaii.com (desktop, mobile, checkout, account areas)
- Customer-service channels — email, phone, chat, social DMs
- Marketing tools — newsletter sign-ups, restock alerts, promotions
We sell and ship exclusively within the United States. Visitors outside the U.S. may browse the site but cannot complete checkout.
3. Information We Collect & Why
| Category | Specific Data | Why We Need It |
|---|---|---|
| Order & Fulfillment | Full name, shipping & billing address, phone, email, chosen size, design variant, gift message | Process your order, produce made-to-order apparel, and deliver within published timelines: Handling time: 3–5 business days; Transit time: 9–15 business days; Delivery time: 12–20 business days. Send order & tracking updates. |
| Payment | PayPal transaction ID via PayPal Commerce Platform (we do not store full card numbers) | Accept payment, issue refunds/adjustments; fraud prevention. |
| Account | Login credentials, order history, saved addresses | Faster checkout, order lookup, returns/exchanges support. |
| Support Records | Emails, call/chat transcripts, photos of defects | Resolve inquiries; honor 30-day return window; prevent abuse/fraud. |
| Device & Usage | IP address, browser/version, pages viewed, referring URLs, cookies | Site security, performance analytics, personalization. |
| Marketing Preferences | Newsletter opt-in status, preferences | Send product launches and promotions (opt-in only). |
| Optional Data | e.g., birthday for coupons | Only if you provide it; deletable on request. |
4. How We Use Your Information
- Fulfill & ship orders within the U.S. according to our published Handling/Transit/Delivery times.
- Communicate: confirmation, shipping notice, tracking, support replies (Mon–Sat, 9 AM–5 PM EST).
- Customer care: sizing help, returns/exchanges, warranty questions.
- Marketing (opt-in only): newsletters, new prints, VIP discounts (one-click unsubscribe in every email).
- Security & fraud prevention: monitor traffic patterns, block malicious activity.
- Legal & tax compliance: maintain purchase records.
- Sustainability analytics: aggregated insights to reduce waste from overproduction.
5. Legal Bases for Processing (GDPR reference)
- Contractual necessity — to fulfill your purchase.
- Legitimate interests — fraud prevention, network security, product improvement.
- Consent — promotional emails, non-essential cookies.
- Legal obligation — bookkeeping, tax, product-safety rules.
You may withdraw consent at any time without affecting prior lawful processing.
6. Sharing & Disclosure
We never sell or rent your personal information. We share only what’s necessary with trusted service providers under Data-Processing Agreements:
| Partner | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| PayPal | Secure payment processing | Encrypted tokens, transaction amount | PCI-DSS Level 1 |
| USPS, UPS, FedEx, YANWEN | Labels & delivery | Name, address, phone, email | Label data encrypted in transit |
| Google Analytics 4 | Aggregate site metrics | IP (masked), device details | IP-masking; ads features disabled |
| Klaviyo | Email newsletter delivery | Name, email, opt-in status | SOC 2 Type II; unsubscribe/delete tools |
| Zendesk | Support ticket management | Contact info, order ID, conversation | US data residency; role-based access |
7. Cookies & Similar Technologies
| Type | Examples | Choice |
|---|---|---|
| Essential | cart_token, checkout_session | Required for site to function |
| Performance | _ga (Google Analytics) | Manage via Cookie Settings banner |
| Marketing | Klaviyo tag, (optional) Meta pixel | Off by default until you opt-in |
Our Cookie Banner appears on first visit; you can adjust settings anytime.
8. Data Retention
| Data | Retention | Reason |
|---|---|---|
| Orders & invoices | 7 years | Tax & legal compliance |
| Support communications | 24 months | QA and legal reference |
| Marketing opt-in | Until unsubscribe or 24 months inactivity | Respect user preference |
| Abandoned carts | 30 days | Reminder, then anonymize |
| Web analytics | 14 months | Trend analysis; then aggregate |
After retention, data is securely deleted or anonymized.
9. Security Measures
- SSL/TLS site-wide; HSTS enforced
- AES-256-encrypted backups (AWS us-east-1)
- Role-based access; annual staff security training
- Automated vulnerability scans; annual pen-tests
- Incident-response plan with 72-hour breach-notification window
10. Your Privacy Rights
| Region/Law | Rights | How to Exercise |
|---|---|---|
| CCPA/CPRA (California) | Know, access, delete, correct, opt-out of “sale”, limit sensitive info | Webform in “My Account” or email privacy@bebehawaii.com |
| GDPR (EU/EEA visitors) | Access, rectification, erasure, restriction, portability, objection | Email with order ID & ID verification |
| All users | Update profile, unsubscribe marketing | “My Account” dashboard or footer link |
We confirm receipt within 10 days and respond within 45 days (up to 90 days for complex cases).
11. Do-Not-Track & Global Privacy Control
We honor browser Do-Not-Track signals and Global Privacy Control (GPC) by automatically disabling non-essential cookies/marketing tags when detected.
12. Children’s Privacy
Our products/site target adults. We do not knowingly collect data from children under 13. If a minor provided data, contact us for prompt deletion.
13. Policy Updates
We may update this Policy for operational, legal, or regulatory reasons. The Last Updated date will change, and material changes will be emailed to registered customers 30 days in advance.
14. Contact Us
Address: 1798 Mansion Ave, Claymont, DE 19703, United States
Phone: +1 (707) 753-0726
Email: support@bebehawaii.com
Hours: Mon – Sat, 9 AM – 5 PM EST