1. Introduction

Maui Divers of Hawaii, Limited dba Maui Divers Jewelry ("Maui Divers Jewelry," "we," "us," or "our") is committed to protecting your privacy. This Privacy & Cookie Policy explains what personal information we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have over it.

This Policy applies to our websites at www.mauidivers.com and www.mauidiversjewelry.com (the "Sites"), our mobile messaging service, and any other interactions you have with us including by phone or email. By accessing or using our Sites, or making a purchase from us, you agree to the terms of this Policy.

If you do not agree to this Policy, please do not use our Sites.

2. Information We Collect

2.1 Information You Provide to Us

When you interact with us, you may provide:

• Contact information (name, email address, mailing address, phone number)
• Payment information (credit card number, billing address) — processed securely by our payment processor; we do not store full card numbers
• Account credentials (username, password)
• Order details and purchase history
• Communications you send to us by email, phone, or web form
• Mobile number if you opt in to our SMS/text messaging service

2.2 Information Collected Automatically

When you visit our Sites, we and our third-party partners automatically collect:

• Device and browser information (IP address, browser type and version, operating system, device identifiers)
• Usage data (pages visited, time and date of visit, time spent on each page, links clicked, referring URLs)
• Cookie and tracking technology data (see Section 5 for full details)
• Location data inferred from your IP address

2.3 Information from Third Parties

We may receive information about you from:

• Social media platforms (if you interact with our social media content)
• Advertising partners (such as audience matching and retargeting data)
• Analytics providers

3. How We Use Your Information

We use your personal information for the following purposes:

• Process and fulfill your orders, including payment and shipping
• Create and manage your account
• Respond to your inquiries and provide customer support
• Send transactional communications (order confirmations, shipping updates, receipts)
• Send marketing communications (promotions, new collections, cart reminders) — with your consent or where permitted by law
• Improve our Sites, products, and services through analytics
• Display personalized advertising on our Sites and third-party platforms
• Comply with legal obligations (tax records, fraud prevention)
• Protect the security and integrity of our Sites

4. How Long We Keep Your Information

We retain your personal information only for as long as necessary to fulfil the purposes described in this Policy or as required by law. Our standard retention periods are:

• Purchase and transaction records: 7 years (to comply with tax and accounting obligations)
• Account information: For the duration of your account, plus 2 years after closure
• Marketing preferences and opt-in records: Until you opt out, plus 5 years
• Customer service communications: 3 years
• Cookie and analytics data: 13 months from collection
• SMS opt-in/opt-out records: 5 years (to demonstrate TCPA compliance)

After these periods, data is securely deleted or anonymized.

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Sites. We also use similar technologies such as pixel tags, web beacons, and local storage objects.

5.2 Cookie Consent

When you first visit our Sites, you will be presented with a cookie consent banner. You can choose to accept all cookies, reject non-essential cookies, or customize your preferences by category. You can update your preferences at any time via the cookie settings link in our website footer.

5.3 Categories of Cookies We Use

• Strictly Necessary Cookies: Essential for the Sites to function (e.g., shopping cart, login sessions, security). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our Sites (e.g., pages visited, time on site). Providers include Google Analytics. These are only set with your consent.
• Functionality Cookies: Remember your preferences (e.g., language, region). Set with your consent.
• Advertising & Targeting Cookies: Used to deliver relevant ads on our Sites and third-party platforms, including via Meta Pixel and Google Ads. Set only with your consent.
• Cart Abandonment Cookies: Track items in your cart to determine when to send cart reminder messages. See Section 10 regarding SMS communications.

5.4 Do Not Track & Global Privacy Control

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not alter our data collection practices in response to DNT signals. However, we do honor Global Privacy Control (GPC) browser signals as an opt-out of the sale or sharing of personal information, as required under California law. When a valid GPC signal is detected, we will not use your data for targeted advertising without further action on your part.

6. How We Share Your Information

6.1 Service Providers

We share personal information with vendors and service providers who process it on our behalf, strictly for the purposes described in this Policy. Current categories include:

• E-commerce platform: Shopify (order processing and site infrastructure)
• Payment processors: To securely handle payment transactions (we do not store card data)
• Shipping carriers: To fulfill and deliver your orders
• Email marketing: For transactional and promotional communications
• SMS/text messaging: Podium and Klaviyo, for order alerts and promotional messages (see Section 10)
• Analytics: Google Analytics and similar tools for site performance data
• Advertising: Meta (Facebook/Instagram), Google Ads for targeted advertising
• Customer support tools: To manage inquiries and support tickets

All service providers are contractually required to protect your information and are prohibited from using it for any purpose other than providing services to us.

6.2 Legal Disclosure

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change via email or a prominent notice on our Sites.

6.4 We Do Not Sell Your Personal Information

We do not sell your personal information to third parties for money. We may share certain data with advertising partners in ways that may qualify as "sharing" under California law. To opt out, submit a request using the contact details in Section 13.

7. How We Protect Your Information

We implement physical, technical, and administrative safeguards appropriate to the sensitivity of the personal information we hold, including:

• Encryption of data in transit using TLS (HTTPS)
• PCI-DSS compliance for all payment card data handling
• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security assessments of our systems and third-party providers

While we take these measures seriously, no transmission over the internet or electronic storage system is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, generally within 72 hours of discovery for EU/UK residents, and within the timeframes required by applicable US state law.

8. Your Privacy Rights

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

1. Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, the purposes for collection, and the categories of third parties with whom it was shared.
2. Right to Access: Obtain a copy of your personal information.
3. Right to Correct: Request correction of inaccurate personal information.
4. Right to Delete: Request deletion of your personal information, subject to certain exceptions.
5. Right to Opt Out of Sale/Sharing: Direct us not to sell or share your personal information for cross-context behavioral advertising. To exercise this right, submit a request using the contact details below.
6. Right to Limit Use of Sensitive Information: Direct us to limit the use of sensitive personal information (such as payment card details) to only what is necessary to provide the services you requested.
7. Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit a CCPA request, contact us at:

• Phone: (808) 946-2929
• Email: customerservice@mauidivers.com

Please include your full name, mailing address, and email address so we can verify your identity and respond. We will confirm receipt within 10 business days and respond substantively within 45 days (extendable by an additional 45 days with notice). If we deny your request, we will explain the reason and provide instructions for appealing our decision.

Authorized agents may submit requests on your behalf with written authorization or a valid power of attorney.

8.2 Residents of Other US States

Residents of Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy laws may have rights similar to those described above, including rights to access, correct, delete, and opt out of targeted advertising. Please contact us at customerservice@mauidivers.com to exercise these rights. We will respond in accordance with the applicable state law.

8.3 EEA, UK, and Swiss Residents (GDPR/UK GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the GDPR or UK GDPR:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making and profiling
• Right to withdraw consent at any time (where processing is based on consent)
• Right to lodge a complaint with your national data protection supervisory authority

To exercise any of these rights, contact us at customerservice@mauidivers.com. We will respond within 30 days. Please note that transfers of personal data from the EEA/UK to the United States are governed by appropriate safeguards including Standard Contractual Clauses where applicable.

9. Children's Privacy

Our Sites are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at customerservice@mauidivers.com.

10. Mobile Messaging (SMS/Text) Terms

10.1 Service Overview

The Maui Divers Jewelry mobile message service (the "Service") is operated by Maui Divers Jewelry using Podium and Klaviyo. By consenting to our SMS/text messaging service, you agree to receive recurring SMS/text messages through your wireless provider to the mobile number you provided, even if your number is registered on a state or federal Do Not Call list.

10.2 Message Types

Messages may include:

• Service messages: Order updates, shipping notifications, account alerts
• Promotional messages: Promotions, special offers, new arrivals, cart reminders

10.3 Consent

Consent to receive SMS messages is not a condition of purchase. Your participation is entirely voluntary.

10.4 Costs

We do not charge for the Service. Message and data rates from your wireless carrier may apply. Message frequency varies.

10.5 Opt-Out

To opt out at any time, text STOP to our shortcode. You will receive a one-time opt-out confirmation. No further messages will be sent unless you re-initiate contact. If you have enrolled in multiple Maui Divers Jewelry SMS programs, you must opt out of each separately.

10.6 Help

For support, text HELP or email ecom@mauidivers.com.

10.7 Data Sharing

SMS opt-in data and consent records will not be shared with any third parties for their own marketing purposes.

11. Third-Party Websites & Social Media

Our Sites may contain links to third-party websites, including social media platforms such as Facebook, Instagram, TikTok, YouTube, and Pinterest. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policy of any third-party site you visit before providing personal information.

We use third-party advertising technologies (including Meta Pixel and Google Ads) that may set cookies and collect data about your activity on our Sites and other websites to show you relevant ads. You can opt out of personalized advertising through your cookie preferences (see Section 5) or through industry opt-out tools at www.aboutads.info or www.youronlinechoices.com.

12. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify you by:

• Posting the updated Policy on our Sites with a revised effective date, and
• Sending an email notification to the email address associated with your account, where practical

We encourage you to review this Policy periodically. Your continued use of our Sites after the effective date of any changes constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions about this Privacy & Cookie Policy or wish to exercise your privacy rights, please contact us: