The Kahala Hotel & Resort and Lights On, our website marketing provider, collects personal data from individual users of www.kahalaresort.com. Certain fields of this data may constitute protected “personal data” as that term is defined in the E.U. General Data Protection Regulation (“GDPR”).
The following disclosures concerning The Controllers compliance with GDPR are presented for informational and compliance purposes only. Nothing in these disclosures constitutes a representation that any particular data or service is governed or subject to GDPR, nor do these disclosures represent or constitute any contract or undertaking with any individual.
Effective Date of GDPR
GDPR is set to take effect on May 25, 2018. On and after that date, The Controllers will comply with GDPR to the extent applicable.
Utilization of Data
The Controllers utilize personal data including the information provided by you during usage of the website and submission of forms. The Controllers process this data for marketing purposes. This data may be used, for example, to send information electronically or physically that you request.
Basis for the Processing of Data
The Controllers may seek your consent to send communications (marketing communications). The Controllers will seek a separate consent to send these communications in certain cases which may be revoked by you at any time via email to firstname.lastname@example.org or by clicking unsubscribe on the pertinent email communication.
Recipients of Personal Data
Recipients of personal data may include fulfillment providers for physical mailing, email deployers, technical providers of data storage, and back end service providers. All employees of The Controllers who receive or review personal data have received training concerning maintaining the confidentiality of such data and committed themselves to confidentiality. Where appropriate, The Controllers will enter into written agreements governing the processing and confidentiality of personal data by third parties.
Storage of Data
The Controllers will retain data only so long as is necessary.
Your Rights Under GDPR
If the GDPR applies to retention of your personal data, you have several rights including (i) the right to request access, rectification or erasure of your data, (ii) the right to lodge a complaint with the appropriate European Union supervisory authority, and (iii) to the extent processing of data is based on consent, you have the right to withdraw your consent at any time.
 A copy of the GDPR is available here. (last retrieved: April 10, 2018).