Privacy Policy
Big Kahuna Industries Inc. – Privacy Policy (Effective May 15, 2025)
Last updated: May 15, 2025
1. Introduction
Big Kahuna Industries Inc. ("Big Kahuna Guns", "we", "us" or "our") respects your privacy and is committed to protecting your Personal Information. This Privacy Policy explains how bigkahunaguns.com (the "Site") collects, uses, discloses, and safeguards your information when you visit or make a purchase, and describes the rights and choices available to you.
This Policy incorporates updates required by new and amended privacy laws effective in 2025, including the California Privacy Rights Act ("CPRA"), Colorado Privacy Act ("CPA"), Connecticut Data Privacy Act ("CTDPA"), Utah Consumer Privacy Act ("UCPA"), Virginia Consumer Data Protection Act ("VCDPA"), and applicable EU, UK, Swiss and other international regulations.
2. Personal Information We Collect
"Personal Information" ("PI") means any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual.
We collect the following categories of PI:
| Category | Examples | Purpose of Collection | Source | Disclosed To* |
|---|---|---|---|---|
| Identifiers & Contact Data | name, postal address, email, phone number, IP address, unique device ID | order processing, customer support, fraud prevention, marketing communications | directly from you | Authorize.Net; Odoo; shipping carriers; email service provider |
| Commercial & Transaction Data | products purchased, payment method, order history | fulfill and manage orders, accounting, legal compliance | directly from you | Authorize.Net; accounting & audit partners |
| Internet / Network Activity | browser type, referring URLs, pages viewed, time zone, cookies, search terms, interactions | Site functionality, analytics, personalization, targeted advertising | automatic (cookies, pixels, log files) | Google Analytics, Meta Ads, Microsoft Ads |
| Geolocation Data (coarse) | general location inferred from IP | detect fraud, tailor content to region | automatic | security & analytics providers |
| Customer Support Records | communications with customer service, troubleshooting information | provide support & improve services | directly from you | CRM platform (Odoo), help‑desk provider |
| Sensitive Personal Information (only where strictly necessary) | government‑issued ID for FFL transfers, or age verification | legal compliance with firearms regulations (e.g., ATF, ITAR) | directly from you | FFL dealers; federal & state regulators when required |
*We disclose PI only for the business purposes described in Section 4.
Minors
Our products are intended for individuals 18 years or older. We do not knowingly collect PI from children under 13. If we learn that we have inadvertently collected such data, we will delete it.
3. How We Use Personal Information
We use PI to:
- Provide Services – process and fulfill orders, manage payments, ship products, send confirmations and invoices.
- Operate the Site – display content, remember preferences, maintain security, and prevent fraud.
- Customer Support – respond to inquiries, handle returns/warranties, and troubleshoot issues.
- Marketing & Advertising – send promotional messages, recommend products, and deliver interest‑based ads (see Section 5).
- Analytics & Improvements – evaluate Site performance, develop new features, and improve user experience.
- Legal & Compliance – meet obligations under firearms laws (e.g., ATF regulations), tax, accounting, sanctions, and export controls (ITAR/DDTC).
- Automated Decision‑Making – utilize limited automated tools (e.g., fraud screening by Authorize.Net and Odoo) that do not have legal or similarly significant effects on individuals.
Legal bases for processing PI under the EU GDPR/UK GDPR are: contract performance, legitimate interests, compliance with legal obligations, and consent where required (e.g., cookies, marketing emails).
4. Sharing Personal Information
We share PI only:
- Service Providers & Processors – payment gateway (Authorize.Net), e‑commerce & CRM (Odoo S.A.), shipping carriers (UPS, USPS, FedEx), email & marketing automation (Brevo/Mailchimp), IT & security vendors, and web‑hosting partners. Each provider is contractually bound to use PI solely to provide the contracted services.
- Business Transfers – in connection with a merger, acquisition, or sale of assets, subject to confidentiality safeguards.
- Legal Requirements – to comply with subpoenas, court orders, lawful requests by public authorities, or to defend legal claims.
- Advertising Partners – see Section 5.
- Consent – where you explicitly agree to additional disclosures.
We do not sell PI for monetary consideration. We may "share" PI for cross‑context behavioral advertising under CPRA; you can opt‑out as described below.
5. Cookies, Tracking Technologies & Behavioral Advertising
We use cookies, pixels, and similar technologies from Google, Meta, Microsoft, and other partners to:
- remember your preferences;
- measure Site traffic and performance (e.g., Google Analytics 4);
- provide interest‑based advertisements.
Global Privacy Control & “Do Not Sell or Share”
If your browser sends a Global Privacy Control (GPC) signal, we will honor it as an opt‑out of sale/sharing for targeted advertising as required by CPRA §1798.185(a)(19).
You may also manage cookies through browser settings and opt‑out links:
- Google Ads – https://adssettings.google.com
- Meta (Facebook/Instagram) – https://www.facebook.com/adpreferences/ad_settings
- Microsoft Ads – https://account.microsoft.com/privacy/ad-settings
- NAI Opt‑Out – http://optout.networkadvertising.org
Note: disabling cookies may affect Site functionality.
6. Data Retention
We retain PI only as long as necessary:
- Orders & billing records: 7 years (tax & regulatory compliance).
- Marketing email subscription data: until you unsubscribe or after 24 months of inactivity.
- Analytics data: 26 months (Google default) unless you withdraw consent sooner.
- Firearms transaction records (e.g., ATF Form 4473, FFL transfers): 20 years or as mandated by law. When retention periods expire, data is securely deleted or anonymized.
7. International Transfers
We are headquartered in the United States; PI may be stored and processed in the U.S. and other countries with different data‑protection laws. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and/or other lawful mechanisms.
8. Your Privacy Rights
United States (CA, CO, CT, UT, VA)
Depending on your state, you may have rights to:
- Access/know the categories and specific pieces of PI we hold;
- Correct inaccurate PI;
- Delete PI;
- Opt‑out of targeted advertising (sale/sharing);
- Restrict the use/disclosure of sensitive PI (CA);
- Appeal a denial of your request (CO, CT, VA). You can exercise these rights by emailing [email protected] or calling +1 (727) xxx‑xxxx. We will verify your identity and respond within the timeframe required by law.
European Economic Area, United Kingdom & Switzerland
You have the right to access, correct, delete, restrict, or object to processing, and to data portability and withdrawal of consent. You may lodge a complaint with your supervisory authority. Our EU representative under Art. 27 GDPR is [Representative Name & Address].
9. Security
We use industry‑standard technical and organizational measures (TLS encryption, network firewalls, access controls, regular security audits) to protect PI. No internet transmission is completely secure; please take care when sharing information online.
10. Changes to this Policy
We may revise this Policy from time to time. The "Last updated" date will reflect the most recent changes. Material changes will be announced via a notice on the Site and/or direct communication when required by law.
11. Contact Us
If you have any questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer:
Timothy Francisco, President
Big Kahuna Industries Inc.
11419 Challenger Ave, Odessa, FL 33556, USA
📞 +1 (813) 790-7220
You may also contact [email protected] for general inquiries.