Privacy Policy

1. Introduction

Welcome to Costa Vida. We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you use our website, mobile applications, and food ordering services.

This policy covers all interactions you have with Costa Vida, including but not limited to:

• Visiting our website and mobile applications
• Creating an account and placing food orders
• Using our delivery and pickup services
• Participating in our loyalty programs
• Making reservations and booking catering services
• Communicating with our customer support team

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide when using our services:

Personal Identification Information:

• Name, email address, phone number
• Delivery and billing addresses
• Date of birth (for age verification and special offers)
• Profile photos and account preferences

Account and Order Information:

• Username and encrypted password
• Order history and purchase details
• Dietary preferences and restrictions (vegetarian, vegan, gluten-free, etc.)
• Allergen information you provide
• Special dietary requirements (halal, kosher, organic preferences)
• Favorite orders and customization preferences
• Loyalty program participation and rewards data

Payment Information:

• Credit card numbers, bank account information (encrypted and securely stored)
• Payment method preferences
• Billing addresses and transaction history

Communication Data:

• Contact form submissions and customer service inquiries
• Reviews, ratings, and feedback
• Marketing communication preferences
• Survey responses and promotional participation

Reservation and Catering Information:

• Table reservation details and special requests
• Catering event information and guest counts
• Event dates, locations, and dietary requirements
• Group ordering preferences and coordination details

2.2 Information We Collect Automatically

When you use our services, we automatically collect certain information:

Device and Technical Information:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device identifiers and mobile device information
• Screen resolution and device capabilities

Usage and Behavioral Data:

• Pages visited and time spent on our website
• Click patterns and navigation paths
• Search queries and menu browsing behavior
• Order timing patterns and frequency
• App usage statistics and feature interactions

Location Data:

• Precise location (with your consent) for delivery services
• Approximate location from IP address
• Restaurant location preferences and check-ins

2.3 Information from Third Parties

We may receive information about you from third-party sources:

• Social Media Platforms: If you connect your social media accounts (Facebook, Google), we receive basic profile information
• Payment Processors: Transaction verification and fraud prevention data
• Delivery Partners: Delivery status updates and location tracking
• Marketing Partners: Demographic and interest data for targeted advertising
• Business Partners: Information from promotional partnerships and collaborations

3. How We Use Your Information

3.1 Service Provision and Order Management

• Processing and fulfilling your food orders
• Managing delivery logistics and coordination
• Handling pickup orders and table reservations
• Processing payments and managing billing
• Providing customer support and resolving issues
• Managing loyalty programs and reward redemptions
• Coordinating catering events and special orders

3.2 Account Management and Security

• Creating and maintaining your account
• User authentication and access control
• Fraud prevention and security monitoring
• Account recovery and password reset assistance
• Maintaining order history and preferences

3.3 Communication and Customer Service

• Order confirmations and status updates
• Delivery notifications and tracking information
• Customer service responses and support
• Important service announcements and policy changes
• Reservation confirmations and reminders

3.4 Marketing and Personalization (With Your Consent)

• Sending promotional emails and special offers
• Personalizing menu recommendations
• Customizing website content and user experience
• Targeted advertising based on preferences
• Loyalty program communications and rewards
• Seasonal promotions and new menu announcements

3.5 Analytics and Service Improvement

• Analyzing website and app usage patterns
• Monitoring service performance and reliability
• Conducting market research and customer surveys
• Developing new features and menu items
• Optimizing delivery routes and timing
• Improving food quality and service standards

3.6 Legal Compliance and Safety

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Protecting against fraud and malicious activities
• Ensuring food safety and regulatory compliance
• Resolving disputes and legal matters

4. Information Sharing and Disclosure

4.1 Service Providers and Business Partners

We share information with trusted third parties who help us operate our business:

Payment Processing:

• Credit card processors and payment gateways for secure transactions
• Fraud detection services and financial verification
• Banking partners for payment processing and refunds

Delivery and Logistics:

• Delivery service providers and drivers
• GPS and mapping services for route optimization
• Inventory management and supply chain partners

Technology Services:

• Cloud hosting providers for secure data storage
• Analytics platforms for usage analysis
• Customer service platforms and communication tools
• Security services for fraud prevention and monitoring

Marketing and Communication:

• Email marketing platforms for promotional communications
• Social media advertising services
• Survey and feedback collection services

4.2 Legal Requirements and Safety

We may disclose your information when required by law or to protect safety:

• Response to court orders, subpoenas, and legal processes
• Compliance with government regulations and food safety requirements
• Protection of our rights, property, and business operations
• Prevention of fraud, illegal activities, and security threats
• Emergency situations involving public safety

4.3 Business Transfers and Changes

In the event of business changes, your information may be transferred:

• Mergers, acquisitions, or sales of company assets
• Business restructuring or reorganization
• Transfer to new ownership with similar privacy practices

4.4 With Your Explicit Consent

• Special promotions and partnership offers
• Third-party loyalty programs and rewards
• Social media integration and sharing features
• Research participation and surveys

5. Data Security

5.1 Technical Security Measures

Encryption and Data Protection:

• SSL/TLS encryption for all data transmission
• AES-256 encryption for stored sensitive data
• End-to-end encryption for payment information
• Encrypted database storage and secure backup systems

Network and System Security:

• Advanced firewall systems and intrusion detection
• 24/7 security monitoring and threat analysis
• Regular security updates and patch management
• Multi-factor authentication for administrative access
• Secure cloud infrastructure with redundancy

Access Controls:

• Role-based access control (minimum necessary principle)
• Regular access reviews and permission audits
• Secure authentication for all system users
• Automated logoff and session management

5.2 Organizational Security Measures

• Comprehensive employee security training programs
• Strict confidentiality agreements with all staff
• Clear data handling procedures and protocols
• Regular security awareness updates and testing
• Background checks for employees with data access
• Incident response and data breach procedures
• Regular third-party security audits and assessments

5.3 Your Security Responsibilities

Help us keep your information secure by following these practices:

• Strong Passwords: Use unique, complex passwords with at least 12 characters
• Account Security: Never share your login credentials with others
• Safe Browsing: Always log out when using public or shared computers
• Phishing Awareness: Be cautious of suspicious emails or links claiming to be from us
• Immediate Reporting: Contact us immediately if you suspect unauthorized account access
• Software Updates: Keep your devices and browsers updated with latest security patches

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and understand how you use our services.

Tracking Technologies We Use

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Advertising campaign measurement and optimization
• Web Beacons: Email open rates and engagement tracking
• Local Storage: Browser-based data storage for preferences
• Server Logs: Technical performance and error monitoring

Managing Your Cookie Preferences

You have control over cookie usage:

• Browser Settings: Configure your browser to accept, reject, or delete cookies
• Cookie Banner: Use our cookie consent tool to customize preferences
• Opt-Out Tools: Use industry opt-out tools for advertising cookies
• Account Settings: Manage tracking preferences in your account dashboard

7. Your Privacy Rights (GDPR/CCPA Compliance)

You have important rights regarding your personal information:

7.1 Right of Access

• Request a copy of all personal data we hold about you
• Receive information about how we use your data
• Access your data processing history and third-party sharing

7.2 Right to Rectification (Correction)

• Correct inaccurate or incomplete personal information
• Update your account details and preferences
• Modify delivery addresses and contact information

7.3 Right to Erasure (Right to be Forgotten)

• Request deletion of your personal data
• Remove your account and associated information
• Withdraw consent for data processing

7.4 Right to Restrict Processing

• Limit how we use your personal data
• Suspend processing while disputes are resolved
• Maintain data storage without active processing

7.5 Right to Data Portability

• Receive your data in a machine-readable format
• Transfer your data to another service provider
• Export your order history and preferences

7.6 Right to Object

• Object to processing for marketing purposes
• Opt-out of profiling and automated decision-making
• Stop receiving promotional communications

7.7 Rights Regarding Automated Decision-Making

• Request human review of automated decisions
• Understand the logic behind algorithmic processing
• Challenge automated decisions affecting you

8. Children's Privacy Protection

We are committed to protecting children's privacy and complying with applicable laws.

• Age Restriction: Our services are not intended for children under 16 years of age
• No Intentional Collection: We do not knowingly collect personal information from children under 16
• Parental Notification: If you believe your child has provided information to us, please contact us immediately
• Prompt Deletion: We will promptly delete any children's information upon notification
• Verification Process: We may request additional verification before processing deletion requests

9. International Data Transfers

9.1 Protection Measures for International Transfers

When we transfer your data internationally, we implement appropriate safeguards:

• Adequacy Decisions: Transfers to countries with adequate data protection (EU-approved)
• Standard Contractual Clauses (SCCs): Legally binding data protection agreements
• Binding Corporate Rules: Internal data transfer policies with legal enforceability
• Certification Schemes: Compliance with recognized international privacy frameworks
• Regular Audits: Ongoing compliance monitoring and verification

9.2 Transfer Destinations and Purposes

• United States: Cloud storage and data processing services
• European Union: Analytics and customer support services
• Canada: Payment processing and fraud detection
• Other Countries: As needed for service delivery with appropriate protections

10. Data Retention Periods

We retain your information only as long as necessary for legitimate business purposes and legal requirements.

Secure Data Disposal Process

When retention periods expire, we securely dispose of your data:

• Electronic Data: Complete deletion with cryptographic erasure (unrecoverable)
• Physical Records: Professional shredding and destruction services
• Backup Systems: Automated deletion from all backup and archive systems
• Third-Party Data: Notification to service providers for coordinated deletion
• Disposal Documentation: Maintaining records of secure disposal processes

11. Third-Party Links and Services

Our website and mobile applications may contain links to external websites and services.

• External Links: We may link to restaurants, suppliers, and partner websites
• Social Media: Links to our social media profiles and sharing features
• Payment Services: Redirects to secure payment processing platforms
• Review Platforms: Links to third-party review and rating sites
• Delivery Tracking: Links to delivery partner tracking systems

Your Responsibility

• Read privacy policies of external sites before sharing information
• Understand that different privacy rules may apply
• Exercise caution when providing personal data to third parties
• Contact third-party sites directly for privacy-related concerns

12. Privacy Policy Changes and Updates

12.1 How We Notify You of Changes

We will inform you of policy changes through multiple channels:

• Website Notice: Prominent banner on our homepage and privacy page
• Email Notification: Direct email to all registered users (at least 30 days before changes take effect)
• App Notification: Push notifications and in-app alerts
• Account Dashboard: Notification in your account settings
• Social Media: Announcements on our official social media channels

12.2 Types of Changes

Minor Updates (No Additional Consent Required):

• Clarifications and formatting improvements
• Updated contact information
• Legal reference updates

Significant Changes (Requiring Your Consent):

• New data collection practices
• Changes to data sharing practices
• Modifications to your rights
• Changes to retention periods

12.3 Checking for Updates

• Latest Version: Always available at the top of this page
• Last Updated Date: Check the date at the beginning of this policy
• Version History: Summary of major changes available upon request
• Regular Reviews: We recommend reviewing this policy periodically

13. Contact Information and Support

We're here to help with any privacy-related questions or concerns.

13.1 Primary Contact Information

13.2 Response Commitment

• Initial Response: Within 3 business days for all privacy inquiries
• Full Resolution: Within 30 days for data requests and complex issues
• Urgent Matters: Same-day response for security breaches or data concerns
• Follow-up: Regular updates on the progress of your request

13.3 Filing Complaints

If you have concerns about our privacy practices:

1. Contact Us First: We prefer to resolve issues directly with you
2. Provide Details: Include specific information about your concern
3. Allow Resolution Time: Give us opportunity to investigate and respond
4. Escalation Options: If unsatisfied, you may contact supervisory authorities

Regulatory Authority Contact:
For residents of the European Union, you may contact your local Data Protection Authority. For California residents, you may contact the California Attorney General's Office.

14. Withdrawing Your Consent

You have the right to withdraw your consent for data processing at any time.

14.1 Marketing Communications Withdrawal

Multiple Easy Options:

• Unsubscribe Links: Click unsubscribe in any promotional email
• Account Settings: Manage preferences in your account dashboard
• Customer Service: Call or email us to opt-out
• Text STOP: Reply STOP to any promotional text messages

14.2 Account Deletion Process

Step-by-Step Account Deletion:

1. Login Required: Access your account settings
2. Deletion Request: Select "Delete Account" option
3. Confirmation: Confirm your decision via email
4. Processing Time: Allow 7-10 business days for complete deletion
5. Retained Data: Some information may be retained for legal compliance

14.3 Partial Consent Withdrawal

You can withdraw consent for specific purposes while maintaining your account:

• Marketing communications only
• Analytics and tracking cookies
• Location data collection
• Social media integration
• Third-party data sharing for marketing

15. Conclusion and Commitment

At Costa Vida, protecting your privacy is not just a legal requirement—it's a fundamental part of our commitment to you as our valued customer.

Our Privacy Commitment

• Transparency: We believe in clear, honest communication about our data practices
• Control: You should have meaningful choices about your personal information
• Security: We implement industry-leading security measures to protect your data
• Respect: We respect your privacy rights and respond promptly to your requests
• Continuous Improvement: We regularly review and update our privacy practices

Building Trust Together

The relationship between Costa Vida and our customers is built on trust. We understand that trust must be earned through consistent actions, not just words. That's why we:

• Never sell your personal data to third parties
• Use your information only for the purposes you expect
• Provide clear opt-out options for all marketing communications
• Maintain the highest standards of data security
• Respect your privacy choices and preferences

Questions and Feedback

We encourage you to reach out with any questions, concerns, or feedback about our privacy practices. Your input helps us improve our services and better protect your privacy.

Thank You

Thank you for choosing Costa Vida and for trusting us with your personal information. We are committed to maintaining this trust through responsible data practices and exceptional service.