Privacy Policy

1. Introduction

At Costa Vida, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website, mobile applications, and food delivery services.

The scope of this policy covers all interactions with Costa Vida, including online orders, in-store purchases, catering services, loyalty program participation, and general website browsing. By using our services, you agree to the terms outlined in this Privacy Policy.

We want to be transparent about our data practices and assure you that we never sell your personal data to third parties for their marketing purposes. Your trust is fundamental to our business, and we are committed to maintaining the highest standards of data protection.

2. Information We Collect

2.1 Information You Provide

• Personal Identification: Name, email address, phone number, delivery address, and billing address
• Account Information: Username, password, order history, dietary preferences, and favorite items
• Payment Information: Credit card details, billing address (stored in encrypted format through secure payment processors)
• Food Service Specific Data: Allergen information, special dietary requirements (vegan, halal, kosher, gluten-free), table reservation preferences, catering event details
• Contact Forms: Messages, feedback, reviews, and customer service inquiries
• Marketing Preferences: Email subscription preferences, promotional interests, communication preferences
• Loyalty Program Data: Reward points, membership status, redemption history, and program preferences

2.2 Automatically Collected Information

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, click patterns, search queries, order frequency
• Location Data: Approximate location derived from IP address for delivery area verification
• Cookie Data: Session IDs, user preferences, shopping cart contents, analytics data
• Performance Data: Page load times, error reports, and technical diagnostics

2.3 Information from Third Parties

• Social Media: Profile information if you connect your social media accounts
• Payment Processors: Transaction verification and fraud prevention data
• Delivery Partners: Delivery status updates and location tracking for order fulfillment
• Marketing Partners: Demographic data and interest information for targeted advertising

3. How We Use Your Information

3.1 Service Provision

• Order Processing: Processing food orders, managing delivery logistics, handling payments
• Account Management: Creating and maintaining user accounts, authentication, password resets
• Customer Support: Responding to inquiries, resolving issues, processing refunds
• Quality Improvement: Analyzing usage patterns to improve our website, menu offerings, and services
• Food Safety: Managing allergen information and dietary restrictions to ensure safe food preparation

3.2 Communication

• Order Updates: Confirmation emails, preparation status, delivery notifications
• Customer Support: Responding to questions, concerns, and feedback
• Important Notices: Policy changes, service updates, security alerts
• Marketing Communications: Promotional emails, special offers, new menu items (only with your consent)

3.3 Marketing and Analytics

• Personalization: Customizing menu recommendations based on past orders and preferences
• Traffic Analysis: Understanding website usage patterns and popular content
• Campaign Measurement: Evaluating the effectiveness of marketing campaigns
• Market Research: Developing new products and services based on customer preferences

3.4 Legal Compliance

• Legal Requests: Responding to court orders, subpoenas, and legal investigations
• Fraud Prevention: Detecting and preventing fraudulent transactions and activities
• Safety Protection: Protecting the rights, property, and safety of Costa Vida, customers, and employees
• Dispute Resolution: Resolving conflicts and legal disputes

4. Information Sharing and Disclosure

4.1 Service Providers

• Payment Processors: Secure transaction processing and fraud prevention (e.g., Stripe, PayPal)
• Delivery Services: Third-party delivery partners for order fulfillment
• Cloud Storage: Secure data storage and backup services (e.g., AWS, Google Cloud)
• Email Services: Marketing and transactional email delivery (e.g., Mailchimp, SendGrid)
• Analytics Tools: Usage analysis and performance monitoring (e.g., Google Analytics)

4.2 Legal Requirements

• Court Orders: Compliance with subpoenas and legal demands
• Regulatory Compliance: Meeting food safety, health department, and business licensing requirements
• Rights Protection: Defending against legal claims and protecting intellectual property
• Emergency Situations: Protecting public safety and preventing harm

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, customer information may be transferred to the new owner. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information for other purposes with your explicit consent, such as participating in promotional partnerships or third-party integrations.

5. Data Security

5.1 Technical Measures

• Encryption: SSL/TLS encryption for all data transmission between your device and our servers
• Secure Storage: Advanced encryption for data at rest in our databases
• Firewall Protection: Multi-layer firewall systems to prevent unauthorized access
• Access Controls: Role-based access limiting data access to authorized personnel only
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Regular Backups: Secure, encrypted backups to ensure data recovery capabilities

5.2 Organizational Measures

• Employee Training: Regular security awareness training for all staff members
• Data Handling Procedures: Strict protocols for accessing, processing, and storing personal data
• Third-Party Agreements: Confidentiality and security requirements for all service providers
• Incident Response: Comprehensive plan for responding to security breaches
• Security Audits: Regular internal and external security assessments

5.3 Your Responsibilities

• Password Security: Use strong, unique passwords and enable two-factor authentication
• Account Protection: Never share your login credentials with others
• Public Computers: Always log out when using shared or public computers
• Suspicious Activity: Report any unauthorized access or suspicious emails immediately
• Software Updates: Keep your devices and browsers updated with the latest security patches

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable laws.

6. Cookies and Tracking Technologies

Tracking Technologies Used

• Google Analytics: Website traffic analysis and user behavior tracking
• Facebook Pixel: Social media advertising effectiveness measurement
• Web Beacons: Email open rates and engagement tracking
• Local Storage: Browser-based data storage for enhanced functionality

Cookie Management: You can control cookie settings through your browser preferences. Most browsers allow you to accept, reject, or delete cookies. Please note that disabling certain cookies may affect website functionality and your user experience.

7. Your Rights (GDPR/CCPA Compliance)

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct any inaccurate or incomplete personal data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your personal data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing, especially for marketing purposes
• Right Against Automated Decision-Making: Opt-out of automated profiling and decision-making

How to Exercise Your Rights: Contact us using the information provided in Section 13. We will respond to your request within 30 days of receipt. Some requests may require identity verification to protect your privacy.

8. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 16, we will promptly delete such information from our records. Parents have the right to review, delete, or refuse further collection of their child's personal information.

9. International Data Transfers

9.1 Protection Measures

• Adequacy Decisions: Transfers to countries with EU adequacy decisions
• Standard Contractual Clauses: EU-approved contract terms for international transfers
• Data Processing Agreements: Binding agreements with international service providers
• Security Measures: Appropriate technical and organizational safeguards
• Compliance Audits: Regular reviews of international transfer practices

9.2 Transfer Destinations

• United States: Cloud storage and data analytics services
• European Union: Payment processing and customer support
• Other Countries: As necessary for service provision with appropriate safeguards

10. Data Retention Periods

Safe Data Disposal

• Electronic Deletion: Complete removal of data using secure deletion methods
• Physical Records: Secure shredding of paper documents
• Backup Deletion: Removal of data from all backup systems
• Disposal Records: Maintaining records of data destruction activities

11. Third-Party Links

Our website may contain links to external websites not operated by Costa Vida. We are not responsible for the privacy practices of these third-party sites. We encourage you to review the privacy policies of any external websites before providing personal information.

This Privacy Policy applies only to information collected by Costa Vida through our own services. Your interactions with third-party websites are governed by their respective privacy policies.

12. Policy Changes

12.1 Change Notification

• Website Notice: Prominent announcement on our homepage
• Email Notification: Direct communication to registered users
• App Notifications: In-app alerts for mobile users
• Consent Requirements: Explicit consent for significant changes

12.2 Checking for Changes

• Current Version: Always available on our website
• Last Updated Date: Displayed at the top of this policy
• Continued Use: Using our services after changes indicates acceptance
• Opt-Out Option: You may discontinue use if you disagree with changes

13. Contact Information

Response Commitment: We will respond to all privacy-related inquiries within 3 business days of receipt.

13.1 Complaints

If you have concerns about our privacy practices, please contact us first. We are committed to resolving issues directly. If you remain unsatisfied, you may contact your local data protection authority:

• US Residents: Federal Trade Commission (FTC)
• EU Residents: Your local Data Protection Authority
• UK Residents: Information Commissioner's Office (ICO)

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

• Email Unsubscribe: Click the unsubscribe link in any promotional email
• Account Settings: Update preferences in your account dashboard
• Customer Support: Contact us directly to opt-out of marketing communications
• Cookie Settings: Adjust cookie preferences through our consent banner

14.2 Account Deletion

To delete your account and associated personal data:

1. Log into your account and navigate to account settings
2. Select "Delete Account" and follow the verification process
3. Alternatively, contact customer support to request account deletion
4. Note: Some information may be retained for legal compliance as outlined in Section 10

15. Conclusion

At Costa Vida, protecting your privacy is not just a legal obligation—it's a fundamental part of our commitment to you as our valued customer. We understand that trust is earned through consistent, transparent practices and respect for your personal information.

The relationship we build with you is based on mutual respect and trust. We are dedicated to maintaining the highest standards of data protection while providing you with exceptional food and service. Your privacy rights are important to us, and we will continue to evolve our practices to meet the highest standards of data protection.

If you have any questions about this Privacy Policy or our data practices, please don't hesitate to reach out to us. We value your feedback and are always here to help.

Thank you for trusting Costa Vida with your personal information and for being part of our community.