Privacy Policy

1. Introduction

Welcome to Costa Vida ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website costa-vida.digital, use our mobile application, or engage with our food delivery and restaurant services.

This policy applies to all users of our services, including customers who place orders, visitors to our website, loyalty program members, and anyone who interacts with our brand. By using our services, you agree to the collection and use of information in accordance with this policy.

Important: We never sell your personal data to third parties. Your trust is paramount to us, and we are committed to maintaining the highest standards of data protection and privacy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our services. We encourage you to read this policy carefully and contact us if you have any questions.

2. Information We Collect

2.1 Information You Provide

• Personal Identification Information: Name, email address, phone number, delivery address, billing address, and date of birth
• Account Information: Username, password, profile picture, order history, and account preferences
• Payment Information: Credit card numbers, billing address, and payment method preferences (stored using encrypted security measures)
• Food-Related Information: Dietary preferences, allergen information, special dietary requirements (vegan, halal, kosher, gluten-free), favorite menu items, and customization preferences
• Order Details: Food items ordered, quantity, customizations, delivery instructions, and preferred delivery times
• Loyalty Program Data: Rewards points, membership tier, redemption history, and program preferences
• Table Reservation Information: Party size, preferred seating, special occasion details, and reservation history
• Catering Information: Event details, guest count, menu selections, dietary accommodations, and event location
• Communication Records: Contact form submissions, customer support interactions, feedback, reviews, and survey responses
• Marketing Preferences: Email subscription status, SMS preferences, and promotional communication choices

2.2 Automatically Collected Information

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Usage Data: Pages visited, time spent on site, click patterns, search queries, and navigation paths
• Location Information: Approximate location derived from IP address, GPS coordinates (with permission), and delivery address history
• Cookie and Tracking Data: Session IDs, user preferences, shopping cart contents, and analytics information
• Performance Data: Website loading times, error reports, and technical performance metrics

2.3 Information from Third Parties

• Social Media Integration: Profile information and preferences when you connect social media accounts
• Payment Processors: Transaction confirmation and fraud prevention data from payment service providers
• Delivery Partners: Delivery status updates, driver location, and completion confirmations
• Marketing Partners: Aggregated demographic and interest data for targeted advertising
• Review Platforms: Public reviews and ratings you post on third-party platforms

3. How We Use Your Information

3.1 Service Provision

• Processing and fulfilling food orders, including preparation, delivery, and pickup coordination
• Managing table reservations and coordinating dining experiences
• Organizing catering events and providing customized menu solutions
• Account creation, authentication, and management
• Customer support and dispute resolution
• Processing loyalty program rewards and tracking member benefits
• Ensuring food safety by maintaining records of allergen and dietary preferences
• Quality assurance and service improvement initiatives

3.2 Communication

• Order confirmations, preparation status, and delivery notifications
• Customer support responses and follow-up communications
• Important service updates, policy changes, and security notices
• Promotional emails and marketing communications (with explicit consent)
• Loyalty program updates and reward notifications
• Reservation confirmations and event coordination
• Feedback requests and satisfaction surveys

3.3 Marketing and Analytics

• Personalizing menu recommendations based on order history and preferences
• Creating targeted advertising campaigns across digital platforms
• Analyzing website traffic patterns and user behavior to improve services
• Measuring effectiveness of marketing campaigns and promotional offers
• Conducting market research to develop new menu items and services
• Segmenting customers for tailored marketing initiatives
• A/B testing website features and promotional strategies

3.4 Legal Compliance and Security

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Preventing fraud, unauthorized access, and security breaches
• Protecting the rights, property, and safety of our company and users
• Enforcing our terms of service and resolving disputes
• Maintaining records for tax, accounting, and regulatory purposes

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist in our operations:

• Payment Processors: Secure processing of transactions while maintaining PCI DSS compliance
• Delivery Companies: Sharing delivery addresses and contact information for order fulfillment
• Cloud Storage Providers: Secure data storage and backup services with enterprise-grade encryption
• Email Marketing Services: Managing promotional campaigns and customer communications
• Analytics Providers: Website performance analysis and user behavior insights
• Customer Support Tools: Managing support tickets and communication history
• Accounting Software: Financial record keeping and tax compliance

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, and other legal processes
• Regulatory investigations and compliance audits
• Requests from law enforcement agencies
• National security or public safety requirements
• Protection of our legal rights and property
• Prevention of fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity. We will:

• Notify customers before any transfer of personal information
• Ensure the receiving party commits to protecting your privacy
• Provide options to opt-out or delete data if desired
• Maintain the same level of privacy protection during transition

4.4 With Your Consent

We may share your information for purposes not described in this policy when we have your explicit consent, such as:

• Participating in joint marketing campaigns with partner brands
• Sharing testimonials or reviews with your permission
• Including you in case studies or promotional materials

5. Data Security

5.1 Technical Measures

• Encryption: All data transmission uses SSL/TLS encryption protocols to protect information in transit
• Data Storage: Personal information is stored on secure servers with advanced encryption at rest
• Access Controls: Multi-factor authentication and role-based access ensure only authorized personnel can access data
• Network Security: Advanced firewall systems and intrusion detection protect against unauthorized access
• Monitoring: 24/7 security monitoring and automated threat detection systems
• Backup Systems: Regular encrypted backups stored in geographically distributed locations
• Vulnerability Management: Regular security assessments and penetration testing

5.2 Organizational Measures

• Employee Training: Regular security awareness training for all staff members
• Data Handling Procedures: Documented procedures for personal data processing and protection
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response Plan: Established procedures for responding to security breaches
• Privacy by Design: Security considerations integrated into all new systems and processes
• Third-Party Vetting: Thorough security assessments of all service providers
• Regular Audits: Internal and external security audits to maintain compliance

5.3 Your Security Responsibilities

• Create strong, unique passwords and update them regularly
• Never share your account credentials with others
• Log out of your account when using public computers
• Be cautious of phishing emails and suspicious links
• Report any unauthorized account activity immediately
• Keep your devices and browsers updated with security patches

Security Breach Notification: In the unlikely event of a data breach that may compromise your personal information, we will notify you and relevant authorities within 72 hours of discovery, providing details about the incident and steps we are taking to address it.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and mobile applications. Below is a detailed breakdown of the types of cookies we use:

Additional Tracking Technologies

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Social media advertising effectiveness and audience building
• Web Beacons: Email open rates and engagement tracking
• Local Storage: Browser-based data storage for improved performance
• Session Replay Tools: Understanding user interactions for UX improvement

Cookie Management

You can control cookie settings through your browser preferences. Most browsers allow you to:

• Accept or reject all cookies
• Accept only first-party cookies
• Receive notifications when cookies are set
• Delete existing cookies

Note: Disabling certain cookies may affect website functionality and your user experience.

7. Your Rights (GDPR/CCPA Compliance)

Depending on your location, you may have specific rights regarding your personal information under regulations such as GDPR, CCPA, and other privacy laws:

7.1 Right of Access

You have the right to request copies of your personal data and information about how we process it, including what data we collect, why we collect it, and who we share it with.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information. We will update your data promptly upon verification of the requested changes.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to certain legal exceptions.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances, such as while we verify the accuracy of disputed data.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and to transmit it to another service provider.

7.6 Right to Object

You can object to our processing of your personal information for direct marketing purposes or when processing is based on legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce significant effects.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information provided in the Contact section. We will respond to your request within 30 days and may require verification of your identity before processing your request.

8. Children's Privacy

Our services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16 years of age.

If we become aware that we have collected personal information from a child under 16 without proper parental consent, we will take immediate steps to delete such information from our records.

Parents and guardians who believe their child has provided us with personal information should contact us immediately using the information provided in the Contact section. We will investigate the matter promptly and take appropriate action to protect the child's privacy.

We encourage parents to monitor their children's online activities and to help enforce our Privacy Policy by instructing their children never to provide personal information through our services without permission.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal data internationally, we implement appropriate safeguards to ensure your data remains protected:

• Adequacy Decisions: Transfers to countries with adequacy decisions from relevant authorities
• Standard Contractual Clauses (SCCs): Contractual protections for data transfers
• Data Processing Agreements: Binding agreements with international partners
• Security Measures: Technical and organizational measures to protect transferred data
• Regular Audits: Ongoing compliance verification for international operations

9.2 Transfer Destinations

Your personal information may be transferred to and processed in:

• United States: Cloud storage and data processing services
• European Union: Analytics and customer support operations
• Other jurisdictions: As necessary for service provision with appropriate protections

10. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Safe Data Disposal

When personal information reaches its retention limit, we ensure secure disposal through:

• Complete electronic deletion using industry-standard data wiping methods
• Physical destruction of paper records through certified shredding services
• Secure deletion of backup copies and archived data
• Documentation of disposal activities for compliance purposes

11. Third-Party Links

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by Costa Vida. This Privacy Policy does not apply to these external sites.

We are not responsible for the privacy practices or content of third-party websites. These sites may have their own privacy policies and terms of service, which we encourage you to review before providing any personal information.

Examples of third-party links you may encounter include:

• Social media platforms
• Payment processing services
• Review and rating websites
• Partner restaurant or delivery services
• Promotional or advertising content

When you click on third-party links or interact with external services, you do so at your own risk. We recommend exercising caution and reviewing the privacy practices of any website you visit.

12. Policy Changes

12.1 Change Notification Process

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. When we make changes, we will notify you through:

• Prominent notice on our website homepage
• Email notification to registered users
• Pop-up notification when you next log into your account
• Mobile app notifications for significant changes

12.2 Significant Changes

For material changes that affect how we use your personal information, we will:

• Provide at least 30 days' advance notice
• Seek explicit consent where required by law
• Offer options to opt-out of new uses of your data
• Allow you to delete your account if you disagree with changes

12.3 Staying Informed

To stay informed about policy updates:

• Check the "Last Updated" date at the top of this policy
• Review the latest version on our website regularly
• Subscribe to our newsletter for important updates
• Follow us on social media for announcements

Your continued use of our services after policy changes constitutes acceptance of the updated terms. If you do not agree with changes, please discontinue use and contact us to delete your account.

13. Contact Information

Response Commitment: We are committed to responding to your privacy inquiries and requests within 3 business days. For complex requests requiring investigation, we will provide regular updates on our progress.

13.1 Filing Complaints

If you believe we have not adequately addressed your privacy concerns, you may contact:

• For US Residents: Federal Trade Commission (FTC) or your state's Attorney General
• For EU Residents: Your local supervisory authority or the ICO (Information Commissioner's Office)
• For UK Residents: Information Commissioner's Office (ICO)
• For Canadian Residents: Office of the Privacy Commissioner of Canada

We encourage you to contact us first so we can work together to resolve any concerns directly.

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications at any time through:

• Email: Click the "Unsubscribe" link in any marketing email
• Account Settings: Update your communication preferences in your online account
• Phone: Call our customer service at +1 206-283-3313
• Email Request: Send a request to [email protected]
• SMS: Reply "STOP" to any promotional text message

14.2 Account Deletion Process

To completely delete your account and associated personal data:

1. Log into your online account
2. Navigate to Account Settings
3. Select "Delete Account"
4. Confirm your identity through security questions
5. Receive confirmation email within 24 hours
6. Account and data deletion completed within 30 days

Important Note: Some information may be retained for legal compliance, fraud prevention, or legitimate business purposes as outlined in our Data Retention section.

14.3 Partial Data Deletion

You can request deletion of specific types of personal information while maintaining your account. We will evaluate each request based on legal requirements and operational needs.

15. Conclusion

At Costa Vida, protecting your privacy is not just a legal obligation—it's a fundamental aspect of our commitment to our customers. We understand that trust is earned through consistent, transparent, and responsible handling of your personal information.

Our privacy practices are designed to give you control over your personal information while enabling us to provide you with exceptional food and service. We continuously review and improve our privacy measures to stay ahead of evolving threats and regulatory requirements.

The relationship between Costa Vida and our customers is built on trust, quality, and mutual respect. Your privacy is an essential component of this relationship, and we are dedicated to maintaining the highest standards of data protection.

We invite you to contact us with any questions, concerns, or feedback about this Privacy Policy or our privacy practices. Your input helps us improve and ensures we continue to meet your expectations for privacy and security.

Thank you for choosing Costa Vida and for trusting us with your personal information. We look forward to continuing to serve you while protecting your privacy.

Remember to check this Privacy Policy regularly for updates. The most current version will always be available at costa-vida.digital/privacy.html