Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your information.

Last Updated: December 12, 2024

1. Introduction

At Costa Vida, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website, mobile applications, or order our food services.

This policy applies to all services offered by Costa Vida, including our website at vidas-costas.rest, mobile applications, online ordering systems, and in-restaurant services. By using our services, you agree to the terms outlined in this Privacy Policy.

Important: We never sell your personal data to third parties. Your trust is fundamental to our business, and we are committed to maintaining the highest standards of data protection.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide when using our services:

  • Personal Identification Information: Name, email address, phone number, date of birth
  • Address Information: Delivery addresses, billing addresses, location preferences
  • Account Information: Username, password, purchase history, saved payment methods
  • Order Information: Food preferences, dietary requirements, allergen information, special instructions
  • Payment Information: Credit card numbers, billing information (stored in encrypted format)
  • Dietary Preferences: Vegan, vegetarian, halal, kosher, gluten-free, and other dietary restrictions
  • Loyalty Program Data: Rewards points, membership status, preferred locations
  • Reservation Information: Table booking details, party size, special occasions
  • Catering Details: Event information, guest count, menu selections, delivery logistics
  • Communication Data: Contact form submissions, customer service interactions, reviews and feedback
  • Marketing Preferences: Email subscription preferences, notification settings

2.2 Automatically Collected Information

When you use our services, we automatically collect certain information:

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, search queries
  • Location Data: Approximate location from IP address, GPS location (with permission)
  • Cookie Data: Session IDs, user preferences, shopping cart contents, authentication tokens
  • Performance Data: Page load times, error reports, system performance metrics

2.3 Information from Third Parties

We may receive information about you from:

  • Social Media Platforms: Profile information if you connect your social media accounts
  • Payment Processors: Transaction verification and fraud prevention data
  • Delivery Partners: Order status updates and delivery confirmation
  • Marketing Partners: Campaign performance data and demographic information
  • Public Databases: Address verification and demographic data

3. How We Use Your Information

3.1 Service Provision

We use your information to provide and improve our food services:

  • Order Processing: Fulfilling food orders, managing delivery logistics, processing payments
  • Account Management: Creating and maintaining user accounts, authentication, password resets
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Analyzing usage patterns, optimizing menu offerings, improving service quality
  • Personalization: Customizing menu recommendations, remembering preferences and favorite orders

3.2 Communication

We communicate with you for service-related purposes:

  • Order Communications: Order confirmations, preparation updates, delivery notifications
  • Customer Support: Responding to questions, concerns, and feedback
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional emails, special offers, new menu items (with your consent only)

3.3 Marketing and Analytics

With your consent, we use information for marketing purposes:

  • Personalized Advertising: Targeted promotions based on your preferences and order history
  • Analytics: Understanding customer behavior, measuring campaign effectiveness
  • Market Research: Developing new products and services, improving customer experience
  • Loyalty Programs: Managing rewards, points accumulation, special member offers

3.4 Legal Compliance

We may use your information to comply with legal obligations:

  • Legal Requests: Responding to court orders, subpoenas, and government requests
  • Fraud Prevention: Detecting and preventing fraudulent activities
  • Safety Protection: Protecting the rights, property, and safety of our customers and employees
  • Dispute Resolution: Resolving legal disputes and enforcing our terms of service

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Secure processing of credit card and other payment transactions
  • Delivery Services: Third-party delivery companies for food delivery logistics
  • Cloud Storage Providers: Secure data storage and backup services
  • Email Services: Marketing email campaigns and transactional notifications
  • Analytics Tools: Website usage analysis and performance monitoring
  • Customer Support: Third-party customer service platforms and tools

4.2 Legal Requirements

We may disclose your information when required by law:

  • Legal Process: In response to court orders, subpoenas, or legal proceedings
  • Government Requests: To comply with government investigations or regulatory requirements
  • Public Safety: When necessary to protect public safety or prevent harm
  • Rights Protection: To protect our rights, property, or the rights of others

4.3 Business Transfers

In the event of a business transaction:

  • Mergers and Acquisitions: Information may be transferred as part of business assets
  • Asset Sales: Customer data may be included in the sale of business assets
  • Customer Notification: You will be notified of any change in ownership or data control
  • Policy Compliance: New owners must comply with this privacy policy

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as partner promotions or special marketing campaigns.

5. Data Security

5.1 Technical Measures

We implement comprehensive technical safeguards to protect your information:

  • Encryption: All data transmission uses SSL/TLS encryption (256-bit)
  • Secure Storage: Personal data is stored on encrypted servers with restricted access
  • Firewalls: Advanced firewall systems protect against unauthorized access
  • Access Controls: Multi-factor authentication and role-based access permissions
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Regular Backups: Automated, secure data backups to prevent data loss

5.2 Organizational Measures

Our organizational security practices include:

  • Employee Training: Regular security awareness training for all staff
  • Data Handling Procedures: Strict protocols for personal data processing
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response: Comprehensive data breach response and notification procedures
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Vendor Management: Due diligence and security requirements for all third-party providers

5.3 Your Security Responsibilities

You can help protect your information by:

  • Strong Passwords: Using unique, complex passwords for your account
  • Account Protection: Never sharing your login credentials with others
  • Public Computer Safety: Always logging out when using public or shared computers
  • Phishing Awareness: Being cautious of suspicious emails or links
  • Prompt Reporting: Immediately reporting any unauthorized account access

Security Breach Notification: In the event of a data breach that may affect your personal information, we will notify you and relevant authorities within 72 hours as required by applicable privacy laws.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and mobile applications.

Cookie Type Purpose Duration
Essential Cookies Basic site functionality, user authentication, shopping cart, security Session only
Functional Cookies User preferences, language settings, location preferences Up to 1 year
Analytics Cookies Website usage analysis, performance monitoring, user behavior tracking Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking, social media integration Up to 1 year

Additional Tracking Technologies

We also use other tracking technologies:

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based storage for enhanced functionality

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete existing cookies
  • Block all cookies or only third-party cookies
  • Receive notifications when cookies are set
  • Set cookie preferences for specific websites

Note: Disabling essential cookies may affect the functionality of our website and prevent you from using certain features.

7. Your Rights (GDPR/CCPA Compliance)

Under applicable privacy laws, including GDPR and CCPA, you have the following rights regarding your personal information:

7.1 Right of Access

You have the right to request access to the personal information we hold about you, including details about how we process your data.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information we have about you.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal information, subject to certain legal limitations and retention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

7.6 Right to Object

You can object to our processing of your personal information, particularly for direct marketing purposes.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information provided in Section 13. We will respond to your request within 30 days and may require verification of your identity to protect your privacy.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems and terminate any related accounts.

If we learn that we have collected personal information from a child under 16 without proper consent, we will delete that information as quickly as possible.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal information internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with EU adequacy decisions (Japan, etc.)
  • Standard Contractual Clauses: EU-approved contract terms for data protection
  • Data Processing Agreements: Comprehensive agreements with international service providers
  • Security Measures: Enhanced security protocols for cross-border transfers
  • Regular Reviews: Ongoing compliance monitoring and audits

9.2 Transfer Destinations

We may transfer your information to:

  • United States: Cloud storage and data processing services
  • European Union: Analytics and marketing services
  • Other Countries: As necessary for business operations, always with appropriate safeguards

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this policy and as required by law.

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, fraud prevention, dispute resolution
Order History 7 years Tax and accounting requirements, warranty claims
Payment Information As required by payment processors Fraud prevention, chargebacks, refunds
Marketing Consent 3 months after withdrawal Consent record keeping, compliance demonstration
Website Usage Logs Up to 2 years Security monitoring, analytics, system optimization
Customer Support Records 3 years Service quality improvement, training purposes
CCTV Footage 30 days Security, theft prevention, incident investigation

Safe Data Disposal

When we dispose of personal information, we use secure methods including:

  • Electronic Deletion: Complete and unrecoverable deletion from all systems
  • Physical Destruction: Secure shredding of paper records
  • Backup Deletion: Removal from all backup systems and archives
  • Documentation: Maintaining records of disposal activities for compliance

11. Third-Party Links

Our website and mobile applications may contain links to third-party websites, social media platforms, or other online services. This Privacy Policy does not apply to these external sites.

We are not responsible for the privacy practices or content of third-party websites. We recommend that you review the privacy policies of any third-party sites you visit before providing them with personal information.

When you click on third-party links or interact with third-party content, your activities are governed by the privacy policies of those third parties, not this policy.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

  • Website Notice: Prominent banner on our homepage
  • Email Notification: Direct email to registered users for significant changes
  • App Notifications: Push notifications through our mobile application
  • Account Dashboard: Notification in your user account area

12.2 Checking for Changes

We recommend that you periodically review this Privacy Policy:

  • Current Version: The latest version is always available on our website
  • Last Updated Date: Check the "Last Updated" date at the top of this policy
  • Continued Use: Your continued use of our services constitutes acceptance of any changes
  • Disagreement: If you disagree with changes, you may stop using our services

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Costa Vida
1517 Shattuck Ave., Berkeley, CA 94709, USA
Phone: +1 510-548-5525
Email: [email protected]
Business Hours: Monday - Friday, 9:00 AM - 6:00 PM PST

Response Commitment: We will respond to all privacy-related inquiries within 3 business days.

13.1 Privacy Complaints

If you have concerns about our privacy practices:

  1. Contact Us First: Please reach out to us directly for resolution
  2. Regulatory Authority: If unsatisfied, you may contact your local data protection authority
  3. For EU Residents: You can file complaints with your national supervisory authority
  4. For California Residents: Contact the California Attorney General's Office

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time:

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Update preferences in your user account dashboard
  • Direct Contact: Email or call our customer service team
  • Text Messages: Reply "STOP" to any promotional text message

14.2 Account Deletion

To delete your account and associated personal data:

  1. Log into your account and go to Account Settings
  2. Select "Delete Account" option
  3. Confirm your identity and deletion request
  4. Review information about data retention for legal compliance
  5. Confirm final deletion

Note: Some information may be retained for legal compliance, fraud prevention, or legitimate business purposes as outlined in our retention policy.

15. Conclusion

At Costa Vida, protecting your privacy is not just a legal obligation—it's fundamental to our values and the trust you place in us. We are committed to maintaining the highest standards of data protection and transparency in all our practices.

Your trust enables us to continue providing exceptional food experiences while respecting your privacy rights. We will continue to evolve our privacy practices to meet changing regulations and your expectations.

We encourage you to contact us with any questions or concerns about this Privacy Policy. Your feedback helps us improve our privacy practices and better serve our community.

Thank you for choosing Costa Vida and for trusting us with your personal information. We are honored to serve you and committed to protecting your privacy every step of the way.

Please remember to check this Privacy Policy periodically for updates, as indicated by the "Last Updated" date at the top of this document.