Privacy Policy

This Privacy Policy describes how Costa Vida ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at costavida-meal.click, place orders, or otherwise interact with our food services. We are committed to protecting your privacy and handling your personal data in a transparent and responsible manner in accordance with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

1. About Us

Costa Vida is a food service business operating in the United States. Our contact details for all privacy-related inquiries are as follows:

2. Scope and Applicable Law

This Privacy Policy applies to all personal information collected by Costa Vida through our website, mobile interfaces, online ordering platforms, customer service communications, loyalty programs, and any other digital touchpoints associated with our business operations.

Our privacy practices are governed by applicable United States privacy laws, including but not limited to:

• The Federal Trade Commission Act (FTC Act), 15 U.S.C. § 41 et seq., which prohibits unfair or deceptive practices in commerce, including misrepresentations about privacy practices.
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) (Cal. Civ. Code § 1798.100 et seq.), applicable to California residents.
• The Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.
• The CAN-SPAM Act, 15 U.S.C. § 7701 et seq., governing commercial email communications.
• The Electronic Communications Privacy Act (ECPA).
• Any other applicable state privacy laws in the states where we operate.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. The following outlines the types of data we may collect:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (for age verification or promotional purposes)
• Username and password (for account holders)
• Profile picture or avatar (if voluntarily provided)

3.2 Payment and Financial Information

When you make a purchase through our website, we collect payment-related information necessary to process transactions:

• Credit or debit card details (processed securely through third-party payment processors)
• Billing address
• Transaction history and order details
• Gift card or voucher codes

We do not store full credit card numbers on our servers. Payment processing is handled by PCI-DSS compliant third-party payment processors.

3.3 Order and Food Preference Information

In the course of providing our food services, we collect:

• Order history and item selections
• Dietary preferences or restrictions voluntarily provided
• Customization requests and special instructions
• Delivery or pickup preferences
• Loyalty program points and redemption history

3.4 Usage and Technical Data

When you visit our website, we automatically collect certain technical information through cookies, web beacons, and similar tracking technologies:

• IP address
• Browser type and version
• Operating system and device type
• Pages visited and time spent on each page
• Referring URLs and exit pages
• Clickstream data and navigation patterns
• Date and time of your visit
• Search queries made within our website

3.5 Device Information

We may collect information about the device you use to access our services, including:

• Device identifiers (device ID, advertising ID)
• Mobile carrier information
• Hardware model and specifications
• Network connection type (Wi-Fi, cellular data)
• Geolocation data (if permission is granted by you)

3.6 Communications Data

When you contact us via email, phone, live chat, or social media, we collect:

• Content of your messages or inquiries
• Records of customer service interactions
• Feedback, reviews, or survey responses
• Social media handles or profile information (if you contact us through social platforms)

3.7 Information from Third Parties

We may receive information about you from third-party sources, including:

• Third-party food delivery platforms (such as DoorDash, Uber Eats, or similar services)
• Social media platforms (if you link your account or interact with our social media pages)
• Analytics providers
• Marketing partners and advertising networks
• Payment processors and fraud prevention services

4. How We Use Your Information

We use your personal information for a variety of purposes related to our business operations, all in compliance with applicable U.S. laws:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders
• Managing your account and profile
• Facilitating payment processing and preventing payment fraud
• Coordinating delivery or in-store pickup
• Sending order confirmations, receipts, and status updates
• Providing customer support and resolving disputes

4.2 Business Operations and Improvement

• Improving our menu offerings and food quality based on customer preferences
• Enhancing our website functionality and user experience
• Conducting internal research, analytics, and business reporting
• Monitoring and preventing fraudulent activity
• Ensuring the security and integrity of our systems
• Training our staff and improving service quality

4.3 Marketing and Communications

• Sending promotional offers, discounts, and special deals via email or SMS (with your consent where required)
• Providing personalized recommendations based on your order history
• Administering loyalty programs and reward campaigns
• Conducting surveys and collecting customer feedback
• Delivering targeted advertising on our website and third-party platforms
• Notifying you about changes to our menu, services, or policies

4.4 Legal and Compliance Purposes

• Complying with applicable federal and state laws and regulations
• Responding to lawful requests from government authorities
• Enforcing our Terms of Service and other agreements
• Protecting our legal rights and interests
• Preventing, investigating, or reporting fraud, security incidents, or other illegal activity

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with certain third parties in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security safeguards. Categories of service providers include:

• Payment Processors: To securely handle financial transactions.
• Delivery Partners: To fulfill food delivery orders.
• Cloud Hosting and IT Providers: To store and manage data securely.
• Email and SMS Marketing Platforms: To send communications on our behalf.
• Analytics Providers: Such as Google Analytics, to understand website usage patterns.
• Customer Support Tools: To manage inquiries and support tickets.
• Fraud Prevention Services: To detect and prevent unauthorized transactions.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Enforce our Terms of Service or other legal agreements
• Protect our rights, property, or safety, or that of our users or the public
• Investigate fraud, security breaches, or other potentially illegal activity

5.3 Business Transfers

If Costa Vida is involved in a merger, acquisition, asset sale, reorganization, or bankruptcy proceeding, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with additional third parties when you have given us explicit consent to do so, such as when you participate in a co-branded promotion or third-party loyalty program.

5.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for marketing, research, or other purposes. This information does not constitute personal information under applicable law.

6. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience and collect information about how you use our services.

6.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the basic functioning of our website, including maintaining your session and shopping cart.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website so we can improve functionality and content.
• Functionality Cookies: Remember your preferences such as language settings, saved addresses, and login credentials.
• Marketing and Advertising Cookies: Used to deliver targeted advertisements relevant to your interests, both on our website and on third-party platforms.

6.2 Managing Cookies

You may control and manage cookies through your browser settings. Most web browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website and your ability to place orders or access certain features.

You may also opt out of interest-based advertising by visiting:

• Network Advertising Initiative (NAI) Opt-Out
• Digital Advertising Alliance (DAA) Opt-Out

For more detailed information about our use of cookies and your choices, please refer to our Cookie Policy.

7. Data Security

Costa Vida takes the security of your personal information seriously and implements a range of technical, administrative, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction.

7.1 Security Measures

Our security practices include:

• Encryption: We use Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive data, including payment information, is encrypted at rest.
• Access Controls: Access to personal data is restricted to authorized employees and contractors who require it to perform their job functions.
• Secure Payment Processing: All payment transactions are handled by PCI-DSS compliant payment processors.
• Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems.
• Employee Training: Our staff receives regular training on data protection and privacy practices.
• Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities in accordance with applicable law.

7.2 Limitation of Liability

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security and encourage you to take precautions such as using strong passwords, logging out of accounts after use, and keeping your login credentials confidential.

8. Your Privacy Rights

Depending on your state of residence, you may have various rights with respect to your personal information. We respect and honor these rights as required by applicable law.

8.1 Rights for All U.S. Residents

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to Correct: You may request that we correct inaccurate personal information we hold about you.
• Right to Delete: You may request that we delete personal information we have collected about you, subject to certain exceptions.
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any email or contacting us directly.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA as amended by the CPRA:

• Right to Know (Categories and Specific Pieces): The right to request disclosure of the categories of personal information collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: The right to request deletion of personal information we have collected, subject to certain exceptions (Cal. Civ. Code § 1798.105).
• Right to Correct: The right to request correction of inaccurate personal information (Cal. Civ. Code § 1798.106).
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising (Cal. Civ. Code § 1798.120).
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information to necessary purposes.
• Right to Data Portability: The right to receive your personal information in a portable, readily usable format.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

8.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using one of the following methods:

• Email: [email protected]

We will acknowledge your request within 10 business days and respond within 45 calendar days of receiving a verifiable consumer request. In some cases, we may need an additional 45 days, in which case we will notify you of the extension. We may need to verify your identity before processing your request to protect your information from unauthorized access.

8.4 Authorized Agent

You may designate an authorized agent to make a privacy rights request on your behalf. The authorized agent must provide written proof of their authorization and you must verify your identity directly with us, unless you have provided the agent with power of attorney under California Probate Code.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

9.1 Retention Periods

When personal information is no longer required for its original purpose and there is no legal obligation to retain it, we will securely delete, anonymize, or aggregate the data.

10. Children's Privacy

Costa Vida does not direct its services to individuals under the age of 18, and we do not knowingly collect, use, or disclose personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems. If you are a parent or guardian and believe that we may have collected information from your child, please contact us immediately at [email protected].

We encourage parents and guardians to monitor their children's online activities and to help enforce our policy by instructing their children never to provide personal information on our website without parental permission.

11. International Data Transfers

Costa Vida is based in the United States and primarily processes personal information within the United States. However, our service providers and business partners may be located in other countries. If your information is transferred outside of the United States, we take steps to ensure that such transfers comply with applicable law and that your information remains protected to the same standard as required in the U.S.

By using our website and services, you acknowledge and consent to the transfer of your personal information to countries outside of your country of residence, which may have different data protection laws than those in your jurisdiction. If you are located outside the United States and choose to use our services, please be aware that your information will be transferred to, stored, and processed in the United States.

We implement appropriate safeguards for cross-border data transfers, including:

• Contractual clauses requiring data processors to maintain adequate protections
• Ensuring our third-party service providers adhere to applicable privacy frameworks
• Conducting due diligence on international partners' security practices

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Costa Vida, such as third-party food delivery platforms, social media pages, or payment gateways. This Privacy Policy applies only to our website and services.

We have no control over and assume no responsibility for the privacy practices, content, or security measures of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit through links on our platform before providing any personal information.

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing not be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals from browsers. However, you may use the cookie management options described in Section 6 of this Privacy Policy to control tracking on our website.

California residents may also benefit from the California Shine the Light Law (Cal. Civ. Code § 1798.83), which allows them to request information about the disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

14. Marketing Communications and Opt-Out

With your consent where required by law, we may send you promotional emails, SMS messages, push notifications, and other marketing communications about our food offerings, special deals, seasonal promotions, and loyalty program updates.

14.1 Email Communications

Our commercial email communications comply with the CAN-SPAM Act, 15 U.S.C. § 7701 et seq. Every marketing email we send includes a clear and functional unsubscribe mechanism. You may opt out of marketing emails at any time by:

• Clicking the "unsubscribe" or "opt out" link in any marketing email
• Contacting us directly at [email protected]

Please allow up to 10 business days for opt-out requests to be processed. Note that even after opting out of marketing communications, you may still receive transactional messages related to your orders or account.

14.2 SMS Marketing

If you have opted in to receive SMS messages from us, you may opt out at any time by replying "STOP" to any marketing SMS message you receive from us. Standard message and data rates may apply.

14.3 Personalized Advertising

We may use your information for targeted advertising purposes. You may limit personalized advertising through your device settings (e.g., resetting your advertising ID) or through the opt-out mechanisms provided by advertising networks, as described in Section 6 of this Privacy Policy.

15. How to File a Complaint

We are committed to resolving privacy concerns promptly and fairly. If you have a complaint about our privacy practices, we encourage you to contact us first so we can address your concern directly.

15.1 Contact Us

To submit a privacy complaint or inquiry, please contact us at:

• Email: [email protected]
• Website: costavida-meal.click

We will investigate your complaint and respond within a reasonable timeframe, generally within 30 days of receipt.

15.2 Regulatory Complaints

If you are not satisfied with our response to your privacy complaint, you have the right to escalate your complaint to the appropriate regulatory authority:

• Federal Trade Commission (FTC): For complaints about unfair or deceptive trade practices, including privacy violations under the FTC Act. You may file a complaint at ftc.gov/complaint or call 1-877-382-4357.
• California Privacy Protection Agency (CPPA): California residents may contact the CPPA, which enforces the CPRA, at cppa.ca.gov.
• California Attorney General: California residents may also file privacy complaints with the California Attorney General's Office at oag.ca.gov/privacy/ccpa.
• State Attorney General Offices: Residents of other states may file complaints with their respective state attorney general offices for violations of state consumer protection or privacy laws.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on our website with a new "Last Updated" date
• Provide prominent notice on our website homepage
• Send an email notification to registered users where appropriate and required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services following notification of any changes constitutes your acceptance of the updated Privacy Policy, to the extent permitted by applicable law.

17. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are dedicated to addressing your privacy concerns in a timely and transparent manner.

When contacting us about a privacy matter, please provide sufficient information to identify yourself and describe the nature of your request or concern. This will help us respond more efficiently and accurately.