Privacy Policy

Your privacy matters to us. Learn how we protect and use your information.

Last Updated: December 15, 2024

1. Introduction

Welcome to Costa Vida ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website vidascosta.click, use our services, place orders, or interact with us in any way.

This policy applies to all users of our food delivery and restaurant services, including customers who dine in, order online, use our mobile applications, participate in our loyalty programs, or engage with our catering services.

By using our services, you agree to the collection and use of information in accordance with this policy. We never sell your personal data to third parties. Your trust is fundamental to our business, and we are committed to maintaining it through transparent privacy practices.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

  • Personal Identification Information: Name, email address, phone number, delivery address, billing address
  • Account Information: Username, password (encrypted), order history, favorite orders
  • Payment Information: Credit/debit card details (securely encrypted), payment method preferences
  • Food Preferences and Dietary Information: Allergen information, special dietary requirements (vegan, vegetarian, halal, kosher, gluten-free), spice preferences, portion sizes
  • Order Details: Food items ordered, delivery instructions, special requests, order frequency
  • Loyalty Program Data: Points balance, rewards history, tier status, promotional preferences
  • Reservation Information: Table booking details, party size, special occasion notes
  • Catering Information: Event details, guest count, menu preferences, dietary restrictions for groups
  • Communication Records: Contact form submissions, customer service interactions, reviews and ratings
  • Marketing Preferences: Newsletter subscriptions, promotional email preferences, communication frequency settings

2.2 Information Collected Automatically

When you use our services, we automatically collect certain information:

  • Device Information: IP address, browser type and version, operating system, device type, screen resolution
  • Usage Data: Pages visited, time spent on site, clicks, scrolling behavior, search queries
  • Location Information: Approximate location from IP address, precise location (with permission) for delivery services
  • Cookie Data: Session identifiers, user preferences, shopping cart contents, analytics data
  • Performance Data: Page load times, error messages, feature usage statistics

2.3 Information from Third Parties

We may receive information about you from third-party sources:

  • Social Media Platforms: If you connect your social media accounts, we may receive profile information
  • Payment Processors: Transaction confirmation data, fraud prevention information
  • Delivery Partners: Delivery confirmation, location updates, delivery feedback
  • Marketing Partners: Demographic information, interest data for targeted advertising
  • Review Platforms: Public reviews and ratings you post about our services

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Fulfilling food orders, coordinating delivery, managing reservations
  • Account Management: Creating and maintaining user accounts, authentication, password resets
  • Customer Support: Responding to inquiries, resolving issues, processing refunds
  • Quality Improvement: Analyzing usage patterns, optimizing menu offerings, improving service quality
  • Personalization: Customizing menu recommendations based on dietary preferences and order history

3.2 Communication

  • Order Updates: Confirmation emails, preparation status, delivery notifications
  • Customer Service: Responding to support requests, handling complaints and feedback
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional emails, special offers, new menu items (with explicit consent only)
  • Loyalty Program: Points updates, reward notifications, tier status changes

3.3 Marketing and Analytics

  • Personalized Advertising: Targeted promotions based on preferences and order history
  • Website Analytics: Understanding user behavior, optimizing website performance
  • Campaign Measurement: Evaluating effectiveness of marketing campaigns
  • Market Research: Developing new menu items, improving existing offerings
  • Business Intelligence: Analyzing trends, forecasting demand, inventory management

3.4 Legal Compliance and Security

  • Legal Requirements: Complying with applicable laws, regulations, and court orders
  • Fraud Prevention: Detecting and preventing fraudulent transactions and activities
  • Safety Protection: Protecting rights, property, and safety of customers, employees, and business
  • Dispute Resolution: Resolving legal disputes, enforcing terms of service
  • Tax and Accounting: Maintaining financial records, tax reporting compliance

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Secure transaction processing, fraud detection services
  • Delivery Partners: Coordinating food delivery, tracking shipments, obtaining delivery confirmation
  • Cloud Storage Providers: Secure data storage and backup services with encryption
  • Email Service Providers: Sending order confirmations, newsletters, and promotional emails
  • Analytics Providers: Website usage analysis, performance monitoring, user behavior insights
  • Customer Support Tools: Managing customer service requests and communications
  • Marketing Services: Advertising platforms, social media management, campaign analytics

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • Legal Process: Responding to court orders, subpoenas, and legal investigations
  • Regulatory Compliance: Meeting requirements of health authorities, tax agencies, and other regulators
  • Rights Protection: Defending against legal claims, protecting intellectual property
  • Emergency Situations: Protecting health, safety, or preventing illegal activities
  • Law Enforcement: Cooperating with police investigations when legally required

4.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets:

  • Customer information may be transferred to new owners
  • We will notify customers before information is transferred
  • New owners must comply with this privacy policy
  • Customers will have the option to delete their accounts before transfer

4.4 With Your Consent

We may share information for other purposes with your explicit consent, such as:

  • Participating in joint promotions with partner businesses
  • Sharing reviews and testimonials (with permission)
  • Participating in market research studies

5. Data Security

5.1 Technical Security Measures

We implement robust technical safeguards to protect your information:

  • Encryption: SSL/TLS encryption for all data transmission between your device and our servers
  • Secure Storage: All personal data is encrypted at rest using industry-standard encryption
  • Firewall Protection: Advanced firewall systems to prevent unauthorized access
  • Access Controls: Multi-factor authentication and role-based access for employees
  • Network Security: Intrusion detection systems and 24/7 security monitoring
  • Regular Backups: Automated, encrypted backups stored in secure, geographically distributed locations
  • Vulnerability Management: Regular security assessments and penetration testing

5.2 Organizational Security Measures

  • Employee Training: Regular cybersecurity awareness training for all staff members
  • Privacy Policies: Comprehensive data handling procedures and guidelines
  • Confidentiality Agreements: All employees and contractors sign strict confidentiality agreements
  • Incident Response: Detailed security breach response plan with clear escalation procedures
  • Regular Audits: Independent security audits and compliance assessments
  • Data Minimization: Collecting and retaining only necessary information for business purposes

5.3 Your Security Responsibilities

You play an important role in keeping your information secure:

  • Strong Passwords: Use unique, complex passwords and enable two-factor authentication
  • Account Protection: Never share your login credentials with others
  • Public Computers: Always log out when using public or shared devices
  • Phishing Awareness: Be cautious of suspicious emails or links requesting personal information
  • Immediate Reporting: Contact us immediately if you suspect unauthorized account access

Security Breach Notification: In the unlikely event of a security breach affecting your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by law.

6. Cookies and Tracking Technologies

We use various technologies to enhance your experience and gather information about how our services are used:

Cookie Type Purpose Duration
Essential Cookies Basic site functionality, login state, shopping cart contents, security features Session (deleted when browser closes)
Functional Cookies User preferences, language settings, location data, customized content Up to 1 year
Analytics Cookies Website usage analysis, performance monitoring, user behavior insights Up to 2 years
Marketing Cookies Personalized advertising, campaign measurement, social media integration Up to 1 year

Specific Tracking Technologies We Use:

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Storing user preferences and shopping cart data in your browser
  • Session Storage: Temporary data storage for single browsing sessions

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete existing cookies
  • Block cookies from specific websites
  • Block third-party cookies
  • Clear all cookies when closing the browser
  • Receive notifications when cookies are set

Important Note: Disabling certain cookies may affect website functionality, including the ability to place orders or maintain login sessions.

7. Your Privacy Rights (GDPR/CCPA Compliance)

You have important rights regarding your personal information. These rights may vary based on your location:

7.1 Right of Access

You can request to see what personal data we have about you, including:

  • Categories of information we collect
  • Specific pieces of personal information
  • Sources from which information was collected
  • Purposes for collecting information
  • Third parties with whom we share information

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information:

  • Update contact information
  • Correct billing or delivery addresses
  • Modify dietary preferences or allergen information
  • Change marketing communication preferences

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal information when:

  • Information is no longer necessary for original purposes
  • You withdraw consent and no other legal basis exists
  • Information has been unlawfully processed
  • Deletion is required for legal compliance

7.4 Right to Restrict Processing

You can request that we limit how we use your information when:

  • You contest the accuracy of information
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need information but you need it for legal claims
  • You object to processing pending verification of legitimate grounds

7.5 Right to Data Portability

You can request your personal information in a machine-readable format to:

  • Transfer information to another service provider
  • Keep a personal copy of your data
  • Use information with other services

7.6 Right to Object

You can object to processing of your information for:

  • Direct marketing purposes (including profiling)
  • Scientific or historical research
  • Statistical purposes
  • Tasks carried out in the public interest

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, when such decisions significantly affect you.

How to Exercise Your Rights

To exercise any of these rights, contact us using the methods in Section 13. We will respond to your request within 30 days and may require identity verification to protect your privacy.

8. Children's Privacy

Protecting children's privacy is especially important to us:

  • Age Restrictions: Our services are not intended for children under 16 years of age
  • No Intentional Collection: We do not knowingly collect personal information from children under 16
  • Parental Rights: If you are a parent and believe your child has provided personal information, please contact us immediately
  • Immediate Action: We will promptly delete any information we discover has been collected from children under 16
  • Educational Purpose: We may collect information for educational purposes only with verifiable parental consent

9. International Data Transfers

9.1 Protection Measures

When we transfer your data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: Transferring to countries with adequate protection levels (EU-Japan adequacy decisions)
  • Standard Contractual Clauses (SCC): Using EU-approved contractual terms for data transfers
  • Data Processing Agreements: Comprehensive contracts with international partners
  • Security Measures: Encryption and access controls for all transferred data
  • Regular Audits: Monitoring compliance with international data protection standards

9.2 Transfer Destinations

Your data may be transferred to and processed in:

  • United States: Cloud storage and data processing services
  • European Union: Analytics and marketing services
  • Other Countries: As needed for business operations, always with appropriate protections

10. Data Retention Periods

We retain personal information only as long as necessary for legitimate business purposes:

Information Type Retention Period Reason for Retention
Account Information 6 months after account deletion Legal obligations, fraud prevention, dispute resolution
Order and Purchase History 7 years Tax and accounting requirements, warranty claims
Payment Information As required by payment processors Fraud prevention, chargeback processing
Marketing Consent Records 3 months after consent withdrawal Proof of consent compliance
Website Usage Logs Up to 2 years Security monitoring, analytics, performance optimization
Customer Support Records 3 years Service quality improvement, training purposes
Dietary and Allergen Information Until account deletion or updated Food safety, personalized service

Safe Data Disposal

When we no longer need your information, we ensure secure disposal:

  • Electronic Data: Complete deletion using secure wiping techniques that make data unrecoverable
  • Physical Records: Secure shredding and destruction of paper documents
  • Backup Systems: Removal from all backup and archive systems
  • Third-Party Systems: Ensuring partners also delete information according to agreements
  • Disposal Records: Maintaining records of data destruction for compliance purposes

11. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services:

  • External Links: We are not responsible for privacy practices of external websites
  • Social Media: Social media plugins may collect information according to their own policies
  • Payment Services: Third-party payment processors have their own privacy policies
  • Delivery Partners: Delivery companies may collect additional information during delivery
  • Review Platforms: Third-party review sites operate under their own privacy rules

Your Responsibility: We encourage you to review privacy policies of any third-party services before providing personal information. Your use of third-party services is governed by their terms and privacy policies.

12. Policy Changes and Updates

12.1 Change Notification Process

When we update this privacy policy, we will notify you through multiple channels:

  • Website Notice: Prominent banner on our homepage announcing changes
  • Email Notification: Direct email to all registered users with account email addresses
  • Login Notification: Pop-up notification when you next log into your account
  • App Notification: Push notifications through our mobile applications

12.2 Significant Changes

For material changes that affect your rights or how we use your information:

  • We will provide 30 days advance notice
  • We may request explicit consent for new uses of information
  • You will have the option to decline changes and close your account
  • We will clearly explain what has changed and why

12.3 Staying Informed

  • Regular Review: We recommend checking this policy periodically
  • Version Date: The "Last Updated" date at the top shows the most recent revision
  • Archive Access: Previous versions available upon request
  • Continued Use: Using our services after changes indicates acceptance

13. Contact Information

Privacy Questions and Requests

Company: Costa Vida

Address: 522 S 3rd St, Wilmington, NC 28401, USA

Phone: +1 910-399-2961

Email: [email protected]

Privacy Officer: [email protected]

Business Hours: Monday-Friday, 9:00 AM - 6:00 PM EST

Response Commitment: We will respond to all privacy-related inquiries within 3 business days.

13.1 Filing Complaints

If you have concerns about our privacy practices:

  • Contact Us First: We encourage you to contact us directly for fastest resolution
  • Supervisory Authority: If you are not satisfied with our response, you may contact your local data protection authority
  • United States: Federal Trade Commission (FTC) - consumer.ftc.gov
  • European Union: Your local Data Protection Authority

14. Consent Withdrawal

14.1 Marketing Communications

You can withdraw consent for marketing communications at any time:

  • Unsubscribe Links: Click unsubscribe in any promotional email
  • Account Settings: Update preferences in your online account
  • Customer Service: Call or email us to opt out
  • Text Messages: Reply STOP to any promotional text message

14.2 Account Deletion Process

To delete your account and associated data:

  1. Log into your account and go to Settings
  2. Select "Delete Account" option
  3. Confirm your identity for security
  4. Choose what information to delete immediately vs. retain for legal compliance
  5. Receive confirmation email of deletion

Important Note: Some information may be retained as required by law for tax, accounting, or fraud prevention purposes.

15. Conclusion

At Costa Vida, your privacy is not just a legal obligation—it's fundamental to the trust relationship we build with every customer. We understand that when you share your information with us, you're placing your trust in our ability to protect it and use it responsibly.

This comprehensive privacy policy reflects our commitment to transparency. We believe you should always know what information we collect, how we use it, who we share it with, and what choices you have. Our goal is to provide you with delicious food and excellent service while maintaining the highest standards of privacy protection.

We encourage you to take an active role in protecting your privacy by reviewing your account settings, understanding your rights, and contacting us with any questions or concerns. Your feedback helps us improve our privacy practices and better serve our community.

Thank you for trusting Costa Vida with your personal information and for being part of our culinary community. We're committed to earning and maintaining that trust every day through our actions, not just our words.

Remember: This privacy policy was last updated on the date shown at the beginning of this document. Please check back periodically for any updates or changes.