Privacy Policy
This Privacy Policy describes how Costa Vida ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at vidacostas.digital, use our online ordering platform, interact with our mobile applications, or otherwise engage with our food and restaurant services (collectively, the "Services"). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe, responsible, and transparent manner in full compliance with applicable United States federal and state privacy laws.
Please read this Privacy Policy carefully before using our Services. By accessing or using our website or any of our Services, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy. If you do not agree with any part of this policy, please discontinue your use of our Services immediately.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the information provided in the Contact Us section at the bottom of this document.
1. About Costa Vida
Costa Vida is a food and restaurant business operating within the United States. Our Services include dine-in experiences, take-out orders, online food ordering, delivery services, loyalty programs, and digital marketing communications related to our menu offerings and promotions. We collect personal information as part of our day-to-day business operations to provide you with the best possible dining and customer service experience.
Company Name: Costa Vida
Website: vidacostas.digital
Email: [email protected]
2. Scope of This Privacy Policy
This Privacy Policy applies to all personal information we collect from or about you in connection with:
- Visits to our website at vidacostas.digital
- Online food ordering, take-out reservations, and delivery requests
- Loyalty program registration and participation
- Email newsletters and promotional communications
- Social media interactions and engagement
- In-store experiences where digital or personal information is collected
- Customer service inquiries and feedback submissions
- Any other interaction with Costa Vida through digital or physical channels
This Privacy Policy does not apply to the practices of third-party companies, websites, or individuals that Costa Vida does not own or control, including third-party delivery platforms, payment processors, or social media networks that operate independently under their own privacy policies.
3. Information We Collect
We collect various types of information in connection with your use of our Services. The categories of personal information we collect are described below.
3.1 Personal Identification Information
When you create an account, place an order, sign up for our loyalty program, or contact us, we may collect the following personal identification information:
- Full name
- Email address
- Phone number
- Mailing address and delivery address
- Date of birth (for age verification and promotional purposes)
- Username and password for account access
- Profile photo (if voluntarily provided)
3.2 Payment and Transaction Information
When you place an order or make a purchase through our Services, we collect information necessary to process your payment. This includes:
- Credit or debit card information (processed securely by third-party payment processors)
- Billing address
- Order history and transaction records
- Gift card and promotional code usage
Please note that we do not store full credit or debit card numbers on our servers. All payment card information is processed and stored by PCI-DSS compliant third-party payment processors.
3.3 Usage and Behavioral Data
When you interact with our website or mobile applications, we automatically collect information about your browsing and ordering behavior, including:
- Pages visited and content viewed on vidacostas.digital
- Time and duration of visits
- Links clicked and features used
- Search queries entered on our website
- Menu items viewed, added to cart, and purchased
- Frequency of visits and ordering patterns
- Referral source (how you found our website)
3.4 Device and Technical Information
We collect technical information about the device and browser you use to access our Services, including:
- IP address and approximate geographic location derived from it
- Browser type and version
- Operating system and version
- Device type (desktop, tablet, smartphone)
- Device identifiers and mobile advertising IDs
- Screen resolution and display settings
- Language preferences
- Time zone settings
3.5 Location Information
With your consent, we may collect precise geolocation data from your device to enable location-based features such as finding nearby restaurant locations, facilitating delivery services, or providing location-relevant promotions. You may disable location sharing through your device settings at any time.
3.6 Communications Data
When you communicate with us through email, contact forms, customer service channels, or social media, we collect and retain records of those communications, including:
- Content of emails, messages, and inquiries
- Customer service interaction logs
- Feedback, reviews, and survey responses
- Social media comments and direct messages
3.7 Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website and digital platforms. For detailed information about our use of cookies, the types of cookies we use, and how to manage your cookie preferences, please refer to our Cookie Policy. A summary of our cookie practices is also provided in Section 8 of this Privacy Policy.
3.8 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social media platforms when you connect your account or log in using social sign-in features
- Third-party food delivery platforms (e.g., DoorDash, Uber Eats) for order fulfillment purposes
- Analytics and advertising partners
- Loyalty program partners
- Publicly available data sources
4. How We Use Your Information
We use the personal information we collect for a variety of legitimate business purposes. The specific ways in which we use your data are described below.
4.1 Providing and Improving Our Services
- Processing and fulfilling your food orders and managing deliveries
- Creating and managing your user account and loyalty program membership
- Providing customer support and responding to your inquiries
- Personalizing your experience on our website and application
- Improving our menu offerings, website functionality, and overall Services
- Conducting quality assurance and testing
4.2 Communications and Marketing
- Sending order confirmations, receipts, and updates
- Sending promotional emails, special offers, and newsletters (with your consent)
- Notifying you of changes to our menu, hours, locations, or policies
- Conducting surveys and gathering feedback to improve our Services
- Sending loyalty program updates, rewards notifications, and personalized deals
4.3 Analytics and Business Intelligence
- Analyzing customer behavior, ordering patterns, and website usage
- Monitoring and measuring the effectiveness of our marketing campaigns
- Conducting market research and customer preference analysis
- Generating aggregated, anonymized reports for internal business purposes
4.4 Legal Compliance and Security
- Complying with applicable federal, state, and local laws and regulations
- Detecting, investigating, and preventing fraudulent transactions and unauthorized access
- Enforcing our Terms of Service and other legal agreements
- Responding to legal requests, court orders, subpoenas, or government investigations
- Protecting the rights, property, or safety of Costa Vida, our customers, and the public
4.5 Advertising and Targeted Marketing
We may use your information to deliver targeted advertisements and personalized marketing content through our own channels and through third-party advertising platforms. This includes interest-based advertising based on your browsing and ordering behavior. You have the right to opt out of certain targeted advertising as described in Section 10 of this Privacy Policy.
5. How We Share Your Information
We do not sell your personal information to third parties for monetary compensation. However, we may share your information with certain categories of third parties as described below.
5.1 Service Providers and Business Partners
We share your information with trusted third-party service providers who assist us in operating our business and delivering our Services. These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed. Categories of service providers include:
- Payment processing companies (e.g., Stripe, Square)
- Food delivery and logistics platforms
- Cloud hosting and data storage providers
- Email marketing and communication platforms
- Analytics and website tracking providers (e.g., Google Analytics)
- Customer relationship management (CRM) software providers
- Loyalty program management platforms
- Fraud detection and cybersecurity service providers
5.2 Advertising and Marketing Partners
We may share certain information (such as hashed email addresses and device identifiers) with advertising partners to facilitate targeted marketing, retargeting campaigns, and audience measurement. These partners may use cookies and similar technologies to deliver personalized ads across websites and platforms.
5.3 Legal and Regulatory Disclosures
We may disclose your personal information when required to do so by law or in response to valid legal processes, including:
- Compliance with a subpoena, court order, or other legal obligation
- Responding to a government or regulatory agency request
- Protecting the rights and safety of our customers, employees, or the public
- Preventing or investigating potential wrongdoing in connection with our Services
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to a successor entity as part of that transaction. We will notify you via email or prominent notice on our website if such a transfer occurs and if the successor entity's privacy practices differ materially from this Privacy Policy.
5.5 With Your Consent
We may share your information with third parties in other ways not described in this Privacy Policy when we have obtained your explicit consent to do so.
6. Data Security
Costa Vida takes the security of your personal information seriously and implements a variety of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction.
6.1 Security Measures We Employ
- Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
- Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate business need to access the data.
- Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant third-party payment processors.
- Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems and infrastructure.
- Data Minimization: We collect and retain only the minimum amount of personal information necessary for the purposes described in this Privacy Policy.
- Employee Training: Our staff members are trained on data protection best practices and privacy compliance requirements.
6.2 Limitations of Security
While we strive to protect your personal information, no method of data transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify you and the appropriate regulatory authorities as required by applicable law, including the notification requirements under applicable state breach notification statutes.
7. Your Privacy Rights
Depending on your state of residence within the United States, you may have certain rights with respect to your personal information. We respect and honor these rights as required by applicable law.
7.1 Rights Under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
If you are a California resident, you have the following rights under the CCPA/CPRA:
| Right | Description |
|---|---|
| Right to Know | You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as how we use and share that information. |
| Right to Delete | You have the right to request deletion of personal information we have collected from you, subject to certain exceptions provided by law. |
| Right to Correct | You have the right to request correction of inaccurate personal information that we maintain about you. |
| Right to Opt Out of Sale/Sharing | You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes. |
| Right to Limit Use of Sensitive Data | You have the right to limit our use and disclosure of your sensitive personal information to purposes necessary for providing our Services. |
| Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA/CPRA rights. |
| Right to Data Portability | You have the right to receive a copy of your personal information in a portable, readily usable format. |
7.2 Rights Available to All U.S. Residents
Regardless of your state of residence, we provide the following rights to all users of our Services:
- Right of Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate or incomplete personal information.
- Right to Deletion: You may request that we delete your personal information, subject to legal retention requirements.
- Right to Opt Out of Marketing: You may unsubscribe from our marketing emails at any time by clicking the "unsubscribe" link in any promotional email or by contacting us directly.
- Right to Withdraw Consent: Where we rely on your consent to process your data, you may withdraw that consent at any time.
7.3 How to Exercise Your Rights
To exercise any of the rights described above, please contact us using one of the following methods:
- Email: [email protected]
- Website: vidacostas.digital
We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf, provided that you provide written authorization and we can verify the agent's identity and authority. We will respond to verified requests within 45 days as required by California law, with a possible extension of an additional 45 days when reasonably necessary.
8. Cookies and Tracking Technologies
Our website at vidacostas.digital uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver targeted advertising.
8.1 Types of Cookies We Use
- Essential Cookies: Necessary for the website to function properly, including login sessions and shopping cart functionality.
- Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics).
- Marketing and Advertising Cookies: Used to deliver personalized advertising and measure campaign effectiveness.
- Preference Cookies: Used to remember your preferences and settings for a better user experience.
8.2 Managing Your Cookie Preferences
You can manage your cookie preferences through our cookie consent banner when you first visit our website. You may also adjust your browser settings to block or delete cookies at any time. Please note that disabling certain cookies may affect the functionality of our website. For more detailed information about our use of cookies, please visit our Cookie Policy.
9. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with applicable legal obligations, to resolve disputes, and to enforce our agreements. The specific retention periods we apply are as follows:
| Category of Data | Retention Period |
|---|---|
| Account and profile information | Duration of account + 3 years after account closure |
| Order and transaction records | 7 years (for tax and legal compliance) |
| Marketing and communication preferences | Until opt-out + 1 year |
| Customer service records | 3 years from last interaction |
| Website usage and analytics data | 26 months (aggregated) |
| Cookies and device identifiers | Session to 24 months depending on cookie type |
| Legal and compliance records | As required by applicable law |
When personal information is no longer needed for the purposes for which it was collected, we will securely delete, anonymize, or destroy it in accordance with our data retention and disposal procedures.
10. Opt-Out Rights and Marketing Preferences
You have the right to opt out of certain uses of your personal information, including:
- Email Marketing: You may unsubscribe from promotional emails by clicking the "unsubscribe" link in any marketing email you receive from us.
- SMS/Text Marketing: You may opt out of text message marketing by replying "STOP" to any marketing text message we send you.
- Interest-Based Advertising: You may opt out of interest-based advertising by visiting the Digital Advertising Alliance's opt-out tool at www.aboutads.info or the Network Advertising Initiative at www.networkadvertising.org.
- Do Not Track: Some browsers offer a "Do Not Track" (DNT) signal. Our website currently does not respond to DNT signals, but we will update this policy if our practices change.
- California Opt-Out of Sale/Sharing: California residents may exercise their right to opt out of the sale or sharing of personal information by contacting us at [email protected].
11. Children's Privacy
Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 16 in jurisdictions that impose a higher age threshold for consent.
If you are under 18 years of age, please do not use our Services or provide us with any personal information. If we become aware that we have inadvertently collected personal information from a child under 13 (or the applicable age of consent in your jurisdiction), we will take immediate steps to delete such information from our records.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.
12. International Data Transfers
Costa Vida is based in the United States and our Services are designed primarily for customers located within the United States. If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your home country.
By using our Services and providing us with your personal information, you consent to the transfer of your information to the United States and its processing in accordance with this Privacy Policy and applicable U.S. law. We will take appropriate measures to ensure that any international transfers of personal data are conducted in compliance with applicable legal requirements and that your information receives adequate protection.
13. Third-Party Links and Services
Our website and digital platforms may contain links to third-party websites, services, and applications that are not owned or controlled by Costa Vida. These may include social media platforms, delivery partner websites, payment processors, and other external resources. This Privacy Policy does not apply to the data practices of those third parties.
We encourage you to review the privacy policies of any third-party websites or services you visit through links on our platform. Costa Vida is not responsible for the privacy practices, content, or security of third-party websites or services.
14. Applicable Laws and Legal Framework
This Privacy Policy is governed by and interpreted in accordance with applicable United States federal and state privacy laws, including but not limited to:
- Federal Trade Commission Act (FTC Act): Governing unfair or deceptive acts or practices in commerce, including deceptive privacy and data security practices.
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Providing comprehensive privacy rights to California residents.
- Children's Online Privacy Protection Act (COPPA): Governing the collection of personal information from children under 13.
- CAN-SPAM Act: Governing commercial email communications.
- Telephone Consumer Protection Act (TCPA): Governing marketing communications via telephone, text, and fax.
- Applicable state-specific breach notification laws and consumer protection statutes in the state(s) where we operate.
15. How to File a Complaint
If you have concerns about how Costa Vida handles your personal information and are not satisfied with our response to your privacy inquiry, you have the right to file a complaint with the appropriate data protection authority.
15.1 For California Residents
California residents may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:
- California Privacy Protection Agency: cppa.ca.gov
- California Attorney General: oag.ca.gov/privacy/ccpa
15.2 For All U.S. Residents
All U.S. residents may file a consumer complaint with the Federal Trade Commission (FTC):
- FTC Complaint Center: reportfraud.ftc.gov
- FTC Website: www.ftc.gov
We strongly encourage you to contact us first before filing a complaint with a regulatory authority, as we are committed to resolving privacy concerns directly and promptly.
16. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes to this Privacy Policy, we will notify you by:
- Posting the updated Privacy Policy on our website at vidacostas.digital with a revised "Last Updated" date
- Sending an email notification to the email address associated with your account
- Displaying a prominent notice on our website homepage or during your next login session
Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.
17. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries in a timely and thorough manner.
Costa Vida – Privacy Inquiries
Company Name: Costa Vida
Website: vidacostas.digital
Privacy Inquiries Email: [email protected]
When contacting us about a privacy matter, please provide sufficient information to allow us to identify you and understand the nature of your request. We will respond to all verified privacy inquiries within 30 business days of receipt.