Privacy Policy

1. Introduction

At Guzman y Gomez, we are deeply committed to protecting your privacy and maintaining the trust you place in us when you share your personal information. This comprehensive Privacy Policy outlines how we collect, use, store, and protect your personal data when you visit our website, use our mobile application, place orders, visit our restaurants, or interact with our services in any way.

The scope of this policy extends to all aspects of our food service operations, including online ordering, delivery services, in-store dining, catering, loyalty programs, and promotional activities. This policy applies to all personal information we collect through our various touchpoints and explains your rights regarding your personal data.

By using our services, creating an account, placing orders, or engaging with our brand, you agree to the terms outlined in this Privacy Policy. We want to assure you that we never sell your personal data to third parties for their marketing purposes.

2. Information We Collect

To provide you with the best possible food service experience, we collect various types of information through different channels and interactions with our brand.

2.1 Information You Provide to Us

This category includes information you voluntarily provide when interacting with our services:

• Personal Identification Information: Full name, email address, phone number, delivery address, billing address, date of birth (for age verification and birthday promotions)
• Account Information: Username, password, order history, saved payment methods, dietary preferences, allergen information, favorite menu items
• Food-Specific Information: Dietary requirements (vegetarian, vegan, gluten-free, halal, kosher), food allergies and intolerances, spice preferences, portion size preferences, special cooking instructions
• Payment Information: Credit/debit card details, billing information, transaction history (securely encrypted and stored in compliance with PCI DSS standards)
• Communication Data: Contact form submissions, customer service interactions, feedback and reviews, survey responses, social media interactions
• Reservation and Event Information: Table booking details, party size, special occasion information, catering event requirements, corporate account details
• Loyalty Program Data: Membership information, points balance, reward preferences, participation in promotions and contests
• Marketing Preferences: Communication preferences, newsletter subscriptions, promotional offer interests, preferred communication channels

2.2 Automatically Collected Information

When you visit our website, use our mobile app, or interact with our digital services, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device type (mobile, tablet, desktop), screen resolution, device identifiers
• Usage Data: Pages visited, time spent on pages, click-through rates, menu items viewed, search queries, ordering patterns, session duration
• Location Data: Approximate location based on IP address, GPS coordinates (with permission) for delivery services and restaurant locator features
• Cookie Data: Session IDs, user preferences, shopping cart contents, authentication tokens, analytics data
• Performance Data: Page load times, error reports, app crash reports, website performance metrics

2.3 Information from Third Parties

We may receive information about you from various third-party sources to enhance our services:

• Social Media Platforms: Profile information, friend lists, interests (when you connect your social media accounts)
• Payment Processors: Transaction verification, fraud prevention data, payment method validation
• Delivery Partners: Delivery status updates, driver locations, delivery completion confirmations
• Marketing Partners: Campaign performance data, audience insights, promotional effectiveness metrics
• Review Platforms: Customer ratings and reviews from third-party platforms like Google Reviews, Yelp

3. How We Use Your Information

We use the collected information for various purposes to provide, maintain, and improve our food services:

3.1 Service Provision and Order Management

• Order Processing: Taking and fulfilling food orders, processing payments, coordinating kitchen operations, managing inventory
• Delivery and Pickup Services: Coordinating delivery drivers, providing order tracking, sending pickup notifications
• Customer Support: Responding to inquiries, resolving order issues, handling complaints, providing assistance with dietary requirements
• Account Management: Creating and maintaining user accounts, authentication, password resets, profile updates
• Personalization: Customizing menu recommendations based on dietary preferences and order history, suggesting new items you might enjoy
• Quality Assurance: Monitoring service quality, ensuring food safety standards, tracking customer satisfaction

3.2 Communication and Notifications

• Order Communications: Confirmation emails, preparation status updates, delivery notifications, pickup reminders
• Customer Service: Responding to support requests, following up on feedback, resolving service issues
• Important Notices: Policy changes, service updates, restaurant closures, food safety alerts
• Promotional Communications: Special offers, new menu items, loyalty rewards, seasonal promotions (only with your consent)

3.3 Marketing and Analytics

• Targeted Advertising: Showing relevant food promotions, personalized menu recommendations, location-based offers
• Performance Analysis: Measuring website traffic, app usage patterns, popular menu items, peak ordering times
• Campaign Effectiveness: Tracking promotional success, measuring customer engagement, optimizing marketing spend
• Market Research: Understanding food trends, customer preferences, market opportunities for new products

3.4 Legal Compliance and Security

• Legal Obligations: Complying with food safety regulations, tax reporting, employment law, accessibility requirements
• Fraud Prevention: Detecting and preventing fraudulent transactions, protecting against payment fraud
• Safety and Security: Protecting customer data, maintaining restaurant security, ensuring staff and customer safety
• Dispute Resolution: Handling legal claims, resolving conflicts, supporting legal proceedings when necessary

4. Information Sharing and Disclosure

We carefully limit the sharing of your personal information and only do so in specific circumstances:

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who help us deliver our food services:

• Payment Processors: Secure payment processing companies (PayPal, Stripe, Square) that handle credit card transactions and ensure PCI compliance
• Delivery Services: Third-party delivery companies and drivers who fulfill delivery orders and provide tracking services
• Cloud Storage Providers: Amazon Web Services, Microsoft Azure, and other cloud platforms that securely store and backup our data
• Email Service Providers: Platforms like Mailchimp, SendGrid for sending order confirmations, newsletters, and promotional emails
• Analytics Providers: Google Analytics, Facebook Analytics for understanding customer behavior and improving our services
• Customer Support Tools: Help desk software, chat services, and CRM systems to manage customer interactions
• Marketing Platforms: Social media advertising platforms, email marketing tools, loyalty program providers

All service providers are required to maintain strict confidentiality and data protection standards through contractual agreements.

4.2 Legal Requirements and Protection

We may disclose your information when required by law or to protect our rights and safety:

• Legal Compliance: Court orders, subpoenas, regulatory investigations, tax authorities, food safety inspections
• Law Enforcement: Cooperation with police investigations, fraud prevention, regulatory compliance
• Rights Protection: Protecting our intellectual property, enforcing terms of service, defending against legal claims
• Public Safety: Emergency situations, public health concerns, food safety incidents, security threats

4.3 Business Transfers

In the event of business changes, your information may be transferred:

• Mergers and Acquisitions: Sale of company assets, merger with another food service company, corporate restructuring
• Asset Sales: Sale of restaurant locations, franchise transfers, business unit sales
• Bankruptcy: Business dissolution, creditor proceedings, asset liquidation

We will notify you of any business transfer that affects your personal information and ensure the new owner complies with similar privacy protection standards.

4.4 With Your Explicit Consent

We may share your information for other purposes with your explicit consent, such as:

• Participation in co-marketing campaigns with other food brands
• Integration with third-party food apps or platforms
• Sharing reviews and testimonials (with your permission)
• Participating in industry research studies

5. Data Security

Protecting your personal information is a top priority. We implement comprehensive security measures to safeguard your data:

5.1 Technical Security Measures

• Encryption: All data transmission is protected with SSL/TLS encryption. Sensitive data at rest is encrypted using AES-256 standards
• Firewall Protection: Advanced firewall systems monitor and block unauthorized access attempts
• Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege for employee access
• Network Security: Secure VPN connections, network segmentation, intrusion detection and prevention systems
• Data Backup: Regular automated backups stored in geographically diverse locations with encryption
• Security Monitoring: 24/7 security operations center monitoring for threats and suspicious activities

5.2 Organizational Security Measures

• Employee Training: Comprehensive privacy and security training for all staff members, with annual refresher courses
• Data Handling Procedures: Strict protocols for accessing, processing, and storing personal information
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements protecting customer data
• Incident Response: Detailed incident response plan for security breaches with defined roles and escalation procedures
• Security Audits: Regular internal and external security audits to identify and address vulnerabilities
• Vendor Management: Due diligence and ongoing monitoring of third-party security practices

5.3 Your Security Responsibilities

You also play an important role in protecting your information:

• Strong Passwords: Use complex passwords with a combination of letters, numbers, and special characters
• Password Protection: Never share your login credentials with others
• Secure Logout: Always log out of your account when using public or shared computers
• Email Safety: Be cautious of phishing emails and never click suspicious links claiming to be from us
• Report Issues: Immediately report any unauthorized account access or suspicious activities
• Software Updates: Keep your devices and browsers updated with the latest security patches

6. Cookies and Tracking Technologies

We use various cookies and tracking technologies to enhance your experience on our website and mobile app:

Cookie Type	Purpose	Duration
Essential Cookies	Basic site functionality, user authentication, shopping cart, security	Session (deleted when browser closes)
Functional Cookies	User preferences, language settings, location memory, customization	Up to 1 year
Analytics Cookies	Usage statistics, performance monitoring, user behavior analysis	Up to 2 years
Marketing Cookies	Personalized advertising, campaign tracking, social media integration	Up to 1 year

Tracking Technologies We Use

• Google Analytics: Website traffic analysis, user behavior tracking, conversion measurement
• Facebook Pixel: Social media advertising effectiveness, custom audience creation
• Web Beacons: Email open rates, click-through tracking, campaign performance
• Local Storage: Browser-based storage for user preferences and shopping cart data
• Mobile App Analytics: App usage patterns, feature adoption, crash reporting

Cookie Management

You can control cookies through your browser settings:

• Accept or reject all cookies
• Delete existing cookies from your device
• Set preferences for specific types of cookies
• Receive notifications before cookies are placed

Note: Disabling essential cookies may affect website functionality, including the ability to place orders and access your account.

7. Your Privacy Rights

Under applicable privacy laws (including GDPR, CCPA, and Australian Privacy Principles), you have several important rights regarding your personal information:

7.1 Right of Access

You can request to view all personal information we hold about you, including:

• Account details and order history
• Dietary preferences and allergen information
• Marketing preferences and communication history
• Data sources and sharing activities

7.2 Right to Rectification

You can request corrections to inaccurate or incomplete personal information, such as:

• Updating contact information
• Correcting dietary restrictions or allergen data
• Modifying delivery addresses
• Updating payment information

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal information when:

• The information is no longer necessary for the original purpose
• You withdraw consent for processing
• The data has been unlawfully processed
• You object to processing and there are no overriding legitimate grounds

7.4 Right to Restrict Processing

You can limit how we use your data in certain circumstances:

• When you contest the accuracy of your data
• If processing is unlawful but you prefer restriction over deletion
• When we no longer need the data but you need it for legal claims

7.5 Right to Data Portability

You can receive your personal information in a machine-readable format and transfer it to another service provider.

7.6 Right to Object

You can object to processing of your personal information, particularly for:

• Direct marketing communications
• Profiling for marketing purposes
• Processing based on legitimate interests

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information in the Contact section below. We will respond to your request within 30 days and may ask for verification of your identity to protect your information.

8. Children's Privacy

Our food services are designed for general audiences and are not specifically intended for children under 16 years of age. We are committed to protecting children's privacy:

• No Intentional Collection: We do not knowingly collect personal information from children under 16 without parental consent
• Parental Notification: If we discover we have collected information from a child under 16, we will immediately contact the parent or guardian
• Prompt Deletion: Upon notification or discovery, we will promptly delete any personal information collected from children
• Parental Rights: Parents can request access to, correction of, or deletion of their child's personal information
• Age Verification: We may use age verification mechanisms for certain services like loyalty programs or promotional offers

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at the information provided below.

9. International Data Transfers

As a food service company operating in Australia, we may transfer your personal information to other countries for processing and storage:

9.1 Protection Measures

• Adequacy Decisions: Transfers to countries recognized as providing adequate protection (EU, Canada, Japan)
• Standard Contractual Clauses: Legal contracts ensuring equivalent protection in other countries
• Data Processing Agreements: Binding agreements with international service providers
• Security Safeguards: Technical and organizational measures to protect transferred data
• Compliance Monitoring: Regular audits of international partners' privacy practices

9.2 Transfer Destinations

• United States: Cloud storage services, payment processing, customer support systems
• European Union: Data analytics, marketing platforms, security monitoring
• Other Countries: As needed for business operations with appropriate legal protections

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Information Type	Retention Period	Reason
Account Information	6 months after account deletion	Legal obligations, dispute resolution, fraud prevention
Order and Purchase History	7 years	Tax and accounting requirements, warranty claims
Payment Information	As required by payment processors	Transaction processing, chargebacks, fraud prevention
Marketing Consent Records	3 months after withdrawal	Consent record keeping, compliance verification
Website Usage Logs	Up to 2 years	Security monitoring, analytics, performance optimization
Customer Support Records	3 years	Service quality improvement, dispute resolution
Dietary and Allergen Information	While account is active + 1 year	Food safety, personalized service, liability protection
Loyalty Program Data	While program is active + 2 years	Reward fulfillment, program administration

Safe Data Disposal

When retention periods expire, we ensure secure data disposal:

• Electronic Data: Complete deletion using industry-standard methods that make data unrecoverable
• Physical Records: Secure shredding of paper documents and destruction of storage media
• Backup Systems: Removal from all backup systems and archived data
• Third-Party Data: Ensuring service providers also securely dispose of your information
• Audit Trail: Maintaining records of data disposal activities for compliance purposes

11. Third-Party Links and Services

Our website and mobile app may contain links to third-party websites, social media platforms, or integrated services:

• External Links: We are not responsible for the privacy practices of external websites or services
• Social Media: Integration with Facebook, Instagram, Twitter may involve data sharing according to their policies
• Payment Processors: Third-party payment services have their own privacy policies and terms
• Review Platforms: Customer reviews on external sites are governed by those platforms' policies
• Delivery Partners: Third-party delivery services may collect additional information for their services

We encourage you to review the privacy policies of any third-party services before providing your personal information. Your interactions with these services are governed by their respective privacy policies, not ours.

12. Policy Changes and Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws:

12.1 Change Notification Methods

• Website Notice: Prominent banner notification on our homepage and privacy policy page
• Email Notification: Direct email to registered users about significant policy changes
• App Notification: Push notification through our mobile app
• Account Alert: In-account message when you next log in
• Social Media: Announcements on our official social media channels

12.2 Types of Changes

• Minor Updates: Clarifications, contact information changes, or editorial corrections
• Significant Changes: Material changes to how we collect, use, or share your information
• Legal Updates: Changes required by new privacy laws or regulations

12.3 Your Options

• Review Changes: We recommend regularly checking this page for updates
• Continued Use: Continuing to use our services after changes indicates acceptance
• Opt-Out: You can stop using our services if you disagree with changes
• Contact Us: Reach out with questions about policy changes

14. Withdrawal of Consent

You have the right to withdraw your consent for certain data processing activities at any time:

14.1 Marketing Consent Withdrawal

• Email Unsubscribe: Click the unsubscribe link at the bottom of any marketing email
• Account Settings: Log into your account and update your communication preferences
• Customer Support: Contact our support team to opt out of all marketing communications
• SMS Opt-Out: Reply "STOP" to any promotional text message
• Push Notifications: Disable in your mobile device settings or app preferences

14.2 Account Deletion Process

To completely delete your account and associated data:

1. Log into your account and go to Account Settings
2. Select "Delete Account" option
3. Confirm your identity for security purposes
4. Choose what data to retain for legal compliance (if any)
5. Receive confirmation of account deletion

Note: Some information may be retained as required by law for tax, accounting, or legal purposes.

14.3 Consequences of Withdrawal

• You may no longer receive promotional offers or loyalty rewards
• Account deletion will remove order history and saved preferences
• We may not be able to provide personalized recommendations
• Customer support may be limited without account access

15. Conclusion

Your privacy and trust are fundamental to our relationship at Guzman y Gomez. We are committed to protecting your personal information with the highest standards of security and transparency. This comprehensive policy reflects our dedication to responsible data handling and your privacy rights.

We understand that privacy is not just about compliance with laws—it's about building and maintaining trust with our valued customers. Whether you're ordering your favorite meal, joining our loyalty program, or simply browsing our menu, you can be confident that your personal information is handled with care and respect.

As we continue to grow and evolve our food services, we will maintain our commitment to privacy protection while finding new ways to enhance your dining experience. We encourage you to reach out with any questions, concerns, or feedback about our privacy practices.

Thank you for choosing Guzman y Gomez and for trusting us with your personal information. We look forward to serving you delicious food while keeping your privacy secure.