Privacy Policy

1. Introduction

At Guzman y Gomez ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website guzmanygomez.live, use our mobile application, or engage with our food services.

This policy applies to all information collected through our digital platforms, in-store interactions, delivery services, catering operations, and any related services, sales, marketing, or events. By using our services, you agree to the collection and use of information in accordance with this policy.

We never sell your personal data. Your trust is paramount to us, and we are committed to being transparent about our data practices and giving you control over your information.

If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you directly provide to us, including:

• Personal Identification Information: Name, email address, phone number, delivery address, billing address, date of birth
• Account Information: Username, password, order history, favorite items, dietary preferences
• Payment Information: Credit/debit card details, payment history (stored securely through encrypted payment processors)
• Food Service Specific Information:
  • Allergen information and dietary restrictions (gluten-free, nut allergies, dairy intolerance)
  • Special dietary requirements (vegan, vegetarian, halal, kosher preferences)
  • Table reservation details and party size
  • Catering event information (event type, guest count, menu preferences)
  • Loyalty program data and rewards points
  • Food preferences and favorite orders
  • Delivery instructions and location preferences
• Communication Data: Contact form submissions, customer reviews, feedback, support inquiries
• Marketing Preferences: Email subscription status, communication preferences, promotional interests

2.2 Automatically Collected Information

When you interact with our services, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, click patterns, search queries, order patterns
• Location Data: Approximate location based on IP address, precise location (with your permission) for delivery services
• Cookie Data: Session identifiers, user preferences, analytics data, shopping cart contents
• Performance Data: Page load times, error reports, feature usage statistics

2.3 Information from Third Parties

We may receive information about you from third-party sources:

• Social Media: Profile information when you connect your social media accounts
• Payment Processors: Transaction verification and fraud prevention data
• Delivery Partners: Delivery status updates and location tracking
• Marketing Partners: Demographics and interest data for targeted advertising
• Business Partners: Referral information and co-branded service data

3. How We Use Your Information

3.1 Service Provision

• Order Processing: Processing food orders, managing delivery logistics, handling payments
• Account Management: Creating and maintaining user accounts, authentication, password resets
• Customer Support: Responding to inquiries, resolving issues, providing assistance
• Quality Improvement: Analyzing usage patterns to improve our services and user experience
• Personalization: Customizing menu recommendations based on dietary preferences and order history

3.2 Communication

• Transactional Communications: Order confirmations, delivery notifications, receipt emails
• Customer Support: Responding to support requests and resolving issues
• Service Updates: Important notices about policy changes, service disruptions
• Marketing Communications: Promotional emails, special offers, new menu items (with your consent only)

3.3 Marketing and Analytics

• Personalized Advertising: Showing relevant ads based on your preferences and behavior
• Analytics: Understanding website traffic, user behavior, and service performance
• Campaign Measurement: Measuring the effectiveness of our marketing campaigns
• Market Research: Developing new products and services based on customer insights

3.4 Legal Compliance and Security

• Legal Obligations: Complying with applicable laws and regulations
• Fraud Prevention: Detecting and preventing fraudulent activities
• Security: Protecting our systems, services, and users from security threats
• Dispute Resolution: Resolving disputes and enforcing our terms of service

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: Secure processing of payments and transaction verification
• Delivery Companies: Coordinating food delivery and tracking services
• Cloud Storage Providers: Secure data storage and backup services
• Email Services: Sending transactional and marketing emails
• Analytics Providers: Understanding website usage and performance
• Customer Support Tools: Managing customer inquiries and support tickets

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

• In response to court orders, subpoenas, or legal process
• To comply with applicable laws and regulations
• To protect the rights, property, and safety of our users and the public
• In emergency situations to protect personal safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security

5.1 Technical Security Measures

• Encryption: All data transmission is protected using SSL/TLS encryption protocols
• Secure Storage: Personal data is stored in encrypted databases with restricted access
• Firewall Protection: Advanced firewall systems protect against unauthorized access
• Access Controls: Strict access controls ensure only authorized personnel can access personal data
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Regular Backups: Secure, encrypted backups to prevent data loss

5.2 Organizational Security Measures

• Employee Training: Regular security awareness training for all staff
• Data Handling Procedures: Established procedures for handling personal data
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response: Comprehensive security incident response procedures
• Regular Audits: Periodic security audits and vulnerability assessments

5.3 Your Security Responsibilities

• Use strong, unique passwords for your account
• Never share your login credentials with others
• Log out of your account when using public or shared computers
• Be cautious of phishing emails and suspicious links
• Report any suspected unauthorized access immediately

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities promptly in accordance with applicable laws.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and mobile applications.

Other Tracking Technologies

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Advertising campaign measurement and optimization
• Web Beacons: Email open rates and engagement tracking
• Local Storage: Storing user preferences and application data

Cookie Management: You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. You can also manage your cookie preferences through our cookie consent banner.

7. Your Rights (GDPR/CCPA Compliance)

You have several rights regarding your personal information:

7.1 Right of Access

You have the right to request access to your personal data and receive information about how we process it.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances, such as when it's no longer necessary for the original purpose.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data under certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You can object to processing of your personal data, especially for direct marketing purposes.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to automated decision-making, including profiling, that produces legal or significant effects.

How to Exercise Your Rights: To exercise any of these rights, contact us using the information in Section 13. We will respond to your request within 30 days.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 years of age.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our files.

If we become aware that we have collected personal information from a child under age 16 without parental consent, we will take steps to promptly delete that information.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

• EU-Japan adequacy decisions for transfers to Japan
• Standard Contractual Clauses (SCC) approved by the European Commission
• Binding corporate rules for intra-group transfers
• Appropriate technical and organizational security measures
• Regular compliance audits and assessments

9.2 Transfer Destinations

Your data may be transferred to and processed in:

• United States: Cloud storage and analytics services
• European Union: Data processing and customer support
• Other countries: As needed for service provision, always with appropriate protections

10. Data Retention Periods

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy:

Safe Data Disposal

When data reaches the end of its retention period, we ensure secure disposal:

• Complete electronic deletion using industry-standard methods
• Physical destruction of paper records through secure shredding
• Removal from backup systems within reasonable timeframes
• Maintenance of disposal records for audit purposes

11. Third-Party Links

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy does not apply to these third-party services.

We are not responsible for the privacy practices or content of these third-party services. We encourage you to read the privacy policies of any third-party services before providing them with your personal information.

When you click on links to third-party sites or use third-party services, you do so at your own risk and subject to their terms and privacy policies.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

• A prominent notice on our website homepage
• Email notification to registered users
• Pop-up notification when you log into your account
• Push notifications through our mobile app

12.2 Significant Changes

For material changes that significantly affect your rights or how we use your information, we will seek your explicit consent before the changes take effect.

12.3 Staying Informed

• The most current version will always be available on our website
• Check the "Last Updated" date at the top of this policy
• Your continued use of our services after changes constitutes acceptance
• If you disagree with changes, you may stop using our services

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time:

• Click the "Unsubscribe" link in any marketing email
• Update your preferences in your account settings
• Contact our customer support team
• Call us at +61 499 038 878

14.2 Account Deletion Process

To delete your account and withdraw all consent:

1. Log into your account and go to Settings
2. Select "Delete Account" option
3. Confirm your identity for security purposes
4. Review what data will be deleted vs. retained for legal compliance
5. Confirm deletion request

Note: Some information may be retained as required by law or for legitimate business purposes as outlined in our retention policy.

15. Conclusion

At Guzman y Gomez, protecting your privacy is fundamental to our relationship with you. We are committed to maintaining the highest standards of data protection and transparency in all our operations.

We believe that trust is earned through consistent actions and clear communication. This Privacy Policy represents our commitment to being transparent about how we handle your personal information and giving you control over your data.

Your trust enables us to continue providing you with exceptional food services and memorable dining experiences. We take this responsibility seriously and continuously work to improve our privacy practices.

If you have any questions, concerns, or feedback about this Privacy Policy or our privacy practices, please don't hesitate to contact us. We value your input and are here to help.

Thank you for choosing Guzman y Gomez and for taking the time to understand how we protect your privacy.