Privacy Policy

1. Introduction

Welcome to Guzman y Gomez ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website, mobile applications, and services.

This policy applies to all users of our food delivery and dining services, including online orders, in-store purchases, catering services, and franchise operations. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide when using our services:

• Personal Identification: Name, email address, phone number, delivery address, billing address
• Account Information: Username, password, order history, dietary preferences, allergen information
• Payment Information: Credit card details, billing information (encrypted and securely stored)
• Food Preferences: Favorite orders, special dietary requirements (vegan, halal, kosher, gluten-free), allergen restrictions
• Reservation Details: Table booking information, party size, special occasions
• Catering Information: Event details, guest count, menu preferences, delivery instructions
• Communication: Contact form submissions, customer service interactions, reviews and feedback
• Marketing Preferences: Email subscription choices, notification preferences
• Loyalty Program Data: Points balance, rewards history, membership status

2.2 Automatically Collected Information

We automatically collect certain information when you use our services:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, click patterns, search queries
• Location Data: Approximate location based on IP address, GPS location (with permission)
• Order Analytics: Frequency of orders, average order value, preferred order times
• Cookie Data: Session identifiers, user preferences, analytics information
• Performance Data: Page load times, error logs, technical diagnostics

2.3 Information from Third Parties

• Social Media: Profile information if you connect social media accounts
• Payment Processors: Transaction verification and fraud prevention data
• Delivery Partners: Delivery status updates, location tracking during delivery
• Marketing Partners: Campaign effectiveness data, demographic information
• Third-party Login: Information from Google, Facebook, or Apple if you use social login

3. How We Use Your Information

3.1 Service Provision

• Processing and fulfilling food orders and deliveries
• Managing your account and authentication
• Handling table reservations and in-store dining
• Coordinating catering services and events
• Providing customer support and resolving issues
• Managing loyalty programs and rewards
• Ensuring food safety through allergen tracking
• Improving service quality and menu offerings

3.2 Communication

• Order confirmations and delivery notifications
• Account updates and security alerts
• Customer support responses
• Important policy changes and service updates
• Marketing emails and promotional offers (with consent only)
• Loyalty program communications
• Feedback requests and surveys

3.3 Marketing and Analytics

• Personalizing your experience and recommendations
• Analyzing website traffic and user behavior
• Measuring marketing campaign effectiveness
• Conducting market research for new products
• Creating targeted advertising (with appropriate consent)
• Developing new services and features

3.4 Legal Compliance and Security

• Complying with legal obligations and regulations
• Preventing fraud and unauthorized access
• Protecting our rights, property, and safety
• Resolving disputes and enforcing agreements
• Responding to law enforcement requests
• Maintaining business records as required by law

4. Information Sharing and Disclosure

4.1 Service Providers

We may share your information with trusted third-party service providers who help us operate our business:

• Payment Processors: Secure transaction processing and fraud prevention
• Delivery Services: Order fulfillment and delivery coordination
• Cloud Storage Providers: Secure data storage and backup services
• Marketing Services: Email campaigns and customer communications
• Analytics Tools: Usage analysis and performance monitoring
• Customer Support: Help desk and chat support services
• Security Services: Fraud detection and cybersecurity protection

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

• In response to court orders, subpoenas, or legal proceedings
• To comply with applicable laws and regulations
• To protect our rights, property, and safety or that of others
• In emergency situations involving public safety
• To investigate and prevent fraud or illegal activities
• To enforce our terms of service and other agreements

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

• Customer information may be transferred to the new owner
• We will provide advance notice before any such transfer
• The new owner must comply with this privacy policy
• You will have options regarding your data in such situations

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as:

• Participation in promotional campaigns
• Integration with third-party services
• Market research participation
• Community features and social sharing

5. Data Security

5.1 Technical Measures

We implement comprehensive security measures to protect your data:

• Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS protocols
• Secure Storage: Personal data is stored on secure servers with restricted access
• Access Control: Only authorized personnel have access to personal data on a need-to-know basis
• Network Security: Advanced firewall systems protect against unauthorized access
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Data Backups: Regular encrypted backups ensure data recovery capabilities

5.2 Organizational Measures

• Employee Training: Regular security awareness training for all staff
• Data Handling Procedures: Strict protocols for accessing and processing personal data
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response: Comprehensive security incident response and recovery procedures
• Regular Audits: Periodic security assessments and vulnerability testing
• Vendor Management: Due diligence and security requirements for all service providers

5.3 Your Security Responsibilities

5.4 Security Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovering the breach
• Inform relevant supervisory authorities as required by law
• Provide details about what information was affected
• Explain the steps we're taking to address the breach
• Offer guidance on protecting yourself from potential harm

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze website usage. Below is a detailed breakdown:

Cookie Type	Purpose	Duration
Essential Cookies	Basic site functionality, login state, shopping cart	Session (deleted when browser closes)
Functional Cookies	User preferences, language settings, location	Up to 1 year
Analytics Cookies	Usage analysis, performance monitoring, improvement	Up to 2 years
Marketing Cookies	Personalized advertising, campaign measurement	Up to 1 year

Tracking Technologies We Use

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Social media advertising measurement and optimization
• Web Beacons: Email open rate tracking and engagement measurement
• Local Storage: Browser-based data storage for user preferences
• Session Storage: Temporary data storage for single browsing sessions

Cookie Management

You can manage cookie preferences through:

• Browser Settings: Accept, reject, or delete cookies in your browser preferences
• Our Cookie Banner: Customize your preferences when you first visit our site
• Account Settings: Manage marketing and analytics preferences in your user account

7. Your Privacy Rights

Under applicable privacy laws (GDPR, CCPA, and Australian Privacy Act), you have the following rights regarding your personal data:

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you. We primarily use automated systems for:

• Order processing and fulfillment
• Fraud detection and prevention
• Personalized menu recommendations
• Dynamic pricing during peak hours

How to Exercise Your Rights

When exercising your rights, please provide:

• Clear identification of yourself
• Specific description of your request
• Proof of identity for security purposes
• Preferred method of response

8. Children's Privacy

Our services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will promptly investigate and delete any such information.

Educational Purpose: Any information collected about children's dietary preferences in family accounts is used solely to ensure safe food preparation and allergen management.

9. International Data Transfers

9.1 Data Protection Measures

When transferring your personal data internationally, we implement appropriate safeguards:

• Adequacy Decisions: Transfers to countries recognized as providing adequate protection by the Australian Privacy Commissioner
• Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring GDPR compliance
• Data Processing Agreements: Contractual obligations for data protection with all international partners
• Encryption in Transit: All international data transfers use end-to-end encryption
• Regular Compliance Audits: Ongoing monitoring of international partners' data protection practices

9.2 Transfer Destinations

Your data may be transferred to and processed in:

• United States: Cloud storage services (AWS, Google Cloud) with Privacy Shield or equivalent protections
• European Union: Data analytics and customer support services
• Singapore: Regional data processing center for Asia-Pacific operations
• New Zealand: Backup and disaster recovery services

All transfers comply with applicable data protection laws and include appropriate contractual protections.

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law.

Information Type	Retention Period	Reason for Retention
Account Information	6 months after account deletion	Legal obligations, dispute resolution
Order History & Purchase Records	7 years	Tax and accounting requirements, warranty claims
Payment Information	As required by payment processors	Fraud prevention, chargeback protection
Marketing Consent Records	3 months after withdrawal	Consent record keeping, compliance proof
Website Usage Logs	Up to 2 years	Security monitoring, analytics, improvement
Customer Support Records	3 years	Service quality improvement, training
Loyalty Program Data	3 years after last activity	Program administration, fraud prevention
Allergen & Dietary Information	While account is active + 1 year	Food safety, liability protection

Safe Data Disposal

When data reaches the end of its retention period, we ensure secure disposal:

• Electronic Data: Complete deletion using industry-standard methods making recovery impossible
• Physical Records: Secure shredding by certified document destruction services
• Backup Systems: Systematic removal from all backup and archive systems
• Third-party Systems: Coordination with service providers to ensure complete deletion
• Disposal Records: Maintenance of disposal logs for compliance and audit purposes

11. Third-Party Links and Services

Our website and mobile applications may contain links to external websites, social media platforms, and third-party services that are not operated by us.

Third-Party Services We Use

• Social Media Platforms: Facebook, Instagram, Twitter integration for social sharing
• Payment Processors: Stripe, PayPal, and other secure payment gateways
• Map Services: Google Maps for location services and delivery tracking
• Review Platforms: Google Reviews, Yelp, and other rating services
• Analytics Services: Google Analytics, Hotjar for website analysis
• Customer Support: Zendesk or similar platforms for help desk services

Your Responsibility

• Review privacy policies of third-party sites before providing personal information
• Understand how these platforms collect and use your data
• Configure privacy settings on external platforms according to your preferences
• Be aware that we cannot control third-party data practices

Social Media Integration: When you interact with our social media content or use social login features, information may be shared with those platforms according to their privacy policies.

12. Policy Changes and Updates

12.1 How We Notify You of Changes

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes through:

• Website Notice: Prominent notification on our homepage and throughout the site
• Email Notification: Direct email to all registered users with active accounts
• App Notification: Push notifications through our mobile application
• Account Dashboard: Notice in your account settings and order history
• Social Media: Announcements on our official social media channels

12.2 Checking for Updates

• Current Version: The latest version is always available at guzmaanygomez.live/privacy.html
• Last Updated Date: Check the "Last Updated" date at the top of this policy
• Periodic Review: We recommend reviewing this policy periodically
• Email Alerts: Subscribe to our privacy policy updates email list

12.3 Your Options

Grace Period: Material changes will typically take effect 30 days after notification, giving you time to review and decide on continued use of our services.

13. Contact Information

Response Commitment: We will respond to all privacy-related inquiries within 3 business days. For complex requests, we may require up to 30 days for a complete response.

13.1 How to Contact Us

• Email: Preferred method for detailed privacy requests and documentation
• Phone: For urgent privacy concerns or security incidents
• Mail: For formal legal requests or when written documentation is required
• Online Form: Use our contact form at guzmaanygomez.live/contact.html

13.2 Complaints Process

If you're not satisfied with how we handle your privacy concern:

1. Contact Us First: Give us the opportunity to resolve your concern directly
2. Escalation: Request escalation to our Privacy Officer if initial response is unsatisfactory
3. External Complaint: You may lodge a complaint with the Australian Privacy Commissioner
4. Supervisory Authority: EU residents can contact their local Data Protection Authority

14. Withdrawal of Consent

You have the right to withdraw your consent for data processing activities at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications through:

• Unsubscribe Links: Click unsubscribe in any marketing email
• Account Settings: Update your communication preferences in your user account
• Customer Support: Contact our support team to opt out
• Phone Request: Call +61 483 324 966 to opt out verbally
• Email Request: Send opt-out request to [email protected]

14.2 Cookie Consent Withdrawal

• Browser Settings: Disable cookies in your browser preferences
• Cookie Banner: Use our cookie preference center when available
• Account Settings: Manage analytics and marketing cookie preferences
• Clear Existing Cookies: Delete existing cookies from your browser

14.3 Account Deletion Process

Important Note: Account deletion will result in loss of order history, loyalty points, saved preferences, and ability to track past orders. Some information may be retained as required by law for accounting and legal purposes.

14.4 Partial Data Removal

You may also request removal of specific types of data:

• Marketing profile and preferences
• Saved addresses and payment methods
• Order history (subject to legal retention requirements)
• Customer reviews and feedback
• Loyalty program participation

15. Conclusion

At Guzman y Gomez, we are committed to maintaining the highest standards of privacy protection and data security. Your trust is essential to our business, and we take our responsibility to protect your personal information seriously.

Building Trust Through Food: Our commitment to privacy extends beyond legal requirements. We believe that protecting your personal information is fundamental to building lasting relationships with our customers and community.

Questions Welcome: If you have any questions, concerns, or suggestions regarding this Privacy Policy or our privacy practices, please don't hesitate to contact us. We value your feedback and are always looking for ways to improve.

Thank You: Thank you for choosing Guzman y Gomez and for trusting us with your personal information. We look forward to continuing to serve you delicious food while protecting your privacy.