Privacy Policy

Your privacy is important to us. Learn how we protect and use your personal information.

Last Updated: January 15, 2026

1. Introduction

Costa Vida ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website costavidas.rest, use our mobile application, or engage with our food services.

This policy applies to all information collected through our digital platforms, physical locations, delivery services, catering operations, and any related services. By using our services, you agree to the collection and use of information in accordance with this policy.

Important: We never sell your personal data to third parties. Your information is used solely to provide and improve our food services and customer experience.

2. Information We Collect

2.1 Information You Provide

  • Personal Identification: Name, email address, phone number, delivery address, billing address
  • Account Information: Username, password, order history, dietary preferences, favorite menu items
  • Payment Information: Credit card details, billing information (stored securely through encrypted payment processors)
  • Food Service Specific Data:
    • Allergen information and dietary restrictions
    • Special dietary requirements (vegan, vegetarian, gluten-free, halal, kosher)
    • Food preferences and customization requests
    • Table reservation details and party size
    • Catering event information and guest counts
    • Loyalty program participation and reward preferences
  • Contact Form Submissions: Messages, feedback, reviews, and customer support inquiries
  • Marketing Preferences: Email subscription choices, promotional preferences, communication settings

2.2 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, clicks, search terms, order patterns
  • Location Data: Approximate location from IP address, delivery location for order fulfillment
  • Cookie Data: Session IDs, user preferences, analytics data, shopping cart contents
  • Performance Data: Website loading times, error reports, feature usage statistics

2.3 Information from Third Parties

  • Social Media: Profile information if you connect social media accounts
  • Payment Processors: Transaction confirmations, payment status updates
  • Delivery Partners: Delivery status, location updates during delivery
  • Marketing Partners: Campaign performance data, advertising effectiveness metrics

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Fulfilling food orders, managing reservations, coordinating delivery
  • Account Management: Creating and maintaining user accounts, authentication, security
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Analyzing service performance, optimizing menu offerings, improving user experience
  • Personalization: Customizing menu recommendations based on dietary preferences and order history

3.2 Communication

  • Transactional Messages: Order confirmations, delivery notifications, receipt emails
  • Customer Support: Responses to inquiries, issue resolution communications
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional offers, new menu items, special events (with explicit consent only)

3.3 Marketing and Analytics

  • Personalized Advertising: Tailored promotions based on food preferences and order history
  • Website Analytics: Traffic analysis, user behavior patterns, conversion optimization
  • Campaign Measurement: Effectiveness of marketing campaigns, ROI analysis
  • Market Research: Understanding customer preferences, developing new menu items

3.4 Legal Compliance

  • Legal Requests: Responding to court orders, subpoenas, government inquiries
  • Fraud Prevention: Detecting and preventing fraudulent transactions, account security
  • Rights Protection: Protecting our rights, property, and safety, as well as those of our customers
  • Dispute Resolution: Resolving conflicts, investigating complaints, enforcing terms

4. Information Sharing and Disclosure

4.1 Service Providers

  • Payment Processors: Secure transaction processing (Stripe, PayPal, etc.)
  • Delivery Companies: Order fulfillment, address verification, delivery tracking
  • Cloud Storage Providers: Secure data storage and backup services
  • Marketing Services: Email campaign management, customer communication
  • Analytics Tools: Website usage analysis, performance monitoring
  • Customer Support Platforms: Help desk services, chat support tools

4.2 Legal Requirements

  • Court Orders: Compliance with legally binding requests and subpoenas
  • Regulatory Compliance: Meeting food safety, health department, and business licensing requirements
  • Law Enforcement: Cooperation with legitimate investigations and public safety efforts
  • Emergency Situations: Protection of individual safety and public welfare

4.3 Business Transfers

  • Mergers and Acquisitions: Transfer of customer data in business combinations
  • Asset Sales: Data transfer as part of business asset transactions
  • Customer Notification: Advance notice of any ownership or control changes
  • Policy Compliance: Requirement for new owners to honor existing privacy commitments

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as participation in promotional partnerships or third-party loyalty programs.

5. Data Security

5.1 Technical Measures

  • Encryption: SSL/TLS encryption for all data transmission, AES-256 encryption for stored data
  • Firewall Systems: Advanced network security and intrusion detection systems
  • Access Controls: Role-based access restrictions, minimum necessary data access principles
  • Security Monitoring: 24/7 monitoring for suspicious activities and security threats
  • Data Backups: Regular, encrypted backups stored in secure, geographically distributed locations
  • Vulnerability Management: Regular security assessments and prompt patching of identified vulnerabilities

5.2 Organizational Measures

  • Employee Training: Regular privacy and security training for all staff handling personal data
  • Data Handling Procedures: Documented protocols for data collection, processing, and disposal
  • Third-Party Agreements: Comprehensive data protection agreements with all service providers
  • Incident Response: Established procedures for identifying and responding to security breaches
  • Security Audits: Regular internal and external security assessments and compliance reviews

5.3 Your Responsibilities

  • Password Security: Use strong, unique passwords and enable two-factor authentication when available
  • Account Protection: Do not share login credentials with others
  • Public Computer Safety: Always log out when using shared or public computers
  • Phishing Awareness: Be cautious of suspicious emails or links claiming to be from Costa Vida
  • Immediate Reporting: Contact us immediately if you suspect unauthorized access to your account

Security Breach Notification: In the event of a data security incident that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable laws.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze website usage:

Cookie Type Purpose Duration
Essential Cookies Basic site functionality, shopping cart, login state, security Session (deleted when browser closes)
Functional Cookies User preferences, language settings, location memory Up to 1 year
Analytics Cookies Website usage analysis, performance improvement, traffic patterns Up to 2 years
Marketing Cookies Personalized advertising, campaign measurement, retargeting Up to 1 year

Additional Tracking Technologies

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for improved performance
  • Session Storage: Temporary data storage during your visit

Cookie Management: You can control cookies through your browser settings to accept, reject, or delete cookies. However, disabling certain cookies may affect website functionality, particularly for ordering and account management features.

7. Your Rights (GDPR/CCPA Compliance)

You have several rights regarding your personal information:

7.1 Right of Access

You can request access to view all personal data we hold about you, including order history, account information, and communication records.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data, including updating contact information and dietary preferences.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal requirements for record keeping (such as tax and accounting obligations).

7.4 Right to Restrict Processing

You can request limitations on how we use your data, such as stopping marketing communications while maintaining service-related communications.

7.5 Right to Data Portability

You can request your personal data in a machine-readable format to transfer to another service provider.

7.6 Right to Object

You can object to processing of your personal data, especially for marketing purposes, direct mail, or profiling.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

How to Exercise Your Rights: Contact us at [email protected] or call +7 495 531-09-50. We will respond to your request within 30 days and provide clear information about any actions taken.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will promptly delete such information from our systems.

Parents who wish to review, modify, or delete their child's information should contact us using the information provided in the Contact section of this policy.

9. International Data Transfers

9.1 Protection Measures

  • Adequacy Decisions: Transfers to countries with European Commission adequacy decisions
  • Standard Contractual Clauses: Use of EU-approved data transfer agreements
  • Data Processing Agreements: Comprehensive contracts with international service providers
  • Security Measures: Additional technical and organizational safeguards for international transfers
  • Compliance Monitoring: Regular audits of international data processing activities

9.2 Transfer Destinations

  • United States: Cloud storage and payment processing services
  • European Union: Data analytics and customer support services
  • Other Countries: As necessary for service provision, always with appropriate safeguards

10. Data Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this policy:

Information Type Retention Period Reason for Retention
Account Information 6 months after account deletion Legal obligations, fraud prevention, dispute resolution
Order History & Payment Records 7 years Tax and accounting requirements, warranty claims
Marketing Consent Records 3 months after consent withdrawal Proof of consent compliance, regulatory requirements
Website Usage Logs Up to 2 years Security monitoring, analytics, performance optimization
Customer Support Records 3 years after case closure Service quality improvement, training purposes
Food Allergy Information Until account deletion Customer safety, legal liability protection

Safe Data Disposal

  • Electronic Data: Complete deletion using industry-standard data wiping techniques that make recovery impossible
  • Physical Records: Secure shredding and destruction of paper documents
  • Backup Systems: Systematic deletion from all backup and archive systems
  • Documentation: Maintenance of disposal records for compliance auditing

11. Third-Party Links

Our website may contain links to external websites, social media platforms, or third-party services. We are not responsible for the privacy practices or content of these external sites.

Before providing personal information to any third-party website, we encourage you to review their privacy policies and terms of service. Your interactions with third-party sites are governed by their respective privacy policies, not this one.

Third-party services we may link to include:

  • Social media platforms (Facebook, Instagram, Twitter)
  • Review websites (Yelp, Google Reviews)
  • Food delivery platforms
  • Payment service providers
  • Partner restaurant websites

12. Policy Changes

12.1 Change Notification Methods

  • Website Notice: Prominent notification on our homepage and privacy policy page
  • Email Notification: Direct communication to all registered users
  • Account Dashboard: Pop-up notification upon next login
  • Mobile App: Push notification for mobile application users
  • Explicit Consent: Required approval for significant changes affecting your rights

12.2 Staying Informed

  • Regular Review: Check this page periodically for updates
  • Last Updated Date: Always displayed at the top of this policy
  • Version History: Significant changes documented and available upon request
  • Continued Use: Using our services after changes constitutes acceptance
  • Opt-Out Option: Right to discontinue services if you disagree with changes

13. Contact Information

Costa Vida Privacy Office

Address: Ulitsa Varvarka, 6, Moskva, Russia, 109012

Phone: +7 495 531-09-50

Email: [email protected]

Business Hours: Monday - Friday: 9:00 AM - 6:00 PM (MSK)

Response Commitment: We will respond to all privacy-related inquiries within 3 business days.

13.1 Filing Complaints

If you have concerns about our privacy practices that we cannot resolve directly, you may contact the relevant data protection authority:

  • EU Residents: Your local Data Protection Authority
  • UK Residents: Information Commissioner's Office (ICO)
  • California Residents: California Attorney General's Office
  • Other Jurisdictions: Contact us for appropriate authority information

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Log in to your account and update communication preferences
  • Customer Support: Contact us directly to opt-out of marketing communications
  • Phone Request: Call our customer service line to update preferences

14.2 Account Deletion Process

  1. Request Submission: Contact us via email or phone with your deletion request
  2. Identity Verification: We may request verification to protect against unauthorized deletions
  3. Data Review: We'll inform you of any data we must retain for legal compliance
  4. Confirmation: You'll receive confirmation when the deletion process is complete
  5. Timeframe: Complete deletion typically occurs within 30 days of request

Note: Some information may be retained as required by law for tax, accounting, or legal purposes, even after account deletion.

15. Conclusion

At Costa Vida, protecting your privacy is fundamental to our business operations and customer relationships. We are committed to maintaining the highest standards of data protection and transparency in all our practices.

This Privacy Policy represents our dedication to earning and maintaining your trust. We understand that your personal information is valuable, and we treat it with the respect and security it deserves.

We encourage you to contact us with any questions, concerns, or feedback about this Privacy Policy or our privacy practices. Your input helps us continually improve our data protection measures.

Thank you for choosing Costa Vida and for entrusting us with your personal information. We look forward to serving you while maintaining the highest standards of privacy protection.

Remember: This policy was last updated on January 15, 2026. Please check back regularly for any updates or changes.