Name: Costa Vida
Address: БЦ «БУТОН», Krasnyy Prospekt, 17/1, 7 Etazh, Novosibirsk, Novosibirskaya oblast', Russia, 630099, United States
Telephone: +7 903 931-33-23
Price range: $$

1. Introduction

Welcome to Costa Vida ("we," "our," or "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website costasvidas.top, use our mobile application, or engage with our food delivery and restaurant services.

Important: We never sell your personal data to third parties. Your information is used solely to provide and improve our services.

This policy applies to all users of our services, including customers who order food online, visit our restaurants, participate in our loyalty programs, or interact with our digital platforms. By using our services, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our services. We may update this policy from time to time, and your continued use of our services after changes are posted constitutes acceptance of those changes.

2. Information We Collect

2.1 Information You Provide to Us

Personal Identification: Name, email address, phone number, delivery address, billing address
Account Information: Username, password, order history, favorite items, dietary preferences
Food Service Specific Data: Allergen information, special dietary requirements (vegan, halal, kosher, gluten-free), portion preferences
Order Details: Food items selected, customization requests, delivery instructions, catering event details
Payment Information: Credit card details (encrypted and stored securely), billing preferences
Loyalty Program Data: Rewards points, membership tier, purchase patterns, promotional preferences
Reservation Information: Table booking details, party size, special occasion notes, seating preferences
Communication Data: Contact form submissions, customer service interactions, reviews and feedback
Marketing Preferences: Newsletter subscriptions, promotional email preferences, communication channels

2.2 Information Automatically Collected

Device Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages visited, time spent on site, click patterns, search queries, menu browsing behavior
Location Data: Approximate location derived from IP address, GPS location (with permission) for delivery services
Cookie Data: Session identifiers, user preferences, shopping cart contents, login status
Performance Data: Page load times, error reports, system performance metrics

2.3 Information from Third Parties

Social Media: Profile information when you connect social media accounts
Payment Processors: Transaction confirmation and security verification data
Delivery Partners: Delivery status updates, driver location data, delivery completion confirmations
Marketing Partners: Campaign effectiveness data, audience insights (aggregated and anonymized)
Review Platforms: Customer reviews and ratings from third-party review sites

3. How We Use Your Information

3.1 Service Provision

Order Processing: Fulfill food orders, process payments, coordinate deliveries
Account Management: Create and maintain user accounts, authenticate users, manage preferences
Quality Improvement: Analyze ordering patterns, optimize menu offerings, improve website performance
Customer Support: Respond to inquiries, resolve issues, provide technical assistance
Loyalty Programs: Track rewards points, provide personalized offers, manage membership benefits
Food Safety: Maintain allergen records, track dietary restrictions, ensure safe food handling

3.2 Communication

Order Communications: Order confirmations, preparation status, delivery notifications
Customer Support: Respond to questions, provide assistance, follow up on issues
Service Updates: Important notices about menu changes, restaurant hours, policy updates
Marketing Communications: Promotional offers, new menu items, special events (with consent only)
Feedback Requests: Survey invitations, review requests, customer satisfaction surveys

3.3 Marketing and Analytics

Personalization: Recommend menu items based on order history and preferences
Targeted Advertising: Show relevant ads on our platforms and partner websites
Campaign Analysis: Measure effectiveness of marketing campaigns and promotions
Market Research: Understand customer preferences to develop new products and services
Competitive Analysis: Benchmark our services against industry standards

3.4 Legal Compliance

Legal Requests: Comply with court orders, subpoenas, and legal investigations
Fraud Prevention: Detect and prevent fraudulent transactions and activities
Safety Protection: Protect rights, property, and safety of users and employees
Regulatory Compliance: Meet food safety regulations, tax requirements, business licensing

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

Payment Processors: Stripe, PayPal, and other payment services for secure transaction processing
Delivery Partners: Third-party delivery services for food transportation and logistics
Cloud Storage: Amazon Web Services, Google Cloud for secure data storage and backup
Email Services: Mailchimp, SendGrid for marketing emails and transactional communications
Analytics Tools: Google Analytics, Facebook Analytics for website performance analysis
Customer Support: Zendesk, Intercom for customer service management

4.2 Legal Requirements

We may disclose your information when required by law or to protect our legitimate interests:

In response to court orders, subpoenas, or legal process
To comply with applicable laws and regulations
To protect our rights, property, and legal interests
In emergency situations involving public safety
To prevent fraud, security breaches, or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will:

Notify affected customers before the transfer
Ensure the new owner complies with this Privacy Policy
Provide options for data deletion if you prefer

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as:

Participation in joint marketing campaigns
Integration with third-party loyalty programs
Sharing reviews and testimonials (with permission)

5. Data Security

5.1 Technical Security Measures

Encryption: SSL/TLS encryption for all data transmission, AES-256 encryption for stored data
Firewall Protection: Advanced firewall systems to prevent unauthorized access
Access Controls: Multi-factor authentication, role-based access, principle of least privilege
Monitoring: 24/7 security monitoring, intrusion detection systems, automated threat response
Data Backup: Regular automated backups stored in secure, geographically distributed locations
Vulnerability Management: Regular security assessments, penetration testing, patch management

5.2 Organizational Security Measures

Employee Training: Regular security awareness training, phishing simulations, privacy education
Access Management: Background checks, confidentiality agreements, regular access reviews
Incident Response: Documented security incident response procedures, breach notification protocols
Third-Party Security: Vendor security assessments, contractual security requirements
Compliance Audits: Regular internal and external security audits, compliance certifications

5.3 Your Security Responsibilities

Use strong, unique passwords for your account
Enable two-factor authentication when available
Log out of your account on shared or public computers
Keep your contact information up to date
Report suspicious activity or unauthorized access immediately
Be cautious of phishing emails and verify communications

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours via email and prominently display a notice on our website. We will also notify relevant authorities as required by law.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze website usage:

Cookie Type	Purpose	Duration
Essential Cookies	Basic site functions, login state, shopping cart contents	Session
Functional Cookies	User preferences, language settings, accessibility options	Up to 1 year
Analytics Cookies	Website usage analysis, performance monitoring, user behavior	Up to 2 years
Marketing Cookies	Personalized advertising, campaign tracking, conversion measurement	Up to 1 year

Other Tracking Technologies

Google Analytics: Website traffic analysis, user behavior tracking, conversion measurement
Facebook Pixel: Social media advertising effectiveness, custom audience creation
Web Beacons: Email open rates, newsletter engagement tracking
Local Storage: Browser-based data storage for enhanced functionality
Session Replay: User interaction recording for website optimization (anonymized)

Cookie Management: You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality, such as staying logged in or maintaining your shopping cart. You can also use our cookie preference center to customize your choices.

7. Your Rights (GDPR/CCPA Compliance)

You have several rights regarding your personal information:

7.1 Right of Access

You can request a copy of all personal information we hold about you, including:

What personal data we process
Why we process it
Who we share it with
How long we keep it

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal information when:

It's no longer necessary for the original purpose
You withdraw consent
It was unlawfully processed
Legal obligations require deletion

7.4 Right to Restrict Processing

You can limit how we use your data while we investigate concerns or disputes.

7.5 Right to Data Portability

You can receive your personal data in a machine-readable format to transfer to another service.

7.6 Right to Object

You can object to processing for direct marketing, research, or legitimate interests.

7.7 Right Against Automated Decision-Making

You can request human review of automated decisions that significantly affect you.

How to Exercise Your Rights: Contact us using the information in Section 13. We will respond to your request within 30 days and may request additional information to verify your identity.

8. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect, use, or disclose personal information from children under 16 without parental consent.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We will promptly delete such information from our systems.

Parents have the right to:

Review their child's personal information
Request deletion of their child's information
Refuse further collection of their child's information

9. International Data Transfers

9.1 Protection Measures

When transferring data internationally, we implement appropriate safeguards:

Adequacy Decisions: Transfers to countries with EU adequacy decisions
Standard Contractual Clauses: EU-approved contract terms for data protection
Binding Corporate Rules: Internal policies ensuring consistent protection
Certification Schemes: Industry-standard security certifications
Regular Reviews: Ongoing assessment of transfer mechanisms and security

9.2 Transfer Destinations

We may transfer your data to:

United States: Cloud storage services, analytics platforms
European Union: Data analytics, customer support services
Other Countries: As necessary for service provision with appropriate protections

10. Data Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this policy:

Information Type	Retention Period	Reason
Account Information	6 months after account deletion	Legal obligations, dispute resolution
Order History	7 years	Tax records, warranty claims, food safety tracking
Payment Information	As required by payment processors	Fraud prevention, chargeback protection
Marketing Consent	3 months after withdrawal	Consent record keeping, compliance
Website Usage Logs	Up to 2 years	Security monitoring, performance optimization
Customer Support Records	3 years	Quality improvement, training purposes
Loyalty Program Data	Duration of membership + 2 years	Program administration, personalization
Allergen Information	7 years	Food safety regulations, liability protection

Safe Data Disposal

When data reaches the end of its retention period, we ensure secure disposal:

Complete electronic deletion using industry-standard methods
Physical document shredding for paper records
Secure deletion from backup systems
Certificate of destruction for sensitive data
Regular audits to verify proper disposal

11. Third-Party Links

Our website and services may contain links to third-party websites, applications, or services that are not operated by us. This includes:

Social media platforms (Facebook, Instagram, Twitter)
Review sites (Google Reviews, Yelp, TripAdvisor)
Payment processors and financial institutions
Partner restaurants and delivery services
Advertising networks and analytics providers

Important: We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

When you interact with third-party services through our platform, their own terms and privacy policies apply. Always verify the legitimacy of external links and exercise caution when sharing personal information.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy periodically. When we make changes, we will:

Website Notice: Post a prominent notice on our homepage
Email Notification: Send notifications to registered users for significant changes
In-App Notification: Display pop-up notifications on your next login
Version History: Maintain a record of policy versions and changes

12.2 Checking for Changes

We recommend periodically reviewing this Privacy Policy:

The latest version is always available on our website
Check the "Last Updated" date at the top of this policy
Subscribe to our privacy updates newsletter
Follow us on social media for important announcements

Your Options: If you disagree with changes to this policy, you may stop using our services or contact us to delete your account. Continued use after changes are posted constitutes acceptance of the updated policy.

13. Contact Information

Costa Vida Privacy Team

Address: БЦ «БУТОН», Krasnyy Prospekt, 17/1, 7 Etazh, Novosibirsk, Novosibirskaya oblast', Russia, 630099

Phone: +7 903 931-33-23

Email: [email protected]

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM (local time)

Response Commitment: We will acknowledge receipt of your privacy inquiry within 3 business days and provide a complete response within 30 days.

13.1 Filing Complaints

If you have concerns about our privacy practices:

Contact us first using the information above - we're committed to resolving issues directly
Escalate to supervisory authorities if you remain unsatisfied with our response
EU residents: Contact your local Data Protection Authority
California residents: Contact the California Privacy Protection Agency
Other jurisdictions: Contact your local privacy regulator

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications at any time:

Unsubscribe Links: Click unsubscribe in any marketing email
Account Settings: Update preferences in your online account
Customer Support: Contact us directly to opt out
Text Messaging: Reply "STOP" to any promotional text

14.2 Account Deletion

To permanently delete your account and associated data:

Log into your account and go to Account Settings
Select "Delete Account" option
Confirm your identity and decision
We will process deletion within 30 days
Some data may be retained for legal compliance

Note: Account deletion is irreversible. You will lose access to order history, loyalty points, and saved preferences. Consider downloading your data first if needed.

15. Conclusion

At Costa Vida, we believe that protecting your privacy is fundamental to building a trusted relationship with our customers. We are committed to transparency in our data practices and continuous improvement of our privacy protections.

This Privacy Policy reflects our dedication to:

Collecting only the information necessary to provide excellent service
Using your data responsibly and ethically
Protecting your information with industry-leading security measures
Respecting your rights and preferences
Maintaining compliance with all applicable privacy laws

We recognize that privacy is not a one-time consideration but an ongoing commitment. We regularly review and update our practices to ensure we continue meeting the highest standards of data protection.

If you have any questions, concerns, or suggestions about this Privacy Policy or our privacy practices, please don't hesitate to contact us. We value your feedback and are always working to improve.

Thank you for trusting Costa Vida with your personal information and for being part of our community.

Remember: This Privacy Policy was last updated on January 15, 2026. Please check back periodically for updates, as we may modify this policy to reflect changes in our practices or applicable laws.