Privacy Policy

1. Introduction

Welcome to Guzman y Gomez. We are deeply committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at guzmaanygomez.top, use our mobile applications, place orders, dine at our restaurants, or otherwise interact with our services.

This policy applies to all information collected through our website, mobile applications, in-store services, delivery platforms, loyalty programs, and any other services we offer (collectively referred to as the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Services. We encourage you to review this policy periodically to stay informed about how we protect your information.

2. Information We Collect

We collect information in several ways to provide you with the best possible food service experience. Understanding what information we collect helps you make informed decisions about using our Services.

2.1 Information You Provide Directly

When you interact with our Services, you may voluntarily provide us with the following types of information:

• Personal Identification Information: Your full name, email address, phone number, delivery address, and billing address when you create an account or place an order.
• Account Information: Username, password, order history, saved payment methods, favorite orders, and account preferences.
• Payment Information: Credit card numbers, debit card details, and billing information. Please note that all payment information is encrypted using industry-standard SSL technology and stored securely through our PCI-compliant payment processors.
• Dietary and Allergen Information: Food allergies, dietary restrictions (such as vegetarian, vegan, gluten-free, halal, kosher), and specific food preferences you share with us to ensure safe food preparation.
• Order Preferences: Your favorite menu items, customization preferences, spice level preferences, and frequently ordered meals.
• Loyalty Program Data: Points balance, rewards redemption history, tier status, and promotional preferences within our loyalty program.
• Reservation Information: Table booking details, party size, special occasion notes, and seating preferences.
• Catering Event Details: Event type, date, location, guest count, menu selections, and special requests for catering orders.
• Communications: Messages you send through our contact forms, customer support inquiries, reviews, ratings, and feedback.
• Marketing Preferences: Your communication preferences, opted-in newsletters, promotional notifications, and SMS marketing consents.

2.2 Information Collected Automatically

When you access our Services, we automatically collect certain information about your device and usage patterns:

• Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, and unique device identifiers.
• Usage Data: Pages visited, links clicked, time spent on pages, menu items viewed, search queries, and navigation patterns within our website or app.
• Cookie Data: Session identifiers, user preferences, shopping cart contents, and authentication tokens. See Section 6 for detailed information about our cookie practices.
• Location Information: Approximate location derived from your IP address, and with your permission, precise GPS location from your mobile device to provide accurate delivery services and show nearby restaurant locations.
• Referral Information: How you arrived at our website, including referring websites, search engines, and marketing campaigns.

2.3 Information from Third Parties

We may receive information about you from other sources to enhance our Services:

• Social Media Platforms: If you connect your social media accounts (Facebook, Google, Apple), we may receive your public profile information, email address, and friends list depending on your privacy settings.
• Payment Processors: Transaction confirmation, fraud detection alerts, and payment verification from services like Stripe, PayPal, and Afterpay.
• Delivery Partners: Order status updates, delivery confirmation, and driver feedback from third-party delivery services.
• Marketing Partners: Advertising identifiers, campaign performance data, and audience insights from our marketing partners.
• Business Partners: Information from co-branded promotions, partnerships, and affiliate programs.

3. How We Use Your Information

We use the information we collect for various purposes, all aimed at providing you with excellent food service and enhancing your experience with Guzman y Gomez.

3.1 Service Provision and Operations

• Processing and fulfilling your food orders, including preparation, packaging, and delivery coordination
• Managing your account registration, authentication, and password recovery
• Ensuring food safety by tracking allergen information and dietary requirements
• Processing payments securely and managing refunds when necessary
• Coordinating table reservations and managing restaurant capacity
• Planning and executing catering orders for your events
• Managing our loyalty program, including points accrual and rewards redemption
• Improving our menu offerings based on order trends and customer preferences
• Optimizing our kitchen operations and delivery logistics

3.2 Communication

• Sending order confirmations, preparation updates, and delivery notifications
• Responding to your customer support inquiries and feedback
• Notifying you of important changes to our services, policies, or restaurant operations
• Sending promotional emails about new menu items, special offers, and events (with your consent)
• Delivering SMS updates about your order status (with your consent)
• Providing loyalty program updates, points balance, and exclusive member offers

3.3 Marketing and Analytics

• Analyzing website and app usage to understand customer behavior and preferences
• Creating personalized recommendations based on your order history
• Measuring the effectiveness of our marketing campaigns and promotions
• Conducting market research to develop new menu items and services
• Displaying targeted advertisements that may interest you
• Segmenting our customer base for tailored marketing communications

3.4 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Detecting, preventing, and addressing fraud, security breaches, and illegal activities
• Protecting the rights, property, and safety of Guzman y Gomez, our customers, and others
• Enforcing our Terms of Service and other agreements
• Resolving disputes and providing evidence in legal proceedings if necessary

4. Information Sharing and Disclosure

We are committed to protecting your privacy and only share your information in limited circumstances as described below. We never sell your personal information to third parties for their own marketing purposes.

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: Companies like Stripe, PayPal, and Afterpay process your payment transactions securely. They receive only the information necessary to complete transactions.
• Delivery Partners: Delivery services receive your name, delivery address, phone number, and order details to fulfill deliveries.
• Cloud Service Providers: We use secure cloud infrastructure (such as AWS and Google Cloud) to store and process data with industry-leading security measures.
• Email and SMS Service Providers: Marketing platforms help us send transactional and promotional communications.
• Analytics Providers: Tools like Google Analytics help us understand how customers use our website and app.
• Customer Support Platforms: Help desk software enables us to efficiently respond to your inquiries.

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid court orders, subpoenas, or legal processes
• Requests from law enforcement or government agencies
• Compliance with applicable laws and regulations
• Protection of public safety in emergency situations
• Prevention or investigation of suspected illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes when we have obtained your explicit consent. You will always be informed about what information is being shared and with whom before you provide consent.

5. Data Security

Protecting your information is a top priority at Guzman y Gomez. We implement comprehensive security measures to safeguard your data against unauthorized access, alteration, disclosure, or destruction.

5.1 Technical Security Measures

• Encryption: All data transmitted between your browser and our servers is protected using SSL/TLS encryption (HTTPS). Payment information is encrypted using AES-256 bit encryption.
• Firewall Protection: Advanced firewall systems protect our infrastructure from unauthorized access and cyber attacks.
• Access Controls: Access to personal data is restricted to authorized employees who need the information to perform their job functions.
• Security Monitoring: Our systems are monitored 24/7 for suspicious activities and potential security threats.
• Regular Backups: Data is regularly backed up to secure, geographically distributed locations to prevent data loss.
• Secure Payment Processing: We use PCI DSS compliant payment processors and never store full credit card numbers on our servers.

5.2 Organizational Security Measures

• Employee Training: All employees receive regular training on data protection, privacy policies, and security best practices.
• Data Handling Procedures: Strict protocols govern how personal data is accessed, processed, and disposed of.
• Vendor Agreements: All third-party service providers are contractually required to maintain appropriate security measures and confidentiality obligations.
• Incident Response: We maintain a comprehensive security incident response plan to quickly address any potential breaches.
• Regular Audits: Our security practices are regularly reviewed and audited by internal and external security experts.

5.3 Your Security Responsibilities

While we take extensive measures to protect your data, your cooperation is essential:

• Create strong, unique passwords for your account and change them regularly
• Never share your login credentials with others
• Always log out of your account when using shared or public computers
• Be cautious of phishing emails or suspicious links claiming to be from Guzman y Gomez
• Keep your devices and browsers updated with the latest security patches
• Report any unauthorized access or suspicious activity to us immediately

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. This section explains what cookies we use and how you can manage them.

Cookie Type	Purpose	Duration
Essential Cookies	Required for basic website functionality, shopping cart operations, secure login, and session management. These cookies cannot be disabled.	Session
Functional Cookies	Remember your preferences such as language, location, saved addresses, and recently viewed items to provide a personalized experience.	Up to 1 year
Analytics Cookies	Help us understand how visitors interact with our website, which pages are most popular, and identify areas for improvement.	Up to 2 years
Marketing Cookies	Track your activity across websites to deliver personalized advertisements and measure the effectiveness of our marketing campaigns.	Up to 1 year

Tracking Technologies We Use

• Google Analytics: Analyzes website traffic, user behavior, and conversion rates to help us improve our services.
• Facebook Pixel: Measures advertising effectiveness on Facebook and Instagram, and helps deliver relevant ads.
• Web Beacons: Small transparent images used in emails to track open rates and engagement.
• Local Storage: Stores data in your browser for persistent preferences and offline functionality.

Managing Your Cookie Preferences

You can manage your cookie preferences through several methods:

• Cookie Consent Banner: Use our cookie consent tool when you first visit our website to choose which categories of cookies to accept.
• Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically find these options in the "Options" or "Preferences" menu.
• Opt-Out Links: Visit Digital Advertising Alliance or Your Online Choices to opt out of targeted advertising.

Please Note: Disabling certain cookies may affect the functionality of our website. Essential cookies cannot be disabled as they are necessary for the website to function properly.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Australian Privacy Principles (APPs).

7.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a commonly used electronic format within 30 days of your verified request.

7.2 Right to Rectification

If you believe any personal information we hold about you is inaccurate or incomplete, you have the right to request correction. You can update most information directly through your account settings, or contact us for assistance.

7.3 Right to Erasure (Right to be Forgotten)

You may request that we delete your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected. Please note that we may need to retain certain information for legal, accounting, or fraud prevention purposes.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information while we verify its accuracy or the legitimacy of our processing activities.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON), and to transmit this data to another service provider where technically feasible.

7.6 Right to Object

You may object to our processing of your personal information for direct marketing purposes. If you object, we will stop processing your data for marketing without requiring any further justification.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you. You can request human intervention in such decisions.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request to protect your privacy and security.

8. Children's Privacy

Guzman y Gomez's Services are not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without verifiable parental consent.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our systems.

If we discover that we have inadvertently collected personal information from a child under 16, we will delete that information as quickly as possible and take appropriate measures to prevent future occurrences.

9. International Data Transfers

As a business operating in Australia, we may transfer your personal information to countries outside of Australia for processing and storage. We take appropriate measures to ensure your data remains protected regardless of where it is processed.

9.1 Protection Measures

• Adequacy Decisions: Where applicable, we transfer data to countries recognized as providing adequate data protection.
• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses when transferring data to countries without adequacy decisions.
• Data Processing Agreements: All international service providers are bound by comprehensive data processing agreements that require them to protect your data.
• Security Assessments: We conduct regular security assessments of our international data transfer practices.
• Compliance Audits: Regular audits ensure ongoing compliance with applicable data protection regulations.

9.2 Transfer Destinations

Your data may be transferred to and processed in:

• United States: For cloud storage services and certain analytics tools
• European Union: For data analytics and marketing services
• Other Countries: As necessary to provide our services, always with appropriate protection measures in place

10. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Information Type	Retention Period	Reason
Account Information	6 months after account deletion	Legal obligations and dispute resolution
Order History	7 years	Tax and accounting requirements
Payment Records	7 years	Financial compliance and audit requirements
Marketing Consent Records	3 months after consent withdrawal	Proof of consent compliance
Website Usage Logs	Up to 2 years	Security monitoring and analytics
Customer Support Records	3 years	Service quality and training
Loyalty Program Data	Duration of membership plus 2 years	Program administration and legal compliance

Safe Data Disposal

When personal information is no longer required, we dispose of it securely using the following methods:

• Electronic Deletion: Complete and irreversible deletion from all systems and backups
• Physical Records: Cross-cut shredding of any paper documents containing personal information
• Backup Data: Systematic deletion from backup systems according to retention schedules
• Disposal Records: Maintaining records of data disposal for compliance purposes

11. Third-Party Links

Our website and mobile applications may contain links to third-party websites, applications, or services that are not owned or controlled by Guzman y Gomez. These may include social media platforms, delivery partner websites, payment processors, and other external services.

Please be aware that:

• We are not responsible for the privacy practices or content of third-party websites
• Third-party sites have their own privacy policies that govern the collection and use of your information
• We encourage you to review the privacy policies of any third-party sites before providing personal information
• Your interactions with third-party services are governed by their respective terms and policies
• The inclusion of a link does not imply endorsement of the linked site by Guzman y Gomez

12. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

12.1 How We Notify You of Changes

• Website Notice: A prominent notice will be displayed on our website announcing significant changes
• Email Notification: Registered users will receive an email notification about material changes
• Login Notification: A pop-up notification may appear when you next log into your account
• Explicit Consent: For significant changes that affect how we use your data, we may ask for your explicit consent

12.2 Staying Informed

• The most current version of this policy is always available on our website
• Check the "Last Updated" date at the top of this policy to see when it was last revised
• Your continued use of our Services after changes take effect constitutes acceptance of the updated policy
• If you disagree with any changes, you may close your account and discontinue use of our Services

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy concerns promptly and thoroughly.

Response Commitment: We strive to respond to all privacy-related inquiries within 3 business days. For data access or deletion requests, we will provide a substantive response within 30 days as required by applicable law.

13.1 Complaints

If you have a concern about how we handle your personal information, we encourage you to contact us first so we can try to resolve the issue directly. We take all complaints seriously and will investigate and respond to your concerns.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

• Office of the Australian Information Commissioner (OAIC)
  Website: www.oaic.gov.au
  Phone: 1300 363 992

14. Withdrawal of Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

14.1 Marketing Consent Withdrawal

You can withdraw your consent to receive marketing communications at any time through:

• Unsubscribe Link: Click the "unsubscribe" link at the bottom of any marketing email
• Account Settings: Log into your account and update your communication preferences
• SMS Reply: Reply "STOP" to any marketing text message
• Contact Us: Email or call our customer support team to update your preferences

Please note that even if you opt out of marketing communications, we may still send you transactional messages related to your orders, account, and important service announcements.

14.2 Account Deletion

If you wish to delete your account and associated personal information:

1. Log into your account on our website or app
2. Navigate to "Account Settings" or "Privacy Settings"
3. Select "Delete Account" or "Request Data Deletion"
4. Confirm your request by following the verification steps
5. Your account will be scheduled for deletion within 30 days

Please note that we may retain certain information as required by law or for legitimate business purposes, such as completing pending transactions, maintaining fraud prevention records, or complying with legal obligations.

15. Conclusion

At Guzman y Gomez, we understand that entrusting us with your personal information is a significant responsibility. We are committed to earning and maintaining your trust by handling your data with the utmost care, transparency, and respect for your privacy rights.

Our relationship with you extends beyond serving delicious Mexican food – it includes safeguarding the personal information you share with us. We continuously review and improve our privacy practices to ensure they meet the highest standards of data protection.

If you have any questions about this Privacy Policy or our data practices, please do not hesitate to reach out. We welcome your feedback and are always here to address your concerns.

Thank you for choosing Guzman y Gomez. We appreciate your trust and look forward to serving you.