Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your personal information.

Last Updated: January 15, 2026

1. Introduction

Welcome to Costa Vida ("we," "our," or "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website vidas-costas.click, use our services, place orders, or interact with us in any way.

This policy applies to all information collected by Costa Vida through our website, mobile applications, phone orders, in-store purchases, and any other digital or offline interactions. By using our services, you agree to the collection and use of information in accordance with this policy.

Important Note: We never sell your personal data to third parties. Your trust is paramount to us, and we are committed to maintaining the highest standards of data protection and privacy.

If you do not agree with the terms of this Privacy Policy, please do not access the website or use our services. This policy may be updated from time to time, and we encourage you to review it regularly to stay informed about how we protect your information.

2. Information We Collect

2.1 Information You Provide to Us

  • Personal Identification Information: Name, email address, phone number, billing and delivery addresses, date of birth
  • Account Information: Username, password, purchase history, saved payment methods, order preferences
  • Payment Information: Credit/debit card details, billing address (stored securely and encrypted)
  • Order Information: Food items ordered, quantities, special instructions, dietary preferences and restrictions
  • Dietary and Allergen Information: Food allergies, dietary requirements (vegan, vegetarian, halal, kosher, gluten-free), nutritional preferences
  • Loyalty Program Data: Rewards points, membership level, redemption history, preferences
  • Reservation Information: Table booking details, party size, special occasions, preferred seating
  • Catering Details: Event information, guest count, menu selections, delivery logistics
  • Communication Records: Customer service interactions, feedback, reviews, survey responses
  • Marketing Preferences: Newsletter subscriptions, promotional notifications, communication preferences

2.2 Information Collected Automatically

When you visit our website or use our services, we automatically collect certain information about your device and usage patterns:

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, search queries, referral sources
  • Location Information: Approximate location based on IP address, precise location if you grant permission
  • Cookie Data: Session identifiers, user preferences, shopping cart contents, authentication tokens
  • Performance Data: Page load times, error reports, system performance metrics

2.3 Information from Third Parties

We may receive information about you from various third-party sources:

  • Social Media Platforms: Profile information if you connect your social media accounts
  • Payment Processors: Transaction verification, fraud detection data
  • Delivery Partners: Delivery status, location tracking, delivery confirmations
  • Marketing Partners: Demographic data, interest categories, engagement metrics
  • Data Aggregators: Publicly available information, business directories

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Preparing, confirming, and fulfilling your food orders
  • Delivery Services: Coordinating delivery logistics, tracking orders, managing delivery schedules
  • Account Management: Creating and maintaining user accounts, authentication, security
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Analyzing service performance, optimizing operations, enhancing user experience
  • Personalization: Customizing menu recommendations, remembering preferences, suggesting favorites

3.2 Communication

  • Order Communications: Confirmations, status updates, delivery notifications
  • Customer Support: Responding to questions, concerns, and feedback
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional offers, new menu items, special events (with your consent)
  • Transactional Messages: Receipts, loyalty program updates, account notifications

3.3 Marketing and Analytics

  • Personalized Advertising: Showing relevant promotions based on your preferences and order history
  • Website Analytics: Understanding traffic patterns, popular content, user behavior
  • Campaign Effectiveness: Measuring marketing performance, ROI analysis
  • Market Research: Developing new products, improving services, understanding customer needs
  • Competitive Analysis: Benchmarking against industry standards, market positioning

3.4 Legal Compliance and Security

  • Legal Obligations: Complying with applicable laws, regulations, and legal processes
  • Fraud Prevention: Detecting and preventing fraudulent transactions, protecting against abuse
  • Security Measures: Protecting our systems, data, and users from security threats
  • Dispute Resolution: Investigating and resolving customer complaints, legal claims
  • Risk Management: Assessing and mitigating business risks, ensuring operational continuity

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

  • Payment Processors: Secure handling of credit card transactions, payment verification
  • Delivery Services: Order fulfillment, delivery tracking, logistics management
  • Cloud Storage Providers: Secure data storage, backup services, system infrastructure
  • Email Marketing Services: Newsletter delivery, promotional campaigns, communication automation
  • Analytics Providers: Website performance analysis, user behavior insights, reporting
  • Customer Support Tools: Help desk systems, chat services, ticket management
  • Security Services: Fraud detection, cybersecurity monitoring, threat prevention

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • Legal Process: Court orders, subpoenas, government investigations
  • Regulatory Compliance: Health department requirements, tax obligations, business licensing
  • Law Enforcement: Cooperation with police investigations, criminal proceedings
  • Public Safety: Emergency situations, public health concerns, safety threats
  • Legal Defense: Protecting our rights, property, and interests in legal matters

4.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets:

  • Customer information may be transferred as part of the business assets
  • We will provide notice before your information is transferred
  • The acquiring company must comply with this Privacy Policy
  • You will be notified of any changes to privacy practices

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as:

  • Participation in marketing research or surveys
  • Collaboration with business partners for special promotions
  • Integration with third-party applications or services
  • Sharing testimonials or reviews (with your permission)

5. Data Security

5.1 Technical Security Measures

We implement robust technical safeguards to protect your information:

  • Encryption: SSL/TLS encryption for data transmission, AES encryption for stored data
  • Firewall Protection: Advanced firewall systems to prevent unauthorized access
  • Access Controls: Role-based access, multi-factor authentication, principle of least privilege
  • Network Security: Intrusion detection systems, network segmentation, VPN connections
  • Data Backup: Regular automated backups, disaster recovery procedures, data redundancy
  • Security Monitoring: 24/7 system monitoring, threat detection, incident response protocols
  • Vulnerability Management: Regular security assessments, penetration testing, patch management

5.2 Organizational Security Measures

  • Employee Training: Regular security awareness training, privacy protection protocols
  • Background Checks: Screening of personnel with access to personal data
  • Confidentiality Agreements: Legal obligations for employees and contractors
  • Data Handling Procedures: Strict guidelines for collecting, processing, and storing data
  • Incident Response Plan: Procedures for handling security breaches and data incidents
  • Regular Audits: Internal and external security audits, compliance assessments

5.3 Your Security Responsibilities

Help us protect your information by following these best practices:

  • Strong Passwords: Use unique, complex passwords for your account
  • Password Security: Never share your login credentials with others
  • Secure Logout: Always log out when using public or shared computers
  • Phishing Awareness: Be cautious of suspicious emails or links claiming to be from us
  • Account Monitoring: Regularly review your account activity and order history
  • Immediate Reporting: Contact us immediately if you suspect unauthorized access
Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities promptly as required by law, typically within 72 hours of discovery.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze website performance:

Cookie Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart, security features Session (deleted when browser closes)
Functional Cookies User preferences, language settings, location data, customization Up to 1 year
Analytics Cookies Usage analysis, performance monitoring, website improvement Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking, social media integration Up to 1 year

Tracking Technologies We Use:

  • Google Analytics: Website traffic analysis, user behavior insights, conversion tracking
  • Facebook Pixel: Social media advertising, campaign effectiveness measurement
  • Web Beacons: Email open rates, newsletter engagement, delivery confirmation
  • Local Storage: Browser data storage, offline functionality, user preferences
  • Session Storage: Temporary data storage, form completion, shopping cart persistence

Cookie Management:

You can control cookies through your browser settings. Most browsers allow you to:

  • View and delete existing cookies
  • Block cookies from specific websites
  • Block third-party cookies
  • Receive notifications when cookies are set
  • Delete all cookies when closing the browser
Important: Disabling certain cookies may affect website functionality, such as the ability to place orders, save preferences, or access your account.

7. Your Rights (GDPR/CCPA Compliance)

Under applicable privacy laws, including GDPR and CCPA, you have the following rights regarding your personal information:

7.1 Right of Access

You have the right to request information about the personal data we hold about you, including:

  • What personal data we process
  • Why we process it
  • Who we share it with
  • How long we keep it
  • Your rights regarding the data

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can also update most information directly through your account settings.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • Your data has been unlawfully processed
  • Erasure is required for legal compliance

7.4 Right to Restrict Processing

You may request limitation of how we use your data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification

7.5 Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format for transfer to another service provider.

7.6 Right to Object

You may object to processing of your personal data, particularly for:

  • Direct marketing purposes
  • Processing based on legitimate interests
  • Research and statistical purposes

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or significant effects.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information provided in Section 13. We will respond to your request within 30 days. For complex requests, we may extend this period by an additional 60 days with notification.

Identity Verification: To protect your privacy, we may need to verify your identity before processing certain requests. This helps prevent unauthorized access to your personal information.

8. Children's Privacy

Costa Vida is committed to protecting the privacy of children. Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal information from children under 16.

Our Commitment:

  • We do not knowingly solicit or collect information from children under 16
  • We do not knowingly sell products or services to children under 16
  • We do not send marketing communications to individuals we know are under 16
  • We do not knowingly use children's personal information for marketing purposes

Parental Rights:

If you are a parent or guardian and believe your child under 16 has provided us with personal information:

  • Contact us immediately using the information in Section 13
  • We will promptly delete the child's information from our systems
  • We will not use the information for any purpose
  • We will implement additional measures to prevent future collection
For Parents: Please monitor your child's internet activities and help them understand the importance of not sharing personal information online without your permission.

9. International Data Transfers

As a global business, we may transfer your personal information to countries outside your home country, including countries that may not have the same level of data protection as your home country.

9.1 Protection Measures

When transferring data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: Transfers to countries deemed adequate by privacy regulators
  • Standard Contractual Clauses (SCCs): EU-approved contracts ensuring data protection
  • Data Processing Agreements: Binding contracts with third-party processors
  • Privacy Shield Frameworks: Where applicable and available
  • Binding Corporate Rules: Internal policies for multinational transfers
  • Encryption: Data encrypted during transmission and storage

9.2 Transfer Destinations

Your data may be transferred to and processed in:

  • United States: Cloud storage providers, analytics services
  • European Union: Data processing centers, customer support
  • Canada: Payment processing, fraud prevention
  • Other Countries: As necessary for service provision with appropriate protections

We regularly review the adequacy of protection in destination countries and update our safeguards as needed to ensure your data remains protected regardless of where it is processed.

10. Data Retention Periods

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and protect our legitimate interests.

Information Type Retention Period Reason for Retention
Account Information 6 months after account deletion Legal obligations, dispute resolution, fraud prevention
Order History 7 years from last order Tax and accounting requirements, warranty claims
Payment Information As required by payment processors Fraud prevention, chargeback resolution, compliance
Marketing Consent Records 3 months after consent withdrawal Proof of consent, regulatory compliance
Website Usage Logs Up to 2 years Security monitoring, analytics, performance optimization
Customer Support Records 3 years after last contact Service improvement, training, quality assurance
Dietary/Allergen Information Until account deletion or update Health and safety, personalized service
Loyalty Program Data Duration of membership plus 2 years Program administration, reward redemption, fraud prevention

Safe Data Disposal

When retention periods expire, we securely dispose of personal information:

  • Electronic Data: Secure deletion using industry-standard methods making recovery impossible
  • Physical Records: Professional shredding and destruction services
  • Backup Systems: Deletion from all backup and archive systems
  • Third-Party Systems: Ensuring deletion from all connected services
  • Documentation: Maintaining records of data disposal for compliance

11. Third-Party Links

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by Costa Vida. This Privacy Policy does not apply to these third-party services.

Important Considerations:

  • Independent Privacy Practices: Third parties have their own privacy policies and practices
  • No Responsibility: We are not responsible for third-party privacy practices or security
  • Different Terms: Third-party sites may have different terms of service and privacy policies
  • Data Collection: Third parties may collect information about you independently
  • Your Responsibility: Review third-party privacy policies before providing information

Common Third-Party Links:

  • Social media platforms (Facebook, Instagram, Twitter)
  • Payment processors (PayPal, Stripe)
  • Review sites (Google Reviews, Yelp)
  • Partner businesses and affiliates
  • Advertising networks and analytics providers
Recommendation: We strongly advise you to read the privacy policies of any third-party websites or services that you visit or use. Be cautious about sharing personal information with third parties.

12. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to keeping you informed about these changes.

12.1 How We Notify You of Changes

  • Website Notice: Prominent notification on our website homepage
  • Email Notification: Direct email to registered users for significant changes
  • Account Dashboard: Notification in your account when you log in
  • Pop-up Notice: Banner or pop-up on your next website visit
  • App Notification: Push notification through our mobile application

12.2 Types of Changes

  • Minor Updates: Clarifications, formatting, contact information updates
  • Significant Changes: New data uses, expanded sharing, policy scope changes
  • Legal Changes: Updates required by new laws or regulations
  • Business Changes: Mergers, acquisitions, or service modifications

12.3 Your Options

When we make changes to this policy:

  • Review Period: You will have at least 30 days to review significant changes
  • Continued Use: Continued use of our services indicates acceptance of changes
  • Opt-Out Option: You may discontinue using our services if you disagree
  • Account Deletion: You may request account deletion before changes take effect
  • Contact Us: You can contact us with questions or concerns about changes

Staying Informed

To stay current with our privacy practices:

  • Check this page regularly for the "Last Updated" date
  • Subscribe to our newsletter for important updates
  • Follow us on social media for policy announcements
  • Contact us directly if you have questions about changes

13. Contact Information

Get in Touch

Company: Costa Vida

Address: 300 Goose Cove Rd, Deer Isle, ME 04627, USA

Phone: +1 207-348-6900

Email: [email protected]

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM EST

We are committed to responding to all privacy-related inquiries within 3 business days. For urgent security concerns, please call our phone number directly.

13.1 What to Include in Your Request

When contacting us about privacy matters, please include:

  • Your full name and account email address
  • Clear description of your request or concern
  • Any relevant account or order numbers
  • Preferred method of response
  • Any supporting documentation if applicable

13.2 Privacy Rights Requests

For requests related to your privacy rights (access, deletion, correction, etc.), please:

  • Use the subject line "Privacy Rights Request"
  • Specify which right you wish to exercise
  • Provide identity verification information
  • Allow up to 30 days for processing

13.3 Complaints and Escalation

If you are not satisfied with our response to your privacy concern:

  • Contact us first to give us the opportunity to resolve the issue
  • Request escalation to our Privacy Officer
  • File a complaint with your local data protection authority
  • Seek legal advice if necessary

Supervisory Authority Contact:

If you are in the European Union, you may contact your local data protection authority. For residents of other regions, contact your respective privacy regulatory body.

14. Withdrawal of Consent

You have the right to withdraw your consent for data processing at any time, where our processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications through:

  • Unsubscribe Link: Click the unsubscribe link in any marketing email
  • Account Settings: Update your communication preferences in your online account
  • Customer Support: Contact us directly to opt out of marketing
  • Phone: Call our customer service line to unsubscribe
  • Written Request: Send a written request to our mailing address

14.2 Account Deletion Process

To completely delete your account and associated data:

  • Step 1: Log into your account and navigate to account settings
  • Step 2: Select "Delete Account" or "Close Account"
  • Step 3: Confirm your identity and request
  • Step 4: We will process your request within 30 days
  • Step 5: Receive confirmation of account deletion

14.3 What Happens After Withdrawal

  • Immediate Effect: No new marketing communications sent
  • Data Processing: Only essential processing for legal obligations continues
  • Service Impact: Some services may no longer be available
  • Legal Retention: Some data may be retained for legal compliance
  • Confirmation: You will receive confirmation of consent withdrawal
Important Note: Withdrawing consent may affect our ability to provide certain services to you. Essential communications (like order confirmations) and legally required retention may continue even after withdrawal.

15. Conclusion

At Costa Vida, protecting your privacy is fundamental to our business and values. We are committed to being transparent about our data practices and giving you control over your personal information.

Our Privacy Commitment

  • Transparency: We clearly explain our data practices in plain language
  • Control: You have meaningful choices about how your data is used
  • Security: We implement robust measures to protect your information
  • Respect: We honor your privacy preferences and rights
  • Accountability: We take responsibility for protecting your data
  • Continuous Improvement: We regularly review and enhance our privacy practices

Building Trust Together

Your trust is the foundation of our relationship. We understand that privacy is not just about compliance with laws, but about respecting your fundamental rights and maintaining your confidence in our services.

We encourage you to:

  • Read this policy carefully and contact us with any questions
  • Review your privacy settings regularly
  • Stay informed about updates to this policy
  • Exercise your privacy rights when needed
  • Provide feedback on how we can improve our privacy practices

Thank You

Thank you for choosing Costa Vida and trusting us with your personal information. We are committed to earning and maintaining that trust through responsible data practices and exceptional service.

If you have any questions, concerns, or suggestions about this Privacy Policy or our privacy practices, please don't hesitate to contact us using the information provided in Section 13.

Remember: This Privacy Policy was last updated on January 15, 2026. Please check back regularly for updates and changes.