+61 2 9182 5880 [email protected]
Free Delivery on Orders Over $30

Privacy Policy

Last Updated: January 15, 2025

1. Introduction

At Guzman y Gomez ("GYG," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website at guuzmanygomez.com, use our mobile applications, visit our restaurants, or engage with our services.

This policy applies to all users of our services, including customers who place orders online, visit our restaurants, participate in our loyalty programs, or interact with us through various channels. By accessing or using our services, you agree to the terms of this Privacy Policy.

Important Note: We never sell your personal data to third parties. Your trust is paramount to us, and we are committed to maintaining the highest standards of privacy protection in accordance with applicable privacy laws, including the Australian Privacy Act 1988 and other relevant regulations.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

  • Personal Identification: Name, email address, phone number, postal address, date of birth
  • Account Information: Username, password, order history, dietary preferences, favorite orders
  • Order Details: Food selections, special dietary requirements (vegan, gluten-free, halal, kosher), allergen information, delivery preferences
  • Payment Information: Credit card details, billing address (stored securely and encrypted)
  • Communication: Contact form submissions, customer service inquiries, reviews and feedback, social media interactions
  • Marketing Preferences: Email subscription preferences, promotional communication choices
  • Catering Information: Event details, guest count, special requirements for catering orders
  • Reservation Data: Table booking information, party size, special occasions
  • Loyalty Program Data: Reward points, membership tier, redemption history

2.2 Information Automatically Collected

When you interact with our services, we automatically collect certain information:

  • Device Information: IP address, browser type and version, operating system, device identifiers, mobile device information
  • Usage Data: Pages visited, time spent on site, click-through rates, search terms, referring websites
  • Location Information: Approximate location based on IP address, GPS location (with consent for mobile apps)
  • Cookie and Tracking Data: Session IDs, user preferences, website analytics, advertising interaction data
  • Order Patterns: Frequency of orders, preferred meal times, seasonal preferences

2.3 Information from Third Parties

We may receive information about you from third-party sources:

  • Social Media Platforms: Profile information when you connect accounts or interact with our social media
  • Payment Processors: Transaction verification and fraud prevention data
  • Delivery Partners: Delivery status updates and location tracking for order fulfillment
  • Marketing Partners: Aggregated demographic and interest data for advertising purposes
  • Review Platforms: Customer feedback and ratings from third-party review sites

3. How We Use Your Information

3.1 Service Provision

We use your information to provide and improve our food services:

  • Order Processing: Fulfilling food orders, processing payments, coordinating delivery or pickup
  • Account Management: Creating and maintaining user accounts, authentication, password resets
  • Customer Support: Responding to inquiries, resolving order issues, providing assistance
  • Quality Improvement: Analyzing customer preferences to enhance menu offerings and service quality
  • Dietary Accommodation: Ensuring proper preparation of orders based on dietary restrictions and allergen information
  • Loyalty Programs: Tracking rewards, calculating points, managing membership benefits

3.2 Communication

  • Order Communications: Confirmation emails, preparation updates, delivery notifications
  • Customer Service: Responding to support requests, following up on feedback
  • Important Notices: Service updates, menu changes, policy modifications, security alerts
  • Marketing Communications: Promotional emails, special offers, new menu items (only with explicit consent)

3.3 Marketing and Analytics

  • Personalized Marketing: Tailoring promotions based on order history and preferences
  • Website Analytics: Understanding user behavior to improve website functionality
  • Campaign Effectiveness: Measuring the success of marketing campaigns and promotional offers
  • Market Research: Developing new products and services based on customer insights

3.4 Legal and Security Compliance

  • Legal Obligations: Complying with applicable laws, regulations, and legal processes
  • Fraud Prevention: Detecting and preventing fraudulent transactions and activities
  • Security Protection: Safeguarding our systems, services, and customer data
  • Dispute Resolution: Resolving customer complaints and legal disputes

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

  • Payment Processors: Secure processing of credit card transactions (Stripe, PayPal, Square)
  • Delivery Companies: Coordinating food delivery services (Uber Eats, DoorDash, Menulog)
  • Cloud Storage Providers: Secure data storage and backup services (AWS, Google Cloud)
  • Email Marketing Services: Managing email campaigns and newsletters (Mailchimp, SendGrid)
  • Analytics Providers: Website and app performance analysis (Google Analytics, Mixpanel)
  • Customer Support Tools: Help desk and chat support services

4.2 Legal Requirements

We may disclose your information when required by law:

  • Legal Process: Responding to court orders, subpoenas, or legal proceedings
  • Regulatory Compliance: Meeting requirements of food safety regulations and health authorities
  • Rights Protection: Protecting our legal rights, property, and the safety of our customers and employees
  • Emergency Situations: Responding to public safety emergencies or threats

4.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets:

  • Customer information may be transferred as part of the business transaction
  • We will provide notice before your information is transferred and subject to different privacy practices
  • The new owners will be required to comply with this Privacy Policy or provide notice of policy changes

4.4 With Your Consent

  • We may share your information for other purposes with your explicit consent
  • You can withdraw consent at any time by contacting us

5. Data Security

5.1 Technical Measures

We implement comprehensive technical safeguards to protect your personal information:

  • Encryption: All sensitive data is encrypted using industry-standard SSL/TLS encryption during transmission and AES-256 encryption for data at rest
  • Firewall Protection: Advanced firewall systems monitor and control network traffic to prevent unauthorized access
  • Access Controls: Multi-factor authentication and role-based access ensure only authorized personnel can access customer data
  • Security Monitoring: 24/7 monitoring systems detect and respond to potential security threats in real-time
  • Regular Backups: Automated daily backups ensure data recovery capabilities in case of system failures
  • Vulnerability Assessments: Regular security audits and penetration testing identify and address potential vulnerabilities

5.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff handling customer data
  • Data Handling Procedures: Documented policies for collecting, processing, and storing personal information
  • Third-Party Agreements: Confidentiality and data protection agreements with all service providers
  • Incident Response: Established procedures for responding to and reporting security incidents
  • Regular Audits: Internal and external security audits to ensure compliance with best practices

5.3 Your Security Responsibilities

You can help protect your information by:

  • Strong Passwords: Using unique, complex passwords for your account
  • Account Security: Never sharing your login credentials with others
  • Public Computer Safety: Logging out completely when using public or shared devices
  • Phishing Awareness: Being cautious of suspicious emails or links requesting personal information
  • Immediate Reporting: Contacting us immediately if you suspect unauthorized access to your account

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will promptly notify you and relevant authorities as required by law, typically within 72 hours of discovery.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and understand how our services are used:

Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart Session/Until logout
Functional Cookies User preferences, language settings, location Up to 1 year
Analytics Cookies Usage analysis and website improvement Up to 2 years
Marketing Cookies Personalized advertising and campaign tracking Up to 1 year

Tracking Technologies Used:

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Advertising effectiveness measurement and retargeting
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for enhanced functionality
  • Session Storage: Temporary data storage for single browsing sessions

Cookie Management: You can control cookies through your browser settings by accepting, rejecting, or deleting cookies. Please note that disabling certain cookies may affect website functionality, including the ability to place orders or access your account.

7. Your Rights and Choices

Under applicable privacy laws, including GDPR and CCPA, you have the following rights regarding your personal information:

7.1 Right of Access

You have the right to request access to the personal information we hold about you, including details about how it is processed.

7.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal information we have about you.

7.3 Right to Erasure (Right to be Forgotten)

You can request that we delete your personal information under certain circumstances, such as when it is no longer necessary for the purposes it was collected.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain situations.

7.5 Right to Data Portability

You have the right to receive your personal information in a machine-readable format and transfer it to another service provider.

7.6 Right to Object

You can object to our processing of your personal information, especially for marketing purposes or legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to automated decision-making, including profiling, that produces legal or significant effects.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the information provided in the Contact section. We will respond to your request within 30 days and may require identity verification to protect your privacy.

8. Children's Privacy

Our services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under this age. If you are a parent or guardian and believe that we have inadvertently collected information from your child, please contact us immediately.

If we discover that we have collected personal information from a child under 16 without parental consent, we will take steps to promptly delete such information from our records.

Parental Notification: If you are under 16, please ask your parent or guardian to contact us before providing any personal information.

9. International Data Transfers

As a global business, we may transfer your personal information to countries outside Australia for processing and storage. We ensure appropriate safeguards are in place for all international transfers:

9.1 Protection Measures

  • Adequacy Decisions: Transfers to countries with adequate privacy protection as recognized by Australian authorities
  • Standard Contractual Clauses: Legally binding contracts ensuring data protection standards
  • Data Processing Agreements: Specific agreements with international service providers
  • Appropriate Security Measures: Technical and organizational measures to protect transferred data
  • Regular Compliance Audits: Ongoing monitoring of international data protection practices

9.2 Transfer Destinations

  • United States: Cloud storage and analytics services with appropriate safeguards
  • European Union: Data analytics and processing services in GDPR-compliant jurisdictions
  • Other Countries: As necessary for business operations, with adequate protection measures

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Order History 7 years Tax and accounting requirements
Marketing Consent Records 3 months after withdrawal Consent record keeping
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement
Financial Records 7 years Legal and regulatory compliance
Security Incident Logs 5 years Security monitoring and compliance

Safe Data Disposal

When information is no longer needed, we ensure secure disposal:

  • Electronic Data: Complete deletion using secure wiping methods that make data unrecoverable
  • Physical Records: Secure shredding of any paper documents containing personal information
  • Backup Systems: Systematic deletion from all backup and archival systems
  • Disposal Records: Maintaining logs of data disposal activities for compliance purposes

11. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review the privacy policies of any third-party sites or services before providing them with your personal information. Your interactions with these third parties are governed by their respective privacy policies, not ours.

Your Responsibility: When clicking on third-party links or using integrated services (such as social media login), you are responsible for understanding how those services handle your information.

12. Privacy Policy Changes

12.1 Change Notification Methods

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

  • Website Notice: Prominent announcement on our homepage and relevant service pages
  • Email Notification: Direct email to registered users about significant changes
  • Account Notifications: In-app or account dashboard notifications
  • Pop-up Notifications: Browser notifications when you next visit our site
  • Explicit Consent: Requesting new consent for material changes affecting your rights

12.2 Staying Informed

  • Regular Checks: We recommend reviewing this policy periodically for updates
  • Last Updated Date: Always check the "Last Updated" date at the top of this policy
  • Continued Use: Your continued use of our services after changes constitutes acceptance
  • Disagreement Option: If you disagree with changes, you may stop using our services or delete your account

13. Contact Information

Get in Touch

Company: Guzman y Gomez

Address: Shop 7.07-7.08/25 Martin Pl, Sydney NSW 2000, Australia

Phone: +61 2 9182 5880

Email: [email protected]

Business Hours: Monday-Friday 9:00 AM - 6:00 PM AEST

Response Commitment: We will respond to all privacy-related inquiries within 3 business days.

13.1 Privacy Complaints

If you have concerns about how we handle your personal information:

  • Contact Us First: We encourage you to contact us directly so we can resolve your concerns
  • Escalation Process: If you are not satisfied with our response, you may contact:
  • Australian Privacy Commissioner: Office of the Australian Information Commissioner (OAIC)
  • Website: www.oaic.gov.au
  • Phone: 1300 363 992

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent to marketing communications at any time:

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Log into your account and update communication preferences
  • Customer Support: Contact our customer service team for assistance
  • Phone Request: Call us during business hours to update your preferences

14.2 Account Deletion Process

To delete your account and personal information:

  1. Log into your account and navigate to account settings
  2. Select "Delete Account" or contact customer support
  3. Confirm your identity for security purposes
  4. Review what information will be retained for legal compliance
  5. Receive confirmation of account deletion within 30 days

Note: Some information may be retained as required by law, such as transaction records for tax purposes, but will be anonymized where possible.

15. Conclusion

At Guzman y Gomez, protecting your privacy is not just a legal obligation but a fundamental commitment to building and maintaining trust with our customers. We understand that when you choose to dine with us, order online, or engage with our services, you are entrusting us with your personal information.

This trust is not something we take lightly. Every policy, procedure, and practice outlined in this Privacy Policy is designed with your privacy and security in mind. We continuously invest in the latest security technologies, train our staff on best practices, and regularly review our procedures to ensure we meet the highest standards of data protection.

We believe in transparency, which is why we have provided you with comprehensive information about how we collect, use, and protect your data. We also believe in your right to control your personal information, which is why we have made it easy for you to access, modify, or delete your data as you see fit.

If you have any questions about this Privacy Policy, our privacy practices, or how we handle your personal information, we encourage you to reach out to us. Our team is committed to providing you with clear answers and addressing any concerns you may have.

Thank you for choosing Guzman y Gomez and for trusting us with your personal information. We look forward to continuing to serve you while maintaining the highest standards of privacy protection.

Remember: This Privacy Policy was last updated on January 15, 2025. Please check back periodically for any updates or changes.