Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: December 15, 2024

1. Introduction

At Bubbakoo's Burritos, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and safeguard your information when you visit our website, order food online, visit our restaurants, or use our services.

This policy applies to all information collected through our website (bubbakoos-burritos.digital), mobile applications, in-store interactions, delivery services, catering orders, and any related services, sales, marketing, or events.

By using our services, you agree to the collection and use of information in accordance with this policy. We never sell your personal data to third parties for their own marketing purposes.

Important: We are committed to transparency in our data practices and will never sell your personal information to third parties.

2. Information We Collect

2.1 Information You Provide

  • Personal Identification: Name, email address, phone number, delivery address, billing address
  • Account Information: Username, password, purchase history, order preferences
  • Payment Information: Credit card details, payment method preferences (encrypted and securely stored)
  • Dietary Information: Allergen information, special dietary requirements (vegan, halal, kosher, etc.), food preferences
  • Order Details: Food selections, customizations, delivery instructions, table reservation information
  • Communication: Contact form submissions, customer reviews, feedback, support tickets
  • Marketing Preferences: Email subscription preferences, promotional communications consent
  • Loyalty Program Data: Rewards points, membership status, favorite orders, visit frequency
  • Catering Information: Event details, group size, special requirements, delivery schedules

2.2 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click-through rates, search queries
  • Cookie Data: Session IDs, preferences, authentication tokens, analytics data
  • Location Information: Approximate location from IP address, delivery address for orders
  • Performance Data: Site loading times, error reports, feature usage statistics

2.3 Information from Third Parties

  • Social Media: Profile information if you connect social media accounts
  • Payment Processors: Transaction confirmations and payment status
  • Delivery Partners: Delivery status updates and location tracking
  • Marketing Partners: Campaign performance data and audience insights
  • Review Platforms: Public reviews and ratings about our services

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Processing food orders, managing deliveries, handling payments
  • Account Management: Creating and maintaining user accounts, authentication
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Analyzing usage patterns to enhance user experience
  • Dietary Safety: Managing allergen information and special dietary requirements
  • Loyalty Programs: Managing rewards points, special offers, and member benefits

3.2 Communication

  • Order Notifications: Confirmation emails, delivery updates, order ready notifications
  • Customer Support: Responding to questions, providing order assistance
  • Important Updates: Service changes, policy updates, security notifications
  • Marketing Communications: Promotional emails, special offers (with your consent only)
  • Catering Coordination: Event planning communications, delivery arrangements

3.3 Marketing and Analytics

  • Personalization: Customized menu recommendations, targeted offers
  • Analytics: Website traffic analysis, user behavior studies
  • Campaign Effectiveness: Measuring marketing performance, ROI analysis
  • Market Research: Understanding customer preferences for new products and services
  • A/B Testing: Testing new features and improvements

3.4 Legal Compliance

  • Legal Requests: Responding to court orders, subpoenas, legal process
  • Fraud Prevention: Detecting and preventing fraudulent transactions
  • Safety Protection: Protecting rights, property, and safety of customers and staff
  • Dispute Resolution: Resolving customer complaints and legal disputes
  • Regulatory Compliance: Meeting food safety, health, and business regulations

4. Information Sharing and Disclosure

4.1 Service Providers

  • Payment Processors: Secure processing of credit card and payment transactions
  • Delivery Companies: Sharing delivery address and contact information for order fulfillment
  • Cloud Storage Providers: Secure data storage and backup services
  • Email Service Providers: Sending order confirmations and marketing communications
  • Analytics Tools: Website usage analysis and performance monitoring
  • Customer Support Tools: Managing customer inquiries and support tickets

4.2 Legal Requirements

  • Court Orders: Compliance with legally binding court orders and subpoenas
  • Law Enforcement: Cooperation with legitimate law enforcement requests
  • Legal Protection: Protecting our rights, property, and safety
  • Public Safety: Addressing threats to public health and safety
  • Regulatory Requirements: Meeting health department and food safety obligations

4.3 Business Transfers

  • Mergers and Acquisitions: Transfer of data during business transactions
  • Asset Sales: Data transfer as part of asset purchases
  • Customer Notification: Advance notice before any ownership transfer
  • Policy Compliance: Ensuring new owners follow equivalent privacy practices

4.4 With Your Consent

  • We may share your information for other purposes with your explicit consent
  • Social media sharing when you choose to share reviews or experiences
  • Partnership programs you explicitly join or authorize

5. Data Security

5.1 Technical Measures

  • Encryption: SSL/TLS encryption for all data transmission and storage
  • Firewall Protection: Advanced firewall systems protecting our servers
  • Access Controls: Restricted access to personal data (minimum necessary personnel only)
  • Monitoring: 24/7 security monitoring and threat detection
  • Regular Backups: Secure, encrypted data backups for disaster recovery
  • Penetration Testing: Regular security assessments and vulnerability testing

5.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff
  • Data Handling Procedures: Strict protocols for personal data processing
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response: Comprehensive security incident response plan
  • Regular Audits: Periodic security audits and compliance reviews

5.3 Your Responsibilities

  • Strong Passwords: Use complex, unique passwords for your account
  • Account Security: Don't share login credentials with others
  • Public Computers: Always log out when using shared or public computers
  • Suspicious Activity: Report any suspicious emails or account activity immediately
  • Software Updates: Keep your devices and browsers updated

Security Breach Notification: In the unlikely event of a data breach affecting your personal information, we will promptly notify you and relevant authorities as required by law, typically within 72 hours of discovery.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience on our website and mobile applications. Below is a detailed breakdown of the types of cookies and tracking technologies we use:

Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart Session
Functional Cookies User preferences, language settings, location data Up to 1 year
Analytics Cookies Usage analysis, performance monitoring, improvement Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking Up to 1 year

Tracking Technologies Used

  • Google Analytics: Website traffic analysis and user behavior tracking
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Email Tracking: Web beacons to track email open rates and engagement
  • Local Storage: Browser storage for improved performance and user experience
  • Session Storage: Temporary data storage during your browsing session

Cookie Management

You can manage your cookie preferences through your browser settings. Most browsers allow you to:

  • Accept or reject cookies
  • Delete existing cookies
  • Set preferences for specific websites
  • Receive notifications when cookies are set

Note: Disabling certain cookies may affect website functionality, including the ability to place orders and access your account.

7. Your Rights (GDPR/CCPA Compliance)

Under applicable data protection laws, including GDPR and CCPA, you have the following rights regarding your personal information:

7.1 Right of Access

You have the right to know what personal data we have about you and request a copy of your information.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

7.5 Right to Data Portability

You can request to receive your personal data in a machine-readable format for transfer to another service.

7.6 Right to Object

You can object to processing of your personal data, especially for marketing purposes.

7.7 Right Against Automated Decision-Making

You have the right to request human review of automated decisions that significantly affect you.

How to Exercise Your Rights: To exercise any of these rights, contact us at [email protected] or call +1 407-939-5277. We will respond to your request within 30 days and may require verification of your identity.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 years of age.

  • We do not intentionally gather personal information from visitors who are under the age of 16
  • If a parent or guardian becomes aware that their child has provided us with personal information, they should contact us immediately
  • If we discover that a child under 16 has provided us with personal information, we will delete such information from our servers promptly
  • Parents are encouraged to monitor their children's online activities and teach them about online privacy and safety

If you believe we have collected information from a child under 16, please contact us at [email protected].

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal data internationally, we implement appropriate safeguards to protect your information:

  • Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
  • Standard Contractual Clauses (SCC): Legal frameworks ensuring data protection
  • Data Processing Agreements: Contracts with third parties ensuring proper data handling
  • Security Measures: Technical and organizational measures to protect transferred data
  • Regular Compliance Audits: Monitoring compliance with international data transfer requirements

9.2 Transfer Destinations

Your personal data may be transferred to and processed in the following countries:

  • United States: Cloud storage and data processing services
  • European Union: Data analytics and customer support services
  • Other Countries: As needed for service provision, always with appropriate protections

10. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected. Below are our standard retention periods:

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Order History 7 years Tax and accounting requirements
Payment Records 7 years Financial and legal compliance
Marketing Consent 3 months after withdrawal Consent record keeping
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement
Loyalty Program Data 2 years after program exit Program administration, fraud prevention

Safe Data Disposal

When data retention periods expire, we ensure secure disposal through:

  • Electronic Deletion: Complete, unrecoverable deletion of digital records
  • Physical Destruction: Secure shredding of any physical documents
  • Backup Deletion: Removal from all backup systems and archives
  • Disposal Records: Maintenance of disposal records for compliance verification

11. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to these external sites.

  • We are not responsible for the privacy practices or content of third-party websites
  • Third-party sites may have different privacy policies and terms of use
  • We encourage you to review the privacy policy of any third-party site before providing personal information
  • Clicking on third-party links is done at your own risk and discretion
  • We do not endorse or take responsibility for third-party content or services

Examples of third-party links you may encounter include social media platforms, payment processors, delivery tracking services, and review sites.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

  • Website Notice: Prominent notice on our homepage and relevant pages
  • Email Notification: Direct email to registered users for significant changes
  • Pop-up Notifications: In-app or website notifications upon login
  • Consent Requests: Explicit consent requests for material changes affecting your rights

12.2 Checking for Changes

  • The latest version of this policy is always available on our website
  • Check the "Last Updated" date at the top of this policy
  • Continued use of our services after changes constitutes acceptance
  • You may stop using our services if you disagree with policy changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Company Name: Bubbakoo's Burritos
  • Address: 4401 Floridian Way, Lake Buena Vista, FL 32830, USA
  • Phone: +1 407-939-5277
  • Email: [email protected]
  • Business Hours: Monday-Friday 9:00 AM - 6:00 PM EST

Response Commitment: We will respond to your privacy-related inquiries within 3 business days.

13.1 Complaints

If you have concerns about our privacy practices:

  • Contact us first using the information above for resolution
  • If unsatisfied with our response, you may contact the appropriate supervisory authority in your jurisdiction
  • For EU residents: Contact your local Data Protection Authority
  • For California residents: Contact the California Attorney General's Office

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time through:

  • Unsubscribe Links: Click the unsubscribe link in any marketing email
  • Account Settings: Update your communication preferences in your online account
  • Customer Support: Contact our customer service team
  • Email Request: Send a withdrawal request to [email protected]

14.2 Account Deletion

To delete your account and personal data:

  • Log into your account and select "Delete Account" in settings
  • Contact customer support with a deletion request
  • Send an email to [email protected] with your request
  • Note: Some data may be retained for legal compliance even after account deletion

Account deletion will remove your ability to access order history, loyalty rewards, and saved preferences.

15. Conclusion

At Bubbakoo's Burritos, protecting your privacy is fundamental to our business and our relationship with you. We are committed to maintaining the highest standards of data protection and transparency in all our operations.

Your trust is essential to us, and we work continuously to earn and maintain it through responsible data practices, robust security measures, and clear communication about how we handle your personal information.

We invite you to contact us with any questions, concerns, or feedback about this Privacy Policy or our privacy practices. Your input helps us improve our services and better protect your privacy.

Thank you for choosing Bubbakoo's Burritos and for taking the time to understand how we protect your personal information.

Remember: This Privacy Policy was last updated on December 15, 2024. Please check back periodically for updates, as this policy may change to reflect evolving privacy practices and legal requirements.