Privacy Policy
1. Introduction
At ITZA Restaurant (“we”, “us”, or “our”), accessible through https://itzarestaurant.com, we are fully committed to protecting and respecting your privacy. Safeguarding your personal data and maintaining your trust are fundamental principles we uphold. This Privacy Policy explains how we collect, use, disclose, and protect information that relates to you, and outlines your rights under data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope and Data Controller
This Privacy Policy applies to all personal data collected via itzarestaurant.com and associated digital services. ITZA Restaurant is the data controller for purposes of applicable data protection laws, meaning we determine the purposes and means of processing your personal data. By accessing our website or otherwise interacting with us, you acknowledge that you have read and understood the practices described in this policy.
3. Categories of Data We Process
We may process the following categories of personal data collected through our website and services:
a. Usage Data
Information about how you use our website, including IP address, browser type, pages visited, access times, referring URLs, session durations, interactions with site elements, and other analytical data.
b. Account Data
Personal information provided when creating a profile or reservation, including your name, billing address, email address, phone number, and log-in details where applicable.
c. Profile Data
Preferences such as seating options, dietary restrictions, past reservation history, customer behavior, and interests in particular menu items or events.
d. Communication Data
Records of communications between you and us, including inquiries, feedback, support requests, complaints, and contact history via email or any online form.
e. Technical Data
Device type, operating system, browser version, screen resolution, mobile identifiers, system setup, and diagnostic information.
f. Transaction Data
Details related to purchases of products or services (e.g., gift cards, merchandise), payment information, billing and delivery addresses, and related financial transaction records.
g. Preference Data
Information on your preferences for receiving marketing messages from us and your communication preferences, including opted-in services, event types, and newsletter selections.
4. Legal Bases for Processing
We rely on the following legal bases to collect and process your personal data:
– Performance of a Contract: Where processing is necessary for fulfilling a reservation, transaction, or customer service obligation.
– Consent: Where you have expressly provided consent for specific uses of your personal data, such as subscribing to newsletters or accepting cookies.
– Legitimate Interests: Where we have a clear and justified business reason, such as improving user experience, fraud prevention, or personalization, and your interests and rights do not override those interests.
– Compliance with Legal Obligations: Where we are legally required to process data, for example, for tax reporting or law enforcement requests.
5. Your Rights
As a data subject, you may exercise the following rights under GDPR, CCPA, and other applicable regulations:
– Right of Access: Obtain confirmation regarding whether we process your personal data and access to such data.
– Right to Rectification: Request correction of incomplete or inaccurate personal data we hold about you.
– Right to Erasure: Ask us to delete or remove your personal data in certain circumstances.
– Right to Restriction: Request we suspend the processing of your personal data under specific conditions.
– Right to Data Portability: Receive your personal data in a commonly used, machine-readable format and transmit it to another controller.
– Right to Object: Where processing is based on legitimate interests or direct marketing, you have the right to object.
– Right to Withdraw Consent: Where consent is the basis for processing, withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
– Do Not Sell My Personal Information: California residents may request that we do not sell their personal information, in accordance with CCPA.
To exercise these rights, contact us at: [email protected].
6. Security Measures
We implement robust security practices and technical safeguards to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:
– Encryption of data in transit and at rest using industry-standard technologies;
– Secure access controls including authentication and authorization protocols;
– Routine backups to prevent data loss;
– Ongoing staff training on data protection and confidentiality;
– Regular monitoring and testing of security systems.
7. International Data Transfers
Your personal data may be transferred and stored outside of your home jurisdiction to countries that may not offer the same level of data protection. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and compliance with requirements under GDPR and other applicable data transfer mechanisms.
8. Data Retention
We retain personal data only for as long as is necessary for the purposes outlined in this Privacy Policy, based on regulatory and operational considerations:
– Usage and Technical Data: up to 12 months for analytics and audit purposes.
– Account and Profile Data: retained for up to 2 years after the last user interaction unless legal obligations require longer retention.
– Transaction Data: kept for up to 7 years for compliance with financial and tax regulations.
– Communication and Preference Data: kept for 1 year after resolution or revocation of consent.
We securely delete or anonymize data once retention periods expire.
9. Cookie Policy
We use cookies and similar tracking technologies on itzarestaurant.com to enhance performance and functionality. Cookies may be:
– Essential Cookies: Required for operation of our website, such as authentication and security features.
– Functional Cookies: Remember your preferences for convenience, like region and language.
– Analytics Cookies: Collect traffic data to improve site usability and performance, using services like Google Analytics.
– Performance Cookies: Monitor and enhance the performance of our website, helping us understand how users interact with the site.
10. Cookie Management & Compliance
When you first visit itzarestaurant.com, you will be prompted with a cookie consent banner allowing you to accept or customize your cookie preferences in accordance with GDPR and CCPA. You may update or revoke your consent at any time through the cookie management settings in your browser or device, or through our website’s cookie preference center.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that such data has been provided without verifiable parental consent, we will delete it immediately. Parents or guardians who believe their child has provided us with information may contact us at [email protected].
12. Policy Updates
We reserve the right to update or amend this Privacy Policy to reflect changes in legal, regulatory, technological, or operational developments. Any significant modifications will be communicated via the itzarestaurant.com website or otherwise as required by applicable law. Continued use of our services following changes indicates your acknowledgment of the updated policy.
13. Contact Us
If you have questions, requests, or concerns regarding this Privacy Policy or our handling of your personal information, please contact us at:
Email: [email protected]
Website: https://itzarestaurant.com
We are committed to full compliance with data protection laws and welcome your inquiries related to privacy matters.