Privacy Policy
At Chipotloco, accessible at https://chipotloco.com, we are firmly committed to protecting the privacy, integrity, and security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you use our website or interact with our services. We are dedicated to upholding your rights under applicable data protection laws, including but not limited to the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Your privacy matters to us. We employ industry-standard security practices and legal safeguards to ensure that your personal information remains protected. We only process your data if we have a lawful basis to do so, and we strive to use the minimum amount of data necessary to fulfill our stated purposes.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to personal data collected via our website, chipotloco.com, and includes all associated services, transactions, and interactions. Chipotloco is the data controller for all personal data collected through the website unless otherwise specified. As the data controller, we determine the purposes and means of the processing of your personal data.
3. Categories of Data Processed
We process the following categories of personal data:
– Usage Data: Includes information such as IP address, browser type and version, operating system, referral URLs, pages visited, access times, and session durations. This data helps us analyze user behavior and improve website performance.
– Account Data: Includes identifying details provided upon registration or checkout, such as full name, physical address, email address, and phone number.
– Profile Data: Encompasses your preferences, purchase history, shopping behaviors, and settings that personalize your experience on chipotloco.com.
– Communication Data: Covers customer service inquiries, messages sent through our contact forms, support tickets, and other correspondence between you and our representatives.
– Technical Data: Includes data about the device you use to access chipotloco.com, such as device type, operating system, system language, and browser configurations.
– Transaction Data: Contains information related to your purchases, including payment details (processed securely via third parties), delivery information, and order history.
– Preference Data: Includes your marketing preferences, cookie consents, communication opt-ins, and interests in specific products or services.
4. Legal Bases for Processing
We process your personal data on the following lawful grounds:
– Contractual Necessity: To process your orders, manage your account, and deliver services as agreed upon.
– Legitimate Interests: To improve our services, administer the website, and detect or prevent fraud.
– Consent: For activities like marketing communications and non-essential cookies, which require your explicit consent.
– Legal Obligation: When necessary to comply with tax, regulatory, or law enforcement requests.
5. Your Rights
Depending on your jurisdiction, you may exercise the following rights concerning your personal data:
– Right of Access: Obtain confirmation and a copy of your personal data we process.
– Right of Rectification: Request corrections to inaccurate or incomplete data.
– Right of Erasure: Request deletion of your data under certain lawful grounds.
– Right to Restrict Processing: Request the limitation of how we use your data when appropriate.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
To exercise any of these rights, you may contact us at [email protected].
6. Security Measures
Chipotloco adopts appropriate technical and organizational measures to safeguard your data, including:
– Encryption of data in transit and at rest
– Role-based access control within our systems
– Routine system and data backups
– Regular staff training on data protection obligations
– Secure data storage on trusted, compliant hosting platforms
Despite our efforts, please note that no method of transmission or storage is 100% secure.
7. International Data Transfers
If your data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on recognized frameworks and regional adequacy decisions. Chipotloco complies with all relevant cross-border data protection requirements.
8. Data Retention
We retain your data only as long as necessary for the purposes for which it was collected, unless longer retention is required by law.
– Usage Data: Up to 12 months
– Account and Transaction Data: Retained for up to 7 years for financial and legal compliance
– Profile and Preference Data: Retained while you have an active account or until you withdraw consent
– Communication Data: Retained for up to 3 years following your last contact
When data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
Chipotloco uses cookies and similar technologies to ensure proper website functionality, enhance user experience, analyze traffic, and personalize content and advertising. Cookies fall into the following categories:
– Essential Cookies: Required for core functionalities like navigation and secure access to your account.
– Functional Cookies: Allow the site to remember preferences for improved performance.
– Analytics Cookies: Gather aggregated usage data to measure site performance and understand visitor behavior.
– Performance and Advertising Cookies: Optimize user experience and deliver relevant advertisements based on browsing habits.
10. Cookie Management and Compliance
Upon accessing chipotloco.com, you are presented with a cookie banner allowing you to accept or manage your cookie preferences. You can modify or withdraw your consent at any time by adjusting your browser settings or using cookie preference tools provided on our site.
We honor “Do Not Track” signals and provide opt-out links for targeted advertising consistent with CCPA and GDPR obligations.
11. Protection of Children’s Privacy
Chipotloco does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently gathered such data, we will take immediate steps to delete it. Parents or legal guardians who believe their child has submitted data to our site are encouraged to contact us at [email protected].
12. Policy Updates and User Notification
We reserve the right to modify this Privacy Policy to reflect operational, legal, or regulatory changes. Users will be notified of any material updates through on-site notifications and, where applicable, via direct communication. Continued use of chipotloco.com after changes signifies acceptance of the updated terms.
13. Contact
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at:
Email: [email protected]
We are committed to full compliance with GDPR, CCPA, and all other applicable privacy laws. Your trust is important to us, and we encourage you to reach out with any privacy concerns so we can address them promptly and transparently.