Privacy Policy

Effective Date: June 30, 2026 | Last Updated: June 30, 2026

Important Notice: This Privacy Policy applies to Guzman y Gomez and governs the collection, use, storage, and disclosure of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. By accessing or using our website at guzimansgomez.com or engaging with our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

1. About Us

Guzman y Gomez ("we", "us", "our", or "the Company") is a food service business operating in Australia. We are committed to protecting the privacy of all individuals who interact with our brand, visit our restaurants, use our website, or engage with us through any digital channel.

Our contact details for all privacy-related matters are as follows:

Company Name	Guzman y Gomez
Address	Australia
Phone	Not provided
Email	[email protected]
Website	guzimansgomez.com

We have designated a Privacy Officer who is responsible for overseeing our compliance with applicable privacy laws and handling all enquiries, complaints, and requests relating to personal information. You may contact our Privacy Officer at the email address listed above.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

All visitors to our website at guzimansgomez.com;
Customers who place orders online or through our mobile application;
Individuals who register for loyalty programs, competitions, or promotional offers;
Job applicants and prospective employees;
Suppliers, contractors, and business partners who interact with us;
Anyone who contacts us via email, phone, social media, or in person.

This policy does not apply to the practices of third-party companies, websites, or services that we do not own or control, even if you access them through links on our website.

3. Information We Collect

We collect a variety of personal information to operate our business effectively and to provide you with the best possible food service experience. The categories of information we collect are detailed below.

3.1 Personal Identification Information

When you interact with us, we may collect personal identification information including but not limited to:

Full name;
Email address;
Phone number (mobile and/or landline);
Postal address and delivery address;
Date of birth (where required for age verification or loyalty programs);
Username and password for online accounts;
Profile photo (if provided voluntarily).

3.2 Order and Transaction Information

When you place an order through our website, application, or in-store, we collect:

Order history, including items ordered, quantities, and preferences;
Payment information (processed securely via third-party payment processors — we do not store full card details);
Billing information and invoices;
Delivery preferences and special instructions;
Loyalty points balances and redemption history.

3.3 Usage and Technical Data

When you visit our website or use our digital services, we automatically collect technical information about your device and browsing behaviour, including:

IP address;
Browser type and version;
Operating system and device type;
Pages visited and time spent on each page;
Referring URLs and exit pages;
Clickstream data;
Date and time of visits;
Search queries entered on our website;
Error logs and crash reports.

3.4 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your online activity. This includes session cookies, persistent cookies, and third-party analytics cookies. For full details, please refer to Section 9 (Cookie Usage) of this policy.

3.5 Location Data

With your consent, we may collect precise or approximate geolocation data from your device to help you locate our nearest restaurant, provide delivery services, or personalise your in-app experience. You may withdraw this consent at any time through your device settings.

3.6 Communications Data

When you contact us directly — whether via email, phone, website contact form, or social media — we collect the content of those communications, including any personal information you choose to share in messages, complaints, or feedback submissions.

3.7 Marketing and Preference Data

We collect information about your marketing preferences, including your opt-in or opt-out status for promotional communications, survey responses, competition entries, and engagement data from email campaigns (such as open rates and click-through rates).

3.8 Employment-Related Information

If you apply for a position with Guziman y Gomez, we collect information relevant to your application, including your resume, employment history, qualifications, references, and any other information you provide during the recruitment process. This information is handled in accordance with the Privacy Act 1988 (Cth).

3.9 Sensitive Information

We do not intentionally collect sensitive information as defined under the Privacy Act 1988 (Cth) — such as health information, racial or ethnic origin, religious beliefs, or biometric data — unless you voluntarily provide it (for example, dietary requirements or food allergy information for the purpose of fulfilling your order). Where sensitive information is collected, we will only use it for the purpose for which it was provided and will take additional steps to protect it.

4. How We Collect Your Information

We collect personal information through a variety of means, including:

Directly from you: When you create an account, place an order, complete a form, participate in a promotion, or contact us;
Automatically: Through cookies and tracking technologies when you use our website or app;
From third parties: Including delivery partners, payment processors, social media platforms (where you connect your account), analytics providers, and advertising partners;
In-store: Through point-of-sale systems, loyalty card scans, or feedback kiosks;
From publicly available sources: Such as social media profiles or business directories, where relevant and lawful.

5. How We Use Your Information

We use the personal information we collect for legitimate business purposes in accordance with Australian Privacy Principle 6. The primary uses of your information are as follows:

5.1 Service Provision

To process and fulfil your food orders, both online and in-store;
To manage your account and loyalty membership;
To facilitate payment processing and issue receipts;
To arrange and coordinate food delivery services;
To respond to your enquiries, complaints, and requests for assistance;
To verify your identity and prevent unauthorised access to your account.

5.2 Business Operations and Improvement

To monitor and improve the performance and functionality of our website and applications;
To analyse customer behaviour and preferences to enhance our menu and service offerings;
To conduct internal research, audits, and quality assurance activities;
To manage our supply chain, inventory, and operational efficiency;
To train our staff and improve customer service standards.

5.3 Marketing and Communications

To send you promotional emails, SMS messages, or push notifications about new menu items, special offers, and events — where you have provided consent or where permitted by law;
To personalise your experience by displaying content and offers relevant to your preferences and order history;
To run competitions, prize draws, and loyalty reward programs;
To conduct customer satisfaction surveys and gather feedback.

Opt-Out: You may unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any email we send, replying "STOP" to any SMS, or contacting us at [email protected]. Please allow up to 10 business days for your request to be processed.

5.4 Legal and Compliance Purposes

To comply with applicable laws, regulations, and government requests;
To enforce our Terms of Service and other legal agreements;
To detect, investigate, and prevent fraud, security incidents, and other illegal activities;
To protect the rights, property, and safety of Guzman y Gomez, our customers, and the public;
To respond to legal claims, court orders, and regulatory investigations.

5.5 Analytics and Research

To understand how users interact with our digital platforms and identify areas for improvement;
To perform market research and trend analysis to inform strategic decisions;
To create aggregated, anonymised datasets for reporting purposes (note: anonymised data is not considered personal information).

6. Sharing Your Information With Third Parties

We do not sell your personal information to third parties. However, we may share your information with trusted third parties in the circumstances described below, consistent with Australian Privacy Principle 6.

6.1 Service Providers and Business Partners

We engage third-party service providers to assist us in operating our business. These providers are contractually obligated to handle your information securely and only for the purposes we specify. They include:

Payment processors: To securely process credit and debit card transactions;
Delivery partners: Such as third-party courier services to fulfil delivery orders;
IT and hosting providers: For website hosting, data storage, and cloud infrastructure;
Analytics providers: Such as Google Analytics, to help us understand website usage;
Email and SMS marketing platforms: To send you communications you have consented to receive;
Customer relationship management (CRM) software providers;
Loyalty program administrators;
Market research and survey platforms.

6.2 Related Entities and Franchisees

We may share your information with our related entities, subsidiaries, and franchised restaurant operators where necessary to fulfil your orders, administer loyalty programs, or provide consistent service across our restaurant network.

6.3 Legal and Regulatory Authorities

We may disclose your personal information to law enforcement agencies, courts, regulators, government authorities, or other third parties where we are required or authorised to do so by law, including pursuant to the Privacy Act 1988 (Cth), the Telecommunications (Interception and Access) Act 1979 (Cth), or any other applicable Australian legislation.

6.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or corporate restructure, your personal information may be transferred to the relevant successor entity. We will notify you of any such transfer and ensure that your information continues to be protected in accordance with this Privacy Policy.

6.5 With Your Consent

We may share your information with other third parties where you have given us your explicit consent to do so.

7. International Data Transfers

As a food business operating primarily in Australia, we endeavour to keep your personal information within Australia wherever possible. However, some of our third-party service providers — including cloud hosting platforms, analytics tools, and marketing software — may store or process data in overseas locations, including but not limited to the United States, the European Union, Singapore, and other countries.

Where we transfer personal information overseas, we comply with Australian Privacy Principle 8. Before disclosing your information to an overseas recipient, we take reasonable steps to ensure that the recipient is subject to privacy obligations comparable to those in the Privacy Act 1988 (Cth), or we obtain your consent to the transfer, or another exception under APP 8.2 applies.

We acknowledge that if an overseas recipient handles your personal information in a manner that breaches the APPs, Guzman y Gomez may be accountable under the Privacy Act 1988 (Cth), subject to applicable exceptions.

8. Data Security

We take the security of your personal information seriously. We have implemented appropriate technical and organisational security measures to protect your information against unauthorised access, disclosure, alteration, loss, and destruction.

8.1 Technical Measures

SSL/TLS encryption for data transmission over our website;
Encryption of sensitive data stored in our databases;
Firewalls and intrusion detection systems;
Multi-factor authentication for access to internal systems;
Regular security patching and vulnerability assessments;
Secure payment processing via PCI DSS-compliant third-party processors.

8.2 Organisational Measures

Access controls limiting data access to authorised personnel only;
Staff training on privacy and data security obligations;
Confidentiality agreements with employees and contractors;
Regular internal privacy audits and risk assessments;
Incident response procedures to manage and report data breaches.

8.3 Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify both the Office of the Australian Information Commissioner (OAIC) and the affected individuals as required by law, and as soon as practicable after becoming aware of the breach.

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

9. Cookie Usage

Our website at guzimansgomez.com uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files stored on your device by your web browser.

9.1 Types of Cookies We Use

Essential Cookies: Required for the website to function properly (e.g., maintaining your session when you log in or add items to your cart). These cannot be disabled without affecting site functionality.
Performance and Analytics Cookies: Used to collect anonymous data about how visitors use our website, helping us identify improvements (e.g., Google Analytics).
Functional Cookies: Remember your preferences such as language settings, location, and past orders to personalise your experience.
Marketing and Advertising Cookies: Used to deliver relevant advertisements to you on our website and third-party platforms, and to measure the effectiveness of our marketing campaigns.

9.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete cookies that have already been stored. Please note that disabling certain cookies may affect the functionality of our website and your overall experience.

For more detailed information about how we use cookies, please refer to our full Cookie Policy available on our website.

10. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following general retention guidelines apply:

Category of Information	Retention Period
Account and registration information	Duration of account plus 7 years after account closure
Order and transaction records	7 years (for tax and financial compliance purposes)
Marketing preferences and opt-in records	Until you withdraw consent, plus 3 years
Customer service communications	3 years from date of communication
Website analytics and usage data	26 months (standard Google Analytics retention)
Job applications (unsuccessful)	12 months from date of application
Legal and compliance records	As required by applicable law (minimum 7 years)

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it securely in accordance with Australian Privacy Principle 11.

11. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have a number of rights in relation to your personal information. We are committed to honouring these rights promptly and transparently.

11.1 Right of Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your information within a reasonable period (generally within 30 days), unless an exception under APP 12 applies (for example, where providing access would be unlawful or would have an unreasonable impact on the privacy of another person). In some cases, we may charge a reasonable administrative fee to cover the cost of providing access.

11.2 Right to Correction

If you believe that personal information we hold about you is inaccurate, incomplete, out of date, irrelevant, or misleading, you have the right to request that we correct it. We will take reasonable steps to correct the information within 30 days of receiving your request. If we decline to correct the information, we will provide you with written reasons and information about how to make a complaint.

11.3 Right to Deletion (De-identification)

In certain circumstances, you may request that we delete or de-identify your personal information — for example, if it is no longer needed for the purpose for which it was collected, or if you withdraw your consent and no other legal basis for processing applies. We will assess each request on a case-by-case basis and comply where we are not prevented from doing so by law.

11.4 Right to Withdraw Consent

Where we process your personal information based on your consent (for example, for direct marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.

11.5 Right to Data Portability

While there is currently no statutory right to data portability under the Privacy Act 1988 (Cth) in the same form as the GDPR, we are committed to providing you with a copy of your personal information in a commonly used, machine-readable format upon request where technically feasible.

11.6 Right to Opt Out of Direct Marketing

Under the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth), you have the right to opt out of receiving commercial electronic messages and unsolicited telemarketing calls. You can exercise this right by:

Clicking "unsubscribe" in any marketing email;
Replying "STOP" to any marketing SMS;
Contacting us at [email protected];
Updating your preferences in your online account settings.

11.7 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our Privacy Officer at [email protected]. We may need to verify your identity before processing your request to ensure we are communicating with the correct individual. We will respond to your request within 30 days and will notify you if additional time is required.

12. Children's Privacy

Age Restriction: Our online services, including account registration, loyalty programs, and marketing communications, are intended for individuals who are 18 years of age or older.

We do not knowingly collect personal information from children under the age of 18. If you are under 18, please do not submit any personal information to us through our website or applications. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] and we will take prompt steps to delete that information from our records.

While minors may visit our physical restaurants and access publicly available information on our website, the collection and processing of personal information (including account creation and marketing opt-ins) is restricted to adults aged 18 and over.

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services — including delivery platforms, social media channels, and payment gateways. This Privacy Policy does not apply to those third-party sites and services. We encourage you to review the privacy policies of any third-party platforms before providing them with your personal information. We are not responsible for the privacy practices or content of external websites.

14. Social Media and User-Generated Content

If you interact with us through social media platforms (such as Instagram, Facebook, TikTok, or X), the information you share with us through those platforms is subject to the privacy policies of the respective platform, as well as our own. We may collect publicly available information from social media (such as posts that tag our brand) for marketing and customer engagement purposes.

If you post reviews, comments, or photos on our website or social media pages, please be aware that this information is publicly accessible and may be viewed, shared, or republished by others. We are not responsible for how others use information you make publicly available.

15. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or regulatory requirements. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy;
Post the revised policy on our website at guzimansgomez.com;
Where appropriate, notify you directly via email or through a notice on our website or app.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services following the posting of changes constitutes your acceptance of those changes.

16. How to Make a Privacy Complaint

If you believe that we have handled your personal information in a manner that does not comply with the Privacy Act 1988 (Cth) or this Privacy Policy, we encourage you to contact us in the first instance so we can attempt to resolve your concern directly.

16.1 Internal Complaint Process

To lodge a privacy complaint with Guzman y Gomez, please:

Submit your complaint in writing to our Privacy Officer at [email protected];
Provide your full name, contact details, and a detailed description of your complaint;
Include any relevant correspondence, order numbers, or evidence to support your complaint.

We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days. If the matter is complex, we will keep you informed of our progress.

16.2 External Complaint — Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response to your complaint, or if you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which is the national independent regulator for privacy and freedom of information.

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001
Online Complaint Form: Available at www.oaic.gov.au/privacy/privacy-complaints

The OAIC can investigate your complaint and, if it finds a breach of the Privacy Act, may direct us to take remedial action. There is no cost to you for making a complaint to the OAIC.

17. Applicable Laws and Regulatory Framework

This Privacy Policy is governed by and construed in accordance with the laws of Australia, including but not limited to:

Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
Spam Act 2003 (Cth) — governing commercial electronic messaging;
Do Not Call Register Act 2006 (Cth) — governing unsolicited telemarketing;
Telecommunications (Interception and Access) Act 1979 (Cth);
Competition and Consumer Act 2010 (Cth) — Australian Consumer Law;
State and Territory privacy and health records legislation as applicable.

To the extent that our operations extend to other jurisdictions, we also aim to comply with equivalent data protection obligations in those territories.

18. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal information, please do not hesitate to contact our Privacy Officer using the details below:

Privacy Officer	Guzman y Gomez — Privacy Team
Email	[email protected]
Website	guzimansgomez.com
Postal Address	Guzman y Gomez, Australia

We are committed to working with you to resolve any privacy concerns you may have in a fair, timely, and transparent manner. Your privacy matters to us, and we appreciate your trust in sharing your personal information with Guzman y Gomez.

This Privacy Policy was last reviewed and updated on June 30, 2026. Guzman y Gomez reserves the right to update this policy at any time. The most current version will always be available on our website at guzimansgomez.com.