Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website cafexrio.rest, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal data with transparency and integrity. This Privacy Policy complies with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide customers with dining experiences, online ordering, catering services, and related food and beverage offerings through our physical locations and digital platforms.

For any questions, concerns, or requests relating to your privacy or this policy, please contact us at the details provided above or in the Contact Us section at the bottom of this page.

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we may collect are described below.

2.1 Personal Information You Provide Directly

When you interact with our website, place an order, create an account, sign up for our newsletter, participate in a promotion, or contact us, you may voluntarily provide personal information, including but not limited to:

• Identity Information: Full name, username, or similar identifiers.
• Contact Information: Email address, telephone number, billing address, delivery address, and postal code.
• Account Credentials: Password and security question answers (stored in encrypted form).
• Payment Information: Credit or debit card numbers, billing details, and transaction history. Note: Full payment card details are processed by our third-party payment processors and are not stored on our servers.
• Order Information: Your food preferences, past orders, special dietary requirements, and delivery instructions.
• Communications: Messages, feedback, complaints, and any other information you send to us via email, contact forms, or social media.
• Promotion Entries: Information submitted when you enter a competition, sweepstakes, or promotional campaign.
• Loyalty Program Data: Points balances, redemption history, and program participation records.

2.2 Information Collected Automatically

When you visit our website or use our mobile applications, we automatically collect certain technical and usage data, including:

• Device Information: IP address, device type, operating system, browser type and version, device identifiers, and screen resolution.
• Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, search queries entered on our site, and navigation paths.
• Log Data: Server logs, error logs, timestamps of visits, and access records.
• Location Data: Approximate geographic location derived from your IP address, and precise location data if you grant permission through your browser or mobile device.
• Cookie and Tracking Data: Information collected through cookies, pixel tags, web beacons, and similar tracking technologies. Please see Section 7 for more details.

2.3 Information From Third Parties

We may receive information about you from third-party sources, which we combine with information we already hold about you. These sources may include:

• Social Media Platforms: If you connect your social media account or interact with our social media pages, we may receive profile information consistent with your privacy settings on those platforms.
• Delivery Partners: Third-party food delivery platforms that facilitate orders placed through their apps or websites.
• Analytics Providers: Companies that provide website and app analytics services.
• Advertising Networks: Partners who help us deliver targeted advertising and measure campaign effectiveness.
• Review Platforms: Public reviews and ratings platforms where you may have left feedback about our services.

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as Social Security numbers, government-issued ID numbers, financial account credentials, health information beyond dietary preferences, precise geolocation beyond what is necessary for delivery, or biometric identifiers. If you believe you have inadvertently submitted sensitive information to us, please contact us immediately at [email protected].

3. How We Use Your Information

We use the personal information we collect for a variety of purposes necessary to operate our business, provide our services, and comply with legal obligations. Specifically, we use your information to:

3.1 Service Provision and Order Fulfillment

• Process and fulfill your food orders, including coordinating delivery or in-store pickup.
• Create and manage your customer account.
• Send order confirmations, receipts, and status updates.
• Handle returns, refunds, cancellations, and complaints.
• Provide customer support and respond to your inquiries.
• Administer our loyalty and rewards programs.

3.2 Business Operations and Improvement

• Analyze how customers use our website and services to improve user experience.
• Monitor and improve the performance, security, and functionality of our website and applications.
• Conduct internal research, data analysis, and product development.
• Train our staff and improve our food quality and service standards.
• Maintain business records and internal reporting.

3.3 Marketing and Communications

• Send you promotional emails, newsletters, special offers, and information about new menu items, if you have opted in to receive such communications.
• Personalize your experience and serve relevant content and recommendations based on your order history and preferences.
• Deliver targeted advertisements through our website and third-party advertising networks.
• Conduct customer satisfaction surveys and collect feedback.
• Manage social media interactions and engagement.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly. Opting out of marketing does not affect our ability to send you transactional or service-related messages.

3.4 Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal processes.
• Respond to lawful requests from government authorities and law enforcement.
• Enforce our Terms of Service and other agreements.
• Detect, prevent, and investigate fraud, security incidents, or other potentially illegal or harmful activities.
• Protect the rights, property, and safety of Cafe Rio, our customers, and the public.

4. Sharing Your Information With Third Parties

We do not sell, rent, or trade your personal information to unaffiliated third parties for their own independent marketing purposes without your explicit consent. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to perform services on our behalf, including:

• Payment Processors: Companies such as Stripe, Square, or PayPal that securely process your payment transactions.
• Delivery Partners: Third-party courier and food delivery services that fulfill your orders.
• Cloud Hosting Providers: Infrastructure and data storage providers that host our website and databases.
• Email and Communication Platforms: Services used to send transactional and marketing emails.
• Analytics Providers: Tools such as Google Analytics that help us understand website traffic and user behavior.
• Customer Support Software: Platforms that facilitate our customer service operations.
• Marketing and Advertising Partners: Agencies and networks that help us run promotional campaigns.

All service providers are contractually required to use your information only for the purposes of providing services to us and to maintain appropriate security and confidentiality obligations.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental regulation.
• Protect the rights or property of Cafe Rio.
• Prevent or investigate possible wrongdoing in connection with our services.
• Protect the personal safety of our users, customers, or the general public.
• Protect against legal liability.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website prior to your information becoming subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other third parties when we have your explicit consent to do so, or where you have directed us to share your information as part of a specific service or promotion.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect it from unauthorized access, disclosure, alteration, or destruction.

5.1 Security Measures We Employ

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Stored sensitive data is encrypted at rest.
• Access Controls: Access to personal information is restricted to authorized employees and contractors who need it to perform their job functions. We enforce role-based access controls and require strong authentication.
• Firewalls and Intrusion Detection: We maintain firewalls and network monitoring systems to detect and prevent unauthorized access to our systems.
• Regular Security Audits: We conduct periodic reviews of our data collection, storage, and processing practices, as well as security vulnerability assessments.
• Employee Training: Our team members receive regular training on data protection best practices and security protocols.
• Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a security incident.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

6.1 Rights Available to All Users

• Right to Know / Access: You have the right to request information about the categories and specific pieces of personal data we hold about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions required by law or necessary for legitimate business purposes.
• Right to Opt-Out of Marketing: You may opt out of receiving promotional communications from us at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a different quality of service based solely on your exercise of privacy rights.

6.2 California Residents – CCPA/CPRA Rights

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

• Right to Know (Categories and Specific Pieces): You may request details about the categories of personal information collected, the purposes of collection, and the identity of third parties receiving your data.
• Right to Delete: You may request the deletion of your personal information, subject to legal exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected].
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to what is necessary to provide services.
• Right to Data Portability: You may request a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
• Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's identity and authorization.

To submit a CCPA/CPRA request, please contact us at [email protected]. We will respond to verifiable consumer requests within 45 days, with the possibility of a single 45-day extension where necessary.

6.3 How to Exercise Your Rights

To exercise any of the rights described in this section, please submit a request to us by:

• Email: [email protected]
• Website: cafexrio.rest

We may need to verify your identity before processing your request. Verification may include confirming your email address, account details, or other identifying information we hold on file. We will not fulfill a request if we cannot reasonably verify your identity.

7. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, personalize content, and serve targeted advertisements.

7.1 What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, or smartphone) when you visit a website. They allow the website to recognize your device and remember certain information about your preferences and actions.

7.2 Types of Cookies We Use

7.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive notifications when cookies are set. Please note that disabling certain cookies may affect the functionality of our website.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

California residents may also exercise their right to opt out of the use of cookies for cross-context behavioral advertising by contacting us at [email protected].

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

When personal information is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.

9. Children's Privacy

We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws protecting minors. If you are under 18 years of age, please do not use our website, create an account, or submit any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete such information from our records. If you believe that we may have collected information from or about a minor, please contact us immediately at [email protected].

Parents and guardians who have concerns about their child's use of our services or the potential collection of their child's information are encouraged to contact us directly.

10. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily collected, stored, and processed within the United States. However, some of our third-party service providers may operate in or transfer data to countries outside the United States.

If personal data is transferred internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law. These safeguards may include:

• Entering into standard contractual clauses approved by relevant authorities.
• Ensuring that our service providers maintain adequate data protection standards.
• Using providers who are certified under recognized privacy frameworks.

By using our services, you acknowledge that your information may be processed in the United States or in other jurisdictions where data protection laws may differ from those in your country of residence.

If you are located outside the United States and choose to provide personal information to us, please be aware that your information will be transmitted to and stored in the United States. Your use of our services constitutes your consent to this transfer.

11. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery apps, and other external services. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

We may also integrate third-party tools and widgets on our website, such as social media sharing buttons or embedded maps. These integrations may allow third parties to collect information about your interaction with our website. Please review the respective privacy policies of these third-party services.

12. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. At this time, there is no universally accepted standard for how websites should respond to DNT signals, and our website does not currently respond to DNT browser signals. However, you may manage your cookie preferences and opt out of certain tracking as described in Section 7 of this Privacy Policy.

We will continue to monitor developments in DNT technology and regulatory standards and will update our practices accordingly.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website at cafexrio.rest with a new effective date.
• Sending an email notification to the address associated with your account (for significant changes).
• Displaying a prominent notice on our website homepage.

Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.

If you disagree with any changes to this Privacy Policy, you should stop using our services and, if applicable, close your account and request deletion of your data by contacting us at [email protected].

14. Complaints and Regulatory Authorities

If you have a complaint or concern about how we handle your personal information and you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection or consumer protection authority in your jurisdiction.

14.1 Federal Trade Commission (FTC)

In the United States, the Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and enforcement of privacy-related regulations under the FTC Act. You may file a complaint with the FTC at:

• Website: www.ftc.gov/complaint
• Phone: 1-877-382-4357
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Residents

California residents who believe their CCPA/CPRA rights have been violated may file a complaint with the California Privacy Protection Agency (CPPA):

• Website: cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834

California residents may also contact the California Attorney General's Office:

• Website: oag.ca.gov/privacy/ccpa

14.3 State Attorney General Offices

Residents of other states may contact their respective State Attorney General's office for assistance with privacy-related complaints. Many states have enacted their own consumer privacy laws and have agencies tasked with enforcement.

15. Contact Us

If you have any questions, comments, concerns, or requests relating to this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are committed to addressing your inquiries promptly and transparently.

When contacting us about a privacy matter, please provide sufficient detail to allow us to identify and address your request, including:

• Your full name and email address associated with your account (if applicable).
• A clear description of your request or concern.
• Any relevant reference numbers or order details.

We will acknowledge receipt of your request within 5 business days and aim to provide a substantive response within 30 days. For CCPA/CPRA requests, we will respond within 45 days as required by law.