Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at cafessrio.rest, place orders online, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and ensuring that your personal information is handled responsibly and in accordance with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act.

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or otherwise engaging with Cafe Rio, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this Privacy Policy, please discontinue your use of our website and services immediately.

If you have any questions about this Privacy Policy, you may contact us at any time using the contact information provided at the end of this document.

1. About Us

Cafe Rio is a food service establishment dedicated to providing fresh, high-quality meals and an exceptional dining experience to our customers. We operate both a physical dining location and an online platform that allows customers to browse our menu, place orders, make reservations, and interact with our brand.

2. Information We Collect

We collect various types of information in connection with your interactions with Cafe Rio. The categories of personal information we may collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or contact us directly, we may collect information that personally identifies you, including:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (where required for age verification or promotional purposes)
• Username and password for account access

2.2 Payment and Transaction Information

When you place an order or complete a purchase through our website, we collect payment-related information necessary to process your transaction. This may include:

• Credit card or debit card details (processed securely through third-party payment processors)
• Billing address
• Order history and transaction records
• Purchase preferences and spending patterns

Please note that Cafe Rio does not store your full payment card numbers. All payment processing is conducted through secure, PCI-DSS compliant third-party processors.

2.3 Usage and Behavioral Data

We automatically collect certain data about how you interact with our website. This usage data helps us understand user behavior, improve our services, and enhance your overall experience. This information may include:

• Pages visited on our website
• Date and time of your visits
• Time spent on each page
• Links clicked and features used
• Search queries entered on our site
• Referring website or source that led you to our site
• Bounce rates and navigation paths

2.4 Device and Technical Information

When you access our website, our servers and analytics tools automatically collect technical information about your device and internet connection, including:

• IP address
• Browser type and version
• Operating system and platform
• Device type (desktop, tablet, mobile)
• Screen resolution and language settings
• Unique device identifiers
• Cookie identifiers and similar tracking technologies

2.5 Location Data

With your permission, or based on your IP address, we may collect general or precise location data to facilitate delivery services, show relevant menu options, or connect you to the nearest Cafe Rio location. You may disable location sharing in your browser or device settings at any time.

2.6 Communication and Feedback Data

When you communicate with us via email, contact forms, customer service chats, or social media, we collect the contents of those communications along with any personal details you voluntarily provide. This includes:

• Customer service inquiries and complaints
• Feedback and reviews submitted through our website
• Responses to surveys and questionnaires
• Social media interactions and messages

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. For a detailed explanation of the cookies we use and how to manage them, please refer to Section 7 of this Privacy Policy.

2.8 Information from Third Parties

We may receive personal information about you from third-party sources, including:

• Social media platforms when you choose to connect your account or log in via a third-party service
• Delivery partners and food ordering platforms
• Marketing partners and data analytics providers
• Payment processors and fraud detection services

3. How We Use Your Information

Cafe Rio uses the personal information we collect for a variety of legitimate business purposes. We will only process your data where we have a lawful basis to do so. The primary purposes for which we use your information include:

3.1 Providing and Managing Our Services

• Processing your food orders, deliveries, and reservations
• Creating and managing your customer account
• Sending order confirmations, receipts, and delivery updates
• Responding to your customer service inquiries and complaints
• Facilitating payment processing and fraud prevention

3.2 Improving Our Website and Services

• Analyzing website traffic and user behavior to optimize performance
• Conducting internal research and development
• Testing new features, menu items, and promotional offers
• Monitoring for technical errors and resolving system issues
• Generating aggregated, anonymized statistical reports

3.3 Marketing and Promotional Communications

With your consent, or where permitted under applicable law, we may use your contact information to:

• Send promotional emails, newsletters, and special offers
• Notify you about new menu items, seasonal specials, and events
• Deliver personalized recommendations based on your order history
• Administer loyalty programs and reward points
• Display targeted advertisements on third-party platforms

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected].

3.4 Legal Compliance and Business Operations

• Complying with applicable federal and state laws and regulations
• Responding to lawful requests from government authorities or law enforcement
• Enforcing our Terms of Service and other agreements
• Protecting the rights, safety, and property of Cafe Rio, our employees, and our customers
• Detecting, investigating, and preventing fraudulent or unauthorized activity

4. Sharing Your Information with Third Parties

Cafe Rio does not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted partners and service providers under the circumstances described below:

4.1 Service Providers and Business Partners

We engage third-party companies and individuals to assist us in operating our website and delivering our services. These service providers are granted access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:

• Payment processors and billing services
• Food delivery and logistics partners
• Website hosting and cloud infrastructure providers
• Email and marketing automation platforms
• Customer relationship management (CRM) software providers
• Analytics and data intelligence services (e.g., Google Analytics)
• Cybersecurity and fraud prevention services

4.2 Legal and Regulatory Disclosures

We may disclose your personal information when required by law or in good-faith belief that such disclosure is necessary to:

• Comply with applicable laws, regulations, court orders, or subpoenas
• Respond to lawful requests from government agencies, including law enforcement
• Protect the rights, property, or safety of Cafe Rio, our customers, or the public
• Investigate potential violations of our Terms of Service

4.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, sale of assets, reorganization, or similar business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.

4.4 Advertising and Analytics Partners

We may share aggregated, de-identified, or pseudonymous data with advertising networks and analytics partners to improve our marketing efforts and understand our audience better. This data cannot reasonably be used to identify you personally.

4.5 With Your Consent

We may share your personal information with other third parties when you have given us your explicit consent to do so, or when you request that we facilitate such sharing.

5. Data Security

Cafe Rio takes the security of your personal information seriously. We implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

5.1 Technical Safeguards

• Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted between your browser and our website
• Encrypted storage of sensitive data, including passwords (hashed and salted)
• Firewalls, intrusion detection systems, and access controls
• Regular vulnerability assessments and penetration testing
• PCI-DSS compliant payment processing systems

5.2 Administrative Safeguards

• Strict access controls limiting employee access to personal data on a need-to-know basis
• Regular staff training on data privacy and security best practices
• Contractual data protection obligations with all third-party service providers
• Documented data breach response procedures

5.3 Physical Safeguards

• Secured server facilities with restricted physical access
• Locked cabinets and physical access controls for any paper-based records

Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you in accordance with applicable law.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required or permitted by applicable law. Our general data retention periods are as follows:

When personal information is no longer required, we will securely delete or anonymize it in accordance with our internal data retention policies and applicable legal obligations.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, understand how our website is used, and deliver relevant content and advertising.

7.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They help websites remember your preferences, login status, and browsing history. Cookies can be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain on your device for a specified period).

7.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the basic functioning of our website, including maintaining your shopping cart and processing orders.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website, allowing us to improve performance and user experience (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings, such as language selection and saved delivery addresses.
• Marketing and Advertising Cookies: Used to deliver targeted advertisements and measure the effectiveness of our marketing campaigns.

7.3 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some of its features.

For more detailed information about the specific cookies we use and how to manage them, please refer to our full Cookie Policy, available on our website.

8. Children's Privacy

Cafe Rio's website and online services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA), or from individuals under 18 without verifiable parental consent.

If you are under 18 years of age, you are not permitted to use our website, create an account, or provide any personal information to us without the consent and supervision of a parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our records. If you believe that we may have collected information from a child without proper consent, please contact us immediately at [email protected].

9. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights and providing you with the mechanisms to exercise them.

9.1 Rights for All Users

Regardless of where you reside in the United States, you have the following general rights:

• Right to Know: You have the right to know what personal information we collect, use, share, and retain about you.
• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: If your personal information is inaccurate or incomplete, you have the right to request that we correct it.
• Right to Deletion: You may request that we delete the personal information we have collected about you, subject to certain exceptions.
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time.

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

• Right to Know (Detailed): The right to know the categories and specific pieces of personal information collected, the purposes of collection, and the categories of third parties with whom it is shared.
• Right to Delete: The right to request deletion of personal information we have collected from you, with certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information to specific permitted purposes.
• Right to Data Portability: The right to receive your personal information in a portable, readily usable format.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a lower quality of service because you exercised your privacy rights.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us using one of the following methods:

• Email: [email protected] (subject line: "Privacy Rights Request")
• Website: cafessrio.rest

We will respond to your request within 45 days of receipt. If we require additional time to process your request (up to an additional 45 days), we will notify you of the extension and the reason for the delay. We may need to verify your identity before processing your request to protect your privacy and prevent unauthorized access.

You may designate an authorized agent to submit a privacy request on your behalf. The authorized agent must provide written proof of authorization, and we may require you to verify your identity directly with us.

10. International Data Transfers

Cafe Rio is based in the United States and primarily serves customers within the United States. However, some of our third-party service providers may be located in other countries and may process your personal information outside of the United States.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your data in accordance with applicable law. These safeguards may include:

• Data processing agreements with service providers that include appropriate data protection clauses
• Ensuring that recipient countries provide an adequate level of data protection
• Implementing contractual protections for international data transfers

By using our website and services, you understand and consent to the transfer of your personal information to countries outside of your country of residence, where privacy laws may differ from those in your jurisdiction.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Cafe Rio. These links are provided for your convenience and informational purposes only. We do not endorse, and are not responsible for, the privacy practices or content of any third-party websites.

When you click on a third-party link and leave our website, your interactions are governed by that third party's privacy policy, not ours. We strongly encourage you to review the privacy policies of any third-party websites you visit before providing any personal information to them.

This includes, but is not limited to:

• Social media platforms (e.g., Facebook, Instagram, Twitter/X)
• Food delivery platforms and aggregators
• Payment processing portals
• Review platforms (e.g., Yelp, Google Reviews)

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you prefer not to have your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals, and our website does not currently alter its behavior in response to DNT signals.

However, you can manage your tracking preferences through your browser settings and by managing cookies as described in Section 7 of this Privacy Policy. We also honor opt-out requests for marketing communications as described in Section 3.3.

13. Changes to This Privacy Policy

Cafe Rio reserves the right to update, modify, or replace this Privacy Policy at any time. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website with a revised "Last Updated" date
• Sending an email notification to the address associated with your account (for significant changes)
• Displaying a prominent notice on our website homepage

Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

If you do not agree to the revised Privacy Policy, you should discontinue use of our website and services and contact us to request deletion of your personal information.

14. Filing a Complaint with a Data Protection Authority

If you believe that Cafe Rio has violated your privacy rights and we have not adequately addressed your concerns, you have the right to file a complaint with the appropriate regulatory authority.

14.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

• California Privacy Protection Agency: cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy

14.2 All United States Residents

All U.S. consumers may file a complaint with the Federal Trade Commission (FTC), which enforces consumer protection laws including those related to privacy and data security:

• FTC Complaint Center: reportfraud.ftc.gov
• FTC Online: ftc.gov/privacy

We encourage you to contact us first at [email protected] so that we may have the opportunity to resolve your concerns directly before you file a formal complaint.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and transparently.

When contacting us regarding a privacy request, please include the following information to help us process your inquiry efficiently:

• Your full name
• Your email address or account information
• A description of your request or concern
• The type of right you wish to exercise (if applicable)

We will make every effort to respond to your inquiry within 45 business days. Complex requests may require additional time, and we will notify you accordingly.