Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at caferio-delivery.click, place food orders, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act.

Please read this Privacy Policy carefully. By accessing or using our website or services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with this Privacy Policy, please discontinue use of our website and services immediately.

1. About Us and Our Contact Information

Cafe Rio operates as a food delivery and restaurant service in the United States. We take your privacy seriously and have designated a point of contact for all privacy-related inquiries and requests.

For all privacy-related questions, requests, or concerns, please contact us at the email address listed above. We will respond to your inquiry within a reasonable timeframe, and no later than 45 days as required by applicable law.

2. Information We Collect

We collect various categories of personal information depending on how you interact with our website and services. Below is a comprehensive overview of the types of data we collect.

2.1 Personal Identification Information

When you create an account, place a food order, make a reservation, or contact our customer support team, we may collect the following personal identification data:

• Full name — to identify you and personalize your experience
• Email address — for order confirmations, account management, and marketing communications (where consented)
• Phone number — for delivery coordination and customer service purposes
• Delivery address and billing address — to process and fulfill your food orders
• Date of birth — where required for age verification purposes
• Username and password — to secure your account
• Profile photo — if voluntarily uploaded to your account

2.2 Payment and Financial Information

When you make a purchase through our platform, we collect payment-related information necessary to process your transaction. This includes:

• Credit card or debit card details (collected and processed by our PCI-DSS compliant payment processors)
• Digital wallet information (such as Apple Pay or Google Pay)
• Billing address associated with your payment method
• Transaction history and order receipts

Please note that we do not store full payment card numbers on our servers. All payment processing is handled by trusted, industry-standard third-party payment processors, and only tokenized or encrypted payment references are retained by us.

2.3 Order and Transaction Data

We collect information about your food orders and transactions with us, including:

• Items ordered, customizations, and dietary preferences
• Order history and frequency of purchases
• Special instructions provided at the time of ordering
• Delivery time preferences and order status communications
• Promotional codes and discount vouchers used

2.4 Usage Data and Website Interaction Information

We automatically collect certain information about your interactions with our website, including:

• Pages visited, time spent on each page, and navigation paths through our website
• Search queries entered on our website
• Links clicked and features utilized
• Date and time of your visits
• Referral source (how you arrived at our website, e.g., a search engine or another website)
• Shopping cart activity and abandoned cart information

2.5 Device and Technical Information

We collect technical information about the device you use to access our website, including:

• IP address and approximate geographic location derived from your IP address
• Browser type and version
• Operating system and version
• Device type (desktop, tablet, mobile phone)
• Screen resolution and display settings
• Unique device identifiers
• Mobile network information (where applicable)

2.6 Cookie and Tracking Technology Data

Our website uses cookies and similar tracking technologies to collect data about your browsing behavior and preferences. The data collected through cookies may include session identifiers, user preferences, language settings, and advertising identifiers. Please refer to Section 8 of this Privacy Policy for more detailed information on our cookie practices.

2.7 Communications and Feedback

When you communicate with us through email, contact forms, live chat, or social media, we collect the content of those communications as well as your contact details. If you submit a review, rating, or feedback about our food or services, we collect that information as well.

2.8 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms if you choose to connect your social account to our services
• Analytics providers who help us understand how our website is used
• Advertising partners who help us deliver relevant marketing messages
• Fraud prevention and security services
• Third-party food delivery platforms that may process orders on our behalf

3. How We Use Your Information

We use the personal information we collect for the following purposes, relying on appropriate legal bases as required under applicable law:

3.1 Service Provision and Order Fulfillment

• To process and fulfill your food orders, including preparation, packaging, and delivery coordination
• To create and manage your customer account
• To send order confirmations, delivery updates, and receipts
• To handle returns, refunds, or complaints related to your orders
• To verify your identity and prevent unauthorized access to your account

3.2 Customer Service and Support

• To respond to your inquiries, questions, and support requests
• To resolve disputes related to your orders or account
• To communicate with you about changes to our menu, services, or policies

3.3 Personalization and User Experience

• To remember your preferences, dietary requirements, and favorite menu items
• To provide personalized menu recommendations based on your order history
• To customize the content and layout of our website to better suit your needs
• To save your delivery addresses and payment methods for a faster checkout experience

3.4 Marketing and Promotional Communications

• To send you promotional emails, newsletters, special offers, and exclusive discounts (where you have given your consent or where permitted by applicable law)
• To conduct targeted advertising campaigns on social media platforms and search engines
• To notify you about loyalty programs, reward points, and seasonal promotions
• To measure the effectiveness of our marketing campaigns

You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly at [email protected]. Opting out of marketing communications will not affect your receipt of transactional or service-related communications.

3.5 Analytics and Website Improvement

• To analyze website traffic, usage patterns, and user behavior to improve our website's functionality and user experience
• To monitor and address technical issues and bugs
• To conduct market research and understand customer preferences and trends
• To develop new menu items and services based on customer feedback and data insights

3.6 Legal Compliance and Security

• To comply with applicable federal, state, and local laws and regulations
• To prevent, detect, and investigate fraud, security breaches, and other potentially illegal or prohibited activities
• To enforce our Terms of Service and other applicable agreements
• To protect the rights, property, and safety of Cafe Rio, our customers, and the public
• To respond to lawful requests from government authorities, courts, or law enforcement agencies

4. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who perform services on our behalf and who are contractually required to handle your data securely and only for the purposes for which it was shared. These service providers include:

• Payment processors — to securely handle your payment transactions
• Delivery partners — to fulfill and coordinate food delivery to your address
• Cloud hosting providers — to store and manage our website and database infrastructure
• Email and SMS communication platforms — to send order confirmations, updates, and marketing messages
• Analytics providers (such as Google Analytics) — to help us understand how our website is used
• Customer support software providers — to manage customer service interactions
• Fraud prevention and identity verification services — to protect against unauthorized transactions
• Advertising and marketing platforms — to deliver targeted advertising and measure campaign performance

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request
• Enforce or apply our Terms of Service and other agreements
• Protect against fraud, security threats, or violations of law
• Protect the vital interests of any person
• Comply with our obligations under the FTC Act and other applicable federal or state consumer protection regulations

4.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a substantial portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website of any such change in ownership and any choices you may have regarding your personal information.

4.4 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes. This type of information is not subject to the restrictions in this Privacy Policy.

5. Data Security Measures

The security of your personal information is of the utmost importance to us. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction.

5.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols.
• Data Encryption at Rest: Sensitive personal and financial information stored in our databases is encrypted at rest.
• Secure Payment Processing: We use PCI-DSS compliant third-party payment processors. We do not store raw payment card data on our servers.
• Firewalls and Intrusion Detection: We deploy firewalls and intrusion detection systems to protect our network infrastructure.
• Multi-Factor Authentication: We apply multi-factor authentication measures for internal access to systems containing personal data.

5.2 Administrative Safeguards

• We limit access to personal information to employees, contractors, and agents who have a legitimate business need to access such information.
• All personnel with access to personal data are bound by confidentiality obligations and receive training on data privacy and security practices.
• We conduct regular audits and assessments of our data handling practices and security controls.

5.3 Incident Response

In the event of a data security incident or breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law, including applicable state data breach notification laws. We maintain an incident response plan to ensure timely and effective action in the event of a security breach.

6. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights as required by applicable law, including the California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA), as well as privacy laws in other states.

6.1 Right to Know and Access

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the purposes for which we use it, and the categories of third parties with whom we share it.

6.2 Right to Correction

You have the right to request that we correct any inaccurate personal information we hold about you. We will use reasonable efforts to correct the information promptly upon receipt of a verified request.

6.3 Right to Deletion

You have the right to request that we delete the personal information we have collected about you. Please note that certain exceptions apply, and we may retain your information where we are legally required or permitted to do so, such as to comply with legal obligations, complete transactions, detect security incidents, or exercise our legal rights.

6.4 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA and other applicable state laws, you have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, please contact us at [email protected] with the subject line "Opt-Out Request."

6.5 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another entity.

6.6 Right to Limit Use of Sensitive Personal Information

Under the CPRA, if we collect sensitive personal information (such as precise geolocation data, health-related information, or financial account details), you have the right to limit our use of that information to purposes strictly necessary for providing the services you have requested.

6.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service based solely on your exercise of privacy rights as permitted by law.

6.8 How to Exercise Your Rights

To exercise any of the rights described in this section, please submit a request to us by:

• Email: [email protected] with the subject line "Privacy Rights Request"

We may need to verify your identity before processing your request. We will respond to your verified request within 45 days. If we require additional time, we will notify you of the extension and the reason for it. You may designate an authorized agent to submit requests on your behalf, provided you supply written authorization for the agent to act on your behalf.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods we apply vary depending on the type of information and the purpose for which it was collected:

When the applicable retention period expires, or when personal information is no longer required for its original purpose and there is no legal basis for continued retention, we will securely delete, destroy, or anonymize the information in accordance with our data disposal procedures.

8. Cookie Policy

Our website uses cookies and similar tracking technologies, including web beacons, pixel tags, and local storage objects, to enhance your browsing experience, remember your preferences, analyze website performance, and deliver relevant advertising.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for our website to function properly and cannot be disabled. They include cookies for login sessions, shopping cart functionality, and security features.
• Performance and Analytics Cookies: These cookies collect anonymous information about how visitors use our website, including which pages are visited most often and any error messages encountered. We use this data to improve our website's performance and user experience.
• Functionality Cookies: These cookies allow our website to remember choices you make (such as your preferred language, delivery address, or saved items) and provide enhanced, personalized features.
• Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns.

8.2 Managing Your Cookie Preferences

You can manage your cookie preferences in several ways:

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to block cookies or to alert you when cookies are being sent. Please note that blocking all cookies may affect the functionality of our website.
• Cookie Consent Tool: When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies.
• Opt-Out Tools: For targeted advertising cookies, you can use tools provided by the Digital Advertising Alliance (DAA) at www.aboutads.info/choices/ or the Network Advertising Initiative (NAI) at www.networkadvertising.org/choices/.

For more detailed information about the specific cookies we use, their purposes, and their expiration periods, please refer to our full Cookie Policy, which is available on our website.

9. Children's Privacy

We do not knowingly collect, solicit, or use personal information from children under the age of 18. Our services, including food ordering and delivery, are designed for adult consumers. If you are under 18 years of age, you are not permitted to use our website or services, and you should not submit any personal information to us.

If we become aware or have reason to believe that we have inadvertently collected personal information from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

Our practices are consistent with the Children's Online Privacy Protection Act (COPPA) and we comply fully with its requirements.

10. International Data Transfers

Cafe Rio is based in the United States, and the personal information we collect is primarily processed and stored within the United States. However, in the course of operating our business, your personal information may be transferred to, stored, or processed in other countries where our service providers, partners, or servers are located.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information, including:

• Entering into data processing agreements with our service providers that include appropriate contractual clauses and data protection requirements
• Ensuring that third-party recipients of your data are bound by data protection obligations equivalent to those applicable in the United States
• Using service providers who have implemented appropriate technical and organizational security measures

By using our website and services, you acknowledge and consent to the transfer of your personal information to countries outside your country of residence, including the United States, which may have different data protection rules than those of your country. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which came into full effect on January 1, 2023. These rights include those described in Section 6 of this Privacy Policy, as well as the following additional rights and disclosures specific to California residents:

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA:

11.2 "Do Not Track" Signals

Our website does not currently respond to "Do Not Track" (DNT) signals from web browsers. However, you can manage your tracking preferences through our cookie consent tool and the opt-out mechanisms described in Section 8 of this Privacy Policy.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not owned or operated by Cafe Rio. When you click on such links and leave our website, this Privacy Policy no longer applies. We are not responsible for the privacy practices of third-party websites and encourage you to review the privacy policies of any website you visit.

Similarly, our website may include social media sharing buttons or plugins from platforms such as Facebook, Instagram, Twitter, or others. Your use of these features is governed by the privacy policies of the respective social media platforms, not by this Privacy Policy.

13. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will:

• Update the "Effective Date" and "Last Updated" date at the top of this page
• Post a prominent notice on our website informing you of the changes
• Send you an email notification if the changes are significant and you have provided us with your email address

Your continued use of our website and services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

14. How to File a Complaint

If you believe that we have violated your privacy rights or have handled your personal information in a manner inconsistent with this Privacy Policy, we encourage you to first contact us directly so that we can try to resolve your concern.

To submit a privacy complaint or inquiry, please contact us at:

• Email: [email protected]
• Subject Line: Privacy Complaint

We will acknowledge receipt of your complaint promptly and will conduct a thorough investigation, aiming to provide a substantive response within 30 days of receiving your complaint.

14.1 Filing a Complaint with a Regulatory Authority

If you are a California resident and are not satisfied with our response to your privacy complaint, you have the right to file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

• California Privacy Protection Agency (CPPA): cppa.ca.gov
• California Attorney General's Office: oag.ca.gov/privacy/ccpa

If you are a resident of another US state with enacted comprehensive privacy legislation (such as Virginia, Colorado, Connecticut, Utah, or Texas), you may have the right to appeal our decision regarding your privacy rights request or file a complaint with the relevant state authority. Please refer to the applicable state authority's website for guidance on how to submit such a complaint.

For federal-level consumer protection complaints related to unfair or deceptive trade practices, you may also contact the Federal Trade Commission (FTC):

• Federal Trade Commission (FTC): www.ftc.gov or call 1-877-FTC-HELP (1-877-382-4357)

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us. We are committed to addressing your inquiries in a timely and professional manner.

We aim to respond to all privacy-related inquiries within 10 business days, and we will always endeavor to resolve any concerns promptly and fairly. Your trust is important to us, and we are dedicated to maintaining the highest standards of privacy and data protection in all aspects of our business operations.