Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects the personal information of individuals who visit our website at caferiofood.digital, use our online ordering platform, interact with our digital services, or otherwise engage with our business. We are committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful manner consistent with applicable United States federal and state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our website or services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree with this Privacy Policy, please discontinue use of our website and services immediately.

1. Who We Are

Cafe Rio is a food service business operating in the United States. We provide restaurant services, online food ordering, delivery coordination, catering arrangements, and related digital services through our website and digital platforms.

For purposes of this Privacy Policy, Cafe Rio acts as the data controller responsible for the personal information we collect and process about you. Our contact information for privacy-related inquiries is as follows:

2. Applicable Laws and Legal Framework

As a business operating in the United States, our privacy practices are governed by the following applicable laws and regulations:

• California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) — applicable to California residents and their personal information
• Federal Trade Commission Act (FTC Act) — governing unfair or deceptive trade practices, including privacy and data security
• Children's Online Privacy Protection Act (COPPA) — governing the collection of personal information from children under the age of 13
• CAN-SPAM Act — governing commercial email communications
• Electronic Communications Privacy Act (ECPA) — governing electronic communications and data interception
• Other applicable federal and state privacy, consumer protection, and data security laws

We strive to comply with all applicable privacy laws and to uphold best practices in data protection across all states where we operate or serve customers.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our website, services, and business. The categories of information we collect are described below.

3.1 Personal Information You Provide Directly

When you interact with us voluntarily — such as when you create an account, place an order, make a reservation, contact customer support, or sign up for our newsletter — you may provide us with the following personal information:

• Identification Information: Full name, username or display name, and profile photograph (if applicable)
• Contact Information: Email address, telephone number, mailing address, and delivery address
• Account Credentials: Username and encrypted password for account registration
• Payment Information: Credit or debit card numbers, billing address, and other financial information necessary to process transactions. Note that payment card data is processed by our third-party payment processors and we do not store full card numbers on our servers.
• Order Information: Details about food and beverage orders, dietary preferences, special instructions, and order history
• Communications: Messages, feedback, complaints, reviews, and other content you submit to us through contact forms, email, or customer support channels
• Marketing Preferences: Your preferences regarding receiving promotional communications and the types of offers you are interested in
• Catering and Event Information: Details related to catering requests, event dates, guest counts, venue information, and special requirements

3.2 Information Collected Automatically

When you visit our website or use our digital services, we automatically collect certain technical and usage information through cookies, web beacons, pixel tags, and similar tracking technologies. This automatically collected information may include:

• Device Information: Device type, operating system and version, browser type and version, screen resolution, device identifiers (such as IP address and mobile device ID), and hardware configuration
• Log Data: Your IP address, the pages you visited on our website, the date and time of your visit, the referring URL (the page you came from), the duration of your visit, and error logs
• Usage Data: Clickstream data, search queries entered on our website, features and content you interacted with, menu items viewed, and navigation patterns throughout the website
• Location Data: General geographic location derived from your IP address. If you grant permission through your browser or mobile device, we may also collect more precise geolocation data for purposes such as finding nearby restaurant locations.
• Cookie and Tracking Data: Information stored in cookies, including session identifiers, preference settings, and data used for analytics and advertising purposes

3.3 Information from Third Parties

We may also receive personal information about you from third-party sources, including:

• Social Media Platforms: If you connect your social media account (such as Facebook, Google, or Apple) to log in to our website or share your activity, we receive certain profile information from those platforms in accordance with your privacy settings on those services
• Third-Party Delivery Partners: If you place an order through a third-party food delivery platform, we may receive order-related information to fulfill your order
• Analytics Providers: Aggregated or anonymized insights about website performance and user behavior from analytics service providers
• Advertising Networks: Information about your online activity and interests from advertising networks to help us deliver relevant advertisements
• Business Partners: If you participate in joint promotions or partner offers, we may receive information from our partners about your participation
• Publicly Available Sources: Publicly available information such as business directories or social media profiles where relevant to our business operations

4. How We Use Your Information

We use the personal information we collect for specific, legitimate purposes in connection with our food service business. The purposes for which we process your personal information include:

4.1 Providing and Operating Our Services

• Processing and fulfilling your food and beverage orders, including online and in-store purchases
• Managing your account, including account creation, authentication, and maintenance
• Processing payments and managing billing, refunds, and credits
• Coordinating delivery, pickup, and catering arrangements
• Communicating with you about your orders, reservations, and service requests
• Providing customer support, resolving complaints, and responding to inquiries
• Sending transactional communications such as order confirmations, receipts, and delivery updates

4.2 Analytics and Service Improvement

• Analyzing website traffic, user behavior, and usage patterns to understand how our services are used and to improve them
• Conducting research and analysis to develop new products, features, and menu offerings
• Evaluating the performance and effectiveness of our website, applications, and marketing campaigns
• Identifying and resolving technical issues, bugs, and security vulnerabilities
• Generating aggregated and anonymized statistical reports about our business operations

4.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, and special offers about our menu, deals, and events, subject to your marketing preferences and applicable opt-out rights
• Personalizing our website content, recommendations, and advertisements based on your preferences and browsing history
• Delivering targeted advertising through third-party advertising networks, including interest-based advertising
• Administering loyalty programs, contests, sweepstakes, and other promotional activities

4.4 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal obligations
• Responding to lawful requests from governmental authorities, law enforcement agencies, and courts
• Enforcing our Terms of Service, contracts, and other agreements
• Detecting, preventing, and investigating fraud, security incidents, unauthorized access, and other potentially prohibited or illegal activities
• Protecting the rights, property, and safety of Cafe Rio, our customers, employees, and the public

5. Sharing Your Information with Third Parties

We do not sell, rent, or trade your personal information to unaffiliated third parties for their independent marketing purposes without your explicit consent. However, we may share your personal information in the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our business and delivering our services. These service providers are contractually obligated to use your personal information only as necessary to provide services to us and are prohibited from using it for their own independent purposes. Such service providers may include:

• Payment processors and financial institutions for transaction processing
• Food delivery and logistics companies for order fulfillment
• Cloud hosting and infrastructure providers for data storage and processing
• Email service providers and marketing automation platforms for communications
• Analytics companies (such as Google Analytics) for website performance analysis
• Customer relationship management (CRM) software providers
• Advertising networks and social media platforms for targeted advertising
• Fraud detection and cybersecurity service providers

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information to government authorities, regulators, law enforcement agencies, or other third parties when we believe disclosure is necessary or appropriate to:

• Comply with a legal obligation, court order, subpoena, or other lawful government request
• Enforce our Terms of Service or other agreements
• Protect our rights, property, or safety, or those of our customers or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to emergencies where we believe disclosure is necessary to prevent harm

5.3 Business Transfers

In the event of a merger, acquisition, restructuring, sale of all or a portion of our assets, bankruptcy, or other corporate transaction, your personal information may be transferred to the acquiring entity or successor organization. We will notify you of any such transfer and any material changes to this Privacy Policy by posting a notice on our website or sending you an email notification, to the extent required by applicable law.

5.4 With Your Consent

We may share your personal information with third parties for purposes not covered by this Privacy Policy when we have obtained your explicit consent to do so.

5.5 Aggregated and Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, and other purposes. Such data is not considered personal information under applicable law.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver relevant advertising. Cookies are small text files stored on your device when you visit our website.

The types of cookies we use include:

• Essential Cookies: Necessary for the website to function properly, including session management, shopping cart functionality, and security features. These cookies cannot be disabled without affecting website functionality.
• Analytics Cookies: Used to collect information about how visitors use our website, including pages visited, time spent, and error messages, to help us improve website performance.
• Functional Cookies: Used to remember your preferences and settings, such as your language preference, saved items, and location preferences.
• Marketing and Advertising Cookies: Used to track your browsing activity across websites to deliver targeted advertisements relevant to your interests.

You may control cookie settings through your browser settings or our cookie consent management tool. Please note that disabling certain cookies may affect the functionality of our website and services. For detailed information about the specific cookies we use and how to manage them, please refer to our Cookie Policy.

We also participate in third-party advertising networks, including Google Ads and Meta Pixel, which use cookies to deliver interest-based advertisements. You may opt out of interest-based advertising through the Network Advertising Initiative opt-out tool or the Digital Advertising Alliance opt-out tool.

7. Data Security

We take the security of your personal information seriously and implement a range of administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encryption: We use industry-standard SSL/TLS encryption to protect data transmitted between your browser and our servers. Sensitive data such as payment information is encrypted both in transit and at rest.
• Access Controls: We restrict access to personal information to employees, contractors, and service providers who have a legitimate business need to access it. All personnel with access to personal data are subject to confidentiality obligations.
• Secure Payment Processing: Payment card information is processed through PCI-DSS compliant payment processors. We do not store full payment card numbers on our servers.
• Regular Security Assessments: We conduct regular security assessments, vulnerability scanning, and penetration testing to identify and address security weaknesses.
• Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities of security breaches in accordance with applicable law.
• Employee Training: Our employees receive regular training on privacy and data security best practices.

8. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with meaningful control over your personal data.

8.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA and CPRA:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the third parties with whom it has been shared.
• Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions under applicable law.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, click on the "Do Not Sell or Share My Personal Information" link on our website.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to provide the services you request.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of service because you exercised your privacy rights.

To exercise your California privacy rights, please contact us at [email protected] or visit our website at caferiofood.digital. We will verify your identity before processing your request and will respond within 45 days, with the possibility of a 45-day extension where necessary.

8.2 General Privacy Rights Available to All Users

Regardless of your state of residence, we also honor the following general privacy rights for all users:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct or update inaccurate personal information in our records.
• Right to Deletion: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a structured, commonly used, machine-readable format.
• Right to Opt-Out of Marketing: You may opt out of receiving promotional and marketing communications from us at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.
• Right to Withdraw Consent: Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time.

8.3 How to Exercise Your Rights

To exercise any of the privacy rights described in this section, please contact us using the following methods:

• Email: [email protected]
• Website: caferiofood.digital (through our Contact Us page)

To protect your privacy and security, we may require you to verify your identity before we can process your request. We will respond to verifiable consumer requests within the timeframes required by applicable law. We will not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods we apply depend on the type of information and the purpose for which it is held:

After the applicable retention period has expired, we will securely delete or anonymize your personal information in accordance with our data deletion procedures. Where deletion is not immediately possible (for example, because data is stored in backup archives), we will securely store and isolate your personal information until deletion becomes feasible.

10. Children's Privacy

We are committed to protecting the privacy of minors and complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws protecting children's privacy. Our services are not directed to children under the age of 18, and we do not knowingly solicit or collect personal information from children.

If you are a parent or guardian and you believe that your child under the age of 18 has provided personal information to us without your consent, please contact us immediately at [email protected]. Upon receiving notification and verifying the claim, we will take prompt steps to delete such information from our systems and records.

If we discover that we have inadvertently collected personal information from a child under 13 years of age, we will comply with all applicable COPPA requirements, including providing parental notification and obtaining verifiable parental consent or deleting the information as appropriate.

11. International Data Transfers

Cafe Rio is based in the United States, and our primary data processing activities take place within the United States. If you are accessing our website or services from outside the United States, please be aware that your personal information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website and services, you consent to the transfer of your personal information to the United States and acknowledge that such transfer is subject to United States privacy laws, including those described in this Privacy Policy.

We take appropriate measures to ensure that any international transfers of personal data are conducted in compliance with applicable data protection requirements and that your personal information receives an adequate level of protection wherever it is processed. Our third-party service providers are contractually required to maintain appropriate safeguards for personal information they receive from us.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not owned or controlled by Cafe Rio. When you click on a third-party link, you will be directed to that third party's website. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We strongly encourage you to review the privacy policy of every website you visit and every application you use. This Privacy Policy applies only to information collected by Cafe Rio through our website at caferiofood.digital and our direct services. We are not responsible for the privacy practices of third-party websites, even if you reached those websites through a link on our website.

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Our website currently does not respond to DNT signals from web browsers, as there is no universally accepted standard for how websites should respond to such signals.

However, you can control tracking through your browser settings, our cookie consent tool, and the opt-out mechanisms provided by third-party advertising networks as described in the Cookies section of this Privacy Policy. California residents also have the right to opt out of the sale or sharing of personal information under the CCPA/CPRA as described in Section 8 above.

14. Marketing Communications and Opt-Out

We may send you promotional emails, text messages, push notifications, and other marketing communications about our menu, special offers, loyalty programs, events, and new services. We will only send you marketing communications with your consent or where we have a legitimate interest in doing so under applicable law.

You may opt out of receiving marketing communications from us at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email we send you
• Replying "STOP" to any marketing text message we send you
• Adjusting your communication preferences in your account settings on our website
• Contacting us directly at [email protected] and requesting to be removed from our marketing lists

Please note that even if you opt out of marketing communications, we may still send you transactional communications related to your orders, account activity, and important service updates. These communications are necessary for the provision of our services and cannot be opted out of while your account remains active.

15. How to File a Privacy Complaint

If you have concerns about how we handle your personal information, we encourage you to contact us first so that we can address your concerns directly.

To file a privacy complaint with us, please contact us at:

• Email: [email protected]
• Website: caferiofood.digital

We will acknowledge receipt of your complaint within 10 business days and will make every reasonable effort to resolve your concern within 30 business days. If your complaint is complex, we will notify you of the expected timeline for resolution.

15.1 Filing a Complaint with Government Authorities

If you are not satisfied with our response to your privacy complaint, or if you believe we have violated applicable privacy laws, you may file a complaint with the relevant government authority:

• Federal Trade Commission (FTC): The FTC enforces federal consumer protection and privacy laws. You may file a complaint at ftc.gov/complaint or call 1-877-382-4357.
• California Privacy Protection Agency (CPPA): California residents may file complaints with the California Privacy Protection Agency regarding violations of the CCPA/CPRA at cppa.ca.gov.
• California Attorney General: California residents may also report privacy violations to the California Attorney General's office at oag.ca.gov/privacy.
• Your State Attorney General: Residents of other states may contact their respective state Attorney General's office for information about applicable state privacy laws and how to file complaints.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our privacy practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on our website with a new "Last Updated" date
• Send an email notification to registered users where required or appropriate
• Display a prominent notice on our website alerting you to the changes

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

If you disagree with any changes to this Privacy Policy, you should discontinue use of our website and services and may request deletion of your personal information as described in Section 8 of this Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and transparently.

We will make every reasonable effort to respond to your privacy inquiries within 10 business days of receipt. For formal privacy rights requests under the CCPA/CPRA or other applicable laws, we will respond within the legally required timeframes as described in Section 8 of this Privacy Policy.