Privacy Policy

This Privacy Policy explains how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at caferio-pizza.click, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to the terms described herein.

We are committed to protecting your privacy and handling your personal information in a transparent, responsible manner in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act) governing unfair or deceptive practices in commerce.

1. About Us

Cafe Rio is a food service business operating in the United States. We provide online ordering, delivery, and in-store dining services through our website and related digital platforms.

For all privacy-related inquiries, requests, or complaints, please contact us using the information provided above or refer to the Contact Us section at the end of this policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

• Our website at caferio-pizza.click
• Online ordering platforms and mobile-compatible interfaces
• Email communications and customer support interactions
• Promotional campaigns, loyalty programs, and newsletters
• Third-party platforms that link to or integrate with our services
• Offline interactions such as in-store purchases and phone orders

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit independently of our website.

3. Information We Collect

We collect various categories of personal information depending on how you interact with Cafe Rio. The types of data we collect include, but are not limited to, the following:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (for age verification or promotional purposes)
• Username and password (for account creation)

3.2 Payment and Financial Information

When you make a purchase, we collect billing information necessary to process your transaction, including:

• Credit or debit card details (processed through secure third-party payment processors)
• Billing address
• Transaction history and order records

3.3 Usage and Behavioral Data

As you navigate our website, we automatically collect certain usage information, including:

• Pages visited and time spent on each page
• Links clicked and features used
• Items added to cart and order history
• Search queries entered on our website
• Referring website URLs and exit pages
• Session duration and frequency of visits

3.4 Device and Technical Information

We collect technical information about the devices you use to access our services, including:

• IP address
• Browser type and version
• Operating system and device type
• Screen resolution
• Device identifiers and advertising IDs
• Geographic location data (derived from IP address or, with your consent, GPS location)
• Time zone and language settings

3.5 Communications Data

When you contact our customer support team, participate in surveys, or submit feedback, we may collect:

• Content of your messages, emails, or chat interactions
• Phone call records (where permitted by law)
• Survey responses and feedback submissions
• Social media handles or messages sent to our social media accounts

3.6 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing behavior on our website. Please refer to Section 9 of this policy for detailed information on our use of cookies and your opt-out options.

3.7 Loyalty Program and Promotional Data

If you participate in our loyalty or rewards program, we collect information related to your participation, including:

• Points earned and redeemed
• Reward preferences and redemption history
• Participation in promotional campaigns
• Referral information

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your data to:

4.1 Service Provision and Order Fulfillment

• Process and fulfill your food orders, whether placed online or via other channels
• Arrange delivery or pickup services as requested
• Send order confirmations, receipts, and delivery updates via email or SMS
• Manage your account and maintain accurate records of your preferences
• Provide customer support and respond to inquiries or complaints

4.2 Analytics and Service Improvement

• Analyze website traffic and user behavior to improve our website's functionality and user experience
• Understand which menu items, promotions, and features are most popular
• Conduct internal research and develop new products and services
• Monitor and prevent technical issues, fraud, and security vulnerabilities
• Perform quality assurance and testing

4.3 Marketing and Promotional Communications

• Send you marketing emails, promotional offers, and newsletters if you have opted in to receive them
• Personalize promotional content based on your order history and preferences
• Notify you of special deals, seasonal promotions, and loyalty rewards
• Conduct targeted advertising campaigns through third-party platforms (e.g., Google, Meta/Facebook)
• Display personalized advertisements based on your browsing and purchase behavior

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected].

4.4 Legal Compliance and Safety

• Comply with applicable federal and state laws and regulations
• Respond to lawful requests from law enforcement or government authorities
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of Cafe Rio, our customers, and the public
• Investigate and prevent fraudulent transactions and unauthorized access

4.5 Business Operations

• Manage our internal business operations, including accounting, auditing, and record-keeping
• Facilitate business transactions such as mergers, acquisitions, or asset sales
• Train staff and improve service delivery standards

5. How We Share Your Information

We do not sell your personal information to third parties for their own independent marketing purposes. However, we may share your personal information in the following circumstances:

5.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These providers are contractually obligated to handle your data only in accordance with our instructions and in compliance with applicable privacy laws. Categories of service providers include:

• Payment processors: Companies that process credit card transactions and payments on our behalf
• Delivery and logistics partners: Third-party delivery services that fulfill your orders
• Cloud hosting providers: Companies that host our website and data infrastructure
• Analytics platforms: Services such as Google Analytics that help us understand website usage
• Email marketing services: Platforms used to send promotional emails and communications
• Customer support tools: CRM and helpdesk software providers
• Advertising networks: Platforms used to deliver targeted advertising

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation, subpoena, court order, or governmental request
• Protect and defend the rights or property of Cafe Rio
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users of our services or the general public
• Protect against legal liability

5.3 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any such change in ownership or use of your personal information, as well as any choices you may have regarding your information.

5.4 With Your Consent

We may share your information with third parties for purposes not listed above when we have obtained your explicit prior consent to do so.

6. Data Security

Cafe Rio takes the security of your personal information seriously. We have implemented a range of technical, administrative, and physical security measures designed to protect your personal data from unauthorized access, disclosure, alteration, and destruction.

6.1 Technical Safeguards

• SSL/TLS encryption for all data transmitted between your browser and our website
• Secure storage of sensitive data using industry-standard encryption protocols
• Firewalls and intrusion detection systems to protect our servers
• Regular security patches and software updates
• Multi-factor authentication for administrative access to our systems

6.2 Administrative Safeguards

• Strict access controls limiting employee access to personal data on a need-to-know basis
• Regular staff training on data protection and privacy practices
• Confidentiality agreements with employees and contractors who handle personal data
• Regular audits and reviews of our data handling practices

6.3 Limitation of Liability

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

7.2 Rights for All U.S. Residents

Regardless of your state of residence, we offer all users the following options:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Opt-out of marketing: Unsubscribe from promotional communications at any time
• Cookie preferences: Manage your cookie settings through our cookie consent tool

7.3 How to Exercise Your Rights

To exercise any of the rights described above, you may contact us through any of the following methods:

• Email: [email protected]
• Website: caferio-pizza.click

We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time, we will inform you of the reason and the extension period (up to an additional 45 days). We may need to verify your identity before processing your request to protect against fraudulent submissions.

7.4 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. To do so, the authorized agent must provide proof of written authorization from the consumer, and we may require the consumer to directly verify their identity with us.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods vary depending on the type of data:

When personal information is no longer needed for the stated purposes, we will securely delete, destroy, or anonymize it in accordance with our data destruction procedures.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze traffic, and deliver personalized content and advertisements. Cookies are small text files stored on your device when you visit our website.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our website, such as session management and shopping cart functionality. These cannot be disabled.
• Performance and Analytics Cookies: Collect information about how visitors use our website (e.g., Google Analytics) to help us improve performance.
• Functional Cookies: Remember your preferences, such as language settings and saved addresses, to provide a personalized experience.
• Marketing and Advertising Cookies: Used to deliver relevant advertisements across websites and to track the effectiveness of our campaigns.

9.2 Managing Your Cookie Preferences

You can manage or disable cookies through:

• Your browser settings (consult your browser's help documentation)
• Our cookie consent banner displayed on your first visit to our website
• Opt-out tools provided by advertising networks, such as the Network Advertising Initiative opt-out page
• The Digital Advertising Alliance's opt-out tool at optout.aboutads.info

Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, such as placing orders or logging in to your account.

For more detailed information about the specific cookies we use and their respective lifespans, please refer to our full Cookie Policy, available on our website at caferio-pizza.click.

10. Children's Privacy

Cafe Rio does not direct its services to minors, and we do not knowingly collect, use, or disclose personal information from individuals under the age of 18. Our website is not designed or intended for use by children.

If you are a parent or guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our records.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. As we do not target users under 18, we implement appropriate measures to prevent the collection of data from underage users.

11. International Data Transfers

Cafe Rio is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. However, in the course of providing our services, some of your personal information may be transferred to, stored, or processed in countries outside of the United States where our service providers operate.

By using our services, you acknowledge and consent to the transfer of your personal information to the United States and potentially to other countries, which may have different data protection laws than your country of residence.

When we transfer personal data internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law, including:

• Entering into data processing agreements with third-party service providers that include standard contractual clauses or equivalent protections
• Ensuring that third-party providers maintain adequate security standards comparable to those required under U.S. law
• Limiting international data transfers to what is strictly necessary for the provision of services

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how companies should respond to DNT signals. As such, our website does not currently respond to DNT signals from browsers.

However, you can use the cookie management tools described in Section 9 of this policy to limit tracking on our website. We will continue to monitor developments in this area and update our practices as standards emerge.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, and services that are not operated by Cafe Rio. These third-party sites have their own privacy policies, which we strongly encourage you to review. We have no control over and assume no responsibility for the content, privacy practices, or security of any third-party sites or services.

Common third-party integrations that may be present on our website include:

• Social media sharing buttons (e.g., Facebook, Instagram, Twitter/X)
• Online review platforms (e.g., Google Reviews, Yelp)
• Third-party delivery platforms
• Payment processing services
• Online mapping and location services (e.g., Google Maps)

14. FTC Act Compliance and Deceptive Practices

Cafe Rio is committed to complying with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive acts or practices in or affecting commerce. We adhere to the FTC's guidelines on privacy, data security, and online advertising, including:

• Providing clear and conspicuous disclosure of our data collection and use practices
• Honoring the promises and representations made in this Privacy Policy
• Implementing reasonable security measures to protect consumer data
• Complying with the CAN-SPAM Act for commercial email communications
• Complying with the Telephone Consumer Protection Act (TCPA) for SMS marketing communications
• Adhering to FTC endorsement and testimonial guidelines in marketing materials

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on our website at caferio-pizza.click
• Send an email notification to registered users where required by law or where we deem appropriate given the significance of the change
• Display a prominent notice on our website for a period of at least 30 days following any material changes

Your continued use of our website or services after the effective date of the revised policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue your use of our services and, if applicable, close your account.

16. Filing a Complaint with a Data Protection Authority

If you are not satisfied with our response to your privacy concern or believe that we are processing your personal information in a manner that violates applicable law, you have the right to file a complaint with the relevant regulatory authority.

16.1 California Residents

California residents may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:

• California Privacy Protection Agency: cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy

16.2 All U.S. Residents

U.S. residents may also file a complaint with the Federal Trade Commission (FTC), which enforces consumer protection laws, including privacy-related matters:

• FTC Complaint Center: reportfraud.ftc.gov
• FTC Website: www.ftc.gov

We encourage you to contact us directly before filing a complaint, as we are committed to resolving your concerns promptly and fairly. Most privacy issues can be resolved through direct communication with our team.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team. We are committed to addressing your inquiries promptly and thoroughly.

When contacting us regarding a privacy request, please include the following information to help us process your request efficiently:

• Your full name and contact information
• The nature of your request or concern (e.g., access, deletion, correction)
• The email address or phone number associated with your account, if applicable
• Any relevant details that may help us locate your personal information in our systems

We will acknowledge receipt of your request within 10 business days and aim to provide a substantive response within 45 days of receiving a verifiable request, as required by applicable law.