Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects your personal information when you visit our website at rioscafes.rest, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

By accessing or using our website, purchasing our products, or otherwise interacting with Cafe Rio, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

We encourage you to read this policy in full. If you have any questions or concerns, please contact us using the information provided at the end of this document.

1. Company Information and Contact Details

The data controller responsible for your personal information is:

For all privacy-related inquiries, requests, or complaints, please contact us at [email protected]. We will make every reasonable effort to respond to your inquiry within thirty (30) days of receipt.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information we collect through:

• Our website located at rioscafes.rest and any subdomains or related digital properties;
• Online food ordering systems and digital menus accessible through our website;
• Email communications between you and Cafe Rio;
• Loyalty programs, promotions, contests, and marketing campaigns;
• Customer feedback forms, surveys, and support interactions;
• Social media interactions and digital marketing channels linked to our brand;
• Any other service we offer that references or links to this Privacy Policy.

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.

3. Information We Collect

We collect several types of information in connection with your use of our website and services. The categories of personal information we may collect include:

3.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, or otherwise engage with us, we may collect:

• Full name;
• Email address;
• Phone number;
• Mailing and delivery address;
• Username and password (stored in encrypted form);
• Date of birth (to verify age eligibility);
• Profile photograph (if voluntarily provided).

3.2 Financial and Payment Information

When you make a purchase through our website, payment-related information is collected. Please note that Cafe Rio uses third-party payment processors and does not directly store full credit or debit card numbers on our servers. We may collect:

• Billing address;
• Last four digits of your payment card (for reference purposes);
• Transaction ID and order history;
• Payment method type (e.g., credit card, debit card, digital wallet).

3.3 Order and Transaction Information

• Items ordered and order preferences;
• Order frequency and purchase history;
• Delivery instructions and special requests;
• Customer service interactions related to orders;
• Promotional codes or loyalty points used.

3.4 Usage and Technical Data

When you visit our website, certain data is automatically collected through standard web technologies:

• IP address;
• Browser type and version;
• Operating system;
• Device type (desktop, mobile, tablet);
• Pages viewed and time spent on each page;
• Referring URL (the website that brought you to ours);
• Click patterns and navigation behavior;
• Date and time of access;
• Error logs and performance data.

3.5 Location Data

We may collect general location data based on your IP address or, if you grant permission, precise geolocation data from your device. This helps us display relevant restaurant locations, estimate delivery times, and personalize your experience.

3.6 Communication and Feedback Data

• Content of emails or messages sent to us;
• Responses to surveys or questionnaires;
• Reviews and ratings submitted;
• Comments posted on our website or social media pages managed by us.

3.7 Marketing and Preference Data

• Communication preferences (e.g., opt-in/opt-out status for marketing emails);
• Favorite menu items or dietary preferences you voluntarily share;
• Participation in loyalty programs or promotional events.

3.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about how you interact with our website. For detailed information about our cookie practices, please refer to Section 9 (Cookies and Tracking Technologies) of this policy.

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including online orders and delivery requests;
• Managing your account and providing customer support;
• Communicating with you about your orders, including confirmation emails and delivery updates;
• Processing payments and preventing fraudulent transactions;
• Verifying your identity when you log in or make changes to your account.

4.2 Website and Service Improvement

• Analyzing usage patterns to improve our website's functionality, design, and content;
• Conducting research and development to enhance our menu offerings and services;
• Identifying and resolving technical issues and security vulnerabilities;
• Testing new features and website functionality.

4.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, and special offers — with your consent where required by law;
• Administering contests, sweepstakes, and loyalty programs;
• Personalizing your experience and recommending menu items based on your preferences and order history;
• Displaying targeted advertisements on our website or through third-party advertising platforms;
• Measuring the effectiveness of our marketing campaigns.

4.4 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal processes;
• Enforcing our Terms of Service and other applicable agreements;
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public;
• Responding to lawful requests from government authorities and law enforcement agencies;
• Maintaining records for tax, accounting, and audit purposes.

4.5 Analytics and Business Intelligence

• Understanding customer demographics, preferences, and behaviors;
• Monitoring website performance and user engagement metrics;
• Making data-driven decisions regarding our menu, pricing, and business operations.

5. Legal Basis for Processing Personal Information

Under applicable U.S. privacy law, including the CCPA/CPRA, our processing of your personal information is based on the following grounds:

• Contractual Necessity: Processing required to fulfill your orders and provide services you have requested;
• Legitimate Business Interests: Processing for fraud prevention, security, website improvement, and business analytics, where these interests do not override your rights;
• Consent: Processing for marketing and promotional communications, where you have provided explicit opt-in consent;
• Legal Obligation: Processing required to comply with applicable laws and regulations;
• Vital Interests: Processing required to protect the safety and well-being of individuals where necessary.

6. Sharing of Personal Information with Third Parties

Cafe Rio does not sell your personal information to third parties. However, we may share your information with trusted third parties under the following circumstances:

6.1 Service Providers and Business Partners

We work with third-party vendors and service providers who assist us in operating our business. These may include:

• Payment Processors: To securely handle payment card transactions;
• Delivery Partners: To fulfill delivery orders on our behalf;
• Email and Marketing Platforms: To send promotional communications and manage customer outreach;
• Analytics Providers: To analyze website traffic and user behavior (e.g., Google Analytics);
• Cloud Hosting Providers: To host our website and store data securely;
• Customer Support Platforms: To manage support tickets and customer communications;
• IT and Security Vendors: To maintain the security and performance of our digital infrastructure.

All third-party service providers are contractually required to protect your personal information and may only use it for the specific purposes for which it was shared.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, or government request;
• Enforce our Terms of Service or other applicable agreements;
• Protect the rights, property, or safety of Cafe Rio, our users, or the public;
• Detect, investigate, or prevent fraud, security breaches, or other illegal activity.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring or surviving entity as part of the transaction. We will notify you of any such change via email or prominent notice on our website.

6.4 Aggregate and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes.

7. Data Security Measures

Cafe Rio takes the security of your personal information seriously. We implement a range of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols;
• Password Hashing: User passwords are stored in an encrypted, hashed format and are never stored in plain text;
• Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions;
• Firewalls and Intrusion Detection: We use network firewalls and intrusion detection systems to monitor and protect our infrastructure;
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments of our systems;
• Secure Payment Processing: Payment transactions are processed through PCI-DSS compliant payment processors;
• Employee Training: Our team members who handle personal data are trained on data privacy and security best practices;
• Incident Response Plan: We maintain a documented procedure for responding to data breaches and security incidents.

While we take all reasonable precautions to protect your personal information, no method of electronic storage or transmission over the Internet is completely secure. We cannot guarantee absolute security, and you should take steps to protect your own account credentials and personal information.

In the event of a data breach that affects your personal information, we will notify affected users in accordance with applicable state breach notification laws, including those applicable in states where such notifications are required.

8. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information under applicable U.S. privacy laws, including the CCPA/CPRA (for California residents) and similar laws in other states.

8.1 Right to Know and Access

You have the right to request that we disclose what personal information we have collected about you, including the categories of information, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it has been shared.

8.2 Right to Correction

You have the right to request that we correct inaccurate personal information we hold about you, subject to verification of your identity and applicable legal limitations.

8.3 Right to Deletion

You have the right to request that we delete your personal information, subject to certain exceptions. We may retain data as required by law, to complete transactions, detect fraud, fulfill legal obligations, or for other permitted purposes.

8.4 Right to Data Portability

To the extent required by applicable law, you have the right to receive a copy of your personal information in a portable, readily usable format that allows you to transmit the information to another entity.

8.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the "sale" or "sharing" of their personal information for cross-context behavioral advertising purposes. As stated above, Cafe Rio does not sell personal information. However, if you wish to limit data sharing for targeted advertising, please contact us at [email protected].

8.6 Right to Limit Use of Sensitive Personal Information

Under the CPRA, California residents have the right to limit the use and disclosure of sensitive personal information (such as precise geolocation data or financial account information) to purposes strictly necessary to provide the requested service.

8.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you services, charge different prices, or provide a lower quality of service because you exercised a right under applicable privacy law.

8.8 How to Submit a Privacy Request

To exercise any of the rights described above, please contact us by:

• Email: [email protected] (Subject line: "Privacy Rights Request");
• Website: rioscafes.rest.

We will verify your identity before processing your request, which may require us to ask for additional information. We will respond to your request within forty-five (45) days, with the possibility of a single forty-five (45) day extension if reasonably necessary. Authorized agents may submit requests on your behalf with proper written authorization.

9. Cookies and Tracking Technologies

Our website uses cookies and other tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. Cookies are small text files placed on your device when you visit a website.

9.1 Types of Cookies We Use

9.2 Managing Cookie Preferences

You have the right to control the use of cookies. You may adjust your browser settings to refuse or delete cookies at any time. Please note that disabling certain cookies may affect the functionality of our website. You can also manage cookie preferences through the cookie consent tool available on our website when you first visit.

For more information about the specific cookies we use and how to manage them, please refer to our Cookie Policy, available at rioscafes.rest.

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. Our data retention practices are as follows:

Upon expiration of the applicable retention period, we will securely delete or anonymize your personal information in accordance with our data disposal procedures.

11. Children's Privacy

Cafe Rio's website and online ordering platform are not directed at children under the age of 18. We do not knowingly collect, solicit, or process personal information from minors. If you are under 18 years of age, please do not submit any personal information through our website or services.

If we become aware that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete that information from our systems. If you are a parent or legal guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 years of age without verifiable parental consent.

12. International Data Transfers

Cafe Rio is based in the United States and primarily operates within the United States. All data we collect is processed and stored on servers located within the United States. If you are accessing our website from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.

By using our website and services from outside the United States, you acknowledge and consent to the transfer of your information to the United States as described in this Privacy Policy. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this policy regardless of where it is processed.

If you are a resident of a jurisdiction that requires additional protections for international data transfers, please contact us at [email protected] to discuss the appropriate transfer mechanisms that may apply to you.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, delivery service apps, or other external platforms that are not operated or controlled by Cafe Rio. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party website or service, and we strongly encourage you to review the privacy policies of any third-party platforms you visit.

The inclusion of a link to a third-party website does not imply any endorsement of that website or its privacy practices by Cafe Rio.

14. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals websites not to track user browsing activity. Currently, there is no universally accepted standard for interpreting DNT signals across the web, and our website does not currently respond to DNT signals in a standardized way. We will continue to monitor developments in this area and update our practices accordingly.

California residents may also visit the Network Advertising Initiative (NAI) opt-out page or the Digital Advertising Alliance (DAA) opt-out tool to manage cross-site tracking preferences.

15. California-Specific Privacy Disclosures

This section applies specifically to California residents and supplements the information contained in this Privacy Policy in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

15.1 Categories of Personal Information Collected in the Last 12 Months

15.2 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about the disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected].

16. Marketing Communications and Opt-Out

With your consent, we may send you promotional emails, special offers, and newsletters about Cafe Rio's menu, events, and loyalty programs. You can opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email we send you;
• Emailing us at [email protected] with the subject line "Unsubscribe";
• Updating your communication preferences in your account settings on our website.

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related emails (such as order confirmations and account notifications), as these are necessary for the provision of our services.

17. How to File a Privacy Complaint

If you have concerns about how we handle your personal information, we encourage you to contact us directly first so that we can address your complaint:

• Email: [email protected] (Subject line: "Privacy Complaint")
• Website: rioscafes.rest

We will acknowledge your complaint within ten (10) business days and aim to resolve it within thirty (30) days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant data protection or consumer protection authority.

17.1 Relevant Regulatory Authorities

Depending on your state of residence, you may file a complaint with the following authorities:

• California Privacy Protection Agency (CPPA): The CPPA enforces the CCPA/CPRA for California residents. Visit cppa.ca.gov for information on how to file a complaint.
• Federal Trade Commission (FTC): The FTC enforces federal consumer protection and privacy laws. File a complaint at reportfraud.ftc.gov or visit ftc.gov for more information.
• State Attorney General Offices: Many states have Attorney General offices that accept consumer privacy complaints. Visit your state's official government website for contact information.

18. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page;
• Post a prominent notice on our website homepage;
• Send an email notification to registered account holders where required by law.

Your continued use of our website or services following the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us: