Privacy Policy

1. Introduction

At Cafe Rio, we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, place orders, dine at our restaurants, or interact with our services.

This policy applies to all services provided by Cafe Rio, including our website at rios-cafe.click, mobile applications, in-restaurant services, delivery services, catering services, and any other platforms we operate.

By using our services, creating an account, placing orders, or providing us with personal information, you agree to the terms outlined in this Privacy Policy. If you do not agree with these terms, please do not use our services.

Important Note: We never sell your personal data to third parties for their marketing purposes. Your trust is paramount to us, and we are committed to maintaining the highest standards of data protection.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our services:

• Personal Identification Information: Name, email address, phone number, postal address, date of birth
• Account Information: Username, password, profile preferences, order history, dietary preferences
• Payment Information: Credit card details, billing address, payment method preferences (stored securely and encrypted)
• Order Information: Food items selected, special instructions, delivery preferences, allergen information
• Dietary Information: Food allergies, dietary restrictions, special dietary requirements (vegan, halal, kosher, gluten-free, etc.)
• Reservation Information: Table booking details, party size, special occasion requests
• Loyalty Program Data: Points earned, rewards redeemed, membership tier, favorite orders
• Catering Details: Event information, guest count, menu preferences, delivery location and timing
• Communication Data: Contact form submissions, customer service inquiries, reviews, feedback, survey responses
• Marketing Preferences: Email subscription status, communication preferences, promotional interests

2.2 Information We Collect Automatically

When you interact with our services, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution
• Usage Data: Pages visited, time spent on site, click patterns, search queries, referral sources
• Location Data: Approximate location based on IP address, GPS coordinates (with permission for delivery services)
• Cookie Data: Session identifiers, user preferences, authentication tokens, analytics data
• Transaction Data: Order timestamps, payment processing information, delivery tracking data

2.3 Information from Third Parties

We may receive information about you from other sources:

• Social Media: Profile information if you connect your social media accounts
• Payment Processors: Transaction verification and fraud prevention data
• Delivery Partners: Delivery status updates and location tracking (with consent)
• Marketing Partners: Demographic and interest data for targeted advertising (with proper consent)
• Data Aggregators: Publicly available information to enhance our services

3. How We Use Your Information

3.1 Service Provision

• Processing and fulfilling your food orders accurately and efficiently
• Managing delivery logistics and coordinating with delivery partners
• Handling table reservations and managing restaurant capacity
• Processing payments securely and managing billing
• Providing customer support and resolving service issues
• Managing your loyalty program account and rewards
• Customizing menu recommendations based on dietary preferences and order history
• Ensuring food safety by tracking allergen information and dietary restrictions

3.2 Communication

• Sending order confirmations, preparation updates, and delivery notifications
• Providing customer support responses and service updates
• Notifying you of important changes to our services or policies
• Sending promotional emails and special offers (only with your explicit consent)
• Alerting you about new menu items and seasonal specials
• Requesting feedback on your dining experience

3.3 Marketing and Analytics

• Creating personalized advertising campaigns based on your preferences
• Analyzing website traffic and user behavior to improve our services
• Measuring the effectiveness of our marketing campaigns
• Conducting market research to develop new menu items and services
• Segmenting customers for targeted promotions and offers
• Optimizing our website and mobile app performance

3.4 Legal Compliance and Security

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Preventing fraud, abuse, and unauthorized access to our systems
• Protecting our rights, property, and the safety of our customers and employees
• Resolving disputes and enforcing our terms of service
• Maintaining records for tax, accounting, and regulatory compliance

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

• Payment Processors: Stripe, PayPal, and other payment gateways for secure transaction processing
• Delivery Partners: Third-party delivery services for order fulfillment and tracking
• Cloud Storage Providers: Amazon Web Services, Google Cloud for secure data storage and backup
• Email Service Providers: Mailchimp, SendGrid for marketing communications and transactional emails
• Analytics Providers: Google Analytics, Facebook Analytics for website performance and user behavior analysis
• Customer Support Tools: Zendesk, Freshdesk for managing customer inquiries and support tickets
• Loyalty Program Providers: Third-party platforms managing our rewards and loyalty programs

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

• In response to court orders, subpoenas, or other legal processes
• To comply with applicable laws and regulations
• To protect our rights, property, or the safety of our customers and employees
• In case of emergencies involving public safety
• To prevent fraud, abuse, or illegal activities
• To resolve disputes and enforce our agreements

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

• Customer information may be transferred to the acquiring entity
• We will notify customers before any transfer occurs
• The acquiring party will be bound by the same privacy commitments
• Customers will have the option to delete their accounts before the transfer

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as:

• Participating in joint marketing campaigns with partners
• Sharing testimonials or reviews (with your permission)
• Providing data for research studies (anonymized)

5. Data Security

5.1 Technical Security Measures

We implement comprehensive technical safeguards to protect your information:

• Encryption: All data transmission uses SSL/TLS encryption protocols
• Secure Storage: Personal data is encrypted at rest using AES-256 encryption
• Firewall Protection: Advanced firewall systems protect against unauthorized access
• Access Controls: Multi-factor authentication and role-based access for employees
• Network Security: Intrusion detection and prevention systems monitor for threats
• Regular Backups: Automated daily backups stored in secure, geographically distributed locations
• Vulnerability Testing: Regular security scans and penetration testing
• Software Updates: Timely installation of security patches and system updates

5.2 Organizational Security Measures

Our organizational practices ensure comprehensive data protection:

• Employee Training: Regular security awareness training for all staff members
• Access Limitation: Data access restricted to employees who need it for their job functions
• Confidentiality Agreements: All employees and contractors sign strict confidentiality agreements
• Incident Response: Documented procedures for handling security incidents
• Third-Party Audits: Regular security assessments by independent security firms
• Data Minimization: We collect only the information necessary for our services
• Regular Reviews: Periodic assessment of data handling practices and security policies

5.3 Your Security Responsibilities

Help us keep your information secure by following these best practices:

• Strong Passwords: Use unique, complex passwords with a mix of characters
• Password Protection: Never share your login credentials with others
• Secure Logout: Always log out when using public or shared computers
• Phishing Awareness: Be cautious of suspicious emails or links claiming to be from us
• Account Monitoring: Regularly review your account activity and order history
• Immediate Reporting: Contact us immediately if you suspect unauthorized account access
• Software Updates: Keep your devices and browsers updated with the latest security patches

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable laws. We will provide clear information about what happened, what information was involved, and the steps we are taking to address the situation.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Here's a detailed breakdown of the types we use:

Cookie Type	Purpose	Duration
Essential Cookies	Basic site functionality, login state, shopping cart management, security features	Session (deleted when browser closes)
Functional Cookies	User preferences, language settings, location preferences, menu customizations	Up to 1 year
Analytics Cookies	Website usage analysis, performance monitoring, user behavior tracking for improvements	Up to 2 years
Marketing Cookies	Personalized advertising, campaign measurement, social media integration	Up to 1 year

Other Tracking Technologies We Use:

• Google Analytics: Website traffic analysis and user behavior insights
• Facebook Pixel: Advertisement effectiveness measurement and audience building
• Web Beacons: Email open rate tracking and engagement measurement
• Local Storage: Browser-based data storage for enhanced user experience
• Session Replay Tools: Anonymous session recordings to improve website usability

Cookie Management:

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific sites
• Block all cookies entirely
• Delete all cookies when closing the browser

Important Note: Disabling essential cookies may affect website functionality, including the ability to place orders or access your account.

7. Your Rights (GDPR/CCPA Compliance)

Depending on your location, you may have the following rights regarding your personal information:

7.1 Right of Access

You have the right to know what personal information we have about you, including how we use it and who we share it with.

7.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal information we have about you.

7.3 Right to Erasure (Right to be Forgotten)

You can request that we delete your personal information, subject to certain exceptions for legal compliance and legitimate business interests.

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances.

7.5 Right to Data Portability

You can request a copy of your personal information in a machine-readable format to transfer to another service provider.

7.6 Right to Object

You can object to our processing of your personal information, particularly for marketing purposes or legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days and may require identity verification to protect your privacy.

8. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16 without proper parental consent.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems promptly.

Parents and guardians are encouraged to monitor their children's online activities and help enforce this Privacy Policy by instructing their children not to provide personal information through our services without permission.

9. International Data Transfers

9.1 Protection Measures

When we transfer your personal information internationally, we implement appropriate safeguards:

• Adequacy Decisions: Transfers to countries recognized by regulatory authorities as providing adequate protection
• Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring data protection standards
• Data Processing Agreements: Binding contracts with third parties requiring equivalent protection
• Certification Programs: Participation in recognized privacy frameworks and certifications
• Regular Audits: Ongoing compliance monitoring and assessment

9.2 Transfer Destinations

We may transfer your information to:

• United States: Cloud storage and analytics services
• European Union: Data analytics and customer support services
• Other Countries: As necessary for service provision, with appropriate protections in place

10. Data Retention Periods

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Information Type	Retention Period	Reason for Retention
Account Information	6 months after account deletion	Legal obligations, dispute resolution, fraud prevention
Order History	7 years from transaction date	Tax compliance, accounting requirements, warranty claims
Payment Information	As required by payment processors	Refund processing, chargeback handling, compliance
Marketing Consent	3 months after withdrawal	Consent record keeping, compliance demonstration
Website Usage Logs	Up to 2 years	Security monitoring, analytics, system optimization
Customer Support Records	3 years from last interaction	Service quality improvement, training purposes
Loyalty Program Data	3 years after account closure	Points reconciliation, program analysis

Safe Data Disposal

When we dispose of your personal information, we use secure methods:

• Electronic Data: Complete deletion using DoD-approved wiping standards making recovery impossible
• Physical Records: Cross-cut shredding and secure destruction services
• Backup Systems: Systematic removal from all backup and archived systems
• Third-Party Data: Contractual obligations for secure disposal by service providers
• Disposal Records: Documentation of disposal activities for compliance purposes

11. Third-Party Links and Services

Our website and services may contain links to third-party websites, applications, or services that are not owned or controlled by Cafe Rio. This Privacy Policy does not apply to these external sites.

We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policies of any third-party sites you visit before providing them with personal information.

Third-party services we may link to include:

• Social media platforms (Facebook, Instagram, Twitter)
• Review sites (Yelp, Google Reviews, TripAdvisor)
• Payment processors and financial institutions
• Delivery partner applications and tracking systems
• Partner restaurant and supplier websites

When you interact with these third-party services, you do so at your own risk and subject to their terms and privacy policies.

12. Privacy Policy Changes

12.1 How We Notify You of Changes

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

• Website Notice: Prominent banner on our homepage and service pages
• Email Notification: Direct notification to registered users with active accounts
• App Notifications: Push notifications through our mobile application
• Account Dashboard: Notice in your account settings and profile area
• Social Media: Announcements on our official social media channels

12.2 Types of Changes

• Minor Changes: Clarifications, contact information updates, or administrative changes
• Material Changes: Significant changes to data collection, use, or sharing practices requiring explicit consent
• Legal Updates: Changes required by new laws or regulations

12.3 Your Options

When we update this policy:

• The latest version will always be available on our website
• Check the "Last Updated" date at the top of this policy
• Continued use of our services after changes indicates acceptance
• You can stop using our services if you disagree with the changes
• For material changes, we may require your explicit consent before continuing to use your data under the new terms

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Commitment: We will respond to your privacy-related inquiries within 3 business days. For complex requests, we may require up to 30 days to provide a complete response.

13.1 Filing Complaints

If you're not satisfied with our response to your privacy concerns, you have the right to file a complaint with the appropriate supervisory authority:

• Russia: Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)
• European Union: Your local Data Protection Authority
• United States: Federal Trade Commission (FTC) or your state's attorney general

14. Withdrawal of Consent

14.1 Marketing Communications

You can withdraw your consent for marketing communications at any time:

• Email Unsubscribe: Click the unsubscribe link in any marketing email
• Account Settings: Update your communication preferences in your account dashboard
• Customer Support: Contact our support team to opt out of all marketing communications
• Phone: Call us during business hours to update your preferences

14.2 Account Deletion

To completely delete your account and withdraw all consent:

1. Log into your account and navigate to account settings
2. Select "Delete Account" option
3. Confirm your identity through security verification
4. Review what data will be deleted and what may be retained for legal compliance
5. Confirm deletion request

Note: Some information may be retained for legal, tax, or regulatory compliance purposes even after account deletion, as outlined in our data retention policy.

15. Conclusion

At Cafe Rio, protecting your privacy is fundamental to our relationship with you. We are committed to maintaining the highest standards of data protection and transparency in all our operations.

This Privacy Policy reflects our ongoing commitment to:

• Collecting only the information necessary to provide exceptional service
• Using your information responsibly and only for stated purposes
• Implementing robust security measures to protect your data
• Providing you with control over your personal information
• Being transparent about our data practices
• Complying with all applicable privacy laws and regulations

We believe that trust is earned through consistent actions and transparent communication. Our privacy practices are designed to respect your rights while enabling us to provide the high-quality food and service experience you expect from Cafe Rio.

If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us. We value your feedback and are here to address any concerns you may have.

Thank you for choosing Cafe Rio and for trusting us with your personal information. We look forward to continuing to serve you while protecting your privacy every step of the way.

Remember: This Privacy Policy was last updated on December 28, 2024. Please check back periodically for updates.