Privacy Policy

2.1 Information You Provide to Us

• Personal Identification Information: Name, email address, phone number, mailing address, date of birth, and emergency contact information
• Account Information: Username, password, account preferences, purchase history, saved payment methods, and profile settings
• Payment Information: Credit/debit card details, billing address, and transaction history (stored securely with encryption)
• Order and Delivery Information: Delivery addresses, special delivery instructions, order preferences, and delivery time requests
• Dietary and Allergen Information: Food allergies, dietary restrictions, special dietary requirements (vegan, halal, kosher, gluten-free, etc.), and medical dietary needs
• Loyalty Program Data: Rewards points, membership level, earned benefits, redemption history, and program preferences
• Reservation Information: Table reservations, party size, special occasions, seating preferences, and timing requests
• Catering Details: Event information, guest count, menu selections, delivery locations, and special event requirements
• Communication Records: Contact form submissions, customer service interactions, reviews, feedback, and correspondence with our team
• Marketing Preferences: Email subscription preferences, SMS opt-ins, promotional material preferences, and communication frequency choices

2.2 Information We Collect Automatically

• Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and mobile device information
• Usage Data: Pages visited, time spent on pages, click patterns, search queries, menu items viewed, order completion rates, and navigation paths
• Location Information: Approximate location based on IP address, GPS coordinates (with permission), delivery zone verification, and store proximity data
• Cookie and Tracking Data: Session identifiers, authentication tokens, user preferences, shopping cart contents, and analytics data
• Performance Data: Website loading times, error reports, crash logs, and system performance metrics

2.3 Information from Third Parties

• Social Media Integration: Profile information from connected social media accounts (Facebook, Instagram, Twitter)
• Payment Processors: Transaction verification, fraud prevention data, and payment confirmation details
• Delivery Partners: Delivery status updates, driver information, and delivery completion confirmations
• Marketing Partners: Campaign performance data, advertising effectiveness metrics, and audience insights
• Review Platforms: Customer reviews and ratings from third-party review sites

3.1 Service Provision and Management

• Order Processing: Taking, preparing, and fulfilling food orders, managing delivery logistics, and ensuring order accuracy
• Account Management: Creating and maintaining customer accounts, authentication, password resets, and profile updates
• Customer Support: Responding to inquiries, resolving issues, handling complaints, and providing technical assistance
• Quality Assurance: Monitoring service quality, collecting feedback, and implementing improvements to our food and service standards
• Loyalty Programs: Managing rewards points, tracking benefits, processing redemptions, and providing member-exclusive offers
• Reservation Management: Handling table bookings, managing restaurant capacity, and optimizing seating arrangements

3.2 Communication and Updates

• Order Communications: Sending order confirmations, preparation updates, delivery notifications, and completion confirmations
• Customer Service: Responding to support requests, providing assistance, and following up on resolved issues
• Important Notices: Notifying about policy changes, service updates, security alerts, and system maintenance
• Marketing Communications: Sending promotional emails, special offers, new menu announcements, and seasonal campaigns (only with explicit consent)

3.3 Marketing and Analytics

• Personalized Marketing: Creating targeted advertisements, personalized offers, and relevant content based on preferences and order history
• Website Analytics: Analyzing traffic patterns, user behavior, and website performance to improve user experience
• Campaign Measurement: Measuring marketing effectiveness, tracking conversion rates, and optimizing advertising strategies
• Market Research: Understanding customer preferences, identifying trends, and developing new menu items and services

3.4 Legal Compliance and Protection

• Legal Compliance: Meeting regulatory requirements, tax obligations, and food safety standards
• Fraud Prevention: Detecting suspicious activities, preventing unauthorized access, and protecting against fraudulent transactions
• Safety and Security: Protecting the rights, property, and safety of customers, employees, and business operations
• Dispute Resolution: Handling legal disputes, investigations, and regulatory inquiries

4.1 Service Providers and Business Partners

• Payment Processors: Secure processing of credit card transactions, fraud detection, and payment verification services
• Delivery Companies: Third-party delivery services for order fulfillment, driver coordination, and delivery tracking
• Cloud Storage Providers: Secure data storage, backup services, and infrastructure maintenance with enterprise-grade security
• Email Marketing Services: Newsletter distribution, promotional campaign management, and email analytics
• Analytics Tools: Website usage analysis, performance monitoring, and customer behavior insights
• Customer Support Platforms: Help desk systems, chat services, and support ticket management

4.2 Legal Requirements and Protection

• Court Orders and Subpoenas: Compliance with valid legal process and court-ordered data disclosure
• Regulatory Compliance: Meeting requirements from health departments, tax authorities, and other regulatory bodies
• Protection of Rights: Defending against legal claims, protecting intellectual property, and enforcing terms of service
• Public Safety: Cooperation with law enforcement for public safety emergencies and criminal investigations

4.3 Business Transfers and Transactions

• Mergers and Acquisitions: Transfer of customer data as part of business asset sales or corporate restructuring
• Customer Notification: Advance notice to customers before any significant business transfer affecting their data
• Policy Compliance: Ensuring new owners commit to maintaining equivalent privacy protection standards

4.4 Consent-Based Sharing

We may share your information for other purposes only with your explicit consent, such as participating in partner promotions, third-party integrations, or special collaborative services.

5.1 Technical Security Measures

• Encryption: Industry-standard SSL/TLS encryption for all data transmission, AES-256 encryption for stored sensitive data
• Firewall Protection: Advanced firewall systems, intrusion detection systems, and network monitoring
• Access Controls: Role-based access restrictions, multi-factor authentication, and principle of least privilege implementation
• Security Monitoring: 24/7 security monitoring, real-time threat detection, and automated security response systems
• Data Backup: Regular encrypted backups, disaster recovery procedures, and data redundancy systems
• Vulnerability Management: Regular security audits, penetration testing, and vulnerability assessments

5.2 Organizational Security Measures

• Employee Training: Regular cybersecurity awareness training, data handling procedures, and privacy protection protocols
• Data Handling Procedures: Documented processes for data collection, processing, storage, and disposal
• Third-Party Agreements: Comprehensive data protection clauses and confidentiality agreements with all service providers
• Incident Response: Detailed security breach response procedures, notification protocols, and remediation processes
• Compliance Audits: Regular internal and external security audits, compliance assessments, and improvement implementations

5.3 Your Security Responsibilities

• Password Security: Use strong, unique passwords and enable two-factor authentication when available
• Account Protection: Do not share your login credentials with others and log out on shared devices
• Device Security: Keep your devices secure and updated with the latest security patches
• Phishing Awareness: Be cautious of suspicious emails, texts, or calls requesting personal information
• Immediate Reporting: Contact us immediately if you suspect unauthorized access to your account

5.4 Security Breach Notification

In the unlikely event of a data security breach that may affect your personal information, we will promptly notify you and relevant authorities within 72 hours of discovery. Our notification will include details about what information was involved, steps we are taking to address the breach, and recommendations for protecting yourself.

6.1 Tracking Technologies We Use

• Google Analytics: Website traffic analysis, user behavior tracking, and performance measurement
• Facebook Pixel: Advertising effectiveness measurement, custom audience creation, and conversion tracking
• Web Beacons: Email open rate tracking, engagement measurement, and delivery confirmation
• Local Storage: Browser-based data storage for enhanced functionality and user experience
• Session Storage: Temporary data storage for improved website performance during your visit

6.2 Cookie Management Options

You can control and manage cookies through your browser settings. Most browsers allow you to accept, reject, or delete cookies. However, please note that disabling certain cookies may affect website functionality, including the ability to place orders, maintain login sessions, and receive personalized recommendations.

You can also opt out of interest-based advertising through the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative's opt-out page.

7.1 Right of Access

You have the right to request and receive a copy of all personal data we hold about you, including order history, account information, and communication records.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data, including updating contact information, dietary preferences, and account details.

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to certain legal obligations such as tax records and fraud prevention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your data, particularly for marketing purposes or during dispute resolution.

7.5 Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider.

7.6 Right to Object

You can object to processing of your personal data for direct marketing, profiling, or other purposes based on legitimate interests.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces significant legal effects.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days and provide clear information about the actions we have taken.

9.1 Protection Measures for International Transfers

• Adequacy Decisions: Transfers to countries with EU Commission adequacy decisions ensuring equivalent protection levels
• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for transfers to countries without adequacy decisions
• Data Processing Agreements: Comprehensive agreements with international service providers ensuring GDPR-level protection
• Security Measures: Additional technical and organizational measures for enhanced data protection during transfers
• Compliance Audits: Regular assessment of international partners' data protection practices and compliance standards

9.2 Transfer Destinations

Your personal data may be transferred to and processed in the following locations:

• United States: Cloud storage services, data analytics, and customer support operations
• European Union: Payment processing, marketing services, and compliance management
• Other Countries: As necessary for service provision, always with appropriate safeguards and protection measures

10.1 Safe Data Disposal

When data retention periods expire, we ensure secure disposal through:

• Electronic Data: Complete deletion using industry-standard methods ensuring data is unrecoverable
• Physical Records: Secure shredding of paper documents containing personal information
• Backup Systems: Systematic deletion from all backup and archive systems
• Documentation: Maintaining records of data disposal activities for compliance purposes

12.1 Change Notification Process

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or business operations. When significant changes are made, we will notify you through:

• Prominent Website Notice: Clear notification banner on our homepage and key service pages
• Email Notification: Direct email to registered users at least 30 days before changes take effect
• Account Dashboard Alert: In-app notification when you next log into your account
• Explicit Consent: Additional consent requests for significant changes affecting how we use your data

12.2 Staying Informed About Changes

• Check Latest Version: The most current version of this policy is always available on our website
• Last Updated Date: Check the "Last Updated" date at the top of this policy to see when changes were made
• Continued Use: Continued use of our services after changes take effect indicates acceptance of the updated policy
• Disagreement Options: If you disagree with changes, you may discontinue using our services or contact us to discuss your concerns

13.1 Primary Contact Information

• Company Name: Cafe Rio
• Mailing Address: 300 Goose Cove Rd, Deer Isle, ME 04627, USA
• Phone Number: +1 207-348-6900
• Email Address: [email protected]
• Business Hours: Monday - Friday: 9:00 AM - 6:00 PM EST

13.2 Response Commitment

We are committed to responding to all privacy-related inquiries within 3 business days. For complex requests requiring investigation or coordination with multiple departments, we will provide an initial response within 3 business days and regular updates on our progress.

13.3 Filing Complaints

While we strive to resolve all privacy concerns directly, you have the right to file complaints with relevant supervisory authorities:

• For EU Residents: Your local Data Protection Authority or the Irish Data Protection Commission
• For California Residents: California Attorney General's Office
• For Other US Residents: Federal Trade Commission (FTC)

We encourage you to contact us first so we can work together to resolve any concerns before escalating to regulatory authorities.

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time through:

• Email Unsubscribe: Click the unsubscribe link in any marketing email
• Account Settings: Update your communication preferences in your account dashboard
• Customer Support: Contact our support team to remove you from marketing lists
• SMS Opt-out: Reply "STOP" to any promotional text message

14.2 Account Deletion Process

To request complete account deletion:

1. Log into your account and navigate to account settings
2. Select "Delete Account" option and follow confirmation steps
3. Alternatively, contact customer support with your deletion request
4. We will process your request within 30 days
5. Note: Some information may be retained for legal compliance as outlined in our retention policy