Privacy Policy

Welcome to Cafe Rio. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website food-caferio.rest, place orders, use our services, or otherwise interact with us. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

This Privacy Policy applies to all information collected through our website (food-caferio.rest), as well as any related services, sales, marketing, or events (collectively referred to as the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

1. About Us

Cafe Rio is a food service business operating in the United States. We are dedicated to providing our customers with a high-quality dining and ordering experience. As a business that collects and processes personal data, we take our obligations under applicable United States privacy laws seriously.

2. Information We Collect

We collect different types of information in connection with your use of our Services. The categories of personal information we may collect include the following:

2.1 Personal Identification Information

When you register an account, place an order, make a reservation, sign up for our newsletter, or contact us directly, we may collect personal identification information such as:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (where relevant for age verification or promotional purposes)
• Profile photo (if you choose to upload one)
• Username and password

2.2 Payment and Transaction Information

When you place an order or make a payment through our Services, we collect financial information necessary to process your transaction. This may include:

• Credit or debit card details (processed securely through third-party payment processors; we do not store full card numbers)
• Billing address
• Order history and purchase records
• Transaction IDs and confirmation numbers

Payment card data is handled in compliance with the Payment Card Industry Data Security Standard (PCI DSS) by our authorized third-party payment processors.

2.3 Usage Data and Log Information

When you visit or interact with our website, we automatically collect certain usage data and technical information, including:

• IP address
• Browser type and version
• Operating system and device type
• Pages visited and time spent on each page
• Referring website or source
• Clickstream data
• Date and time of your visit
• Search queries entered on our website
• Error logs and performance data

2.4 Device Information

We may collect information about the device you use to access our Services, including:

• Device identifiers (such as mobile advertising identifiers)
• Hardware model
• Operating system and version
• Network information
• Time zone settings
• Language preferences

2.5 Location Data

With your permission, we may collect information about your geographic location to help provide location-based services such as finding the nearest Cafe Rio location, estimating delivery times, or offering location-specific promotions. You can disable location access through your device settings at any time.

2.6 Communications and Customer Support Data

If you contact us for support, submit a feedback form, or communicate with us through email or other channels, we collect the content of your communications, including:

• Messages and correspondence
• Feedback, reviews, and ratings submitted
• Support ticket details
• Phone call recordings (where permitted by law and disclosed at the time of the call)

2.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing behavior and preferences. Please refer to Section 9 of this policy and our dedicated Cookie Policy available on our website for more detailed information.

2.8 User-Generated Content

If you submit reviews, comments, photos, or other content to our platform, we collect and store that content as part of our Services.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we may use your information to:

3.1 Provide and Manage Our Services

• Process and fulfill your food orders and deliveries
• Manage your account and maintain your profile
• Process payments and send transaction confirmations
• Coordinate reservations and catering requests
• Respond to your inquiries and provide customer support
• Send order status updates, shipping notifications, and delivery confirmations

3.2 Analytics and Service Improvement

• Analyze how our website and Services are used to improve functionality
• Monitor and analyze trends, usage, and activity in connection with our Services
• Conduct internal research, analytics, and reporting
• Test new features, menus, or services before broader rollout
• Diagnose technical problems and ensure system security

3.3 Marketing and Promotional Communications

• Send you promotional emails, newsletters, and special offers with your consent
• Provide personalized recommendations based on your order history and preferences
• Display targeted advertising on our website and third-party platforms
• Conduct surveys and collect feedback to improve our offerings
• Notify you about loyalty program updates, rewards, and exclusive deals

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, you will still receive transactional communications related to your orders and account.

3.4 Legal Compliance and Safety

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and other agreements
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Protect the rights, property, and safety of Cafe Rio, our customers, and others
• Respond to legal requests, court orders, and government inquiries

3.5 Business Operations

• Manage our business relationships and contractor/vendor interactions
• Perform accounting, auditing, and financial reporting functions
• Support mergers, acquisitions, or business restructuring activities

4. Legal Basis for Processing (United States)

As a business operating in the United States, we process your personal information in accordance with applicable federal and state laws. Our primary legal bases for processing include:

• Contractual necessity: Processing necessary to fulfill your orders and provide the Services you have requested.
• Legitimate interests: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and conducting analytics, where such interests are not overridden by your privacy rights.
• Consent: Processing based on your explicit consent, such as for marketing communications or certain uses of cookies.
• Legal obligation: Processing required to comply with applicable laws, regulations, or legal processes.

For residents of California, please see Section 11 for specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating our website and delivering our Services, including:

• Payment processors (e.g., Stripe, Square, PayPal) to securely process transactions
• Delivery and logistics partners to fulfill food delivery orders
• Cloud hosting and IT providers to maintain our infrastructure
• Email and marketing platforms (e.g., Mailchimp, HubSpot) to send communications
• Analytics providers (e.g., Google Analytics) to analyze website usage
• Customer support tools to manage customer inquiries
• Fraud detection and security services to protect our platform

All service providers are contractually obligated to use your information only for the purposes of providing services to us and in a manner consistent with this Privacy Policy. They are prohibited from using your personal information for their own independent purposes.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law or in response to valid requests from public authorities, including courts, law enforcement agencies, and government regulators. We may also disclose information where we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, subpoena, or court order
• Protect and defend the legal rights or property of Cafe Rio
• Prevent or investigate possible wrongdoing in connection with our Services
• Protect the personal safety of users of our Services or the public
• Protect against legal liability

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website if such a transaction occurs and if your personal information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your personal information with third parties for purposes not listed above when we have obtained your explicit consent to do so.

5.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other lawful purposes.

6. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, use, disclosure, alteration, or destruction.

6.1 Security Measures We Employ

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology.
• Secure Payment Processing: Payment card data is processed by PCI DSS-compliant third-party payment processors. We do not store full credit card numbers on our servers.
• Access Controls: We restrict access to personal information to authorized employees and contractors who have a legitimate business need to access such data.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security weaknesses.
• Data Minimization: We collect only the personal information necessary for the stated purposes and do not retain data beyond what is required.
• Employee Training: Our staff members are trained on data protection practices and our privacy policies.
• Incident Response Plan: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a data breach.

6.2 Limitations

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

7.1 Right to Access

You have the right to request a copy of the personal information we hold about you, including details about how we collect, use, and share that information.

7.2 Right to Correction

You have the right to request that we correct any inaccurate, incomplete, or outdated personal information we hold about you.

7.3 Right to Deletion

You have the right to request that we delete your personal information from our records, subject to certain exceptions (such as where we are required by law to retain the information or where the information is necessary to complete a transaction you requested).

7.4 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, machine-readable format, and to request that we transmit that data to another service provider.

7.5 Right to Opt Out of Marketing

You have the right to opt out of receiving marketing and promotional communications from us at any time. You may exercise this right by clicking the unsubscribe link in any marketing email or by contacting us directly.

7.6 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal.

7.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality of service because you exercised your rights under applicable privacy laws.

7.8 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us using the following contact information:

We will respond to your request within 45 days of receipt, with a possible extension of an additional 45 days where necessary. We may require you to verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. The criteria we use to determine retention periods include:

When your personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention and disposal procedures.

9. Cookie Policy Summary

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver relevant content and advertisements. This section provides a brief summary of our cookie practices. For comprehensive information, please refer to our full Cookie Policy, available on our website.

9.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled without affecting core functionality, such as shopping cart and login sessions.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use tools like Google Analytics for this purpose.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your language preference, location, or past orders.
• Marketing and Advertising Cookies: Used to deliver advertisements relevant to your interests and to measure the effectiveness of our marketing campaigns. These may be set by us or by third-party advertising partners.

9.2 Your Cookie Choices

You can control and manage cookie preferences through our cookie consent banner when you first visit our website, or at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services. For full details on managing your cookie preferences, please visit our Cookie Policy page.

10. Children's Privacy

Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 18. If you are under 18, please do not use our Services or provide any personal information to us.

If we become aware that we have inadvertently collected personal information from a child under 18 without appropriate parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected] and we will promptly address the matter.

We comply with the Children's Online Privacy Protection Act (COPPA) and all applicable federal and state laws governing the privacy of minors.

11. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) regarding your personal information.

11.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email, IP address, account credentials)
• Commercial information (purchase history, transaction data)
• Internet or other electronic network activity information (browsing history, interaction data)
• Geolocation data (with permission)
• Inferences drawn from personal information to create a profile about preferences and behavior

11.2 Your CCPA/CPRA Rights

California residents have the following rights:

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, as well as how we use and share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: Under the CPRA, you have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as defined under California law. We do not sell personal information for money; however, we may share personal information with advertising partners in ways that may constitute "sharing" under the CPRA. You may opt out by contacting us or using available opt-out mechanisms.
• Right to Limit Use of Sensitive Personal Information: Under the CPRA, you have the right to limit the use and disclosure of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

11.3 How to Submit a California Privacy Request

To exercise your California privacy rights, please contact us at:

We will verify your identity before processing your request. You may submit requests on your own behalf or through an authorized agent. We will respond to verifiable consumer requests within 45 days of receipt, with one possible extension of an additional 45 days where reasonably necessary.

12. Federal Consumer Protection

In addition to state-level laws, Cafe Rio complies with applicable federal consumer protection laws, including the regulations enforced by the Federal Trade Commission (FTC) under the FTC Act (15 U.S.C. § 45). We do not engage in unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personal information. Our privacy representations are honest, transparent, and consistent with our actual practices.

13. International Data Transfers

Cafe Rio is based in the United States, and your personal information is primarily collected and processed within the United States. However, some of our third-party service providers may be located in other countries, which means your personal information may be transferred to, stored, and processed in countries outside of the United States.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. These safeguards may include:

• Entering into data processing agreements with service providers that include appropriate data protection clauses
• Ensuring that service providers adhere to recognized international data protection frameworks
• Implementing technical and organizational security measures to protect transferred data

By using our Services from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States and to other countries as described in this Privacy Policy.

14. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by Cafe Rio. If you click on a third-party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. The inclusion of a link to a third-party website does not imply our endorsement of that website or its practices.

15. How to File a Complaint

If you have concerns about our privacy practices or believe that we have not adequately addressed your privacy rights, we encourage you to contact us first so that we can attempt to resolve your concern directly.

If you are not satisfied with our response, you may also file a complaint with the appropriate regulatory authority:

• Federal Trade Commission (FTC): The FTC handles complaints relating to deceptive or unfair business practices, including privacy violations. You may file a complaint at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).
• California residents: You may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov or the California Attorney General's office at oag.ca.gov/privacy.
• Other states: Residents of other U.S. states may file complaints with their respective state attorney general's office or consumer protection agency.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will notify you by:

• Updating the "Last Updated" date at the top of this page
• Sending an email notification to the email address associated with your account (for significant changes)
• Posting a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using the information below:

We are committed to resolving any privacy concerns promptly and transparently. When you contact us, please provide sufficient information to allow us to identify your account and understand the nature of your inquiry so that we can assist you as efficiently as possible.