Privacy Policy
Last Updated: December 2024
Important: We never sell your personal data. Your privacy is our priority and we are committed to protecting your information with the highest security standards.
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Information Sharing and Disclosure
- 5. Data Security
- 6. Cookies and Tracking Technologies
- 7. Your Rights
- 8. Children's Privacy
- 9. International Data Transfers
- 10. Data Retention Periods
- 11. Third-Party Links
- 12. Policy Changes
- 13. Contact Information
- 14. Withdrawal of Consent
- 15. Conclusion
1. Introduction
Welcome to Cafe Rio. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website at riocafes.click, use our mobile application, order food from our restaurant, or interact with our services.
This policy applies to all aspects of our food service business, including:
- Online food ordering and delivery services
- In-restaurant dining experiences
- Catering and event services
- Loyalty programs and rewards
- Marketing communications
- Customer support interactions
By using our services, creating an account, placing orders, or providing us with your information, you agree to the terms outlined in this Privacy Policy. If you do not agree with our practices, please do not use our services.
Our Privacy Promise: We never sell your personal data to third parties. Your trust is fundamental to our business, and we are dedicated to maintaining the highest standards of data protection and privacy.
2. Information We Collect
2.1 Information You Provide to Us
We collect information you voluntarily provide when interacting with our services:
Personal Identification Information:
- Full name, email address, and phone number
- Delivery and billing addresses
- Date of birth (for age verification and special offers)
Account Information:
- Username and password for your account
- Order history and purchase records
- Saved payment methods and delivery preferences
- Loyalty program participation and points balance
Food Service Specific Information:
- Dietary preferences and restrictions (vegetarian, vegan, gluten-free)
- Allergen information and special dietary requirements
- Food preferences and favorite menu items
- Special instructions for food preparation
- Table reservation details and party size
- Catering event information and guest count
Payment Information:
- Credit/debit card information (stored encrypted)
- Digital wallet information (PayPal, Apple Pay, Google Pay)
- Billing address and payment preferences
Communication Data:
- Contact form submissions and inquiries
- Customer reviews and ratings
- Support ticket conversations
- Marketing communication preferences
2.2 Automatically Collected Information
When you use our services, we automatically collect certain technical information:
Device Information:
- IP address and approximate location
- Browser type, version, and language settings
- Operating system and device type
- Screen resolution and device identifiers
Usage Data:
- Website browsing history and page views
- Time spent on pages and click patterns
- Search queries and menu browsing behavior
- Order frequency and timing patterns
- App usage statistics and feature interactions
Location Information:
- GPS location (with your permission for delivery)
- Approximate location from IP address
- Delivery address history
2.3 Information from Third Parties
We may receive information about you from external sources:
Social Media Platforms:
- Profile information when you connect social accounts
- Friend connections and social interactions
- Public posts mentioning our restaurant
Business Partners:
- Payment processor transaction data
- Delivery service partner information
- Marketing partner campaign data
- Review platform ratings and feedback
3. How We Use Your Information
3.1 Service Provision
We use your information to provide and improve our food services:
- Order Processing: Managing your food orders from placement to delivery
- Account Management: Creating and maintaining your user account
- Payment Processing: Securely handling transactions and billing
- Delivery Services: Coordinating delivery to your specified address
- Dietary Accommodations: Ensuring your meals meet dietary requirements
- Quality Improvement: Analyzing usage patterns to enhance our services
- Customer Support: Resolving issues and answering questions
3.2 Communication
We communicate with you for service and marketing purposes:
- Order Notifications: Confirmation, preparation, and delivery updates
- Account Communications: Password resets, account changes, security alerts
- Customer Support: Responding to inquiries and resolving issues
- Marketing Messages: Promotional offers, new menu items, special events (with consent)
- Loyalty Program Updates: Points balance, rewards availability, tier status
- Important Notices: Policy changes, service updates, security notifications
3.3 Marketing and Analytics
We analyze data to improve our marketing and understand customer preferences:
- Personalized Advertising: Showing relevant offers based on your preferences
- Usage Analysis: Understanding how customers interact with our services
- Campaign Effectiveness: Measuring the success of marketing initiatives
- Market Research: Developing new menu items and services
- Customer Segmentation: Tailoring experiences to different customer groups
3.4 Legal Compliance and Protection
We may use your information for legal and security purposes:
- Complying with applicable laws and regulations
- Responding to legal requests and court orders
- Preventing fraud and protecting against security threats
- Protecting our rights, property, and safety
- Resolving disputes and enforcing agreements
4. Information Sharing and Disclosure
4.1 Service Providers
We share information with trusted partners who help us operate our business:
Payment Processors:
- Credit card companies and payment gateways for transaction processing
- Digital wallet providers (PayPal, Apple Pay, Google Pay)
- PCI-compliant payment security providers
Delivery Partners:
- Third-party delivery services for order fulfillment
- Logistics providers for efficient delivery routing
- GPS tracking services for real-time delivery updates
Technology Services:
- Cloud storage providers for secure data hosting
- Customer relationship management platforms
- Email marketing services for promotional communications
- Analytics tools for website and app performance monitoring
4.2 Legal Requirements
We may disclose your information when required by law:
- In response to valid court orders, subpoenas, or legal processes
- To comply with applicable laws and regulations
- To protect our rights, property, and the safety of our customers
- In cases of suspected fraud or illegal activities
- During emergencies to protect public safety
4.3 Business Transfers
In the event of business changes:
- During mergers, acquisitions, or asset sales
- We will notify you before your information is transferred
- The new owner must comply with this Privacy Policy
- You retain all rights regarding your personal data
4.4 With Your Consent
We may share information for other purposes with your explicit consent, such as:
- Participating in third-party loyalty programs
- Sharing reviews on external platforms
- Integration with social media accounts
5. Data Security
5.1 Technical Security Measures
We implement comprehensive technical safeguards to protect your data:
Encryption:
- SSL/TLS encryption for all data transmission
- Advanced encryption standards (AES-256) for data storage
- End-to-end encryption for sensitive communications
Network Security:
- Advanced firewall systems and intrusion detection
- Regular security vulnerability assessments
- 24/7 security monitoring and incident response
- Secure server infrastructure with redundant backups
Access Controls:
- Role-based access control limiting data access to necessary personnel
- Multi-factor authentication for administrative accounts
- Regular access reviews and permission updates
5.2 Organizational Security Measures
Our team follows strict protocols to protect your information:
- Employee Training: Regular security awareness and data protection training
- Confidentiality Agreements: All staff sign comprehensive confidentiality agreements
- Third-Party Security: Vendor security assessments and contractual obligations
- Incident Response: Established procedures for security breach response
- Regular Audits: Annual security audits and compliance assessments
5.3 Your Security Responsibilities
Help us protect your account by following these best practices:
- Strong Passwords: Use complex, unique passwords for your account
- Account Security: Never share your login credentials with others
- Public Computers: Always log out when using shared devices
- Phishing Awareness: Be cautious of suspicious emails or links
- Immediate Reporting: Contact us immediately if you suspect unauthorized access
Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will promptly notify you and relevant authorities within 72 hours, as required by law. We will provide details about the incident and steps being taken to address it.
6. Cookies and Tracking Technologies
We use various tracking technologies to enhance your experience and analyze usage patterns:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Basic site functions, login state, shopping cart | Session |
| Functional Cookies | User preferences, language settings, location | Up to 1 year |
| Analytics Cookies | Usage analysis, performance monitoring, improvements | Up to 2 years |
| Marketing Cookies | Personalized advertising, campaign tracking | Up to 1 year |
Tracking Technologies We Use:
- Google Analytics: Website traffic analysis and user behavior insights
- Facebook Pixel: Advertisement effectiveness measurement and retargeting
- Web Beacons: Email open rates and engagement tracking
- Local Storage: Storing user preferences and session data
- Session Recording: Understanding user interactions for UX improvements
Cookie Management: You can control cookies through your browser settings. You can accept, reject, or delete cookies, though disabling certain cookies may affect website functionality. Most browsers allow you to:
- View and delete existing cookies
- Block cookies from specific sites
- Block third-party cookies
- Delete all cookies when closing the browser
7. Your Rights (GDPR/CCPA Compliance)
You have significant control over your personal data. Under applicable privacy laws, you have the following rights:
7.1 Right of Access
You can request to view all personal data we have about you, including:
- Personal information and account details
- Order history and preferences
- Communication records and support interactions
- Data sources and sharing information
7.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data:
- Update contact information and addresses
- Correct dietary preferences and allergen information
- Modify account settings and preferences
7.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent and there's no other legal basis
- The data has been unlawfully processed
- You object to processing and there are no overriding legitimate grounds
7.4 Right to Restrict Processing
You can limit how we use your data in certain circumstances:
- When you contest the accuracy of the data
- When processing is unlawful but you don't want deletion
- When we no longer need the data but you need it for legal claims
7.5 Right to Data Portability
You can receive your personal data in a machine-readable format and transfer it to another service provider.
7.6 Right to Object
You can object to processing based on legitimate interests, especially for:
- Direct marketing communications
- Profiling for marketing purposes
- Research and analytics
7.7 Right Against Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affects you.
How to Exercise Your Rights: Contact us at [email protected] or use our online privacy portal. We will respond to your request within 30 days and may require identity verification for security purposes.
8. Children's Privacy
We are committed to protecting children's privacy and comply with applicable children's privacy laws:
- Age Restriction: Our services are not intended for children under 16 years of age
- No Intentional Collection: We do not knowingly collect personal information from children under 16
- Parental Rights: Parents can contact us to review, delete, or stop collection of their child's information
- Account Verification: We may require age verification during account creation
- Prompt Action: If we discover we have collected information from a child under 16, we will promptly delete it
Parent Notice: If you believe your child under 16 has provided us with personal information, please contact us immediately at [email protected] so we can delete the information and close any associated account.
9. International Data Transfers
9.1 Protection Measures
When transferring your data internationally, we ensure appropriate safeguards:
- Adequacy Decisions: Transfers to countries with adequate protection levels recognized by authorities
- Standard Contractual Clauses: EU-approved contracts ensuring data protection standards
- Data Processing Agreements: Comprehensive contracts with international partners
- Security Measures: Technical and organizational measures during transfer
- Regular Compliance Audits: Ongoing verification of protection standards
9.2 Transfer Destinations
Your data may be transferred to and processed in:
- United States: Cloud storage and analytics services
- European Union: Customer support and data analytics
- Other Countries: As necessary for service provision with appropriate protections
10. Data Retention Periods
We retain your information only as long as necessary for legitimate business purposes:
| Information Type | Retention Period | Reason |
|---|---|---|
| Account Information | 6 months after account deletion | Legal obligations, dispute resolution |
| Purchase History | 7 years | Tax and accounting requirements |
| Marketing Consent | 3 months after withdrawal | Consent record keeping |
| Website Usage Logs | Up to 2 years | Security monitoring, analytics |
| Customer Support Records | 3 years | Service quality improvement |
| Payment Information | As required by payment processors | Transaction processing, fraud prevention |
| Delivery Information | 1 year | Service improvement, dispute resolution |
Safe Data Disposal Process:
- Electronic Data: Secure deletion ensuring data cannot be recovered
- Physical Records: Professional shredding of paper documents
- Backup Systems: Deletion from all backup and archive systems
- Documentation: Maintaining records of disposal for compliance
11. Third-Party Links
Our website and communications may contain links to external websites and services:
- No Responsibility: We are not responsible for the privacy practices of third-party websites
- Independent Policies: Third-party sites have their own privacy policies and terms
- Your Responsibility: Review privacy policies before providing information to external sites
- Social Media: Interactions on social platforms are governed by their policies
- Partner Services: Delivery and payment partners have separate privacy practices
Recommendation: Always read the privacy policy of any website before sharing personal information, especially for payment or sensitive data.
12. Policy Changes
12.1 Change Notification Methods
We will notify you of privacy policy changes through:
- Website Notice: Prominent banner on our website homepage
- Email Notification: Direct communication to registered users
- App Notification: Push notification for mobile app users
- Account Dashboard: Notice in your account settings
- Social Media: Announcements on our social media channels
12.2 Significant Changes
For material changes affecting your rights, we will:
- Provide 30 days advance notice
- Clearly explain the changes and their impact
- Request explicit consent for new uses of personal data
- Offer options to object or withdraw consent
12.3 Staying Informed
To stay updated on privacy policy changes:
- Check the "Last Updated" date at the top of this policy
- Visit our website regularly for notices
- Ensure your contact information is current
- Review communications from us carefully
Continued Use: Your continued use of our services after policy changes constitutes acceptance of the updated terms.
13. Contact Information
Get in Touch About Privacy Matters
We're here to help with any privacy questions or concerns:
Cafe Rio Privacy Team
300 Goose Cove Rd, Deer Isle, ME 04627, USA
Phone: +1 207-348-6900
Email: [email protected]
Business Hours: Monday - Friday, 9:00 AM - 6:00 PM EST
Response Commitment: We will respond to your privacy inquiry within 3 business days and work to resolve any concerns promptly.
13.1 Filing Complaints
If you're not satisfied with our response to your privacy concern:
- First Step: Contact us directly to resolve the issue
- Escalation: Request to speak with our Privacy Officer
- External Complaint: Contact your local data protection authority
US Residents: You may also contact the Federal Trade Commission (FTC) at 1-877-FTC-HELP or consumerline.ftc.gov.
EU Residents: You have the right to lodge a complaint with your local supervisory authority. Find your authority at edpb.europa.eu.
14. Withdrawal of Consent
14.1 Marketing Communications
You can withdraw consent for marketing communications at any time:
- Email Unsubscribe: Click the unsubscribe link in any marketing email
- Account Settings: Update preferences in your account dashboard
- Phone Opt-out: Reply STOP to text messages or call us
- Customer Support: Contact us directly to update preferences
14.2 Account Deletion Process
To delete your account and personal data:
- Log into your account settings
- Navigate to "Privacy & Data" section
- Select "Delete Account" option
- Confirm your identity for security
- Review what data will be deleted
- Complete the deletion request
Important Note: Some information may be retained as required by law for tax, accounting, or legal compliance purposes, even after account deletion. We will inform you of any retained data during the deletion process.
14.3 Partial Consent Withdrawal
You can withdraw consent for specific uses while maintaining your account:
- Marketing and promotional communications
- Analytics and performance tracking
- Social media integration
- Location-based services
15. Conclusion
At Cafe Rio, your privacy is not just a legal requirement—it's a fundamental part of building trust and providing exceptional service. We are committed to:
- Transparency: Clearly communicating how we use your information
- Security: Implementing robust measures to protect your data
- Choice: Providing you control over your personal information
- Compliance: Following all applicable privacy laws and regulations
- Continuous Improvement: Regularly updating our practices to enhance protection
Our relationship with you is built on trust, and we understand that trust must be earned through consistent actions and transparency. We're committed to protecting your privacy while providing you with the delicious food and excellent service you expect from Cafe Rio.
If you have any questions about this Privacy Policy or our privacy practices, please don't hesitate to contact us. We're here to help and ensure you feel confident about sharing your information with us.
Thank you for choosing Cafe Rio. We appreciate your trust and look forward to serving you.
Last Updated: December 2024
Please check this page regularly for updates to our Privacy Policy.