Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at caferiomexican.click, place orders, subscribe to our communications, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and care.

Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with these terms, please discontinue use of our website and services immediately.

This Privacy Policy is governed by the laws of the United States, including applicable federal and state regulations. If you are a resident of California, additional rights and disclosures apply to you under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). All users are also protected by applicable provisions of the Federal Trade Commission (FTC) Act regarding unfair or deceptive trade practices.

1. About Us

Cafe Rio is a food service business operating in the United States. We operate the website located at caferiomexican.click and provide food ordering and related services to our customers.

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us at the email address provided above. We will respond to all legitimate privacy inquiries in a timely and thorough manner.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• All visitors to our website at caferiomexican.click
• Customers who place food orders through our website or affiliated platforms
• Users who create accounts or register on our website
• Individuals who subscribe to our newsletters, promotional emails, or loyalty programs
• Anyone who contacts us via email, phone, or through our website contact forms
• Users who interact with us on social media platforms

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked to from our website. We encourage you to review the privacy policies of any third-party platforms you visit through links on our site, as we have no control over their data practices.

3. Information We Collect

We collect various types of information to provide and improve our services, fulfill your orders, and communicate with you effectively. The categories of information we collect are described below.

3.1 Personal Information You Provide Directly

When you interact with us, you may voluntarily provide us with personal information, including but not limited to:

• Identity Information: Your full name, username, or similar identifiers
• Contact Information: Email address, telephone number, billing address, delivery address, and mailing address
• Account Credentials: Username and password when you create an account on our website
• Order Information: Food preferences, dietary restrictions, order history, special instructions, and payment details
• Payment Information: Credit or debit card numbers, expiration dates, billing addresses, and other financial data necessary to process your transactions. Note that payment card data is processed by our PCI-DSS compliant payment processors and is not stored directly on our servers.
• Communications Data: Records of correspondence when you contact our customer service team, including emails, chat logs, and phone records
• Marketing Preferences: Your preferences for receiving marketing communications and your choices about how we contact you
• Feedback and Reviews: Comments, ratings, testimonials, and survey responses you submit to us

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage data through cookies, web beacons, pixels, and similar tracking technologies. This information includes:

• Device Information: Device type, operating system, browser type and version, screen resolution, and hardware model
• Log Data: IP address, access times and dates, pages visited, time spent on pages, referring URLs, and exit pages
• Usage Data: Clickstream data, search queries made on our site, features and content you interact with, and your browsing behavior on our website
• Location Data: General geographic location inferred from your IP address, or more precise location data if you grant permission through your browser or mobile device
• Cookie Data: Data stored in cookies and similar tracking technologies placed on your device (see Section 9 for more details)
• Network Information: Internet service provider (ISP) and connection type

3.3 Information From Third Parties

We may also receive information about you from third-party sources, which we may combine with the information we have already collected about you. These sources include:

• Social Media Platforms: If you connect your social media accounts to our services or interact with our social media pages, we may receive profile information, public posts, and other data permitted by the platform's privacy settings
• Analytics Providers: Data about your online behavior and interactions from analytics services
• Marketing Partners: Information about your interests and demographics from advertising and marketing partners
• Delivery Partners: Delivery address confirmation and order status updates from third-party delivery service providers
• Payment Processors: Transaction confirmation and fraud prevention signals from our payment processing partners

4. How We Use Your Information

We use the personal information we collect for the following purposes, always in accordance with applicable law and this Privacy Policy:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including delivery or pickup arrangements
• Managing your account and providing you with access to our website's features
• Processing payments and preventing fraudulent transactions
• Communicating with you about your orders, including confirmations, updates, and receipts
• Providing customer support and responding to your inquiries and complaints
• Personalizing your experience and remembering your food preferences and dietary restrictions

4.2 Analytics and Performance Improvement

• Analyzing website traffic patterns and user behavior to improve our website's functionality and user experience
• Conducting research and analysis to better understand our customers' needs and preferences
• Monitoring and improving the performance and security of our website
• Developing new features, products, and services based on user feedback and behavior
• Measuring the effectiveness of our marketing campaigns and promotional activities

4.3 Marketing and Communications

• Sending you promotional emails, newsletters, and special offers about our food, events, and services, where you have consented to receive such communications or where we have a legitimate interest in doing so
• Personalizing marketing messages and advertisements based on your preferences and browsing history
• Running loyalty programs and sending you rewards, discounts, and exclusive deals
• Conducting surveys and collecting feedback to improve our services
• Displaying targeted advertisements on our website and third-party platforms

4.4 Legal Compliance and Safety

• Complying with applicable federal and state laws, regulations, and legal processes
• Enforcing our Terms of Service and other applicable agreements
• Detecting, preventing, and addressing fraud, security incidents, and other harmful activities
• Responding to lawful requests from law enforcement and government authorities
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public

We rely on the following legal bases for processing your personal information: (a) your consent; (b) the performance of a contract with you; (c) compliance with legal obligations; and (d) our legitimate business interests, provided those interests are not overridden by your rights and interests.

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your information with carefully selected third parties in the following circumstances:

5.1 Service Providers

We share personal information with trusted third-party service providers who perform functions on our behalf, including:

• Payment Processors: To securely process credit card and other payment transactions
• Delivery Partners: To facilitate the delivery of your food orders to your specified address
• Cloud Hosting Providers: To host our website, databases, and technical infrastructure
• Email Marketing Platforms: To send promotional communications and transactional emails on our behalf
• Analytics Providers: Such as Google Analytics, to help us understand how users interact with our website
• Customer Support Tools: To manage customer service inquiries and interactions
• Fraud Prevention Services: To detect and prevent fraudulent activity on our platform

All service providers are contractually required to use your personal information only for the purposes of providing services to us and to maintain appropriate security measures to protect your data.

5.2 Business Transfers

In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your personal information becomes subject to a different privacy policy.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, or subpoena
• Respond to lawful requests from government authorities, including law enforcement agencies
• Enforce our Terms of Service or protect our legal rights
• Prevent or investigate potential fraud, security incidents, or illegal activities
• Protect the vital interests of our customers or the public

5.4 With Your Consent

We may share your personal information with other third parties when we have obtained your explicit consent to do so. You have the right to withdraw your consent at any time by contacting us at [email protected].

6. Data Security

We take the security of your personal information very seriously and have implemented a range of technical, organizational, and administrative measures designed to protect your data against unauthorized access, disclosure, alteration, and destruction.

6.1 Security Measures

Our security practices include:

• Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS technology. Sensitive data, including payment information, is encrypted both in transit and at rest.
• Access Controls: Access to personal information is strictly limited to authorized personnel who have a legitimate need to access it for business purposes. We enforce the principle of least privilege.
• Secure Payment Processing: Payment card information is handled by PCI-DSS (Payment Card Industry Data Security Standard) compliant processors.
• Regular Security Assessments: We conduct periodic security audits, vulnerability assessments, and penetration testing to identify and remediate potential security weaknesses.
• Employee Training: All employees who handle personal data receive regular training on data protection best practices and security protocols.
• Incident Response: We maintain a documented data breach response plan and will notify affected individuals and relevant authorities in accordance with applicable law in the event of a security breach.

6.2 Limitations of Security

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You also play an important role in protecting your information by keeping your account password confidential and logging out of your account when using shared devices. If you believe your account has been compromised, please contact us immediately at [email protected].

7. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and facilitating their exercise in a timely manner.

7.1 General Rights for All Users

• Right of Access: You have the right to request a copy of the personal information we hold about you and to receive information about how we process it.
• Right to Correction: You have the right to request correction of any inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You may request that we delete your personal information in certain circumstances, subject to our legal obligations to retain certain data.
• Right to Opt Out of Marketing: You can opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any promotional email or by contacting us directly.
• Right to Data Portability: You may request that we provide your personal information in a structured, commonly used, machine-readable format so that you can transfer it to another service provider.

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what categories of personal information we have collected about you, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell your personal information. To opt out of sharing for advertising purposes, please contact us.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to certain specified purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide you with a lower quality of service because you exercised your privacy rights.

To exercise any of your California privacy rights, please submit a verifiable consumer request to us at [email protected]. We will respond to your request within 45 days, with the possibility of a 45-day extension if necessary. You may make a verifiable consumer request up to twice within a 12-month period.

7.3 How to Exercise Your Rights

To exercise any of the rights described in this section, please contact us by:

• Email: [email protected] — Subject line: "Privacy Rights Request"

We may need to verify your identity before processing your request to ensure that we are disclosing information to the correct individual. We will respond to all verified requests within the timeframes required by applicable law.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

When personal information is no longer required for the purposes for which it was collected, we will securely delete, destroy, or anonymize it in accordance with our data retention policies and applicable law.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website performance, and deliver personalized content and advertisements. Cookies are small text files that are stored on your device when you visit our website.

9.1 Types of Cookies We Use

• Essential Cookies: These cookies are strictly necessary for the operation of our website. They enable core functionalities such as security, session management, and access to secure areas. The website cannot function properly without these cookies.
• Performance and Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use tools such as Google Analytics for this purpose.
• Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your food preferences, login status, and language settings.
• Marketing and Advertising Cookies: These cookies track your online activity to help us deliver more relevant advertising and measure the effectiveness of our marketing campaigns.

9.2 Managing Your Cookie Preferences

You have the right to control which cookies are placed on your device. You can manage your cookie preferences through your browser settings, which allow you to refuse, delete, or block certain types of cookies. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some of our services.

Most browsers accept cookies automatically. However, you can modify your browser settings to decline cookies or receive a notification when cookies are set. Instructions for managing cookies are typically found in your browser's "Help" menu.

For more detailed information about the specific cookies we use, their purposes, and your options for controlling them, please refer to our Cookie Policy available on our website.

10. Children's Privacy

Cafe Rio's website and food ordering services are not directed to or intended for use by children under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 13 years of age. Our services are designed for adult consumers who are capable of entering into legally binding agreements.

If you are under 18 years of age, please do not use our website or provide any personal information to us. If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our systems.

We comply with the Children's Online Privacy Protection Act (COPPA), which requires parental consent before collecting personal information from children under 13 years of age in the United States. In the event we discover that we have inadvertently collected personal information from a child under 13, we will delete such information without delay.

11. International Data Transfers

Cafe Rio is based in the United States, and your personal information is collected, stored, and processed in the United States. However, as we use third-party service providers who may be located in other countries, your personal information may be transferred to, stored, or processed in countries other than the United States.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information and that such transfers comply with applicable data protection laws. These safeguards may include:

• Transferring data only to countries that have been deemed to provide an adequate level of data protection
• Using standard contractual clauses approved by relevant authorities to govern data transfers
• Ensuring that third-party recipients are bound by contractual obligations to maintain appropriate security and data protection standards
• Implementing technical and organizational measures to protect data during and after transfer

By using our website and services, you acknowledge that your personal information may be transferred to and processed in countries outside your country of residence, including the United States, which may have different data protection laws than those in your country.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that sends a signal to websites you visit indicating that you do not want to be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to DNT browser signals. We encourage you to use our cookie management tools and opt-out options described in Section 9 to control how your information is used for tracking and advertising purposes.

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services, including social media platforms, delivery partner portals, and payment processors. These third-party sites have their own privacy policies, which are independent of ours. We are not responsible for the privacy practices of any third-party website or service.

We encourage you to review the privacy policies of all third-party platforms you visit through links on our website before providing any personal information. The inclusion of a link on our website does not constitute our endorsement or approval of the linked site's privacy practices.

Social media widgets and "share" buttons may appear on our website. These features are operated by third-party social media companies and may collect information about your IP address and the pages you visit on our website. Your interactions with these features are governed by the privacy policies of the companies that provide them.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the revised policy on our website at caferiomexican.click
• Where required by law or where changes are significant, notify you by email or by displaying a prominent notice on our website

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

If you do not agree with the changes to this Privacy Policy, you should discontinue use of our website and services and may request deletion of your personal information as described in Section 7.

15. Filing a Complaint With a Data Protection Authority

If you have concerns about our privacy practices and are not satisfied with our response to your inquiry, you have the right to file a complaint with the relevant data protection or consumer protection authority.

15.1 For United States Residents

If you believe that we have engaged in unfair or deceptive practices in connection with the collection or use of your personal information, you may file a complaint with:

15.2 For California Residents

California residents may also file a complaint with the California Privacy Protection Agency (CPPA), the state agency responsible for enforcing the CCPA/CPRA:

Additionally, California residents may contact the California Attorney General's office regarding privacy rights violations:

We encourage you to contact us first before filing a complaint with any authority, as we are committed to resolving your concerns promptly and fairly.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team using any of the following methods:

When contacting us regarding a privacy matter, please include the following information in your communication to help us process your request efficiently:

• Your full name
• Your email address or other contact information associated with your account
• A clear description of your request or concern
• The subject line: "Privacy Request" or "Privacy Inquiry"

We are committed to responding to all legitimate privacy inquiries within 30 days of receipt. For requests requiring verification of identity or complex processing, we may need up to 45 days to respond, as permitted by applicable law.