Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at rioscafe.digital, place orders online, interact with our digital services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.
By accessing or using our website, placing an order, signing up for our newsletter, or otherwise interacting with our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.
This Privacy Policy is intended to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable state and federal regulations governing data privacy and consumer protection.
1. About Us
Cafe Rio is a food and beverage business committed to delivering exceptional dining experiences both in-person and online. We operate through our website rioscafe.digital and associated digital platforms. For all privacy-related matters, please contact us using the information provided in Section 14 of this policy.
| Business Name | Cafe Rio |
|---|---|
| Email Address | [email protected] |
| Website | rioscafe.digital |
| Location | United States |
2. Information We Collect
We collect various categories of personal information depending on how you interact with us. The types of information we collect are described in detail below.
2.1 Personal Identification Information
When you create an account, place an order, make a reservation, or otherwise engage with our services, we may collect the following personal identification information:
- Full name (first and last name)
- Email address
- Mailing address and delivery address
- Phone number or mobile number
- Date of birth (for age verification or promotional purposes)
- Username and password for account access
- Payment information (credit card numbers, billing address — processed securely through third-party payment processors)
- Dietary preferences and food allergy information that you voluntarily provide
2.2 Usage Data and Browsing Information
When you visit our website or use our digital services, we automatically collect certain technical and behavioral information, including:
- IP address and approximate geographic location derived from it
- Browser type and version
- Operating system and device type
- Pages you visit on our website, including date and time of access
- Time spent on individual pages and overall session duration
- Clickstream data (the path you take through our website)
- Referral source (how you arrived at our website)
- Search terms used on our website
- Items added to your shopping cart or viewed but not purchased
2.3 Device Information
We collect information about the device you use to access our services, including:
- Device identifiers (such as mobile device ID or advertising ID)
- Hardware model and technical specifications
- Network information and connection type
- Mobile network information
- Screen resolution and display settings
2.4 Cookie and Tracking Data
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your activity on our website. Please refer to Section 9 of this policy for detailed information about our use of cookies and your choices regarding tracking technologies.
2.5 Communications and Feedback
If you contact us by email, through our contact forms, via social media, or by phone, we may collect:
- The content of your message, inquiry, or complaint
- Any attachments or images you share with us
- Records of your communication history with us
- Your feedback, reviews, or survey responses
2.6 Loyalty Program and Promotional Data
If you participate in our loyalty rewards program or enter promotional contests and sweepstakes, we collect:
- Loyalty account details and points balance
- Purchase history and reward redemption history
- Promotional preferences and opt-in status
2.7 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social media platforms (if you connect your social media account or log in via social sign-on)
- Online review platforms
- Food delivery and aggregator partner platforms
- Analytics providers and advertising networks
- Publicly available databases
3. How We Use Your Information
We use the personal information we collect for the following purposes:
3.1 Providing and Managing Our Services
- Processing your food orders, deliveries, and payments
- Managing your account and providing customer support
- Facilitating reservations and catering requests
- Sending order confirmations, receipts, and service-related notifications
- Providing you with personalized menu recommendations based on your preferences and order history
- Managing our loyalty rewards program and communicating program updates
3.2 Analytics and Service Improvement
- Analyzing website traffic and usage patterns to improve our digital services
- Understanding customer preferences to refine our menu offerings
- Conducting internal research and statistical analysis
- Testing new features, content, and website functionality
- Monitoring and improving the performance, security, and reliability of our website
3.3 Marketing and Promotional Communications
- Sending you promotional emails, special offers, and newsletters (only with your consent or where permitted by law)
- Delivering targeted advertising and personalized promotions through digital channels
- Running contests, sweepstakes, and loyalty programs
- Conducting surveys and requesting reviews or feedback
- Notifying you of new menu items, seasonal specials, and events
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us directly at [email protected].
3.4 Legal Compliance and Safety
- Complying with applicable federal and state laws and regulations
- Responding to lawful requests from government authorities or law enforcement agencies
- Detecting, preventing, and addressing fraud, unauthorized access, and other illegal activities
- Enforcing our Terms of Service and other legal agreements
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
3.5 Business Operations
- Managing internal record-keeping and accounting
- Processing supplier and partner relationships
- Evaluating and conducting business transactions, mergers, or acquisitions
4. Legal Basis for Processing Your Data
Under applicable United States privacy laws, including the CCPA/CPRA, our processing of your personal information is based on the following legal grounds:
- Contractual Necessity: Processing your data is necessary to fulfill your orders, manage your account, and provide the services you have requested.
- Legitimate Business Interests: We process data for analytics, service improvement, fraud prevention, and business security, provided that such interests do not override your fundamental privacy rights.
- Consent: Where required by law, we process your data only after obtaining your express consent, such as for marketing communications and the use of non-essential cookies.
- Legal Obligation: We process data when required to comply with applicable federal and state laws, regulations, or legal processes.
5. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:
5.1 Service Providers and Business Partners
We work with carefully selected third-party service providers who assist us in operating our business and delivering services. These providers are contractually obligated to use your data only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:
- Payment processors (to securely handle your payment transactions)
- Delivery and logistics partners (to fulfill food delivery orders)
- Email and marketing platform providers (to send communications on our behalf)
- Analytics and data analytics providers (to analyze website usage and improve our services)
- Customer support platform providers (to manage customer inquiries and complaints)
- Cloud storage and IT infrastructure providers (to securely store and manage our data)
- Advertising networks and retargeting platforms (to serve relevant ads)
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information if we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, or government subpoena
- Cooperate with law enforcement investigations
- Protect the legal rights, property, or safety of Cafe Rio, our customers, or the public
- Prevent or investigate suspected fraud, abuse, or illegal activity
5.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, sale of assets, or similar business transaction, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you via email or a prominent notice on our website prior to such a transfer taking effect.
5.4 With Your Consent
We may share your information with third parties not described above when we have obtained your explicit consent to do so.
5.5 Aggregated and Anonymized Data
We may share aggregated or de-identified information — data that cannot reasonably be used to identify you — with third parties for research, marketing, analytics, and business development purposes. This data does not constitute personal information and is not subject to the restrictions of this Privacy Policy.
6. Data Security
Protecting your personal information is a priority for Cafe Rio. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction.
6.1 Security Measures We Employ
- Encryption: All data transmitted between your browser and our servers is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption technology.
- Secure Payment Processing: We do not store complete payment card information on our servers. Payment data is processed by PCI-DSS compliant third-party payment processors.
- Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate business need to access it. All staff members with access to personal data are bound by confidentiality obligations.
- Password Security: User account passwords are stored in encrypted, hashed format using industry-standard cryptographic algorithms.
- Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems and websites.
- Data Minimization: We collect only the personal information that is necessary for the purposes outlined in this Privacy Policy.
- Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities as required by applicable law in the event of a data breach.
7. Your Privacy Rights
Depending on your state of residence within the United States, you may have the following rights regarding your personal information. California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
7.1 Right to Know and Access
You have the right to request that we disclose what categories of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom we share it. You may also request a copy of the specific personal information we hold about you.
7.2 Right to Correction
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You may update much of your account information directly through your account settings on our website.
7.3 Right to Deletion
You have the right to request that we delete your personal information, subject to certain exceptions. We may retain your information where necessary to complete a transaction you have requested, comply with legal obligations, detect security incidents, exercise free speech, or for other purposes permitted by law.
7.4 Right to Opt-Out of Sale or Sharing
Under the CCPA/CPRA, California residents have the right to opt out of the "sale" or "sharing" of their personal information for cross-context behavioral advertising purposes. While we do not sell personal information for monetary compensation, if we engage in sharing activities that constitute "sharing" under the CPRA, you may exercise your right to opt out by contacting us at [email protected].
7.5 Right to Data Portability
Where technically feasible, you have the right to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format.
7.6 Right to Limit Use of Sensitive Personal Information
California residents may have the right to limit the use and disclosure of sensitive personal information (such as precise geolocation data or dietary and health information) to only that which is necessary to perform the services you have requested.
7.7 Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices, or provide a reduced quality of service because you have exercised your rights under applicable privacy law.
7.8 How to Submit a Privacy Rights Request
To exercise any of the rights described above, please submit a verifiable consumer request to us by:
- Emailing us at: [email protected]
- Visiting our website at: rioscafe.digital
We will respond to your request within 45 days of receipt. If we need additional time, we will notify you of the extension (up to an additional 45 days) and the reason for it. We may need to verify your identity before processing your request to protect your privacy and security.
You may authorize an agent to submit a rights request on your behalf. We will require written verification that the agent has been authorized to act on your behalf before processing the request.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or as required by applicable law. Our general data retention practices are as follows:
| Data Category | Retention Period |
|---|---|
| Account and registration information | Duration of account activity + 3 years after account closure |
| Order history and transaction records | 7 years (for tax, accounting, and legal compliance purposes) |
| Marketing communications preferences | Until you opt out, plus 2 years |
| Customer service records and communications | 3 years from last interaction |
| Website usage and analytics data | Up to 26 months |
| Cookie and tracking data | As specified in our Cookie Policy (typically 30 days to 2 years depending on cookie type) |
| Payment information | Retained only as required by payment processor agreements and applicable law |
| Loyalty program data | Duration of loyalty program participation + 2 years |
After the applicable retention period expires, personal information will be securely deleted or anonymized in accordance with industry best practices. Where anonymization is not possible, data will be archived with access restrictions until it can be securely destroyed.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website, analyze site traffic, and deliver personalized content and advertising. Cookies are small text files stored on your device when you visit a website.
9.1 Types of Cookies We Use
- Essential Cookies: Required for the website to function properly. These cookies enable core functionality such as shopping cart management, login sessions, and security features. You cannot opt out of these cookies.
- Analytics and Performance Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use tools such as Google Analytics for this purpose.
- Functional Cookies: Allow the website to remember your preferences and settings, such as language preferences and recently viewed items, to provide an enhanced user experience.
- Marketing and Advertising Cookies: Used to deliver targeted advertisements, measure the effectiveness of ad campaigns, and prevent the same ads from appearing too frequently. These cookies may track your activity across websites.
9.2 Managing Your Cookie Preferences
You may manage your cookie preferences through your browser settings or through our cookie consent tool available on our website. Please note that disabling certain cookies may impact the functionality and performance of our website. For more detailed information about our use of cookies, including a full list of cookies we use, please refer to our Cookie Policy.
You may also opt out of certain third-party advertising cookies by visiting:
- The Network Advertising Initiative (NAI) opt-out page
- The Digital Advertising Alliance (DAA) opt-out page
10. Children's Privacy
Cafe Rio's website and digital services are not directed at children under the age of 18. We do not knowingly solicit or collect personal information from minors. If we become aware that we have inadvertently collected personal information from a person under the age of 18, we will take prompt steps to delete that information from our records.
If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.
We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly engage in data collection practices with users under the age of 13. Should any portion of our services be directed at children under 13 in the future, we will obtain verifiable parental consent before collecting any personal information.
11. International Data Transfers
Cafe Rio is based in the United States, and your personal information is primarily stored and processed within the United States. However, some of our third-party service providers, including cloud storage providers and analytics platforms, may operate in or transfer data to countries outside the United States.
If your personal information is transferred outside of the United States, we will ensure that such transfers are made in compliance with applicable privacy laws and that appropriate safeguards are in place to protect your data. These safeguards may include:
- Entering into data processing agreements with international service providers that incorporate standard contractual clauses or equivalent data protection mechanisms
- Transferring data only to countries that have been determined to provide an adequate level of data protection
- Obtaining your explicit consent for certain international data transfers
By using our services, you acknowledge and consent to the transfer of your personal information to the United States and potentially to other countries as described in this section.
12. Third-Party Links and Websites
Our website may contain links to third-party websites, applications, or services, including social media platforms, food delivery partner websites, and review platforms. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party websites or services, and we encourage you to review the privacy policies of any third-party sites you visit.
The inclusion of a link to a third-party website does not constitute our endorsement of that website or its privacy practices.
13. California Privacy Rights — Additional Disclosures
If you are a California resident, the following additional disclosures apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
13.1 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, IP address, account name | Yes |
| Personal Records (Cal. Civ. Code § 1798.80(e)) | Name, address, phone number, payment information | Yes |
| Commercial Information | Order history, purchase records, loyalty program data | Yes |
| Internet/Electronic Activity | Browsing history on our website, cookie data | Yes |
| Geolocation Data | Approximate location derived from IP address | Yes |
| Sensory/Audio Data | Customer service call recordings (where disclosed) | Limited |
| Inferences | Preferences inferred from order history and browsing behavior | Yes |
| Sensitive Personal Information | Dietary restrictions, food allergy data (voluntarily provided) | Yes (voluntary) |
13.2 Shine the Light Law
California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].
14. How to File a Complaint
If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can work to resolve your concern.
You may also file a complaint with the relevant data protection or consumer protection authority. In the United States, the following authorities handle privacy and consumer protection complaints:
- Federal Trade Commission (FTC): Handles complaints about unfair or deceptive business practices. You may file a complaint at www.ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).
- California Attorney General (for California residents): The California Attorney General oversees enforcement of the CCPA/CPRA. You may contact the California Attorney General's office at oag.ca.gov/privacy/ccpa.
- California Privacy Protection Agency (CPPA): The dedicated state agency responsible for enforcing California's privacy laws. Visit cppa.ca.gov for more information.
- Your State Attorney General: If you reside in another U.S. state with applicable privacy laws (such as Virginia, Colorado, Texas, or others), you may file a complaint with your state's Attorney General office.
15. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the services we offer. When we make material changes to this Privacy Policy, we will:
- Post the updated Privacy Policy on our website with a revised "Last Updated" date at the top of the page
- Notify you by email if we have your email address on file and the changes are material in nature
- Display a prominent notice on our website for a period of at least 30 days following the update
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. Our privacy team is available to assist you:
| Business Name | Cafe Rio |
|---|---|
| [email protected] | |
| Website | rioscafe.digital |
| Location | United States |
We are committed to addressing your privacy concerns promptly and will respond to your inquiries within 15 business days of receipt. For formal privacy rights requests under the CCPA/CPRA, please allow up to 45 days for a full response, as permitted by law.