Privacy Policy

This Privacy Policy describes how Cafe Rio ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at caferiomeal.click (the "Website"), place orders, use our services, or otherwise interact with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.

By accessing or using our Website or services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our Website and services immediately.

We encourage you to read this Privacy Policy carefully and contact us if you have any questions.

1. Who We Are

Cafe Rio is a food service business operating in the United States. Our contact details are as follows:

For all privacy-related inquiries, requests, or complaints, please contact us using the information provided in the Contact Us section at the end of this Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• All visitors to our Website at caferiomeal.click
• Registered users and account holders
• Customers who place food orders online or in person
• Individuals who sign up for our newsletter, promotions, or loyalty programs
• Anyone who contacts us via email, phone, or through our contact forms
• Individuals who interact with us through social media platforms

This Policy does not apply to third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect several types of information from and about users of our Website and services. The categories of personal information we may collect include:

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

• Full name
• Email address
• Phone number
• Billing and shipping address (including city, state, ZIP code)
• Username and password (for registered accounts)
• Date of birth (for age verification or promotional purposes)
• Payment information (credit/debit card numbers, billing details — processed securely through third-party payment processors)

3.2 Order and Transaction Data

When you place a food order through our Website, we collect:

• Order history and details (items ordered, quantities, special instructions)
• Delivery preferences and delivery address
• Transaction amounts and payment method types
• Order confirmation and communication records

3.3 Usage Data and Technical Information

We automatically collect certain technical information when you visit our Website, including:

• IP address and approximate geolocation
• Browser type and version
• Operating system and device type
• Pages visited and time spent on each page
• Referring URLs (the page that led you to our Website)
• Click patterns, scroll behavior, and navigation paths
• Date and time of access
• Error logs and crash reports

3.4 Cookie and Tracking Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with our Website. This may include session identifiers, preference settings, analytics identifiers, and advertising-related data. Please refer to our Cookie Policy section below for more detailed information.

3.5 Communications Data

If you contact us by email, phone, or through our Website contact forms, we may collect and retain:

• The content of your messages or inquiries
• Your name and contact details as provided
• Records of correspondence and support tickets

3.6 Marketing and Preference Data

If you subscribe to our newsletter or promotional communications, we collect:

• Email address and name
• Marketing preferences and opt-in/opt-out status
• Engagement data (open rates, click-through rates)

3.7 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms (if you connect your account or interact with our social content)
• Payment processors and fraud detection services
• Delivery partners and logistics providers
• Analytics and advertising partners

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Providing and Managing Our Services

• Processing and fulfilling your food orders
• Managing your account and providing customer support
• Sending order confirmations, receipts, and status updates
• Facilitating payment processing and preventing fraudulent transactions
• Coordinating delivery logistics with third-party delivery partners

4.2 Improving Our Website and Services

• Analyzing usage patterns to improve Website functionality and user experience
• Conducting internal research and data analytics
• Testing new features, menus, and service improvements
• Monitoring Website performance and diagnosing technical issues

4.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, and special offers (with your consent where required)
• Personalizing content and recommendations based on your order history and preferences
• Delivering targeted advertisements through third-party advertising platforms
• Administering loyalty programs, contests, and promotions

4.4 Legal Compliance and Safety

• Complying with applicable federal and state laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Detecting, investigating, and preventing fraudulent or illegal activities
• Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
• Responding to lawful requests from government authorities and law enforcement

4.5 Business Operations

• Maintaining internal records and financial accounting
• Managing vendor and supplier relationships
• Conducting due diligence in connection with business transactions, mergers, or acquisitions

5. Legal Basis for Processing (U.S. Law)

We operate in the United States and comply with applicable federal and state privacy laws, including but not limited to:

• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) — for California residents
• The Federal Trade Commission (FTC) Act — governing unfair or deceptive acts and practices in commerce
• The CAN-SPAM Act — governing commercial email communications
• The Children's Online Privacy Protection Act (COPPA) — governing the collection of data from minors
• Other applicable state privacy laws, including those of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA)

We collect and process your personal information based on one or more of the following legal bases:

• Contract performance: Processing necessary to fulfill your orders and provide our services
• Legal obligation: Compliance with applicable laws and regulatory requirements
• Legitimate interests: Operating, improving, and securing our business and Website
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing emails)

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties in the following circumstances:

6.1 Service Providers and Business Partners

We share personal information with third-party vendors who perform services on our behalf, including:

• Payment processors (e.g., Stripe, Square, PayPal) — to securely process transactions
• Delivery and logistics partners — to fulfill and track your food orders
• Cloud hosting and IT infrastructure providers — to store and manage our data securely
• Email and communication service providers — to send transactional and marketing emails
• Analytics providers (e.g., Google Analytics) — to understand Website usage patterns
• Customer support platforms — to manage inquiries and complaints
• Marketing and advertising platforms — to deliver targeted advertisements

All service providers are contractually required to use your information only as directed by us and to maintain appropriate security standards.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required by law or in good-faith belief that such disclosure is necessary to:

• Comply with a court order, subpoena, or other legal process
• Respond to lawful requests from government authorities or law enforcement agencies
• Protect the rights, property, or safety of Cafe Rio, our users, or others
• Investigate fraud, security incidents, or violations of our policies

6.3 Business Transfers

If Cafe Rio is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when participating in co-branded promotions or social media integrations.

7. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyze Website traffic, and deliver personalized content and advertising.

7.1 Types of Cookies We Use

7.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• Block all or certain types of cookies
• Delete existing cookies from your browser
• Set preferences to be notified when cookies are placed

Please note that disabling certain cookies may affect the functionality of our Website and your ability to place orders or access certain features. For more detailed information about our use of cookies, please review our full Cookie Policy available on our Website.

8. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, or destruction.

8.1 Security Measures We Implement

• SSL/TLS Encryption: All data transmitted between your browser and our Website is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols.
• Secure Payment Processing: We do not store your full payment card information on our servers. Payments are processed by PCI-DSS compliant third-party payment processors.
• Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their job functions, subject to strict confidentiality obligations.
• Data Minimization: We collect only the personal information that is necessary for the purposes described in this Policy.
• Regular Security Assessments: We conduct periodic reviews of our information collection, storage, and processing practices to guard against unauthorized access.
• Incident Response: We maintain an incident response plan to address data breaches promptly and in accordance with applicable legal requirements.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements. The following retention periods generally apply:

When personal information is no longer needed, we will securely delete, anonymize, or aggregate it in accordance with our data retention policies.

10. Your Privacy Rights

Depending on your state of residence in the United States, you may have the following rights regarding your personal information:

10.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it was collected, and the categories of third parties with whom it was shared.
• Right to Delete: You have the right to request that we delete personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary compensation, but we may share data with advertising partners in ways that may qualify as "sharing" under CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to uses necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

10.2 Rights Under Other State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have similar rights, including:

• Right to access personal data we hold about you
• Right to correct inaccurate personal data
• Right to delete personal data
• Right to data portability (receiving a copy of your data in a portable format)
• Right to opt out of targeted advertising, profiling, and data sales
• Right to appeal our decisions regarding your privacy rights requests

10.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request by:

• Emailing us at: [email protected]
• Including your full name, email address, and a description of your request

We will respond to your request within 45 days of receipt. We may extend this period by an additional 45 days where reasonably necessary, provided we notify you of the extension within the initial 45-day response period. We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is excessive or repetitive.

10.4 Authorized Agents

You may designate an authorized agent to submit a privacy rights request on your behalf. The authorized agent must provide written authorization from you, and we may require additional verification of your identity before processing the request.

11. Children's Privacy

If you are under 18 years of age, please do not use our Website, create an account, or submit any personal information to us. If a parent or guardian believes that their child under the age of 18 has provided us with personal information without their consent, please contact us immediately at [email protected].

Upon receiving notification that we have collected personal information from a minor under 18, we will take prompt steps to delete such information from our records. We comply with the Children's Online Privacy Protection Act (COPPA) and applicable state laws regarding minors' privacy.

12. International Data Transfers

Cafe Rio is based in the United States and operates primarily within the United States. Your personal information is collected and stored on servers located in the United States. If you access our Website from outside the United States, please be aware that your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country of residence.

By using our Website and services from outside the United States, you consent to the transfer of your personal information to the United States. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, regardless of where it is processed.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland and have concerns about the transfer of your personal data to the United States, please contact us at [email protected] to learn more about the safeguards in place.

13. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, and other online services that are not owned or controlled by Cafe Rio. We are not responsible for the privacy practices of these third parties. When you leave our Website, we encourage you to read the privacy policy of each third-party website you visit.

We may also integrate third-party services into our Website, including:

• Social media sharing buttons (e.g., Facebook, Instagram, Twitter/X)
• Google Maps for location services
• Google Analytics and similar analytics tools
• Online ordering and payment platforms

These integrations may allow third parties to collect information about your browsing behavior across different websites. We do not control these data collection practices and are not responsible for the privacy policies of these third parties.

14. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals websites that the user does not want their online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our Website does not currently respond to DNT browser signals in a uniform way. We will continue to monitor developments in DNT technology and regulatory guidance and update our practices accordingly.

California residents who wish to opt out of tracking for advertising purposes may do so by contacting us at [email protected] or by using opt-out mechanisms provided by third-party advertising platforms.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time in response to changes in our business practices, applicable law, or regulatory requirements. When we make material changes to this Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised Privacy Policy on our Website at caferiomeal.click
• Notify registered users via email (for significant changes)
• Display a prominent notice on our Website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Website and services after the posting of changes constitutes your acceptance of the updated Privacy Policy.

16. Filing a Complaint with a Data Protection Authority

If you believe that we have violated your privacy rights or applicable privacy laws, you have the right to file a complaint with the appropriate regulatory authority. In the United States, the following agencies handle privacy-related complaints:

16.1 Federal Trade Commission (FTC)

The FTC enforces federal consumer protection laws, including those governing unfair or deceptive data practices. You may file a complaint with the FTC at:

• Website: www.ftc.gov/complaint
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

16.2 California Attorney General (For California Residents)

California residents may also file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General regarding CCPA/CPRA violations:

• California Privacy Protection Agency: cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy/ccpa

16.3 State Attorneys General

Residents of other states may file privacy complaints with their respective State Attorney General's offices. Contact information for your state's Attorney General can typically be found through your state government's official website.

We encourage you to contact us directly before filing a complaint, as we are committed to resolving privacy concerns promptly and fairly. Please reach out to us at [email protected] and we will do our best to address your concerns.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and thoroughly.

When contacting us about a privacy matter, please include:

• Your full name and email address
• A clear description of your question, concern, or request
• The specific right you wish to exercise (if applicable)
• Any relevant account information to help us locate your records

We will respond to privacy inquiries and rights requests within 45 days of receipt. For complex requests, we may extend this period by up to an additional 45 days, during which we will notify you of the extension and the reason for it.