Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects your personal information when you visit our website at riosscafe.top, interact with our online services, place orders, or otherwise engage with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and in full compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).
By accessing or using our website, submitting any personal information to us, or continuing to use our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.
We encourage you to read this Privacy Policy carefully and in its entirety before providing us with any personal information. If you have any questions, concerns, or requests regarding your privacy or this policy, please contact us using the information provided in the Contact Information section below.
1. Company Information
This Privacy Policy applies to the following business entity:
| Company Name | Cafe Rio |
|---|---|
| Website | riosscafe.top |
| Email Address | [email protected] |
| Business Type | Food & Beverage / Restaurant Services |
| Operating Jurisdiction | United States |
2. Scope and Applicability
This Privacy Policy applies to all personal information collected through our website (riosscafe.top), our online ordering systems, our email communications, our social media profiles, our loyalty programs, and any other digital or physical touchpoints where we interact with customers, website visitors, prospective customers, suppliers, or other individuals (collectively referred to as "users" or "you").
This policy does not apply to the practices of third-party companies, websites, applications, or services that may be linked to or integrated with our website. We encourage you to review the privacy policies of any third-party services you access through links on our website, as we are not responsible for the privacy practices of those entities.
3. Information We Collect
We collect several categories of information in connection with the operation of our food and beverage services and our digital presence. The information we collect may include, but is not limited to, the following:
3.1 Personal Identification Information
When you create an account, place an order, sign up for our newsletter, participate in a loyalty program, or contact us, we may collect the following personal identification data:
- Full name
- Email address
- Phone number
- Billing and shipping/delivery address
- Date of birth (for age verification or promotional purposes)
- Username and password (for account holders)
- Loyalty program membership number or identifier
- Payment information (processed securely through third-party payment processors; we do not store full card numbers)
3.2 Order and Transaction Information
When you place an order through our website or digital channels, we collect information related to your transaction, including:
- Order history and food/beverage item selections
- Dietary preferences or special instructions you voluntarily provide
- Order frequency and spending patterns
- Pickup or delivery preferences
- Transaction timestamps and confirmation numbers
- Customer service interactions related to orders
3.3 Usage and Behavioral Data
When you visit our website, we automatically collect certain technical and behavioral information, including:
- IP address
- Browser type and version
- Operating system
- Pages visited, time spent on pages, and navigation paths
- Referring website or URL
- Search terms used within our website
- Clickstream data and interaction events (clicks, scrolls, form submissions)
- Session duration and frequency of visits
3.4 Device Information
We may collect information about the devices you use to access our website and services, including:
- Device type (desktop, mobile, tablet)
- Device identifiers (where applicable and permitted by law)
- Screen resolution and display settings
- Mobile network information (if accessing via mobile device)
- Time zone settings
3.5 Cookie and Tracking Technology Data
We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your interactions with our website. Please see Section 8 (Cookie Usage) for more details.
3.6 Communications and Feedback
If you contact us by email, through our website contact form, via social media, or through any other communication channel, we collect the content of your communications, your contact details, and records of our correspondence with you. This includes feedback, complaints, reviews, survey responses, and any other content you voluntarily submit.
3.7 Voluntarily Submitted Information
You may choose to provide us with additional information, such as food allergy information, dietary restrictions, catering preferences, or other details relevant to your use of our food services. We treat any such information with appropriate care and use it solely to fulfill your requests and improve your experience.
4. How We Use Your Information
We use the personal information we collect for the following purposes, all of which are grounded in legitimate business operations, our contractual obligations to you, your consent (where required), and our compliance with applicable law:
4.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders, whether for pickup or delivery
- Managing your customer account and loyalty program membership
- Processing payments through secure third-party processors
- Communicating order confirmations, updates, and notifications
- Providing customer service and responding to your inquiries and complaints
- Accommodating dietary preferences and special requests
4.2 Website and Service Improvement
- Analyzing website traffic and user behavior to improve site functionality and user experience
- Monitoring and diagnosing technical issues with our website and digital services
- Developing and testing new features, products, and services
- Conducting internal research, analytics, and quality assurance
4.3 Marketing and Communications
- Sending you promotional emails, newsletters, and special offers (with your consent, where required)
- Notifying you of new menu items, seasonal specials, and events
- Administering contests, sweepstakes, and loyalty reward programs
- Personalizing your experience and delivering content relevant to your preferences
- Retargeting advertising through third-party ad platforms (where permitted)
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email we send you, or by contacting us directly at [email protected]. Opting out of marketing communications will not affect transactional communications related to your orders or account.
4.4 Legal Compliance and Security
- Complying with applicable federal, state, and local laws and regulations
- Responding to lawful requests from governmental authorities, courts, or law enforcement
- Detecting, preventing, and investigating fraud, security breaches, and other illegal activities
- Enforcing our Terms of Service and other applicable agreements
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
4.5 Business Operations
- Managing and improving our internal operations and business processes
- Conducting employee training related to customer service interactions
- Maintaining business records as required by applicable law
- Evaluating, negotiating, and executing potential business transactions such as mergers, acquisitions, or asset sales
5. Sharing Your Information with Third Parties
We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. However, we may share your information in the following limited circumstances:
5.1 Service Providers and Vendors
We engage trusted third-party companies and individuals to perform services on our behalf, including but not limited to:
- Payment processors (e.g., Stripe, Square, or similar platforms)
- Delivery and logistics providers
- Email marketing and communication platforms
- Website hosting and cloud infrastructure providers
- Analytics and data intelligence services (e.g., Google Analytics)
- Customer relationship management (CRM) platforms
- IT security and fraud prevention services
These service providers are contractually obligated to handle your personal information in accordance with our instructions, this Privacy Policy, and applicable law. They are not authorized to use your personal information for their own independent purposes.
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information if we are required to do so by law, court order, subpoena, or other governmental or legal process, or if we believe in good faith that such disclosure is necessary to:
- Comply with applicable federal, state, or local law
- Respond to lawful requests from public authorities, including national security or law enforcement agencies
- Protect and defend the legal rights or property of Cafe Rio
- Prevent or investigate possible wrongdoing in connection with our services
- Protect the personal safety of users of our services or the public
5.3 Business Transfers
In the event that Cafe Rio undergoes a merger, acquisition, reorganization, bankruptcy, sale of substantially all of its assets, or similar corporate transaction, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information by posting a notice on our website or sending you an email notification, and you will have the opportunity to exercise your rights as described in this policy.
5.4 Aggregated and De-Identified Data
We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other lawful business purposes. Such data is not considered personal information under applicable law.
5.5 With Your Consent
We may share your personal information with third parties in ways not described above when we have obtained your explicit prior consent to do so.
6. Data Security
We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, misuse, or destruction. Our security measures include, but are not limited to:
- Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our website.
- Access Controls: We restrict access to personal information to authorized personnel only, on a need-to-know basis, and all employees with access to personal data are required to maintain its confidentiality.
- Secure Payment Processing: We do not store full credit card numbers or sensitive payment credentials on our servers. All payment transactions are processed through PCI-DSS compliant third-party payment processors.
- Regular Security Audits: We conduct periodic reviews and assessments of our data security practices, systems, and infrastructure.
- Incident Response: We maintain a data breach response plan and will notify affected users and relevant authorities as required by applicable law in the event of a data breach.
- Physical Security: Our physical infrastructure and servers are protected by appropriate physical access controls.
Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your personal information. If you believe that your information has been compromised, please contact us immediately at [email protected].
7. Your Privacy Rights
Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.
7.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:
| Right | Description |
|---|---|
| Right to Know | You have the right to request that we disclose what personal information we have collected about you, the categories of sources from which it was collected, the purposes for collecting it, and the categories of third parties with whom it has been shared. |
| Right to Access | You have the right to request access to the specific pieces of personal information we have collected about you over the preceding 12 months. |
| Right to Deletion | You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law. |
| Right to Correction | You have the right to request that we correct inaccurate personal information that we maintain about you. |
| Right to Opt-Out of Sale or Sharing | You have the right to opt out of the sale or sharing of your personal information. We do not sell personal information, but if this practice changes, we will update this policy accordingly. |
| Right to Limit Sensitive Information Use | You have the right to limit our use and disclosure of sensitive personal information to purposes necessary for providing requested services. |
| Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA rights, including by denying services, charging different prices, or providing a different level of service. |
7.2 General Privacy Rights (All U.S. Residents)
Regardless of your state of residence, you have the following general rights:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct or update inaccurate or incomplete personal information.
- Right to Deletion: You may request that we delete your personal information, subject to applicable legal requirements and legitimate business needs.
- Right to Data Portability: Where technically feasible, you may request that we provide your personal information in a portable, machine-readable format.
- Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time.
7.3 How to Exercise Your Rights
To exercise any of the rights described above, you may:
- Send an email to: [email protected] with the subject line "Privacy Rights Request"
- Include in your request your full name, email address associated with your account, and a clear description of the right you wish to exercise
We will verify your identity before processing your request to protect the security of your information. We will respond to your request within 45 days of receipt, as required under the CCPA/CPRA. If we require additional time (up to 90 days total), we will notify you of the extension and the reason for it within the initial 45-day period.
You may designate an authorized agent to submit a privacy rights request on your behalf. Authorized agents must provide written proof of their authorization, and we may verify your identity directly before fulfilling the request.
8. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the basic functioning of our website, such as maintaining your shopping cart, enabling secure login, and processing orders. These cannot be disabled.
- Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
- Functional Cookies: These cookies remember your preferences and settings to personalize your experience on our website.
- Marketing and Advertising Cookies: These cookies track your browsing activity to help us deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
8.2 Managing Your Cookie Preferences
You may control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for certain types of cookies. Please note that disabling certain cookies may affect the functionality of our website and your user experience.
For more detailed information about how we use cookies, the specific cookies we deploy, and how to manage your preferences, please refer to our Cookie Policy, which is available on our website.
You may also opt out of interest-based advertising by visiting the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative's opt-out page.
9. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, enforce our agreements, and support our legitimate business operations. The specific retention periods we apply depend on the type of data and the purpose for which it is processed.
| Category of Data | Retention Period |
|---|---|
| Customer account information | Duration of account activity, plus 3 years after account closure |
| Order and transaction records | 7 years (for tax and accounting compliance) |
| Marketing preferences and consent records | Until you withdraw consent, plus 3 years |
| Website usage and analytics data | Up to 26 months (or as configured within analytics platforms) |
| Customer service communications | 3 years from the date of last communication |
| Payment information | As required by PCI-DSS standards and applicable law |
| Legal compliance records | As required by applicable federal and state law |
When personal information is no longer needed, we will securely delete or anonymize it in accordance with industry best practices. If deletion is not immediately possible (e.g., because data is stored in backup archives), we will isolate the data from further processing and delete it as soon as practicable.
10. Children's Privacy
We do not direct our services to minors, and our website is not designed to attract children under the age of 18. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13 without verifiable parental consent.
If you are a parent or legal guardian and you believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon receiving such a notification, we will take prompt steps to investigate the matter and, where appropriate, delete the child's personal information from our records.
If we discover that we have inadvertently collected personal information from a minor, we will take immediate steps to delete that information and, where required by law, notify the appropriate authorities.
11. International Data Transfers
Cafe Rio is based in and primarily operates within the United States. If you are accessing our website or services from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and its processing in accordance with this Privacy Policy and applicable U.S. law.
To the extent that we transfer personal information internationally (for example, through the use of cloud-based service providers with servers located in multiple countries), we take appropriate steps to ensure that such transfers are carried out in compliance with applicable law and that appropriate safeguards are in place to protect your personal information.
12. California Shine the Light Law
California Civil Code Section 1798.83, also known as the "Shine the Light" law, permits California residents to request and obtain from us, once per calendar year and free of charge, information about the personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year.
If you are a California resident and wish to make such a request, please submit your inquiry to us at [email protected] with the subject line "California Shine the Light Request." We will respond to your request within the timeframe required by applicable California law.
13. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals. We will continue to monitor developments in this area and update our practices as appropriate.
California residents who have provided personal information to us may request information about our disclosures of that information to third parties for direct marketing purposes. See Section 12 above.
14. Third-Party Links and Services
Our website may contain links to third-party websites, social media platforms, food delivery services, and other external services. We provide these links for your convenience only. We do not control these third-party websites and are not responsible for their content, privacy practices, or data collection activities.
When you click on a link to a third-party website, you leave our website and are subject to the privacy policy and terms of use of that third-party site. We strongly encourage you to review the privacy policies of any third-party websites you visit before providing them with any personal information.
Our inclusion of links to third-party websites does not imply any endorsement, approval, or recommendation of those websites or the products and services they offer.
15. Changes to This Privacy Policy
We reserve the right to update, revise, or modify this Privacy Policy at any time to reflect changes in our data practices, business operations, legal requirements, or for any other legitimate reason. When we make material changes to this policy, we will:
- Post the updated policy on this page with a revised "Last Updated" date
- Notify you by email (where we hold your email address and where required by law)
- Display a prominent notice on our website homepage for a reasonable period following the update
Your continued use of our website and services following the posting of changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree to the updated policy, please discontinue your use of our services and, if applicable, close your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information.
16. Filing a Complaint
If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we can investigate the matter and attempt to resolve it promptly.
To file a complaint with us, please contact:
- Email: [email protected]
We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we are unable to resolve the complaint to your satisfaction, we will provide you with information about further recourse options.
16.1 Filing a Complaint with a Regulatory Authority
If you are a California resident and believe that we have violated the CCPA/CPRA, you have the right to file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:
- California Privacy Protection Agency: cppa.ca.gov
- California Attorney General: oag.ca.gov/privacy/ccpa
If you believe that we have violated the FTC Act or engaged in unfair or deceptive acts or practices, you may file a complaint with the Federal Trade Commission (FTC):
- FTC Complaint Center: ftc.gov/complaint
- FTC Phone: 1-877-FTC-HELP (1-877-382-4357)
Residents of other states may also have the right to file complaints with their respective state attorneys general or consumer protection agencies. We recommend consulting your state's consumer protection website for more information on how to file a complaint in your jurisdiction.
17. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please do not hesitate to contact us. We are committed to addressing your privacy inquiries promptly and transparently.
Privacy Contact
| Company Name | Cafe Rio |
|---|---|
| Privacy Inquiries Email | [email protected] |
| Website | riosscafe.top |
| Operating Jurisdiction | United States |
When contacting us regarding your privacy rights or any data-related inquiry, please include sufficient information to allow us to identify your account (if applicable) and process your request efficiently. We will respond to all legitimate privacy inquiries as promptly as possible and in accordance with the timeframes required by applicable law.