Privacy Policy

Your privacy is important to us. Learn how we protect and handle your personal information.

Last Updated: December 17, 2024

1. Introduction

Welcome to Cafe Rio. At Cafe Rio, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect information when you visit our restaurant, use our website at cafesrios.rest, place orders, or interact with our services.

This policy applies to all visitors, customers, and users of our services, whether you're dining in, ordering online, using our mobile app, or engaging with our catering services. By using our services, you agree to the collection and use of information in accordance with this policy.

Our Privacy Commitment

We never sell your personal data to third parties. Your information is used solely to provide you with exceptional dining experiences and customer service.

We understand that trust is earned, and we work diligently to maintain the highest standards of data protection. If you have any questions or concerns about our privacy practices, please don't hesitate to contact us using the information provided at the end of this policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Personal Identification: Name, email address, phone number, delivery address, billing address
  • Account Information: Username, password (encrypted), order history, favorite items
  • Payment Information: Credit/debit card details (processed securely through encrypted payment processors)
  • Dietary Preferences: Food allergies, special dietary requirements (vegan, vegetarian, gluten-free, halal, kosher)
  • Order Details: Food preferences, special instructions, delivery preferences
  • Communication: Contact form submissions, reviews, feedback, customer support inquiries
  • Reservation Information: Table booking details, party size, special occasions
  • Catering Details: Event information, guest count, menu preferences, venue details
  • Marketing Preferences: Communication preferences, newsletter subscriptions
  • Loyalty Program Data: Rewards points, redemption history, membership status

2.2 Automatically Collected Information

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, search queries
  • Location Data: Approximate location based on IP address for delivery services
  • Cookie Data: Session IDs, user preferences, shopping cart contents, login status
  • Technical Data: Browser settings, screen resolution, referral sources, exit pages
  • Performance Data: Page load times, error reports, crash data for app improvement

2.3 Information from Third Parties

  • Social Media: Profile information if you connect social media accounts
  • Payment Processors: Transaction confirmations and payment status
  • Delivery Partners: Delivery status updates and location tracking
  • Marketing Partners: Campaign performance data and demographic insights
  • Review Platforms: Public reviews and ratings you post about our services

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Prepare, confirm, and fulfill your food orders accurately
  • Delivery Services: Coordinate delivery to your specified address with timing updates
  • Account Management: Maintain your customer account and preferences
  • Customer Support: Respond to inquiries, resolve issues, and provide assistance
  • Quality Improvement: Analyze feedback to improve our food, service, and operations
  • Personalization: Customize your dining experience based on preferences and history
  • Table Reservations: Manage booking requests and restaurant capacity
  • Catering Coordination: Plan and execute catering events to your specifications

3.2 Communication

  • Order Confirmations: Send receipt and order status notifications
  • Delivery Updates: Provide real-time delivery tracking and estimated arrival times
  • Customer Support: Respond to questions, concerns, and feedback
  • Important Notices: Inform about policy changes, service updates, or safety alerts
  • Marketing Communications: Send promotional offers and newsletters (with explicit consent only)
  • Loyalty Program: Notify about rewards, points balance, and exclusive offers

3.3 Marketing and Analytics

  • Personalized Advertising: Show relevant promotions based on your preferences
  • Traffic Analysis: Study website usage patterns to improve user experience
  • Campaign Effectiveness: Measure marketing performance and ROI
  • Market Research: Develop new menu items and services based on customer preferences
  • Trend Analysis: Identify popular items and seasonal preferences
  • Customer Segmentation: Group customers for targeted promotions and offers

3.4 Legal Compliance

  • Legal Requests: Respond to court orders, subpoenas, and law enforcement requests
  • Fraud Prevention: Detect and prevent fraudulent transactions and activities
  • Safety Protection: Protect the safety of customers, staff, and property
  • Dispute Resolution: Handle complaints, disputes, and legal proceedings
  • Regulatory Compliance: Meet food safety, tax, and business licensing requirements

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Stripe, PayPal, and other secure payment platforms for transaction processing
  • Delivery Partners: DoorDash, Uber Eats, and other delivery services for order fulfillment
  • Cloud Storage Providers: AWS, Google Cloud for secure data storage and backup
  • Email Services: Mailchimp, SendGrid for marketing communications and notifications
  • Analytics Tools: Google Analytics, Facebook Pixel for website performance analysis
  • Customer Support: Zendesk, Freshdesk for managing customer inquiries
  • POS Systems: Point-of-sale software providers for in-restaurant operations

4.2 Legal Requirements

We may disclose your information when required by law or to protect our legitimate interests:

  • Court Orders: Compliance with subpoenas, warrants, and legal proceedings
  • Law Enforcement: Cooperation with police investigations and regulatory inquiries
  • Public Safety: Prevention of harm to individuals or public health emergencies
  • Fraud Prevention: Reporting suspicious activities to relevant authorities
  • Intellectual Property: Protection of trademarks, copyrights, and trade secrets

4.3 Business Transfers

Merger or Acquisition Notice

In the event of a merger, acquisition, or sale of assets, customer information may be transferred to the new owner. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as:

  • Featuring customer testimonials or reviews (with permission)
  • Participating in joint promotions with partner brands
  • Sharing aggregated data for industry research (anonymized)

5. Data Security

5.1 Technical Measures

  • Encryption: SSL/TLS encryption for all data transmission between your device and our servers
  • Secure Storage: AES-256 encryption for data at rest in our databases
  • Firewall Protection: Advanced firewall systems to prevent unauthorized access
  • Access Controls: Multi-factor authentication and role-based access for employees
  • Regular Monitoring: 24/7 security monitoring and intrusion detection systems
  • Data Backups: Regular encrypted backups stored in geographically separate locations
  • Vulnerability Testing: Regular security assessments and penetration testing

5.2 Organizational Measures

  • Employee Training: Regular privacy and security training for all staff members
  • Data Handling Procedures: Strict protocols for accessing and processing customer data
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response: Comprehensive security incident response and breach notification plan
  • Regular Audits: Internal and external security audits to ensure compliance
  • Data Minimization: Collecting only necessary information and deleting data when no longer needed

5.3 Your Security Responsibilities

Protect Your Account

  • Use strong, unique passwords for your account
  • Never share your login credentials with others
  • Log out completely when using public computers
  • Be cautious of phishing emails requesting personal information
  • Report any suspicious account activity immediately
  • Keep your contact information updated for security alerts

Security Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable privacy laws.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience on our website and mobile app. Below is a detailed breakdown of the types of cookies and tracking technologies we employ:

Cookie Type Purpose Duration Examples
Essential Cookies Basic site functionality, login state, shopping cart Session Authentication tokens, cart contents
Functional Cookies User preferences, language settings, remember me features Up to 1 year Language selection, location preferences
Analytics Cookies Usage analysis, performance monitoring, site improvement Up to 2 years Google Analytics, page views, bounce rate
Marketing Cookies Personalized advertising, campaign tracking Up to 1 year Facebook Pixel, advertising IDs

Other Tracking Technologies

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Web Beacons: Email open rates and click-through tracking
  • Local Storage: Browser data storage for improved performance
  • Session Replay: User interaction recording for UX improvement (anonymized)

Cookie Management

You can control cookies through your browser settings. Most browsers allow you to accept, reject, or delete cookies. However, please note that disabling certain cookies may affect website functionality, such as the ability to maintain your shopping cart or stay logged in.

7. Your Rights (GDPR/CCPA Compliance)

Depending on your location, you may have specific rights regarding your personal information. We respect and facilitate the exercise of these rights:

7.1 Right of Access

You have the right to request access to your personal data and receive information about how we process it. This includes:

  • Confirmation that we process your personal data
  • Access to your personal data
  • Information about the purposes of processing
  • Categories of personal data concerned
  • Recipients or categories of recipients
  • Retention period or criteria for determining the period

7.2 Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data. You can also update most information through your account settings.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

7.4 Right to Restrict Processing

You can request limitation of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format and transmit it to another service provider.

7.6 Right to Object

You can object to processing based on legitimate interests, direct marketing, or scientific/historical research and statistics.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within 30 days. You may also designate an authorized agent to make requests on your behalf.

8. Children's Privacy

Protecting children's privacy is particularly important to us. Our services are designed for general audiences and are not intended for children under the age of 16.

  • No Intentional Collection: We do not knowingly collect personal information from children under 16 years of age
  • Age Verification: Our registration process includes age verification to prevent underage account creation
  • Parental Notification: If we become aware that we have collected personal information from a child under 16, we will take steps to remove that information and notify parents
  • Prompt Deletion: Any information inadvertently collected from children will be deleted immediately upon discovery
  • Family Orders: Parents or guardians may place orders that include children's meal preferences, but the account holder must be an adult

Parent or Guardian Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will work with you to address the situation promptly.

9. International Data Transfers

9.1 Protection Measures

When transferring personal data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: We rely on adequacy decisions by the European Commission for countries deemed to provide adequate protection
  • Standard Contractual Clauses: Use of EU-approved Standard Contractual Clauses (SCCs) for data transfers
  • Data Processing Agreements: Comprehensive agreements with all international service providers
  • Security Measures: Implementation of appropriate technical and organizational measures
  • Regular Audits: Periodic compliance assessments of international transfer mechanisms

9.2 Transfer Destinations

Your data may be transferred to and processed in the following locations:

  • United States: Cloud storage and payment processing (with appropriate safeguards)
  • European Union: Data analytics and customer support services
  • Canada: Backup storage and disaster recovery services
  • Other Countries: As needed for business operations, always with adequate protection measures

10. Data Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this policy and as required by law:

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Order History 7 years Tax and accounting requirements, food safety traceability
Payment Information 3 months after transaction Fraud prevention, refund processing
Marketing Consent 3 months after withdrawal Consent record keeping, compliance
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement, training
Dietary Preferences Until account deletion Food safety, personalized service
Loyalty Program Data 5 years after last activity Program administration, tax reporting

Safe Data Disposal

When data reaches the end of its retention period, we ensure secure disposal:

  • Electronic Data: Complete deletion using secure wiping techniques to ensure data is unrecoverable
  • Physical Records: Secure shredding of paper documents
  • Backup Systems: Removal from all backup and archive systems
  • Disposal Records: Maintenance of disposal logs for audit purposes

11. Third-Party Links

Our website and communications may contain links to third-party websites, social media platforms, and services that are not operated by us. This privacy policy applies only to Cafe Rio services.

Important Notice

We are not responsible for the privacy practices or content of third-party websites. These external sites have their own privacy policies and terms of service.

Your Responsibility

  • Review Policies: Always review the privacy policy of third-party sites before providing personal information
  • Understand Practices: Each site may have different data collection and use practices
  • Exercise Caution: Be mindful when sharing personal information on external platforms
  • Check Security: Ensure third-party sites use secure connections (https) for sensitive information
  • Control Settings: Manage your privacy settings on social media and other external platforms

Common third-party links you may encounter include delivery platforms (DoorDash, Uber Eats), review sites (Yelp, Google Reviews), social media platforms (Facebook, Instagram, Twitter), and payment processors (PayPal, Stripe).

12. Policy Changes

12.1 Change Notification

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make changes, we will notify you through:

  • Website Notice: Prominent notice on our homepage and privacy policy page
  • Email Notification: Direct email to registered users for significant changes
  • Account Notification: In-app or account dashboard notifications
  • Social Media: Announcements on our official social media channels
  • Explicit Consent: Request for consent when required by law for material changes

12.2 Checking for Changes

Stay Informed

  • The latest version of this policy is always available on our website
  • Check the 'Last Updated' date at the top of this page
  • Continued use of our services after changes constitutes acceptance
  • If you disagree with changes, you have the option to stop using our services
  • We recommend reviewing this policy periodically

For significant changes that materially affect your rights or how we use your personal information, we will provide at least 30 days' advance notice and may require explicit consent before the changes take effect.

13. Contact Information

We value your privacy concerns and are committed to addressing any questions or issues you may have about our privacy practices.

Address

Cafe Rio
2944 E 12th St Unit A
Austin, TX 78702, USA

Phone

+57 197 633 3391

Business Hours:
Monday - Friday: 9:00 AM - 6:00 PM

Email

General Inquiries:
[email protected]

Privacy Concerns:
[email protected]

Response Commitment

We are committed to responding to all privacy-related inquiries within 3 business days. For urgent matters, please call us directly during business hours.

13.1 Complaints and Concerns

If you have concerns about our privacy practices:

  • Contact Us First: We encourage you to contact us directly so we can address your concerns
  • Provide Details: Include specific information about your concern to help us respond effectively
  • Supervisory Authority: If you're not satisfied with our response, you may contact your local data protection authority
  • State Privacy Regulators: US residents may contact their state's privacy regulator for additional assistance

14. Withdrawal of Consent

You have the right to withdraw your consent for data processing at any time. Here's how you can manage your consent preferences:

14.1 Marketing Consent Withdrawal

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Update your communication preferences in your account dashboard
  • Customer Support: Contact us directly to remove you from marketing lists
  • Text Messages: Reply "STOP" to opt out of SMS marketing
  • Phone Calls: Request to be added to our do-not-call list

14.2 Account Deletion Process

To permanently delete your account and associated data:

  • Step 1: Log into your account and navigate to account settings
  • Step 2: Select "Delete Account" and confirm your identity
  • Step 3: Review what data will be deleted and what will be retained
  • Step 4: Confirm deletion - this action cannot be undone
  • Step 5: Receive confirmation email of account deletion

Data Retention After Deletion

Some information may be retained for legal compliance, including order history for tax purposes (7 years) and fraud prevention records. All personal identifiers will be removed or anonymized.

15. Conclusion

At Cafe Rio, protecting your privacy is not just a legal obligation—it's a fundamental part of our commitment to providing exceptional customer service. We understand that trust is earned through consistent, transparent, and responsible handling of your personal information.

Our Privacy Promise

We pledge to continue investing in privacy protection technologies, training our staff on best practices, and maintaining the highest standards of data security. Your trust in us drives our commitment to privacy excellence.

The relationship between Cafe Rio and our customers is built on trust, quality food, and exceptional service. Protecting your personal information is an integral part of that relationship. We believe that privacy protection enhances rather than hinders our ability to serve you better.

As technology evolves and privacy regulations develop, we will continue to adapt our practices while maintaining our core commitment to your privacy rights. We encourage you to stay informed about your privacy rights and to reach out to us with any questions or concerns.

Thank you for choosing Cafe Rio. We look forward to continuing to serve you while protecting your privacy every step of the way.

Questions or Concerns?

If you have any questions about this privacy policy or our privacy practices, please don't hesitate to contact us. We're here to help and ensure your privacy concerns are addressed promptly and thoroughly.

Last Updated: December 17, 2024

Please bookmark this page and check back regularly for the most current version of our privacy policy.