Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: January 15, 2026

1. Introduction

Welcome to Cafe Rio! We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect information about you when you visit our restaurant, use our website at cafesrios.click, mobile applications, or engage with our services.

This policy applies to all interactions you have with Cafe Rio, whether you're dining in our restaurant, ordering online, participating in our loyalty program, or contacting our customer service team. By using our services, you agree to the terms outlined in this Privacy Policy.

Our Privacy Commitment

We never sell your personal data to third parties. Your information is used solely to provide you with exceptional dining experiences and to improve our services.

2. Information We Collect

2.1 Information You Provide to Us

  • Personal Identification Information: Name, email address, phone number, mailing address, date of birth
  • Account Information: Username, password, order history, dietary preferences, favorite items
  • Payment Information: Credit card details, billing address (securely encrypted and stored)
  • Order and Dining Information: Food preferences, allergen information, special dietary requirements (vegan, halal, kosher, gluten-free)
  • Reservation Information: Table booking details, party size, special occasion notes
  • Catering Information: Event details, guest count, menu preferences, delivery addresses
  • Loyalty Program Data: Points balance, rewards history, membership tier, participation preferences
  • Communication Data: Contact form submissions, customer service interactions, reviews, feedback
  • Marketing Preferences: Newsletter subscriptions, promotional communications consent

2.2 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, clicks, search terms, referral sources
  • Cookie Data: Session identifiers, user preferences, analytics data, advertising identifiers
  • Location Information: Approximate location from IP address, GPS coordinates (with permission)
  • App Usage: Mobile app interactions, push notification preferences, in-app purchases

2.3 Information from Third Parties

  • Social Media: Profile information when you connect social media accounts
  • Payment Processors: Transaction confirmation and payment verification data
  • Delivery Partners: Delivery status updates and customer satisfaction ratings
  • Marketing Partners: Advertising campaign performance and demographic insights
  • Review Platforms: Customer reviews and ratings from third-party sites

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Managing orders, payment processing, delivery coordination
  • Account Management: User authentication, profile maintenance, preference storage
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Menu optimization, service enhancement, operational efficiency
  • Reservation Management: Table bookings, wait list management, special event coordination

3.2 Communication

  • Order Updates: Confirmation emails, preparation status, delivery notifications
  • Customer Service: Support responses, issue resolution updates
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional emails, special offers, loyalty program updates (with your consent)

3.3 Marketing and Analytics

  • Personalized Advertising: Targeted promotions based on dining preferences and history
  • Traffic Analysis: Website and app usage patterns, popular menu items, peak dining times
  • Campaign Effectiveness: Measuring marketing success, ROI analysis
  • Market Research: New product development, menu expansion, customer satisfaction studies

3.4 Legal Compliance

  • Legal Requests: Responding to court orders, subpoenas, regulatory inquiries
  • Fraud Prevention: Detecting and preventing fraudulent transactions and activities
  • Safety Protection: Protecting rights, property, and safety of customers and employees
  • Dispute Resolution: Resolving legal disputes, claims, and complaints

4. Information Sharing and Disclosure

4.1 Service Providers

  • Payment Processors: Secure transaction processing (Stripe, PayPal, Square)
  • Delivery Services: Order fulfillment and delivery tracking (DoorDash, Uber Eats)
  • Cloud Storage Providers: Secure data storage and backup services (AWS, Google Cloud)
  • Email Services: Marketing campaigns and customer communications (Mailchimp, SendGrid)
  • Analytics Tools: Usage analysis and performance monitoring (Google Analytics, Hotjar)
  • Customer Support: Help desk software and communication tools

4.2 Legal Requirements

  • Court orders and legal subpoenas
  • Regulatory compliance requirements
  • Protection of our rights, property, and legal interests
  • Public safety and emergency situations
  • Investigation of suspected illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information is transferred and ensure the new owner complies with this Privacy Policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as promotional partnerships or special events.

5. Data Security

5.1 Technical Measures

  • Encryption: All data transmission uses SSL/TLS encryption protocols
  • Firewall Protection: Advanced firewall systems protect against unauthorized access
  • Access Control: Strict access controls ensuring only authorized personnel can access data
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Data Backups: Regular secure backups to prevent data loss
  • Vulnerability Testing: Regular security assessments and penetration testing

5.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff
  • Data Handling Procedures: Standardized procedures for personal data processing
  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements
  • Incident Response: Comprehensive security incident response plan
  • Security Audits: Regular third-party security audits and assessments

5.3 Your Security Responsibilities

  • Use strong, unique passwords for your account
  • Never share your login credentials with others
  • Log out of your account when using public computers
  • Be cautious of suspicious emails or phishing attempts
  • Report any unauthorized account access immediately

Security Breach Notification

In the unlikely event of a data breach affecting your personal information, we will promptly notify you and relevant authorities within 72 hours of discovery, as required by law.

6. Cookies and Tracking Technologies

Cookie Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart Session only
Functional Cookies User preferences, language settings, accessibility options Up to 1 year
Analytics Cookies Usage analysis, performance monitoring, site improvement Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking, remarketing Up to 1 year

Tracking Technologies Used

  • Google Analytics: Website traffic analysis and user behavior tracking
  • Facebook Pixel: Social media advertising measurement and optimization
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for preferences and settings
  • Session Storage: Temporary data storage for single browsing sessions

Cookie Management

You can manage your cookie preferences through your browser settings. Most browsers allow you to:

  • View and delete existing cookies
  • Block cookies from specific sites
  • Block all cookies (may affect site functionality)
  • Receive notifications when cookies are set

Please note that disabling certain cookies may affect the functionality of our website and services.

7. Your Rights (GDPR/CCPA Compliance)

7.1 Right of Access

You have the right to request access to your personal data and receive information about how we process it.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to certain legal exceptions.

7.4 Right to Restrict Processing

You can request limitation of how we use your personal data in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a machine-readable format and transfer it to another service provider.

7.6 Right to Object

You can object to processing of your personal data, especially for marketing purposes.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing.

How to Exercise Your Rights

To exercise any of these rights, contact us using the information provided in Section 13. We will respond to your request within 30 days and may require verification of your identity.

8. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 16, we will take steps to promptly delete such information from our systems.

Parents and guardians are encouraged to monitor their children's internet usage and help enforce this Privacy Policy by instructing their children never to provide personal information through our services without permission.

9. International Data Transfers

9.1 Protection Measures

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses (SCC): EU-approved contracts for international transfers
  • Data Processing Agreements: Binding agreements with all data processors
  • Security Measures: Appropriate technical and organizational safeguards
  • Compliance Audits: Regular assessments of transfer mechanisms

9.2 Transfer Destinations

  • United States: Cloud storage and data processing services
  • European Union: Analytics and marketing services
  • Other Countries: As needed for service provision, with appropriate protections

10. Data Retention Periods

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Order History 7 years Tax and accounting requirements
Marketing Consent 3 years after withdrawal Consent record keeping
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement
Payment Information As required by payment processors Fraud prevention, chargebacks

Safe Data Disposal

  • Electronic Deletion: Complete and unrecoverable deletion of digital records
  • Physical Records: Secure shredding of paper documents
  • Backup Systems: Removal from all backup and archival systems
  • Disposal Records: Maintenance of disposal logs for compliance

11. Third-Party Links

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any external sites before providing personal information.

These third-party sites may have different privacy policies and practices than ours. Your interactions with such sites are governed by their respective privacy policies, not this one.

When you click on third-party links, you are leaving our website and entering sites that are beyond our control. We cannot guarantee the security or privacy of information you provide to third parties.

12. Policy Changes

12.1 Change Notification Methods

  • Website Notice: Prominent notification on our homepage
  • Email Notification: Direct communication to registered users
  • App Notifications: Push notifications for mobile app users
  • Account Dashboard: Notice in user account area

12.2 Staying Informed

  • Check our website regularly for policy updates
  • Review the "Last Updated" date at the top of this policy
  • Continued use of our services constitutes acceptance of changes
  • Contact us if you disagree with changes - you may discontinue use

For significant changes that may affect your rights, we will obtain your explicit consent where required by law.

13. Contact Information

Data Protection Officer

Company: Cafe Rio

Address: 300 Goose Cove Rd, Deer Isle, ME 04627, USA

Phone: +1 207-348-6900

Email: [email protected]

Business Hours: Monday - Friday, 9:00 AM - 6:00 PM EST

Response Time: Within 3 business days

13.1 Filing Complaints

We encourage you to contact us first if you have concerns about our privacy practices. If you are not satisfied with our response, you may contact your local data protection authority:

  • EU Residents: Your local Data Protection Authority
  • US Residents: Federal Trade Commission (FTC)
  • Other Jurisdictions: Your local privacy regulator

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

  • Email Unsubscribe: Click unsubscribe link in any marketing email
  • Account Settings: Update preferences in your online account
  • Customer Support: Contact our support team for assistance
  • Phone: Call +1 207-348-6900 to opt out

14.2 Account Deletion Process

  1. Log into your account and go to Settings
  2. Select "Delete Account" option
  3. Confirm your identity for security
  4. Review what data will be deleted vs. retained for legal compliance
  5. Confirm deletion - this action cannot be undone

Note: Some information may be retained as required by law for tax, legal, and regulatory compliance.

15. Conclusion

At Cafe Rio, we are committed to protecting your privacy and maintaining the trust you place in us. We strive to be transparent about our data practices and to provide you with meaningful choices about your personal information.

Your privacy is fundamental to our relationship with you. We will continue to review and improve our privacy practices to ensure we meet the highest standards of data protection.

If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us. We value your feedback and are here to help address any concerns you may have.

Thank you for trusting Cafe Rio with your personal information and for being part of our community. We look forward to continuing to serve you with delicious food and exceptional service while keeping your privacy protected.

This Privacy Policy was last updated on January 15, 2026. Please check back regularly for updates.