Privacy Policy
This Privacy Policy describes how Cafe Rio ("we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website at caferio-newhot.click, place orders, participate in loyalty programs, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and care. Please read this policy carefully to understand our practices regarding your personal information and how we will treat it.
By accessing or using our website, placing an order, signing up for our newsletter, or otherwise engaging with Cafe Rio, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this policy, please do not use our services.
1. Who We Are
Cafe Rio is a food service business operating in the United States. We are committed to complying with all applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act governing consumer protection and unfair or deceptive practices.
| Company Name | Cafe Rio |
|---|---|
| Website | caferio-newhot.click |
| [email protected] |
2. Information We Collect
We collect various types of information in connection with your interactions with our website and services. The categories of personal information we collect include, but are not limited to, the following:
2.1 Personal Identification Information
When you create an account, place an order, subscribe to our newsletter, participate in a promotion, or contact us for support, we may collect personal identification information such as:
- Full name
- Email address
- Phone number
- Mailing or delivery address
- Date of birth (for age verification and promotional purposes)
- Username and password (for account holders)
- Billing information, including credit or debit card details (processed securely through third-party payment processors)
2.2 Order and Transaction Information
When you place an order or make a purchase through our platform, we collect information related to the transaction, including:
- Items ordered and order history
- Order preferences, customizations, and dietary preferences
- Payment method type (we do not store full card numbers)
- Transaction date, time, and amount
- Delivery address and instructions
- Loyalty program activity and points balance
2.3 Usage Data and Device Information
We automatically collect certain information when you visit our website or use our digital services. This may include:
- IP address and approximate geographic location
- Browser type and version
- Operating system and device type
- Pages visited on our website and the order in which they were visited
- Time spent on each page
- Referring URLs (the website or link that brought you to our site)
- Clickstream data and search queries on our site
- Date and time of your visit
- Error logs and crash reports
2.4 Cookies and Tracking Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences. Cookies are small data files stored on your device that help us improve your experience on our website. For detailed information about our use of cookies and how to manage your preferences, please refer to our Cookie Policy available on our website.
Types of cookies we use include:
- Essential Cookies: Necessary for the basic functioning of our website, such as maintaining your session and remembering items in your cart.
- Performance and Analytics Cookies: Help us understand how visitors interact with our website, enabling us to improve functionality and content.
- Functionality Cookies: Remember your preferences and settings, such as language selection and saved addresses.
- Marketing and Advertising Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
2.5 Communications Data
If you contact us via email, phone, live chat, or through our contact forms, we may collect and store the content of those communications, including your name, contact details, and the nature of your inquiry. We may also record phone calls for quality assurance and training purposes, with prior notice where required by law.
2.6 Information from Third Parties
We may receive personal information about you from third-party sources, including:
- Social media platforms, if you connect your account or interact with us through social media
- Third-party delivery partners and food ordering platforms
- Marketing and analytics partners
- Publicly available databases
3. How We Use Your Information
We use the personal information we collect for a variety of purposes, all in connection with operating our food service business and improving your experience. Specifically, we use your information for:
3.1 Service Provision and Order Fulfillment
- Processing and fulfilling your food orders, including delivery and pickup arrangements
- Managing your account and providing customer support
- Sending order confirmations, receipts, and delivery notifications
- Processing payments and refunds securely
- Administering loyalty programs and promotional rewards
3.2 Website and Service Improvement
- Analyzing usage patterns and trends to improve our website functionality and user experience
- Diagnosing technical issues and maintaining website security
- Conducting research and development to enhance our menu offerings and services
- A/B testing and user experience optimization
3.3 Marketing and Communications
- Sending you promotional offers, newsletters, and updates about new menu items or special deals, where you have opted in to receive such communications
- Personalizing marketing messages based on your order history and preferences
- Retargeting you with relevant advertisements on third-party platforms
- Inviting you to participate in surveys, contests, or promotional events
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, by updating your communication preferences in your account settings, or by contacting us directly at [email protected].
3.4 Legal Compliance and Safety
- Complying with applicable federal and state laws and regulations, including tax and food safety reporting requirements
- Responding to lawful requests from government authorities and law enforcement agencies
- Enforcing our Terms of Service and other legal agreements
- Protecting the rights, property, and safety of Cafe Rio, our customers, and the public
- Detecting and preventing fraud, unauthorized access, and other harmful activities
4. Legal Basis for Processing
As a business operating in the United States, we rely on the following legal grounds for processing your personal information:
- Contractual Necessity: Processing is necessary to fulfill your orders, manage your account, and perform services you have requested.
- Legitimate Interests: We process certain data to pursue our legitimate business interests, such as improving our services, preventing fraud, and conducting marketing activities, provided these interests do not override your fundamental rights.
- Legal Obligation: Processing is necessary to comply with applicable laws and regulations.
- Consent: Where required by law, we will obtain your explicit consent before processing your data, such as for direct marketing communications or the use of non-essential cookies.
5. Sharing Your Information with Third Parties
We do not sell your personal information to third parties for monetary consideration. However, we may share your information with trusted third parties under the following circumstances:
5.1 Service Providers and Business Partners
We work with carefully selected third-party service providers who assist us in operating our business and delivering services to you. These include:
- Payment Processors: To securely handle credit card transactions and payment processing
- Delivery Partners: To fulfill food delivery orders to your specified address
- Email and Marketing Platforms: To manage and send marketing communications and newsletters
- Analytics Providers: Such as Google Analytics, to help us understand website traffic and usage patterns
- Cloud Storage and IT Infrastructure Providers: To store and manage data securely
- Customer Support Tools: To facilitate efficient handling of customer inquiries
All service providers are contractually required to use your personal information only for the purposes of providing services to us and to maintain appropriate security standards. They are prohibited from using your data for their own independent purposes.
5.2 Legal and Regulatory Disclosures
We may disclose your personal information if required to do so by law or in response to valid legal processes, including:
- Subpoenas, court orders, or other legal mandates
- Requests from law enforcement or government agencies
- Compliance with applicable federal or state regulatory requirements
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to a successor entity as part of the transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.
5.4 Aggregated and De-identified Data
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other business purposes.
6. Data Security
We take the security of your personal information seriously and implement a range of technical and organizational measures to protect it from unauthorized access, loss, misuse, alteration, or destruction. Our security practices include:
- Encryption: We use industry-standard SSL/TLS encryption to protect data transmitted between your browser and our servers.
- Secure Payment Processing: All payment transactions are processed through PCI-DSS compliant payment processors. We do not store your full payment card details on our servers.
- Access Controls: Access to personal data is restricted to authorized personnel who have a legitimate business need to access it, and they are bound by confidentiality obligations.
- Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security weaknesses.
- Incident Response: We have a data breach response plan in place and will notify affected users and relevant authorities in accordance with applicable laws in the event of a security incident.
- Data Minimization: We only collect and retain personal information that is necessary for the purposes outlined in this policy.
7. Your Privacy Rights
Depending on your state of residence, you may have various rights with respect to your personal information. We respect and honor these rights as required by applicable law.
7.1 Rights Under California Law (CCPA/CPRA)
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
- Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions provided by law.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. You may exercise this right by contacting us at [email protected].
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to perform the services you request.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not be denied goods or services, charged different prices, or provided a different quality of service as a result of exercising your privacy rights.
7.2 General Privacy Rights for All Users
Regardless of your state of residence, we provide the following rights to all our users as a matter of good privacy practice:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct any inaccurate or incomplete personal information we hold about you.
- Right to Deletion: You may request that we delete your personal information, subject to certain legal retention requirements.
- Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: Where we rely on your consent to process your personal information, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
- Right to Object to Marketing: You may object to the processing of your personal information for direct marketing purposes at any time.
7.3 How to Exercise Your Rights
To exercise any of the rights described above, please submit a verifiable request to us through one of the following methods:
- Email: [email protected] with the subject line "Privacy Rights Request"
- Website: caferio-newhot.click (through our contact form)
To protect your privacy and security, we will verify your identity before processing your request. Verification may involve confirming information associated with your account. We will respond to verifiable requests within 45 days of receipt. If we require additional time, we will notify you within the initial 45-day period and may extend our response by an additional 45 days for a total of 90 days, as permitted under applicable law. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.
You may designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require proof of the agent's written authorization to act on your behalf.
8. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements. When you first visit our website, you will be presented with a cookie consent banner where you can manage your cookie preferences.
You can also control cookies through your browser settings. Most web browsers allow you to refuse cookies or to delete cookies that have already been set. However, if you choose to block or delete essential cookies, some features of our website may not function properly.
For comprehensive information about the types of cookies we use, the specific third-party cookies present on our website, and detailed instructions on how to manage your preferences, please refer to our full Cookie Policy available on our website at caferio-newhot.click.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, enforce our agreements, and support our business operations. Our general data retention periods are as follows:
| Category of Data | Retention Period |
|---|---|
| Account information | For the duration of your account, plus 3 years after account closure |
| Order and transaction records | 7 years (for tax and legal compliance purposes) |
| Marketing communications preferences | Until you opt out or withdraw consent, plus 2 years |
| Customer support communications | 3 years from the date of the last interaction |
| Website usage and analytics data | 26 months (standard analytics retention period) |
| Cookie data | As specified in our Cookie Policy (typically 1–2 years) |
| Legal compliance records | As required by applicable law (typically 5–7 years) |
When personal information is no longer needed for any of these purposes and no legal obligation requires its continued retention, we will securely delete or anonymize it in accordance with our data disposal procedures.
10. Children's Privacy
We do not knowingly solicit or collect personal information from individuals under the age of 18. If you are under 18, please do not use our website or provide any personal information to us. If we learn that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete that information from our records.
If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will investigate and take appropriate action, including deleting the relevant information from our systems.
Our practices with respect to children's privacy comply with the Children's Online Privacy Protection Act (COPPA) and other applicable federal and state laws governing the online collection of personal information from minors.
11. International Data Transfers
Cafe Rio is based in the United States, and your personal information is primarily collected, stored, and processed within the United States. However, in some cases, your data may be transferred to, processed, or stored in other countries where our service providers or business partners operate.
When we transfer your personal information outside the United States, we take steps to ensure that your data receives an adequate level of protection, consistent with applicable U.S. privacy laws. This may include:
- Entering into data processing agreements with our service providers that include appropriate data protection safeguards
- Ensuring that service providers located outside the U.S. implement security measures equivalent to those we maintain
- Using standard contractual clauses or other legally approved transfer mechanisms where applicable
By using our services, you acknowledge and consent to the transfer of your personal information to countries outside your country of residence, including the United States, which may have different data protection laws than your home country.
12. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, or services that are not operated by Cafe Rio. These may include social media platforms, delivery partner apps, payment gateways, or other external websites. We are not responsible for the privacy practices or content of these third-party sites.
When you click on a link to a third-party website, you leave our website and are subject to the privacy policy and terms of service of that third-party site. We strongly encourage you to review the privacy policies of any third-party websites you visit before providing them with any personal information.
13. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites. At this time, there is no universally accepted standard for how websites should respond to DNT signals, and we do not currently alter our data collection and use practices in response to DNT signals. However, you can manage your tracking preferences through our cookie consent tool and your browser settings.
California residents may also exercise their right to opt out of the "sharing" of personal information for cross-context behavioral advertising purposes under the CPRA, which functions similarly to a Do Not Track request. Please contact us at [email protected] to exercise this right.
14. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes to this policy, we will notify you by:
- Posting the updated policy on our website at caferio-newhot.click with a revised "Last Updated" date
- Sending an email notification to registered account holders where we have your email address
- Displaying a prominent notice on our website
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Your continued use of our website and services after any changes to this policy become effective constitutes your acceptance of the updated terms.
If we make changes that materially affect your rights or the way we use your personal information, we will seek your consent where required by applicable law.
15. How to File a Complaint
If you believe your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we can work to resolve your concerns.
If you are not satisfied with our response, you may have the right to file a complaint with the relevant data protection authority. In the United States, complaints relating to privacy and consumer protection may be directed to:
- Federal Trade Commission (FTC): The FTC enforces federal consumer protection laws, including rules about unfair or deceptive acts or practices related to data privacy. You can file a complaint at www.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).
- California Attorney General (for California residents): If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's office at www.oag.ca.gov.
- State Attorney General Offices: Residents of other states may contact their respective state Attorney General's office for guidance on filing privacy-related complaints.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to responding to your inquiries promptly and transparently.
Company Name: Cafe Rio
Website: caferio-newhot.click
Email: [email protected]
Subject Line for Privacy Requests: Privacy Policy Inquiry / Privacy Rights Request
When contacting us regarding a privacy rights request, please include your full name, email address associated with your account (if applicable), and a clear description of your request or concern. This will help us process your inquiry efficiently and verify your identity where required.
We aim to acknowledge all privacy inquiries within 5 business days and to provide a substantive response within 45 days of receiving a verifiable request, as required by applicable law.
This Privacy Policy was last updated on July 8, 2026, and is effective as of that date. Cafe Rio reserves the right to update this policy at any time. Please check back regularly for the most current version.