Privacy Policy

This Privacy Policy explains how Dion's ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you visit our website at cafe-dions.rest, place orders online, subscribe to our newsletter, or otherwise interact with our food service business. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to the practices described in this document. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

This Privacy Policy applies to all visitors, customers, and users of cafe-dions.rest and any related digital platforms operated by Dion's.

1. About Us and How to Contact Us

Dion's is a food and restaurant business operating in the United States. We take our privacy obligations seriously and have designated a point of contact for all privacy-related inquiries.

For all privacy-related questions, requests, or complaints, please contact us using the email address listed above. We will respond to all inquiries within a reasonable time, and no later than 45 days as required under applicable law.

2. Information We Collect

We collect various categories of personal information depending on how you interact with us. We only collect information that is necessary for the purposes described in this policy and that is relevant to operating our food service business effectively and lawfully.

2.1 Personal Identification Information

When you create an account, place an order, make a reservation, or contact us, we may collect the following types of personal identification information:

• Full name
• Email address
• Phone number
• Billing and delivery address
• Date of birth (where required for age verification or loyalty programs)
• Username and password (for account holders)
• Payment information (credit/debit card numbers, billing details — processed securely through third-party payment processors)
• Dietary preferences, allergies, or food restrictions you voluntarily provide

2.2 Transaction and Order Data

When you place an order or make a purchase through our website, we collect information related to the transaction, including:

• Order history and details (items purchased, quantities, special requests)
• Order value and payment method
• Delivery or pickup preferences and instructions
• Date and time of transactions
• Promotional codes or discounts applied
• Customer feedback and ratings related to orders

2.3 Usage and Technical Data

When you visit our website, we automatically collect certain technical information about your device and browsing behavior, including:

• IP address
• Browser type and version
• Operating system and device type
• Pages visited on our website and time spent on each page
• Links and buttons clicked
• Referring website or URL (how you arrived at our website)
• Date and time of each visit
• Search terms entered on our website
• Error logs and performance data

2.4 Cookie and Tracking Data

We use cookies and similar tracking technologies such as web beacons, pixel tags, and local storage objects to collect information about your online activity. This includes session data, preferences, and analytics information. For detailed information, please refer to Section 9 (Cookie Usage) of this policy.

2.5 Communications Data

If you contact us via email, phone, web form, or social media, we collect and retain records of those communications, including:

• The content of your messages
• Contact details you provide
• The nature and outcome of the inquiry
• Records of complaints or feedback

2.6 Marketing and Preference Data

If you sign up for our mailing list, loyalty program, or promotional offers, we collect:

• Email address and name for communication purposes
• Your stated marketing preferences
• Opt-in and opt-out records
• Engagement metrics such as email open rates and click-through rates

2.7 Information from Third Parties

We may receive personal information about you from third-party sources, including:

• Third-party food delivery platforms and ordering apps we partner with
• Social media platforms when you interact with our social accounts or use social login features
• Payment processors who provide transaction confirmations
• Analytics providers who help us understand website traffic
• Advertising partners who assist with targeted marketing

3. How We Use Your Information

We use the personal information we collect for specific, legitimate purposes related to operating our food business and providing the best possible experience to our customers. Below is a detailed breakdown of how we use your data:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling food orders, including delivery and pickup
• Managing online reservations and table bookings
• Processing payments and sending receipts or invoices
• Communicating order status, delays, or updates
• Responding to customer service inquiries and resolving complaints
• Accommodating dietary preferences, allergies, or special requests

3.2 Account Management

• Creating and maintaining your customer account
• Authenticating your identity when you log in
• Managing loyalty program memberships and reward points
• Allowing you to view and manage your order history and preferences

3.3 Analytics and Business Improvement

• Analyzing website traffic and usage patterns to improve our online platform
• Understanding customer preferences and purchasing behavior to improve our menu and services
• Conducting internal research and development
• Monitoring and improving the performance and security of our website
• Generating aggregated, anonymized reporting and statistics

3.4 Marketing and Promotional Communications

• Sending newsletters, promotional emails, and special offers (with your consent)
• Notifying you about new menu items, seasonal specials, and events
• Delivering targeted advertising based on your preferences and browsing history
• Managing and executing loyalty and rewards programs
• Conducting customer satisfaction surveys

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, we may still send you transactional communications related to your orders or account.

3.5 Legal Compliance and Safety

• Complying with applicable laws and regulations in the United States
• Responding to lawful requests from law enforcement or government authorities
• Enforcing our Terms of Service and other applicable agreements
• Protecting the rights, property, and safety of Dion's, our customers, and the public
• Preventing fraud, abuse, and unauthorized access to our systems
• Maintaining appropriate records for tax and accounting purposes

4. Legal Basis for Processing Your Data

As a business operating in the United States, we process your personal information under the following legal justifications, consistent with applicable federal and state privacy laws including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act:

• Performance of a Contract: Processing necessary to fulfill your order, manage your account, or provide the services you requested.
• Legitimate Business Interests: Processing necessary for our legitimate operational interests, such as improving our services, preventing fraud, and analyzing website performance, provided these interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with applicable law, including tax reporting requirements, food safety regulations, and responses to legal process.
• Consent: Processing based on your explicit consent, such as subscribing to marketing communications. You may withdraw your consent at any time.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we do share your information with trusted third parties in limited circumstances as described below.

5.1 Service Providers and Business Partners

We engage third-party companies and individuals to perform functions on our behalf. These service providers have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to protect your data. They include:

• Payment processors: To securely handle credit card and payment transactions
• Delivery and logistics partners: To fulfill food delivery orders to your location
• Email marketing platforms: To send newsletters and promotional communications on our behalf
• Website hosting and cloud services: To host our website and store data securely
• Analytics providers: Such as Google Analytics, to help us understand website usage and performance
• Customer support tools: To manage and respond to customer inquiries efficiently
• Advertising networks: To display targeted advertisements based on your interests

5.2 Third-Party Food Delivery Platforms

When you place an order through a third-party delivery platform (such as DoorDash, Uber Eats, or similar services), that platform's own privacy policy governs the use of your information by that third party. We may receive certain information from these platforms about orders placed on your behalf.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that such disclosure is required or permitted by law, including:

• In response to a subpoena, court order, or other legal process
• To comply with a regulatory or government inquiry
• To protect the rights or property of Dion's
• To prevent or investigate suspected fraud or illegal activity
• To protect the personal safety of our customers, employees, or the public

5.4 Business Transfers

In the event that Dion's undergoes a business transaction such as a merger, acquisition, sale of assets, or bankruptcy proceeding, your personal information may be transferred to a successor or acquiring entity. We will notify you of any such change in ownership or control of your personal information, and you will have the opportunity to exercise any applicable rights under this policy.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, or analytical purposes. This does not constitute a disclosure of personal information.

6. Data Security

Protecting your personal information is a top priority for Dion's. We implement a variety of industry-standard technical, administrative, and physical security measures designed to safeguard your data from unauthorized access, use, alteration, or disclosure.

6.1 Technical Security Measures

• SSL/TLS encryption for all data transmitted between your browser and our website
• Secure, encrypted storage of sensitive data including payment information
• Use of PCI-DSS compliant payment processors to handle card data
• Regular software updates, patches, and vulnerability assessments
• Firewall protection and intrusion detection systems
• Access controls and multi-factor authentication for internal systems

6.2 Administrative Security Measures

• Employee training on data privacy and security best practices
• Limiting access to personal data to employees and contractors who need it to perform their job functions
• Confidentiality agreements with employees and third-party service providers
• Regular review and updating of our privacy and security policies

6.3 Limitations of Security

While we take significant steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information. In the event of a data breach that affects your rights or freedoms, we will notify affected individuals and relevant authorities as required by applicable law.

7. Your Privacy Rights

Depending on your location within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with meaningful control over your data.

7.1 Rights Under California Law (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to Know: You have the right to know what categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain legal exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as those terms are defined under the CPRA. We do not sell personal information in the traditional sense.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the services you request.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Right to Data Portability: You have the right to receive a copy of your personal information in a portable, readily usable format.

7.2 General Privacy Rights for All U.S. Users

Regardless of your state of residence, we offer all users the following privacy controls:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data where we have no legitimate reason to continue processing it
• Opt-Out of Marketing: Unsubscribe from marketing communications at any time
• Account Closure: Request closure of your account and deletion of associated data

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the following methods:

• Email: [email protected]
• Website: cafe-dions.rest

We will acknowledge your request within 10 business days and fulfill it within 45 calendar days. If we require additional time, we will notify you of the extension and the reason for it. We may need to verify your identity before processing your request to protect your security.

8. Data Retention

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

When personal information is no longer needed for its original purpose, we will securely delete, anonymize, or aggregate it in accordance with our data management procedures.

9. Cookie Usage

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. Cookies are small text files stored on your device when you visit a website.

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly. These cannot be disabled without affecting core functionality.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information such as page views and traffic sources.
• Functional Cookies: Enable enhanced features such as remembering your preferences, language settings, or items in your cart.
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

9.2 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website. You can also opt out of interest-based advertising by visiting the Digital Advertising Alliance at www.aboutads.info.

For full details on the cookies we use, their purposes, durations, and how to manage your preferences, please refer to our Cookie Policy, which is available on our website at cafe-dions.rest.

10. Children's Privacy

Dion's does not knowingly collect, solicit, or process personal information from children under the age of 18. Our website and online services are intended for adults only. If you are under 18 years of age, please do not provide any personal information on our website or use our online ordering services without the supervision and consent of a parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without appropriate consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [email protected] and we will promptly investigate and address the situation.

This policy is consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), which governs the online collection of personal information from children under the age of 13 in the United States. We take COPPA compliance seriously and implement measures to prevent the collection of data from minors.

11. International Data Transfers

Dion's is based in the United States, and our primary data processing activities take place within the United States. However, some of our third-party service providers, including analytics platforms, email marketing tools, and cloud hosting services, may store or process data in other countries.

When your personal information is transferred outside of the United States, we take steps to ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law. These safeguards may include:

• Ensuring third-party service providers are located in countries with adequate privacy protections
• Entering into data processing agreements that include appropriate standard contractual clauses or other approved transfer mechanisms
• Verifying that international partners comply with equivalent data protection standards

If you are located outside the United States and choose to use our website or services, please be aware that your information will be transferred to and processed in the United States. By using our services, you acknowledge and consent to this transfer.

12. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or services that are not operated or controlled by Dion's. This Privacy Policy does not apply to those third-party websites or services. We strongly encourage you to review the privacy policies of any third-party sites you visit.

We are not responsible for the content, privacy practices, or security of third-party websites or services. The inclusion of a link to a third-party site does not imply endorsement of that site or its privacy practices.

Third-party platforms we may link to or integrate with include:

• Social media platforms (Facebook, Instagram, Twitter/X)
• Food delivery apps and platforms (DoorDash, Uber Eats, Grubhub)
• Online review platforms (Google, Yelp)
• Payment gateways and processors
• Map and location services (Google Maps)

13. Your Choices and Opt-Out Options

We believe in giving you meaningful control over your personal information. Here is a summary of the choices available to you:

13.1 Marketing Communications

You may opt out of receiving marketing emails from us at any time by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email
• Contacting us at [email protected] with a request to be removed from our mailing list

Please allow up to 10 business days for your opt-out request to take effect. Note that you may still receive transactional or service-related emails even after opting out of marketing communications.

13.2 Cookies

You can manage your cookie preferences through your browser settings or our cookie consent tool on the website. For more details, please see Section 9 (Cookie Usage).

13.3 Account Data

If you have a customer account with us, you may update or correct your personal information by logging into your account. You may also contact us to request corrections or deletion of your account data.

13.4 Do Not Track Signals

Some browsers transmit "Do Not Track" signals to websites. At this time, our website does not respond to "Do Not Track" signals. However, you can use the cookie management tools described in this policy to control tracking technologies on our website.

14. Compliance with U.S. Privacy Laws

Dion's is committed to complying with all applicable United States federal and state privacy laws, including but not limited to:

• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA): Governing the privacy rights of California residents and our obligations regarding the collection, use, and sharing of personal information.
• Federal Trade Commission (FTC) Act: Prohibiting unfair or deceptive practices, including unfair privacy practices, in commerce.
• Children's Online Privacy Protection Act (COPPA): Protecting the privacy of children under 13 online.
• CAN-SPAM Act: Governing commercial email communications and providing recipients with the right to opt out of unwanted email.
• Telephone Consumer Protection Act (TCPA): Governing telemarketing and automated text message communications, where applicable.

We monitor developments in U.S. privacy law and will update this policy as necessary to remain compliant with new legal requirements.

15. How to File a Privacy Complaint

If you believe we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to contact us first so that we may address your concern directly.

15.1 Contacting Dion's Directly

To file a privacy complaint with us:

• Send a detailed description of your concern to: [email protected]
• Include your name, contact information, and a description of the specific privacy issue
• We will acknowledge your complaint within 10 business days and work to resolve it promptly

15.2 Complaints to Regulatory Authorities

If you are not satisfied with our response, or if you believe we are processing your personal information in violation of applicable law, you have the right to lodge a complaint with relevant regulatory authorities:

We strongly encourage you to reach out to us directly first, as we are committed to resolving privacy concerns efficiently and transparently.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or improvements to our privacy practices. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website at cafe-dions.rest
• Notify you by email if you have an account with us and the changes are material
• Display a notice on our website homepage for a reasonable period

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services following the posting of any changes constitutes your acceptance of those changes.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are happy to assist you.

We are dedicated to protecting your privacy and will respond to all inquiries in a timely and professional manner. Thank you for trusting Dion's with your personal information.