Privacy Policy

This Privacy Policy describes how Dions ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at cafedions.click, place orders through our online platform, interact with our food services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your personal information with transparency, integrity, and respect. This policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable regulations governing data privacy and consumer protection.

1. About Us

Dions is a food service business operating in the United States. We provide food products and related services to consumers through our website and other channels.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at any time using the contact information provided above or in Section 15 of this policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• All visitors to cafedions.click, regardless of location;
• Customers who place food orders through our website or other ordering channels;
• Individuals who create accounts or register with our platform;
• Individuals who subscribe to our newsletters, promotional emails, or loyalty programs;
• Individuals who contact us via email, phone, or any digital communication channel;
• Any person who engages with our social media pages, online advertisements, or third-party platforms linked to our services.

This policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over their data practices.

3. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of information we may collect include:

3.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or otherwise interact with us, we may collect personal identification information, including but not limited to:

• Full name;
• Email address;
• Phone number;
• Billing and shipping/delivery address;
• Date of birth (where applicable, such as for age verification purposes);
• Username and password (for registered accounts);
• Profile photo (if voluntarily provided).

3.2 Order and Transaction Information

When you place a food order or make a purchase through our website, we collect details related to that transaction, including:

• Items ordered and order history;
• Order value, discounts applied, and payment amounts;
• Payment method type (e.g., credit card, debit card, digital wallet — note: full payment card numbers are not stored by us and are processed by our third-party payment processors);
• Delivery preferences and special instructions;
• Timestamps and order status updates.

3.3 Usage Data and Website Analytics

We automatically collect certain technical and behavioral data when you access our website, including:

• IP address and approximate geographic location derived from it;
• Browser type, version, and language settings;
• Operating system and device type (desktop, mobile, tablet);
• Referring URLs (the website you visited before reaching ours);
• Pages viewed, links clicked, and time spent on each page;
• Search queries entered on our website;
• Session duration and frequency of visits;
• Error logs and crash reports.

3.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to collect information about your browsing behavior on our website. For a detailed explanation of the cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy. A brief overview is provided in Section 10 of this Privacy Policy.

3.5 Communications Data

When you contact us by email, through a contact form, or via any other communication channel, we collect and store the content of those communications, including:

• The content of your messages, inquiries, complaints, or feedback;
• Your contact details as provided in the communication;
• Date, time, and metadata associated with the communication.

3.6 Marketing and Preference Data

If you subscribe to our marketing communications or participate in promotions, surveys, or loyalty programs, we may collect:

• Your communication preferences and opt-in/opt-out choices;
• Survey responses and feedback;
• Loyalty program participation data and reward balances;
• Promotional code usage.

3.7 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms (if you choose to connect your social media account or log in via a social media provider);
• Third-party food ordering or delivery platforms that facilitate your order with us;
• Analytics and advertising partners who provide us with aggregated or pseudonymized data about website visitors;
• Payment processors who confirm transaction status.

4. How We Use Your Information

We use the personal information we collect for the following purposes:

4.1 Providing and Managing Our Services

• Processing and fulfilling your food orders and deliveries;
• Managing your account and providing customer support;
• Sending order confirmations, receipts, and status updates;
• Handling returns, refunds, complaints, and inquiries;
• Verifying your identity and preventing fraudulent activity.

4.2 Improving Our Website and Services

• Analyzing website traffic and user behavior to improve functionality, navigation, and user experience;
• Conducting internal research, testing, and development of new features or menu offerings;
• Identifying and resolving technical issues, bugs, and errors;
• Personalizing your experience on our website (e.g., recommending menu items based on past orders).

4.3 Marketing and Communications

• Sending you promotional emails, newsletters, and special offers where you have consented or where we have a legitimate interest under applicable law;
• Informing you about new menu items, seasonal promotions, loyalty rewards, and events;
• Conducting targeted advertising on third-party platforms (such as social media) based on your interactions with our website;
• Conducting surveys to gather feedback and improve our services.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at [email protected].

4.4 Legal and Compliance Purposes

• Complying with applicable federal, state, and local laws, regulations, and legal processes;
• Responding to lawful requests from government authorities or law enforcement agencies;
• Enforcing our Terms of Service and other policies;
• Protecting the rights, property, safety, and interests of Dions, our customers, and the public;
• Maintaining records required for tax, accounting, and regulatory compliance purposes.

4.5 Business Operations

• Managing and administering our internal business operations;
• Processing payments and managing financial records;
• Evaluating and improving staff performance and service quality;
• In the event of a business sale, merger, acquisition, or restructuring, transferring your information as part of that transaction (with appropriate notice provided to you).

5. Legal Basis for Processing

As a business operating in the United States, we rely on the following legal bases to process your personal information:

• Contractual Necessity: Processing necessary to fulfill your orders and deliver our services to you;
• Legitimate Interests: Processing for our legitimate business interests (such as improving services, preventing fraud, and marketing), provided these interests do not override your privacy rights;
• Consent: Processing based on your specific, informed consent, such as for marketing communications or certain cookies;
• Legal Obligation: Processing required to comply with applicable laws, regulations, or legal processes.

For California residents, additional rights and legal bases apply under the CCPA/CPRA, as described in Section 11 of this Privacy Policy.

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information with trusted third parties in the following circumstances:

6.1 Service Providers and Business Partners

We engage third-party service providers who assist us in operating our business and delivering our services. These providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

• Payment Processors: To securely process your payment transactions (e.g., Stripe, Square, PayPal);
• Delivery and Logistics Partners: To fulfill food delivery orders to your address;
• Email and Marketing Platforms: To send transactional emails, newsletters, and promotional communications;
• Analytics Providers: To collect and analyze website usage data (e.g., Google Analytics);
• Cloud Hosting and IT Service Providers: To host and maintain our website, databases, and technology infrastructure;
• Customer Support Tools: To manage and respond to customer inquiries and complaints.

6.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation under applicable federal or state law;
• Protect and defend the rights or property of Dions;
• Prevent or investigate potential wrongdoing or illegal activity;
• Protect the personal safety of our users, employees, or the public;
• Protect against legal liability.

6.3 Business Transfers

In the event that Dions undergoes a merger, acquisition, sale of assets, reorganization, or bankruptcy, your personal information may be transferred to the acquiring entity or successor business. We will provide notice of any such transfer and inform you of any changes to this Privacy Policy that may result.

6.4 With Your Consent

We may share your personal information with other third parties when you have provided your explicit consent to do so.

7. Data Security

We take the security of your personal information seriously and have implemented a range of technical, organizational, and administrative safeguards to protect your data against unauthorized access, disclosure, alteration, loss, or destruction. Our security measures include:

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted between your browser and our website;
• Access Controls: Access to your personal information is restricted to authorized personnel who require it to perform their job functions, and is governed by strict role-based access policies;
• Password Security: User account passwords are stored using industry-standard cryptographic hashing algorithms;
• Payment Security: Payment card data is handled exclusively by PCI DSS-compliant third-party payment processors; we do not store full payment card numbers on our systems;
• Regular Security Assessments: We conduct periodic security audits, vulnerability assessments, and penetration testing of our systems;
• Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a security incident.

Despite our best efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your information. If you believe your account or personal information has been compromised, please contact us immediately at [email protected].

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Our general data retention periods are as follows:

When your personal information is no longer required, we will securely delete, anonymize, or aggregate it in a manner that ensures it can no longer be used to identify you.

9. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

9.1 Right to Access

You have the right to request confirmation of whether we hold personal information about you, and if so, to receive a copy of that information in a structured, commonly used format.

9.2 Right to Correction

You have the right to request the correction of inaccurate, incomplete, or outdated personal information we hold about you.

9.3 Right to Deletion

You have the right to request the deletion of your personal information, subject to certain legal exceptions (such as where we are required to retain the information to comply with a legal obligation or to defend a legal claim).

9.4 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal information in a machine-readable format and to request that it be transmitted to another service provider.

9.5 Right to Opt Out of Marketing

You may opt out of receiving promotional emails and marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly at [email protected].

9.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, provide a different level of service quality, or suggest that you may receive a worse experience as a result of exercising your rights under this Privacy Policy.

9.7 How to Submit a Privacy Rights Request

To exercise any of the above rights, please submit a verifiable request to us by:

• Emailing us at [email protected] with the subject line "Privacy Rights Request";
• Including your full name, email address associated with your account, and a description of the right you wish to exercise.

We will respond to your request within 45 days of receipt. In certain circumstances, we may require additional time to process your request, in which case we will notify you of the extension and the reason for it. We may need to verify your identity before processing your request to ensure the security of your personal information.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and serve relevant advertisements. Cookies are small text files stored on your device by your web browser. We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to add items to your cart, process orders, and log into your account. These cookies cannot be disabled.
• Performance and Analytics Cookies: Used to collect anonymous information about how visitors use our website, including pages visited and errors encountered. This helps us improve our website's performance.
• Functional Cookies: Used to remember your preferences and personalize your experience on our website (e.g., saved delivery address, preferred language).
• Marketing and Advertising Cookies: Used to track your browsing activity across our site and third-party platforms to serve you relevant advertisements. You may opt out of these cookies.

You can manage your cookie preferences through your browser settings or through our cookie consent tool on our website. Please note that disabling certain cookies may affect the functionality of our website. For full details, please refer to our Cookie Policy.

11. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA). This section supplements the rest of our Privacy Policy and applies exclusively to California consumers.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California consumers:

• Identifiers (name, email address, IP address, account username);
• Commercial information (purchase history, order details);
• Internet or other electronic network activity (browsing history on our website, search queries);
• Geolocation data (approximate location derived from IP address);
• Inferences drawn from the above to create a profile about your preferences.

11.2 Your California Rights

California residents have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected about you;
• Delete: Request deletion of your personal information, subject to certain exceptions;
• Correct: Request correction of inaccurate personal information;
• Opt Out of Sale or Sharing: We do not sell your personal information. However, you have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes;
• Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to perform the services;
• Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

11.3 Submitting a California Privacy Request

California consumers may submit a verifiable request to exercise their rights by contacting us at [email protected]. We will respond within 45 calendar days. You may submit up to two requests in a 12-month period at no charge.

11.4 Shine the Light Law

California Civil Code Section 1798.83 ("Shine the Light" law) permits California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the information in Section 15 of this policy.

12. Children's Privacy

Our website and services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, as protected under the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 18.

If you are under 18 years of age, you are not permitted to use our website, create an account, or submit any personal information to us. If you are a parent or legal guardian and believe that your minor child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete that information from our records.

If we discover that we have inadvertently collected personal information from a child under 13, we will delete that information as quickly as possible in accordance with COPPA requirements.

13. International Data Transfers

Dions is based in the United States and primarily processes personal information within the United States. However, some of our third-party service providers (such as cloud hosting providers, analytics platforms, and email marketing services) may process your personal information in other countries, which may have data protection laws that differ from those in the United States.

When we transfer your personal information to third parties located outside the United States, we take appropriate steps to ensure that your information is treated securely and in accordance with this Privacy Policy and applicable law. These steps may include:

• Entering into data processing agreements with our service providers that include appropriate contractual protections;
• Ensuring that our service providers maintain adequate security standards and privacy practices;
• Relying on recognized legal mechanisms for international data transfers where applicable.

By using our website and services, you acknowledge that your personal information may be processed in countries outside of the United States. If you have concerns about international data transfers, please contact us at [email protected].

14. Filing a Complaint with a Data Protection Authority

If you believe that our processing of your personal information violates applicable privacy law, you have the right to file a complaint with the relevant regulatory authority. In the United States, the following bodies handle privacy-related complaints:

14.1 Federal Trade Commission (FTC)

The Federal Trade Commission is the primary federal agency responsible for consumer protection and privacy enforcement in the United States. You may file a complaint with the FTC if you believe a company has engaged in unfair or deceptive trade practices, including violations of your privacy rights.

• FTC Complaint Center: www.ftc.gov/complaint
• FTC Phone: 1-877-382-4357
• FTC Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Privacy Protection Agency (CPPA)

If you are a California resident, you may file a complaint with the California Privacy Protection Agency (CPPA), which is the state agency responsible for enforcing the CCPA/CPRA.

• CPPA Website: cppa.ca.gov

14.3 State Attorneys General

Many U.S. states have attorneys general offices that handle consumer privacy complaints. You may contact your state's attorney general if you believe your privacy rights have been violated under state law.

We encourage you to contact us first at [email protected] so that we have the opportunity to address your concerns before you escalate a complaint to a regulatory authority.

15. Contact Us for Privacy Inquiries

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to responding to all privacy inquiries promptly and professionally.

When contacting us for privacy-related matters, please include your full name, email address, and a clear description of your request or concern so that we can assist you as efficiently as possible. We aim to acknowledge all privacy inquiries within 5 business days and to provide a full response within 45 days.

16. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services, including social media platforms, delivery partners, and payment processors. These third parties operate independently and have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices or content of any third-party sites or services. The inclusion of a link on our website does not constitute an endorsement of the third party's privacy practices.

17. Do Not Track Signals

Some web browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not wish to be tracked across sites. Our website does not currently respond to DNT signals due to the lack of a uniform industry standard for DNT compliance. However, you may manage your tracking preferences through our cookie consent tool or through your browser settings.

18. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or business operations. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page;
• Post a notice on our website notifying you of the changes;
• Where required by law, send you a direct notification by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the posting of an updated Privacy Policy constitutes your acknowledgment of and agreement to the updated terms.

19. Governing Law

This Privacy Policy and any disputes arising from or related to it shall be governed by and construed in accordance with the laws of the United States of America and applicable state law, without regard to conflict of law provisions. Any legal action or proceeding arising under this Privacy Policy shall be brought exclusively in the federal or state courts located in the United States.