Privacy Policy

This Privacy Policy explains how Giordanos ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website at fresh-giordanos.rest, place orders, interact with our services, or otherwise engage with us. Please read this policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.

We are committed to protecting your privacy and handling your personal data responsibly, in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. About Us

Giordanos is a food service business operating in the United States. We provide food ordering, delivery, and dining services through our website and other channels. For questions, concerns, or requests related to this Privacy Policy, you may contact us using the information below:

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, participate in promotions, or contact us, we may collect personal identification information, including but not limited to:

• Full name
• Email address
• Phone number
• Delivery and billing address (street, city, state, ZIP code)
• Date of birth (where applicable, such as for age verification)
• Username and password for account access
• Profile photo (if you choose to upload one)

2.2 Payment and Financial Information

When you make a purchase through our website, we collect payment-related information necessary to process your transaction. This may include:

• Credit or debit card number (processed securely through our payment processors)
• Billing address
• Transaction history and order details
• Payment method type

Please note that we do not store full credit card numbers on our servers. All payment information is processed through PCI-DSS compliant third-party payment processors.

2.3 Order and Transaction Data

We collect information related to your orders and interactions with our food services, including:

• Items ordered, customizations, and special instructions
• Order history and frequency
• Delivery preferences and instructions
• Loyalty program participation and points balance
• Promotional codes or discount vouchers used
• Customer reviews and ratings submitted

2.4 Usage and Technical Data

We automatically collect certain technical information when you visit our website or use our digital services, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system and device type
• Pages visited, time spent on pages, and navigation paths
• Referring URLs and exit pages
• Date and time of access
• Search queries entered on our website
• Clickstream data and interactions with website features

2.5 Device Information

When you access our website or mobile application, we may collect device-specific information, such as:

• Device identifiers (device ID, advertising ID)
• Mobile network information
• Hardware model and software version
• Screen resolution and display settings
• Language and time zone preferences

2.6 Location Data

With your consent, we may collect precise or approximate location data to facilitate delivery services, help you find nearby locations, and provide location-based offers. You may disable location services through your device settings at any time.

2.7 Communications and Feedback

We collect information from your communications with us, including:

• Emails, chat messages, or phone calls with our customer support team
• Feedback, reviews, and survey responses
• Social media interactions and messages
• Comments posted on our website or social media pages

2.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing activity on our website. Please refer to Section 8 of this Policy for more detailed information on our use of cookies.

2.9 Information from Third Parties

We may receive information about you from third parties, including:

• Social media platforms if you log in or connect your social media account
• Third-party delivery platforms or aggregators
• Marketing partners and analytics providers
• Public databases and data brokers where permitted by law

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Providing and Managing Our Services

• Processing and fulfilling your food orders and delivery requests
• Creating and managing your account
• Sending order confirmations, receipts, and delivery status updates
• Processing payments and managing billing
• Responding to your inquiries, complaints, and customer service requests
• Administering loyalty programs, promotions, and rewards

3.2 Improving and Personalizing Our Services

• Analyzing usage patterns to improve website functionality and user experience
• Personalizing your experience by recommending menu items based on your preferences and order history
• Conducting research and development to improve our products and services
• Testing new features and conducting A/B testing

3.3 Marketing and Communications

• Sending you promotional emails, newsletters, special offers, and updates about new menu items (where you have given consent or where permitted by applicable law)
• Delivering targeted advertising based on your interests and browsing behavior
• Sending push notifications (where you have enabled them)
• Conducting surveys and collecting feedback to improve our services

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails, updating your account preferences, or contacting us at [email protected].

3.4 Analytics and Business Intelligence

• Monitoring and analyzing trends, usage, and activities in connection with our services
• Generating aggregated and anonymized statistical data about our customer base
• Measuring the effectiveness of our marketing campaigns

3.5 Legal and Compliance Purposes

• Complying with applicable legal obligations, regulations, and court orders
• Detecting, investigating, and preventing fraudulent transactions and other illegal activities
• Protecting the rights, property, and safety of Giordanos, our customers, and others
• Enforcing our Terms of Service and other agreements
• Responding to lawful requests from government authorities and law enforcement agencies

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information with certain third parties in the following circumstances:

4.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our business. These providers are authorized to use your personal information only as necessary to provide services to us and are contractually obligated to protect your data. Categories of service providers include:

• Payment processors: To securely process your payment transactions
• Delivery partners: To coordinate and fulfill your food delivery orders
• Cloud hosting providers: To store and manage our data infrastructure
• Analytics providers: Such as Google Analytics, to analyze website traffic and user behavior
• Email marketing platforms: To send you newsletters and promotional communications
• Customer support software providers: To manage and respond to customer inquiries
• Advertising networks: To deliver targeted advertisements across platforms

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request
• Protect and defend the rights or property of Giordanos
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of our users or the public
• Protect against legal liability

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity or successor company. We will notify you via email or a prominent notice on our website before your personal information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so. You may withdraw your consent at any time by contacting us at [email protected].

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that does not directly identify you with third parties for industry analysis, demographic profiling, marketing, analytics, and other business purposes.

5. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures to protect your data against unauthorized access, disclosure, alteration, and destruction.

5.1 Security Measures We Employ

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Access controls: We restrict access to personal information to authorized employees and contractors who need it to perform their job functions.
• Firewalls and intrusion detection: We use firewalls and monitoring systems to detect and prevent unauthorized access to our systems.
• PCI-DSS compliance: Our payment processing systems comply with the Payment Card Industry Data Security Standard.
• Regular security assessments: We conduct periodic security reviews and vulnerability assessments of our systems and processes.
• Data minimization: We collect only the personal information necessary for the purposes described in this Privacy Policy.

5.2 Limitations of Security

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the appropriate regulatory authorities as required by applicable law.

You are responsible for maintaining the confidentiality of your account password and for any activities that occur under your account. Please notify us immediately at [email protected] if you suspect any unauthorized use of your account.

6. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information under applicable United States privacy laws, including the CCPA/CPRA for California residents and other state privacy laws.

6.1 Rights Available to All Users

• Right to Know/Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (such as where we are required to retain data for legal compliance or to complete a transaction).
• Right to Portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
• Right to Opt-Out of Marketing: You have the right to opt out of receiving promotional communications from us at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your privacy rights.

6.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

• Right to Know About Data Sharing for Cross-Context Behavioral Advertising: You have the right to know if your personal information is shared for cross-context behavioral advertising purposes.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to only what is necessary to provide the services.
• Right to Appeal: If we deny your privacy request, you have the right to appeal our decision.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, you may submit a request by:

• Emailing us at: [email protected] with the subject line "Privacy Rights Request"
• Visiting our website: fresh-giordanos.rest

We will respond to your request within 45 days. If we require additional time (up to 90 days total), we will notify you of the extension in writing. We may need to verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our services to you, and to comply with our legal obligations. The following general retention periods apply:

After the applicable retention period expires, we will securely delete or anonymize your personal information. In some circumstances, we may retain anonymized data indefinitely for statistical and analytical purposes where such data can no longer identify you.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver targeted advertising. This section provides a brief overview of our cookie practices.

8.1 What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They allow the website to remember your actions and preferences over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.

8.2 Types of Cookies We Use

• Essential/Strictly Necessary Cookies: These cookies are required for the operation of our website, including enabling you to log in, add items to your cart, and complete purchases. These cannot be disabled.
• Performance/Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users receive error messages. This information is used to improve how our website works.
• Functionality Cookies: These cookies allow our website to remember choices you make and provide enhanced, more personalized features, such as remembering your language preferences or past orders.
• Targeting/Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns.

8.3 Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse to accept cookies, delete existing cookies, and set preferences for certain types of cookies. Please note that disabling certain cookies may affect the functionality of our website and your ability to use some of our services.

For more detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy available on our website at fresh-giordanos.rest.

8.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for interpreting DNT signals. We will continue to monitor developments in this area and update our practices accordingly.

9. Children's Privacy

Our food ordering and delivery services are not directed to children under the age of 18. We do not knowingly collect, solicit, or process personal information from individuals under 18 years of age. If you are under 18, please do not use our website or services, create an account, or submit any personal information to us.

If you are a parent or guardian and you believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to remove such information from our records and terminate any associated account.

Our practices comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under 13 without verifiable parental consent. We go further by requiring all users to be at least 18 years of age.

10. International Data Transfers

Giordanos is based in the United States, and your personal information is primarily collected, stored, and processed within the United States. Our website is intended for users located in the United States.

If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. Data protection laws in the United States may differ from those in your country of residence.

If we transfer your personal information internationally to service providers or partners located in other countries, we will take appropriate safeguards to ensure that your personal information is protected in accordance with applicable law. Such safeguards may include:

• Entering into data processing agreements with our service providers that incorporate appropriate data protection clauses
• Ensuring that the recipient country provides an adequate level of data protection
• Implementing other legally recognized transfer mechanisms as required by applicable law

By using our website and services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Giordanos. This Privacy Policy does not apply to those third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit.

We are not responsible for the privacy practices, content, or security measures of third-party websites. The inclusion of a link to a third-party website does not constitute an endorsement by Giordanos of that website or its privacy practices.

Our website may also integrate third-party services such as social media plugins, maps, and payment gateways. These third-party services have their own privacy policies governing the collection and use of your information when you interact with them on our website.

12. California Privacy Rights — Supplemental Notice

This section supplements the information contained in this Privacy Policy and applies solely to California residents. It is provided pursuant to the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA).

12.1 Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email, IP address, account credentials)
• Commercial information (purchase history, ordering preferences)
• Internet or other electronic network activity information (browsing history, usage data)
• Geolocation data (approximate or precise location, with consent)
• Inferences drawn from other personal information to create a profile
• Sensitive personal information (payment card information, precise geolocation)

12.2 "Shine the Light" Law

California Civil Code Section 1798.83 permits users of our website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

12.3 Submitting a CCPA/CPRA Request

California residents may submit privacy rights requests by emailing us at [email protected] with "California Privacy Request" in the subject line. We will verify your identity before processing your request. We will respond within 45 days of receiving your request, with a possible extension of an additional 45 days where reasonably necessary.

13. FTC Compliance and Consumer Protection

Giordanos is committed to complying with the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in commerce. Our privacy practices are designed to be transparent, fair, and consistent with the representations we make to our customers.

We do not engage in deceptive data practices and we honor all commitments made in this Privacy Policy. If our privacy practices change materially, we will provide notice to affected users as described in Section 15 of this Policy.

If you believe that we have engaged in any unfair or deceptive privacy practices, you have the right to file a complaint with the Federal Trade Commission at www.ftc.gov or by calling 1-877-FTC-HELP (1-877-382-4357).

14. Filing Complaints with Data Protection Authorities

If you believe that our processing of your personal information violates applicable privacy laws, you have the right to lodge a complaint with the relevant data protection or consumer protection authority.

14.1 Federal Level

• Federal Trade Commission (FTC): reportfraud.ftc.gov or 1-877-382-4357

14.2 California Residents

• California Privacy Protection Agency (CPPA): cppa.ca.gov
• California Attorney General: oag.ca.gov/privacy

14.3 Other States

Residents of other states with applicable privacy laws may contact their respective state attorney general's office or consumer protection agency. We encourage you to first contact us directly at [email protected] so we have the opportunity to address your concerns before you escalate them to a regulatory authority.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will notify you by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to the email address associated with your account (for material changes)
• Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you do not agree with the updated Privacy Policy, you should discontinue your use of our website and services and may request deletion of your account and personal information as described in Section 6 of this Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please do not hesitate to contact us using the following information:

We are committed to resolving any privacy concerns you may have. Upon receiving your privacy-related inquiry or request, we will acknowledge receipt within 5 business days and provide a full response within the timeframes required by applicable law.