Privacy Policy
This Privacy Policy explains how Papa Ginos ("we," "us," "our," or the "Company") collects, uses, discloses, and protects information about you when you visit our website at cafe-papaginos.digital, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal information with transparency, integrity, and care.
Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or otherwise providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms described herein, please do not use our services or submit any personal information to us.
This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection statutes. If you are a California resident, please pay particular attention to the sections labeled specifically for California residents.
1. Who We Are
Papa Ginos is a food service business operating in the United States. We provide food ordering, delivery, catering, and related services to our customers through our website and other channels. For the purposes of this Privacy Policy, Papa Ginos acts as the data controller with respect to the personal information we collect from you.
Our contact details are as follows:
| Company Name | Papa Ginos |
|---|---|
| Website | cafe-papaginos.digital |
| Email Address | [email protected] |
2. Information We Collect
We collect various types of information in connection with your interactions with us. This includes information you provide directly, information collected automatically, and information obtained from third parties.
2.1 Personal Information You Provide Directly
When you interact with Papa Ginos — whether by creating an account, placing an order, subscribing to our newsletter, completing a contact form, or contacting our customer support — you may provide us with the following categories of personal information:
- Identifiers: Your full name, username, and similar identifiers.
- Contact Information: Email address, mailing address, billing address, delivery address, and telephone number.
- Payment Information: Credit card numbers, debit card numbers, billing details, and other financial information. Please note that full payment card details are processed by our secure third-party payment processors and are not stored on our servers.
- Account Credentials: Password and similar security information when you create an account with us.
- Order Information: Details of your food orders, preferences, special instructions, dietary restrictions, and order history.
- Communications: Records of correspondence, feedback, complaints, and inquiries you submit to us through any channel.
- Marketing Preferences: Your preferences with respect to receiving marketing communications from us or our partners.
- Survey and Promotion Data: Responses to surveys, competitions, or promotional campaigns you choose to participate in.
2.2 Information Collected Automatically
When you visit our website or use our digital services, certain information is collected automatically through cookies, web beacons, pixels, log files, and similar tracking technologies. This may include:
- Usage Data: Pages you visit, links you click, time spent on pages, features you use, and the sequence of your interactions with the website.
- Device Information: Device type (desktop, mobile, tablet), operating system, browser type and version, screen resolution, and language settings.
- Network and Connection Data: IP address, internet service provider, referring URLs, and exit pages.
- Location Data: General geographic location derived from your IP address, or more precise location data if you grant permission through your browser or device settings.
- Cookie Data: Information stored in cookies and similar technologies as described in Section 7 of this Privacy Policy.
- Log Files: Server logs that record activity on our website, including access times, error messages, and other technical information.
2.3 Information from Third Parties
We may receive information about you from third-party sources, including:
- Social Media Platforms: If you connect your social media account to our services or interact with our social media content, we may receive profile information from that platform.
- Analytics Providers: Third-party analytics services may provide us with aggregated reports and insights about how users interact with our website.
- Payment Processors: Payment service providers may share transaction confirmation details and fraud prevention signals with us.
- Delivery Partners: Third-party delivery platforms or logistics providers may share information relevant to fulfilling your orders.
- Marketing Partners: We may receive information from advertising networks and marketing data partners to help us reach relevant audiences and measure campaign effectiveness.
3. How We Use Your Information
We use the information we collect for a variety of purposes, always in accordance with applicable law. The primary ways in which we use your personal information are described below:
3.1 Providing and Managing Our Services
- Processing and fulfilling your food orders, including coordinating with delivery partners and kitchen staff.
- Creating and managing your customer account.
- Processing payments and preventing fraudulent transactions.
- Sending you order confirmations, receipts, and updates regarding the status of your orders.
- Responding to your inquiries, complaints, and customer service requests.
- Facilitating catering bookings and special event orders.
3.2 Improving Our Services and Operations
- Analyzing usage patterns and customer preferences to improve our menu offerings, website functionality, and overall customer experience.
- Conducting internal research and data analytics to understand how our services are used and where improvements can be made.
- Monitoring and addressing technical issues, bugs, and security vulnerabilities on our website.
- Training our staff and improving our operational processes based on customer feedback and order data.
3.3 Marketing and Promotional Communications
- Sending you promotional emails, newsletters, special offers, and information about new menu items or events — but only where you have provided consent or where we have a legitimate business interest that is not overridden by your rights.
- Displaying targeted advertisements on our website, social media platforms, and third-party websites based on your interests and behavior.
- Running loyalty programs, contests, and promotional campaigns.
- Measuring the effectiveness of our marketing campaigns and optimizing our advertising spend.
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email we send you or by contacting us at [email protected]. Please note that even if you opt out of marketing communications, we will still send you transactional messages related to your orders and account.
3.4 Legal and Compliance Purposes
- Complying with applicable laws, regulations, and legal obligations.
- Responding to lawful requests from government authorities, law enforcement agencies, and courts.
- Enforcing our Terms of Service and other applicable agreements.
- Protecting the rights, property, and safety of Papa Ginos, our customers, and the public.
- Preventing, detecting, and investigating fraud, security breaches, and other prohibited or illegal activities.
4. Legal Basis for Processing
While the United States does not have a single comprehensive federal privacy law equivalent to the European GDPR, we are committed to processing your personal information responsibly and in accordance with applicable U.S. laws. We rely on the following bases for processing your personal information:
- Contractual Necessity: Processing necessary to fulfill your orders, manage your account, and deliver the services you have requested from us.
- Legitimate Business Interests: Processing that serves our legitimate business interests, such as fraud prevention, improving our services, and direct marketing to existing customers, provided these interests are not outweighed by your rights and interests.
- Legal Obligation: Processing required for us to comply with applicable laws, regulations, and legal processes.
- Consent: Where we rely on your consent to process your personal information — for example, for certain marketing activities — you have the right to withdraw that consent at any time.
5. Sharing Your Information with Third Parties
We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. However, we do share your information in certain circumstances as described below:
5.1 Service Providers and Business Partners
We engage trusted third-party service providers who assist us in operating our business and delivering our services. These providers are contractually obligated to handle your personal information securely and only as directed by us. Categories of service providers include:
- Payment Processors: Companies that securely process credit card and other payment transactions on our behalf.
- Delivery and Logistics Providers: Third-party delivery services that fulfill your food orders.
- Technology and Hosting Providers: Companies that provide website hosting, cloud storage, content delivery, and related technology infrastructure.
- Analytics Providers: Services such as Google Analytics that help us understand website traffic and user behavior.
- Email and Marketing Platforms: Services that power our email communications and marketing campaigns.
- Customer Support Tools: Platforms that facilitate our customer service operations.
5.2 Legal Requirements and Law Enforcement
We may disclose your personal information to government authorities, law enforcement agencies, regulators, or courts when we are legally required to do so, or when we believe in good faith that such disclosure is necessary to:
- Comply with a legal obligation, court order, subpoena, or governmental request.
- Protect and defend the rights and property of Papa Ginos.
- Prevent or investigate possible wrongdoing in connection with our services.
- Protect the personal safety of our customers, employees, or the public.
5.3 Business Transfers
In the event that Papa Ginos undergoes a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar corporate transaction, your personal information may be transferred to the acquiring entity or successor business as part of that transaction. We will notify you via email and/or a prominent notice on our website if your personal information becomes subject to a different privacy policy as a result of such a transaction.
5.4 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified information — which cannot reasonably be used to identify you — with third parties for research, analytics, industry reporting, and marketing purposes without restriction.
6. Data Security
We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards designed to protect your data against unauthorized access, loss, misuse, alteration, and disclosure. Our security measures include:
- Encryption: We use industry-standard Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive information such as payment details is encrypted in transit.
- Access Controls: We restrict access to personal information to authorized employees and contractors who have a legitimate business need to access such information, and who are bound by confidentiality obligations.
- Secure Payment Processing: Payment card data is processed by PCI-DSS compliant payment processors. We do not store full credit card numbers on our systems.
- Regular Security Audits: We conduct periodic reviews and assessments of our information security practices and systems.
- Incident Response: We maintain an incident response plan to promptly address any potential data breaches or security incidents.
- Firewalls and Intrusion Detection: We deploy firewalls, intrusion detection systems, and other network security tools to protect our infrastructure.
Despite our best efforts, no method of data transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at [email protected].
7. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit a website.
7.1 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the operation of our website. These cookies enable core functions such as security, shopping cart functionality, and account access. The website cannot function properly without these cookies.
- Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users encounter error messages. This helps us improve website performance.
- Functionality Cookies: These cookies allow the website to remember choices you make (such as your preferred language or saved delivery address) to provide a more personalized experience.
- Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests, and to track the effectiveness of our advertising campaigns.
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a warning before a cookie is placed. Please be aware that disabling certain cookies may affect the functionality of our website. For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy available on our website.
8. Data Retention
We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:
| Category of Data | Retention Period |
|---|---|
| Customer account information | Duration of the account plus 3 years after account closure |
| Order and transaction records | 7 years (for tax and financial compliance purposes) |
| Marketing preferences and opt-out records | 5 years from the date of the last interaction |
| Customer service and complaint records | 3 years from the date of resolution |
| Website analytics and usage data | 26 months from collection |
| Cookie data | As specified in individual cookie settings (typically 30 days to 2 years) |
| Legal hold or litigation-related data | Until the matter is fully resolved plus applicable statute of limitations |
When personal information is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.
9. Your Privacy Rights
Depending on where you reside and applicable laws, you may have certain rights with respect to your personal information. We are committed to honoring these rights and responding to your requests in a timely manner.
9.1 General Rights for All Users
- Right to Access: You have the right to request a copy of the personal information we hold about you, along with details about how we use it and with whom we share it.
- Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
- Right to Deletion: You have the right to request the deletion of your personal information, subject to certain exceptions (for example, where we are required by law to retain certain data).
- Right to Opt Out of Marketing: You may opt out of receiving marketing communications at any time by using the unsubscribe mechanism in our emails or contacting us directly.
- Right to Data Portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format.
9.2 Additional Rights for California Residents (CCPA/CPRA)
If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following additional rights:
- Right to Know: You have the right to know what categories of personal information we collect, the purposes for collection, the categories of sources from which we collect information, the categories of third parties with whom we share information, and the specific pieces of personal information we have collected about you.
- Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. As stated in this Privacy Policy, we do not sell your personal information to third parties.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to only that which is necessary for providing our services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices, or provide you with a lower quality of service because you exercised your privacy rights.
To exercise any of your California privacy rights, please submit a verifiable consumer request to us using the contact details provided in Section 13 of this Privacy Policy. We will respond to your request within 45 days, and may extend this period by an additional 45 days where necessary, with prior notice.
9.3 How to Submit a Privacy Rights Request
To exercise any of the rights described in this section, please contact us by:
- Email: [email protected] (please include "Privacy Rights Request" in the subject line)
We may need to verify your identity before processing your request. This helps us ensure that we are disclosing or deleting information only at the request of the individual to whom it belongs. You may designate an authorized agent to make a request on your behalf; however, we may require written authorization from you confirming the agent's authority.
10. Children's Privacy
Our services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, as protected by the Children's Online Privacy Protection Act (COPPA).
If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.
We also do not direct our marketing activities toward minors, and we do not knowingly solicit personal information from individuals under 18 years of age.
11. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, social media platforms, and services that are not operated by Papa Ginos. When you click on a link to a third-party website, you will be directed away from our website, and our Privacy Policy will no longer apply. We have no control over, and assume no responsibility for, the privacy practices, content, or security of any third-party websites.
We encourage you to review the privacy policies of any third-party websites you visit before providing them with your personal information. The inclusion of a link on our website does not imply our endorsement of that website or its privacy practices.
12. International Data Transfers
Papa Ginos is based in the United States, and the personal information we collect is primarily stored and processed in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
In particular, please be aware that the United States does not provide the same level of data protection as countries in the European Economic Area (EEA) or other jurisdictions with comprehensive data protection frameworks. By using our services and providing us with your personal information, you acknowledge and consent to the transfer of your information to the United States and its processing there in accordance with this Privacy Policy.
Where we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information, consistent with applicable legal requirements. If you have questions about international data transfers, please contact us at [email protected].
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.
| Company Name | Papa Ginos |
|---|---|
| Website | cafe-papaginos.digital |
| Privacy Inquiries Email | [email protected] |
When contacting us about a privacy matter, please include the following information to help us process your request efficiently:
- Your full name and contact information.
- A clear description of your inquiry or request.
- The type of personal information to which your request relates (if applicable).
- If you are submitting a formal privacy rights request, please indicate the specific right you wish to exercise.
14. Filing a Complaint with a Regulatory Authority
If you believe that we have not handled your personal information in accordance with applicable law, you have the right to file a complaint with the relevant regulatory authority.
14.1 Complaints in the United States
In the United States, complaints regarding unfair or deceptive privacy practices may be submitted to the Federal Trade Commission (FTC), which enforces privacy obligations under the FTC Act. You may contact the FTC at:
- Website: www.ftc.gov/complaint
- Telephone: 1-877-FTC-HELP (1-877-382-4357)
- Address: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580
14.2 California Residents
California residents who wish to exercise their CCPA/CPRA rights or file a complaint may also contact the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:
- California Privacy Protection Agency: cppa.ca.gov
- California Attorney General: oag.ca.gov/privacy/ccpa
We encourage you to contact us directly first so that we have the opportunity to address your concerns before you escalate to a regulatory authority. We are committed to resolving all privacy-related complaints fairly and promptly.
15. Do Not Track Signals
Some web browsers allow users to enable "Do Not Track" (DNT) signals, which are preferences users can set to inform websites that they do not wish to be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. At this time, our website does not respond to DNT signals from browsers. However, you may manage your tracking preferences through your browser's cookie settings or by opting out of specific tracking technologies as described in Section 7 of this Privacy Policy.
16. Changes to This Privacy Policy
We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the services we offer. When we make material changes to this Privacy Policy, we will:
- Update the "Last Updated" date at the top of this page.
- Post the revised Privacy Policy on our website at cafe-papaginos.digital.
- Where required by law or where we consider it appropriate, notify you of changes via email to the address associated with your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after the posting of changes to this Privacy Policy constitutes your acceptance of those changes.
17. Governing Law
This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the United States and applicable state laws. To the extent that any state law provides greater protections for consumer privacy than federal law, we will comply with such state law requirements with respect to residents of that state.
- We collect personal information you provide and data collected automatically when you use our website.
- We use your information to fulfill orders, improve our services, and — with your permission — send you marketing communications.
- We do not sell your personal information to third parties.
- You have rights to access, correct, delete, and port your personal information.
- California residents have additional rights under the CCPA/CPRA.
- Our services are not intended for children under 18 years of age.
- For any privacy concerns, contact us at [email protected].
This Privacy Policy was last reviewed and updated on June 14, 2026. If you have any questions about this policy or our privacy practices, please contact Papa Ginos at [email protected].