Privacy Policy

Welcome to Giordanos. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website giordanospizza.digital, place orders, or interact with our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.

This Privacy Policy applies to all information collected through our website, mobile experiences, and any related services, sales, marketing, or events (collectively referred to as the "Services").

1. Who We Are

Giordanos is a food service business operating in the United States. For the purposes of this Privacy Policy, we act as the data controller responsible for your personal information.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us using the details above. We will make every reasonable effort to address your inquiry promptly and thoroughly.

2. Information We Collect

We collect various types of information in connection with your use of our Services. The categories of personal information we collect include, but are not limited to, the following:

2.1 Personal Information You Provide to Us

When you interact with our website or place an order, you may voluntarily provide us with personal information, including:

• Contact Information: Full name, email address, phone number, and mailing/delivery address.
• Account Information: Username, password, and account preferences if you create a user account on our platform.
• Order Information: Menu items selected, special dietary requests, delivery instructions, and order history.
• Payment Information: Credit or debit card details, billing address, and transaction history. Note: full payment card data is processed by our third-party payment processors and is not stored directly on our servers.
• Communications: Any messages, feedback, reviews, or correspondence you send to us via email, contact forms, or customer support channels.
• Promotional Preferences: Marketing opt-in/opt-out choices and communication preferences.
• Survey Responses: Information you provide in response to optional customer satisfaction surveys or feedback forms.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage information, including:

• Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and hardware model.
• Usage Data: Pages viewed, links clicked, time spent on pages, navigation paths, referring URLs, and the date and time of your visit.
• Location Data: General geographic location inferred from your IP address. We may also collect more precise location data if you grant permission through your browser or mobile device.
• Log Data: Server logs that record information about your use of our Services, including errors encountered and diagnostic data.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior. Please refer to Section 8 of this policy for detailed information about our cookie practices.

2.3 Information From Third Parties

We may receive information about you from third-party sources, including:

• Social Media Platforms: If you interact with us through social media or use social login features, we may receive profile information such as your name, profile picture, and email address, subject to the privacy settings on those platforms.
• Analytics Providers: Third-party analytics services that provide aggregated or anonymized information about how users interact with our website.
• Delivery and Fulfillment Partners: Information shared by third-party delivery platforms when you place orders through such platforms that are integrated with our Services.
• Payment Processors: Confirmation and status data regarding your transactions.
• Marketing Partners: Information from advertising networks and data brokers that assist us in understanding our customer base and improving our marketing efforts.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. Specifically, we use your information to:

3.1 Service Provision and Order Fulfillment

• Process and fulfill your food orders, including delivery and pickup arrangements.
• Create and manage your user account, if applicable.
• Communicate with you about your orders, including confirmations, status updates, and delivery notifications.
• Process payments and issue refunds or credits where applicable.
• Provide customer support and respond to your inquiries, complaints, or disputes.
• Maintain our loyalty or rewards programs, if offered.

3.2 Analytics and Service Improvement

• Analyze user behavior and trends to understand how our Services are used and to improve functionality.
• Conduct research and generate aggregated, anonymized statistics about our customer base.
• Test new features, promotions, and website designs to improve user experience.
• Monitor and diagnose technical issues and ensure the stability and security of our platform.
• Develop new products, services, and menu offerings based on customer preferences and feedback.

3.3 Marketing and Promotions

• Send you promotional emails, newsletters, special offers, and marketing communications about our products and services, where you have opted in or where permitted by applicable law.
• Personalize your experience on our website, including displaying relevant content, offers, and recommendations based on your preferences and order history.
• Deliver targeted advertising through third-party advertising networks and social media platforms.
• Administer contests, sweepstakes, promotions, and special events.

3.4 Legal and Compliance Purposes

• Comply with applicable federal, state, and local laws and regulations.
• Enforce our Terms of Service and other applicable agreements.
• Detect, investigate, and prevent fraudulent transactions, security breaches, and other illegal or unauthorized activity.
• Respond to lawful requests from government authorities, courts, or law enforcement agencies.
• Protect the rights, property, and safety of Giordanos, our customers, employees, and the public.

4. Legal Basis for Processing

As a business operating in the United States, our data processing activities are guided by applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act, which governs unfair or deceptive practices in commerce.

We process your personal information on the following bases:

• Contract Performance: Processing necessary to fulfill orders and provide the services you have requested.
• Legitimate Business Interests: Processing for purposes such as fraud prevention, analytics, and improving our services, where these interests are not overridden by your privacy rights.
• Legal Obligation: Processing required to comply with applicable laws, regulations, or legal process.
• Consent: Where required by law, we will obtain your consent before processing your information, such as for certain marketing communications or the use of non-essential cookies.

5. Sharing Your Information With Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted third parties in the following circumstances:

5.1 Service Providers

We engage third-party companies and individuals to perform services on our behalf. These service providers are given access to your personal information only as necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Categories of service providers include:

• Payment processors and financial institutions
• Delivery and logistics partners
• Cloud hosting and data storage providers
• Email and marketing communication platforms
• Customer relationship management (CRM) software providers
• Website analytics and performance monitoring services
• Fraud detection and security service providers
• Customer support platforms

5.2 Business Transfers

If Giordanos undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of its assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change through a prominent notice on our website or via direct communication, and you will be informed of any choices you may have regarding your information.

5.3 Legal Requirements and Protection of Rights

We may disclose your personal information if required to do so by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request.
• Enforce our Terms of Service, this Privacy Policy, or other agreements.
• Protect the rights, property, or personal safety of Giordanos, our customers, or the public.
• Detect and prevent fraud, security threats, or other illegal activity.

5.4 Advertising and Analytics Partners

With your consent where required, we may share certain data with advertising networks and analytics providers to deliver targeted advertisements and measure the effectiveness of our marketing campaigns. These partners may use cookies and similar tracking technologies. You can opt out of certain targeted advertising through the Digital Advertising Alliance's opt-out tool at optout.aboutads.info.

5.5 California "Shine the Light" Disclosure

California residents may request information about any disclosures of personal information to third parties for those third parties' direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected].

6. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive data such as payment information is encrypted both in transit and at rest.
• Access Controls: Access to personal information is restricted to authorized personnel who need it to perform their job functions. All employees with access to personal data are trained on data privacy and security best practices.
• Secure Payment Processing: We use PCI-DSS compliant third-party payment processors and do not store full credit card numbers on our servers.
• Regular Security Assessments: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential weaknesses in our systems.
• Data Minimization: We collect only the personal information necessary for the purposes described in this policy and retain it only for as long as needed.
• Incident Response: We maintain an incident response plan to address potential data breaches promptly and will notify affected individuals and relevant authorities as required by applicable law.

7. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights with respect to your personal information. We are committed to honoring these rights and providing you with the means to exercise them.

7.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose what personal information we have collected about you, the categories and sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Access: You have the right to request a copy of the specific pieces of personal information we hold about you.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions required by law.
• Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, visit our website and look for our "Do Not Sell or Share My Personal Information" link.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit how we use and disclose your sensitive personal information to only uses necessary to provide the services you have requested.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will not receive a different quality of service or be denied access to our Services for exercising your rights under the CCPA/CPRA.

7.2 General Privacy Rights for All Users

• Right to Access: You may request access to the personal information we hold about you.
• Right to Correction: You may request that we correct or update any inaccurate or incomplete personal information.
• Right to Deletion: You may request the deletion of your personal information, subject to certain legal exceptions.
• Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where we process your data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails or contacting us directly.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit your request through one of the following methods:

• Email: [email protected]
• Website: giordanospizza.digital (via our contact or privacy request form)

We will verify your identity before processing your request to protect the security of your information. We will respond to verified requests within 45 days of receipt, and may extend this period by an additional 45 days where necessary, with proper notice to you. We will not charge a fee for processing your first request within a 12-month period.

You may also designate an authorized agent to make a request on your behalf. We may require written authorization or proof of the agent's authority before processing such a request.

8. Cookie Policy

Our website uses cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to enhance your browsing experience, analyze website traffic, and deliver relevant advertising.

8.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the website to function properly. These cookies enable core functions such as security, order processing, and account authentication. They cannot be disabled.
• Functional Cookies: These cookies remember your preferences (such as language, location, and saved items) to provide a more personalized experience.
• Analytics Cookies: Used to collect information about how visitors use our website, helping us understand and improve site performance. We use services such as Google Analytics for this purpose.
• Marketing and Advertising Cookies: Used to track your browsing behavior and deliver targeted advertisements relevant to your interests on our website and third-party platforms.

8.2 Managing Your Cookie Preferences

You can manage your cookie preferences at any time through the following methods:

• Using your browser settings to block or delete cookies.
• Using our cookie consent banner or preference center when you first visit our website.
• Opting out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Visiting the Digital Advertising Alliance at optout.aboutads.info.

Please note that disabling certain cookies may affect the functionality of our website and your ability to use certain features, including the shopping cart and order checkout process.

For more detailed information about our cookie practices, please refer to our full Cookie Policy.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting obligations. The specific retention periods we apply are as follows:

After the applicable retention period expires, we will securely delete or anonymize your personal information. Where anonymization is not feasible, we will store the information in isolation and prevent further processing until deletion is possible.

10. Children's Privacy

Our website and Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. We comply with the Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal information from children under 13 without verifiable parental consent.

If you are between the ages of 13 and 17, please do not use our Services without the supervision and consent of a parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor, please contact us immediately at [email protected].

Parents or legal guardians who believe their child has provided us with personal information without consent may also contact us to request the review and deletion of such information.

11. International Data Transfers

Giordanos is based in the United States, and your personal information is primarily collected, stored, and processed in the United States. However, some of our third-party service providers may be located in other countries and may process your personal information outside of the United States.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law. These safeguards may include:

• Transferring data only to countries that provide an adequate level of data protection as recognized by relevant authorities.
• Entering into data processing agreements with our service providers that include standard contractual clauses or other appropriate contractual protections.
• Ensuring that third-party processors adhere to applicable data security standards.

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our Services, you acknowledge and consent to this transfer.

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Giordanos. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit, as we have no control over and assume no responsibility for their privacy practices, content, or data handling procedures.

Examples of third-party services you may encounter through our platform include:

• Social media platforms (e.g., Facebook, Instagram, Twitter/X)
• Third-party delivery platforms and apps
• Payment gateway providers
• Mapping and location services (e.g., Google Maps)
• Review and rating platforms

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to DNT signals from browsers. However, you can manage your tracking preferences through the cookie management options described in Section 8 of this policy.

California residents should note that, in accordance with the CCPA/CPRA, we are required to inform you whether we honor DNT signals. At this time, we do not alter our data collection practices in response to DNT signals, but we provide alternative mechanisms for you to opt out of certain data collection as described in this policy.

14. How to File a Privacy Complaint

If you believe that your privacy rights have been violated, we encourage you to first contact us directly so that we can attempt to resolve your concern promptly and fairly.

14.1 Contact Us First

Please reach out to us using the contact information below and describe your concern in detail. We will investigate your complaint and respond within a reasonable timeframe:

• Email: [email protected]
• Website: giordanospizza.digital

14.2 File a Complaint With Regulatory Authorities

If you are not satisfied with our response, you have the right to file a complaint with the appropriate data protection or consumer protection authority:

• California Residents: You may file a complaint with the California Privacy Protection Agency (CPPA):
  Website: cppa.ca.gov
  Email: [email protected]
• All U.S. Residents: You may file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive business practices:
  Website: reportfraud.ftc.gov
  Phone: 1-877-FTC-HELP (1-877-382-4357)
• All U.S. Residents: You may also contact your state Attorney General's office for assistance with privacy-related complaints. Most states have consumer protection divisions that handle such matters.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal obligations, or the Services we offer. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this policy.
• Post a prominent notice on our website informing users of the changes.
• Where required by law or where changes are significant, notify you directly via email to the address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to addressing your privacy concerns in a thorough and timely manner.

When contacting us regarding a privacy matter, please provide sufficient detail to help us understand and address your concern, including your name, contact information, a description of your request, and, if applicable, the specific rights you wish to exercise.

We will acknowledge receipt of your inquiry within 5 business days and will make every effort to resolve your concern within 30 business days, or within the timeframes required by applicable law.