Privacy Policy

Effective Date: June 14, 2026  |  Last Updated: June 14, 2026

This Privacy Policy describes how Papa Ginos ("we," "us," "our," or "the Company") collects, uses, stores, shares, and protects your personal information when you visit our website at cafe-papaginos.rest, place orders, interact with our services, or otherwise engage with our food and restaurant offerings. We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and responsible manner.

By accessing or using our website, placing an order, signing up for our loyalty program, or otherwise providing us with your personal information, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

We encourage you to read this Privacy Policy carefully and contact us at [email protected] if you have any questions or concerns.

1. About Us

Papa Ginos is a food and restaurant business operating in the United States. We are dedicated to providing high-quality food experiences to our valued customers. Our contact information for all privacy-related matters is as follows:

Company Name Papa Ginos
Website cafe-papaginos.rest
Email Address [email protected]
Country of Operation United States

2. Applicable Laws and Legal Framework

As a business operating within the United States, our privacy practices are governed by applicable federal and state laws, including but not limited to:

  • The Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive practices in commerce, including the mishandling of consumer data.
  • The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), which provide California residents with enhanced rights over their personal information.
  • The CAN-SPAM Act, which governs commercial email communications.
  • The Children's Online Privacy Protection Act (COPPA), which restricts the collection of personal data from children under the age of 13.
  • Other applicable state privacy laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA).

We are committed to compliance with all applicable privacy laws and regulations and will update this Privacy Policy as legal requirements evolve.

3. Information We Collect

We collect various categories of personal information in connection with our business operations. The specific information we collect depends on how you interact with us, whether through our website, mobile ordering, in-person visits, or other channels.

3.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, participate in a promotion, or contact us, we may collect the following personal identification information:

  • Full name
  • Email address
  • Phone number
  • Billing and delivery address
  • Date of birth (where applicable, such as for age verification or loyalty programs)
  • Username and password for account registration
  • Profile picture or avatar (if voluntarily uploaded)

3.2 Payment and Financial Information

When you make a purchase through our website or app, we collect payment-related information necessary to process your transaction. This may include:

  • Credit or debit card number (last four digits only, as full card numbers are processed by our secure payment processors)
  • Payment method type (e.g., Visa, Mastercard, PayPal)
  • Billing address associated with the payment method
  • Transaction ID and order history

We do not store full credit card numbers or sensitive financial data on our servers. All payment transactions are processed through PCI-DSS-compliant third-party payment processors.

3.3 Order and Transaction Data

We collect information about your orders and transactions with us, including:

  • Items ordered, customization preferences, and order history
  • Order timestamps and delivery addresses
  • Special dietary requests or preferences you provide
  • Loyalty points earned and redeemed
  • Promotional codes or gift cards used

3.4 Usage Data and Website Activity

When you visit our website at cafe-papaginos.rest, we automatically collect certain usage data and technical information, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system and device type
  • Pages visited, links clicked, and time spent on each page
  • Referring website or URL that brought you to our site
  • Search terms used on our website
  • Session duration and frequency of visits
  • Error logs and crash reports

3.5 Device Information

If you access our services via a mobile device or app, we may collect additional device-specific information, such as:

  • Device identifiers (e.g., device ID, advertising ID)
  • Mobile network information
  • Hardware model and firmware version
  • Push notification tokens (if you opt in to notifications)
  • Location data (only if you grant location permissions)

3.6 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your browsing behavior on our website. For detailed information about the specific cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.

3.7 Communications and Customer Support Data

When you contact us for customer support, submit a complaint, or communicate with us via email, chat, or phone, we may collect:

  • The content of your messages and communications
  • Contact details you provide
  • Records of our correspondence with you
  • Feedback, reviews, and survey responses

3.8 Voluntarily Provided Information

You may also provide additional information voluntarily, such as through social media interactions, participation in contests or sweepstakes, submitting reviews or testimonials, or participating in our referral programs.

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. We will only process your data when we have a valid legal basis to do so, such as your consent, the performance of a contract, compliance with a legal obligation, or our legitimate business interests.

4.1 Providing and Managing Our Services

  • Processing and fulfilling your food orders and deliveries
  • Managing your account registration and login
  • Processing payments and issuing receipts and confirmations
  • Managing loyalty and rewards program memberships
  • Handling returns, refunds, and order modifications
  • Providing customer support and resolving disputes

4.2 Personalization and User Experience

  • Personalizing your experience on our website based on your order history and preferences
  • Recommending menu items or promotions you may enjoy
  • Remembering your saved addresses, payment methods, and preferences
  • Displaying relevant content based on your location or browsing history

4.3 Marketing and Promotional Communications

  • Sending you promotional emails, newsletters, and special offers (with your consent or where otherwise permitted by law)
  • Notifying you about new menu items, seasonal specials, or limited-time promotions
  • Administering contests, giveaways, and loyalty rewards
  • Conducting targeted advertising through third-party platforms such as Google Ads, Meta (Facebook/Instagram), and others

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any of our emails, or by contacting us at [email protected].

4.4 Analytics and Business Improvement

  • Analyzing website traffic, user behavior, and ordering patterns to improve our services
  • Conducting internal research and business analytics
  • Monitoring and improving website performance and functionality
  • Testing new features, menu items, or pricing structures

4.5 Legal Compliance and Safety

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from law enforcement or regulatory authorities
  • Detecting, preventing, and investigating fraud, security incidents, and other illegal activities
  • Enforcing our Terms of Service and other applicable agreements
  • Protecting the rights, property, and safety of Papa Ginos, our customers, and the public

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your information with trusted third parties in the following limited circumstances:

5.1 Service Providers and Business Partners

We share personal information with third-party service providers who perform functions on our behalf, including:

  • Payment processors (e.g., Stripe, Square) to handle secure transactions
  • Delivery partners to fulfill food delivery orders
  • Cloud hosting and IT service providers to maintain our website and systems
  • Email marketing platforms (e.g., Mailchimp, Klaviyo) to send communications
  • Analytics providers (e.g., Google Analytics) to analyze website usage
  • Customer support tools to manage inquiries and complaints
  • Loyalty and rewards platform providers

All service providers are contractually obligated to use your data only for the purposes for which it was shared and to implement appropriate security measures.

5.2 Advertising and Marketing Partners

We may share certain information, such as cookie identifiers and hashed email addresses, with advertising partners for the purpose of delivering targeted advertisements. This sharing is subject to your cookie preferences and applicable opt-out rights.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law or in response to valid legal requests, including:

  • Court orders, subpoenas, or other legal processes
  • Requests from law enforcement or government agencies
  • Situations where disclosure is necessary to protect national security or public safety
  • Situations where we believe disclosure is necessary to prevent fraud or imminent harm

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity as part of the business transaction. We will notify you of any such change and the applicable privacy protections that will apply.

5.5 With Your Consent

We may share your personal information with other third parties when we have obtained your express consent to do so.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, analyze website traffic, and deliver targeted advertising. Cookies are small text files placed on your device when you visit our website.

6.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function properly, such as session cookies that keep you logged in during a visit.
  • Functional Cookies: Remember your preferences, such as saved addresses, language settings, or menu customizations.
  • Analytics Cookies: Collect information about how visitors use our site, helping us improve performance and user experience.
  • Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

6.2 Managing Your Cookie Preferences

You can manage or withdraw your consent to non-essential cookies at any time through our cookie consent banner or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For full details on our cookie practices, please see our Cookie Policy.

7. Data Security

We take the security of your personal information seriously and have implemented a range of technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols.
  • Access Controls: Access to personal data is restricted to authorized employees and service providers on a need-to-know basis.
  • Secure Payment Processing: All payment transactions are handled by PCI-DSS-compliant payment processors. We do not store full credit card numbers on our systems.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and address potential risks.
  • Data Minimization: We collect only the personal data that is necessary for the stated purposes and retain it only for as long as required.
  • Incident Response Plan: We maintain a data breach response plan and will notify affected users and relevant authorities as required by law in the event of a security incident.

While we take every reasonable precaution to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to take steps to protect your own information, such as using strong passwords and keeping your login credentials confidential.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

Category of Data Retention Period
Account and profile information For the duration of your account, plus up to 3 years after account closure
Order and transaction history Up to 7 years (for tax and accounting purposes)
Payment processing records Up to 7 years in accordance with financial regulations
Marketing preferences and opt-outs Indefinitely, to honor your preferences
Customer support communications Up to 3 years from the date of the last interaction
Website analytics and usage data Up to 26 months (in line with analytics provider standards)
Cookie data Varies by cookie type (session cookies expire when you close your browser; persistent cookies have set expiration dates)

When your personal data is no longer required, we will securely delete or anonymize it in accordance with our data retention procedures.

9. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights and providing a simple process for you to exercise them.

9.1 Rights Available to All Users

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain the data by law).
  • Right to Opt Out of Marketing: You may opt out of receiving marketing communications from us at any time.

9.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights, including:

  • Right to Know: The right to know what categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to Delete: The right to request deletion of personal information we have collected from you, subject to limited exceptions.
  • Right to Correct: The right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information. However, if we engage in data "sharing" for cross-context behavioral advertising, you have the right to opt out.
  • Right to Limit Use of Sensitive Personal Information: The right to limit our use of sensitive personal information to specified purposes.
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level of service because you exercised your privacy rights.
  • Right to Data Portability: The right to receive your personal information in a portable, usable format.

To submit a California privacy rights request, please contact us at [email protected] with the subject line "California Privacy Rights Request."

9.3 Rights Under Other State Laws

Residents of Virginia, Colorado, Connecticut, Texas, and other states with privacy laws may also have rights similar to those described above, including the right to access, correct, delete, and port their data, as well as the right to opt out of targeted advertising and profiling. Please contact us to exercise any applicable rights.

9.4 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the information below. We may need to verify your identity before processing your request. We will respond to your request within the timeframe required by applicable law (generally 30 to 45 days).

Submit your privacy rights request:
Email: [email protected]
Website: cafe-papaginos.rest

10. Children's Privacy

Our website, services, and food offerings are intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or use personal information from children under the age of 13, or knowingly allow such persons to use our services.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will promptly delete that information from our records.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

11. International Data Transfers

Papa Ginos operates primarily within the United States. However, some of our third-party service providers may be located in other countries, which may include countries that do not have the same data protection laws as the United States.

When we transfer your personal information to service providers or partners located outside the United States, we take appropriate steps to ensure that your data is protected in accordance with this Privacy Policy and applicable law. These steps may include entering into data processing agreements with our service providers that incorporate appropriate data transfer mechanisms.

By using our services, you acknowledge that your personal information may be processed in countries outside the United States, and you consent to such transfers where required by law.

12. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universal standard for how websites should respond to DNT signals. Our website does not respond to DNT signals at this time. However, you can manage your privacy preferences through our cookie consent mechanism and by adjusting your browser settings.

13. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, or other external services. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites, and we encourage you to review the privacy policies of any external sites you visit. The inclusion of a link does not imply our endorsement of the third party's privacy practices.

14. Social Media and Online Reviews

We may maintain official pages on social media platforms such as Facebook, Instagram, Twitter/X, and others. When you interact with us on social media, the information you share may be visible to the public and to the social media platform. Please review the privacy settings and policies of the relevant social media platforms before sharing personal information with us through those channels.

If you submit a review or testimonial on our website or through a third-party review platform, you acknowledge that the information you provide may be publicly visible. We may feature your reviews in our marketing materials, though we will never include your personal contact information without your consent.

15. Opt-Out of Marketing Communications

You have the right to opt out of receiving marketing and promotional communications from us at any time. You can do this by:

  • Clicking the "Unsubscribe" or "Opt Out" link at the bottom of any marketing email we send you
  • Replying "STOP" to any SMS/text marketing messages you receive from us
  • Logging in to your account and updating your communication preferences in your profile settings
  • Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, we may still send you transactional and service-related messages, such as order confirmations, receipts, and important account notifications. These communications are necessary for the provision of our services and are not subject to opt-out.

16. Filing a Complaint with a Data Protection Authority

If you believe that our processing of your personal information violates applicable privacy laws, you have the right to file a complaint with the relevant regulatory authority.

16.1 Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is the primary federal agency responsible for consumer protection and enforcement of privacy laws in the United States. You may file a complaint with the FTC as follows:

Federal Trade Commission
Website: www.ftc.gov
Complaint Center: reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)

16.2 California Attorney General (for California Residents)

California residents who have concerns about our CCPA/CPRA compliance may contact the California Attorney General's Office:

California Office of the Attorney General
Website: oag.ca.gov/privacy
Email: [email protected]

16.3 State Attorneys General

Residents of other states may contact their respective state Attorney General's office for guidance on filing a privacy complaint under applicable state law. We encourage you to reach out to us first at [email protected] so that we can attempt to resolve your concern directly before escalating to a regulatory authority.

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the services we offer. When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this page
  • Post the revised Privacy Policy on our website at cafe-papaginos.rest
  • Where required by law, notify you directly via email or a prominent notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of any changes constitutes your acceptance of those changes.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to resolving any privacy-related inquiries promptly and transparently.

Company Name Papa Ginos
Website cafe-papaginos.rest
Email (Privacy Inquiries) [email protected]

We aim to respond to all privacy-related inquiries within 30 business days of receipt. For California residents, we will respond within 45 calendar days as required by the CCPA/CPRA, with the possibility of a 45-day extension where reasonably necessary.

Thank you for trusting Papa Ginos with your personal information. Your privacy is important to us, and we are dedicated to protecting your data while delivering the best possible food and dining experience.

This Privacy Policy was last reviewed and updated on June 14, 2026. All previous versions of this Privacy Policy are superseded by this current version.