Privacy Policy

This Privacy Policy describes how Giordanos ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at eatgiordanos.click, place orders online, subscribe to our communications, or otherwise interact with our services. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By accessing or using our website, placing an order, or engaging with any of our digital services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the terms set forth herein, please discontinue use of our website and services immediately.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission (FTC) Act, the CAN-SPAM Act, and other applicable regulations.

1. About Us

Giordanos is a food service business operating within the United States. We provide customers with food ordering, delivery, and dining experiences through our website and related digital platforms.

For all privacy-related inquiries, concerns, or requests, you may contact us using the information provided above. We strive to respond to all privacy-related communications within a reasonable timeframe, and in no case more than forty-five (45) days from receipt of your request, as required under applicable law.

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we may collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, participate in a promotion, or contact us directly, we may collect:

• Full name
• Email address
• Phone number
• Billing and shipping/delivery address
• Date of birth (where required for age verification)
• Username and password for account creation
• Payment information (credit/debit card numbers, billing details — processed securely through third-party payment processors)
• Dietary preferences or restrictions you voluntarily provide
• Order history and preferences

2.2 Usage Data and Behavioral Information

When you access and use our website, we automatically collect certain information about your interaction with our digital services, including:

• Pages visited and time spent on each page
• Links clicked and features used
• Search queries entered on our website
• Referring URLs (how you arrived at our website)
• Browser type and version
• Operating system and platform
• Timestamps of website visits
• Items added to or removed from your shopping cart
• Abandoned cart information

2.3 Device Information

We collect technical data about the devices you use to access our website, including:

• IP address
• Device identifiers (device ID, advertising ID)
• Device type (mobile, tablet, desktop)
• Hardware model and settings
• Screen resolution
• Network information and internet service provider
• Mobile network information (where applicable)

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior on our website. For more detailed information about how we use cookies, please see Section 8 (Cookie Policy) of this Privacy Policy.

2.5 Location Data

With your permission, we may collect precise or approximate geolocation data from your device to provide location-based services, such as identifying nearby locations, processing delivery orders, and offering region-specific promotions. You may disable location access through your device settings at any time.

2.6 Communications Data

When you contact us through email, phone, web forms, or any other communication channel, we may retain records of those communications, including:

• Content of your messages or inquiries
• Customer service interaction history
• Feedback, reviews, and survey responses you voluntarily submit

2.7 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social media platforms (if you connect your social media account or interact with our social media presence)
• Third-party food ordering and delivery platforms
• Marketing partners and data providers
• Payment processors and fraud prevention services
• Analytics providers

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including the following:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including delivery or pickup arrangements
• Creating and managing your customer account
• Processing payments and issuing receipts or invoices
• Communicating with you about your orders, including confirmations, updates, and delivery notifications
• Providing customer support and responding to your inquiries or complaints
• Managing loyalty rewards, promotional credits, or gift card balances

3.2 Analytics and Website Improvement

• Analyzing how visitors use our website to improve functionality and user experience
• Conducting research and development to improve our food products and services
• Monitoring and analyzing trends, usage, and activities in connection with our website
• Diagnosing technical problems and maintaining the security and integrity of our systems
• Generating aggregate statistical data and reports (non-identifiable)

3.3 Marketing and Communications

• Sending you promotional emails, newsletters, special offers, and other marketing communications (with your consent where required)
• Personalizing your experience and presenting you with relevant menu items, promotions, and recommendations based on your order history and preferences
• Conducting marketing campaigns, sweepstakes, contests, or other promotional activities
• Retargeting advertisements across third-party websites and platforms
• Sending push notifications (if you opt in) about order updates, deals, and promotions

3.4 Legal and Compliance Purposes

• Complying with applicable federal, state, and local laws and regulations
• Enforcing our Terms of Service and other legal agreements
• Detecting, investigating, and preventing fraudulent transactions and other illegal activities
• Protecting the rights, property, and safety of Giordanos, our customers, and others
• Responding to lawful requests from public authorities, including law enforcement

3.5 Business Operations

• Managing our business relationships with vendors, suppliers, and service providers
• Conducting internal audits and assessments
• Facilitating business transactions such as mergers, acquisitions, or asset sales (subject to confidentiality obligations)

4. Legal Basis for Processing

We process your personal information on the following legal grounds:

• Contractual Necessity: Processing is necessary to fulfill the contract we have with you (e.g., processing your food order).
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, improving our services, and direct marketing to existing customers.
• Consent: Where required by law, we will obtain your explicit consent before processing your data for marketing communications or non-essential cookies.
• Legal Obligation: Processing is necessary to comply with applicable legal requirements.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own marketing purposes. However, we may share your personal information in the following limited circumstances:

5.1 Service Providers

We work with third-party companies and individuals who assist us in operating our business and providing services. These service providers may have access to your personal information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Service providers include:

• Payment processors and financial institutions
• Delivery and logistics partners
• Web hosting and cloud infrastructure providers
• Email and marketing communication platforms
• Customer support software providers
• Analytics and data intelligence services
• Fraud detection and security services
• Advertising technology platforms

5.2 Business Partners and Affiliates

We may share information with trusted business partners for joint marketing initiatives, co-branded promotions, or integrated service offerings. In such cases, we will notify you and obtain any required consents before sharing your data.

5.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law or in good-faith belief that such action is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Protect and defend our legal rights or property
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users of our website or the public

5.4 Business Transfers

In the event that Giordanos is involved in a merger, acquisition, asset sale, reorganization, bankruptcy, or similar corporate transaction, your personal information may be transferred as part of such transaction. We will notify you via email or a prominent notice on our website before your information becomes subject to a different privacy policy.

5.5 Aggregate and De-Identified Data

We may share aggregated, anonymized, or de-identified information — which cannot reasonably be used to identify you — with third parties for research, marketing, analytics, and other purposes without restriction.

6. Data Security

We take the security of your personal information seriously and implement a comprehensive set of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, destruction, or loss.

6.1 Security Measures We Employ

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Secure Payment Processing: All payment card transactions are processed through PCI-DSS compliant payment processors. We do not store your full credit card numbers on our servers.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. We implement role-based access controls and multi-factor authentication for administrative systems.
• Regular Security Assessments: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and address potential security risks.
• Data Minimization: We collect only the personal information that is necessary for the purposes described in this Privacy Policy.
• Employee Training: Our staff receives regular training on data protection, privacy best practices, and security protocols.
• Incident Response: We maintain a data breach response plan to quickly detect, contain, and respond to any potential security incidents.

6.2 Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. If you believe your account or personal information has been compromised, please contact us immediately at [email protected].

7. Your Rights and Choices

Depending on your state of residence, you may have certain rights regarding your personal information. We honor all legally applicable rights and provide accessible mechanisms for you to exercise them.

7.1 Rights Available to All Users

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You may request that we delete your personal information, subject to certain exceptions (e.g., information required to complete a transaction or comply with legal obligations).
• Right to Opt Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.
• Right to Data Portability: Where technically feasible, you may request a copy of your personal data in a structured, machine-readable format.

7.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

• Right to Know: You have the right to know what categories of personal information we collect, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, you may contact us at [email protected].
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform the services you request.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your rights.

To submit a verifiable consumer request, please contact us at [email protected]. You may also designate an authorized agent to submit a request on your behalf, provided we can verify both your identity and the agent's authorization.

7.3 How to Exercise Your Rights

To exercise any of your privacy rights, please contact us by:

• Email: [email protected]
• Website: eatgiordanos.click

We will verify your identity before processing your request. We will respond to your request within forty-five (45) days. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period in writing.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content and advertisements.

8.1 What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help the website recognize your device on subsequent visits and remember your preferences and settings.

8.2 Types of Cookies We Use

8.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at www.aboutads.info/choices or the Network Advertising Initiative (NAI) at www.networkadvertising.org/choices.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements.

When your personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.

10. Children's Privacy

Our website and services are intended for individuals who are eighteen (18) years of age or older. We do not knowingly collect, solicit, or process personal information from children under the age of 13, as defined by the Children's Online Privacy Protection Act (COPPA).

If you are a parent or legal guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take steps to promptly delete such information from our systems.

We do not intentionally market our services to individuals under 18 years of age. Users between the ages of 13 and 17 should only use our website with the knowledge, supervision, and consent of a parent or legal guardian. If we learn that we have inadvertently collected personal information from a minor, we will delete such data as soon as practicable.

11. International Data Transfers

Giordanos is a United States-based company, and our primary data processing activities occur within the United States. However, some of the third-party service providers we work with may be located in other countries, and your personal information may be transferred to and processed in countries other than your country of residence.

If your personal information is transferred internationally, we take steps to ensure that adequate protections are in place to maintain the security and privacy of your data in accordance with applicable laws. Such safeguards may include:

• Standard contractual clauses approved by relevant regulatory authorities
• Data processing agreements with service providers
• Transfer only to countries deemed to have adequate data protection standards

By using our website and services, you acknowledge that your personal information may be transferred to, stored, and processed in the United States and other countries, whose data protection laws may differ from those in your country of residence.

12. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no industry-wide standard for how websites should respond to DNT signals. As such, our website does not currently respond to DNT signals. However, you may use the cookie management options described in Section 8 to limit certain types of tracking.

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Giordanos. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party sites or services. We encourage you to review the privacy policies of any third-party websites or services before providing any personal information to them.

Third-party services that may be integrated with our website include, but are not limited to, social media sharing buttons, payment gateways, map services, and review platforms. Each of these third parties operates under their own privacy policies, which we recommend you review.

14. Marketing Communications and Opt-Out

We may send you promotional communications about our products, special offers, seasonal deals, and other updates. You have the following choices regarding marketing communications:

• Email Marketing: You may opt out of receiving promotional emails by clicking the "unsubscribe" link at the bottom of any marketing email or by contacting us at [email protected]. Please note that even if you opt out of marketing emails, we may still send you transactional or operational emails (such as order confirmations and account notifications).
• SMS/Text Messages: If you have subscribed to receive text message marketing from us, you may opt out by replying "STOP" to any marketing text message or by contacting us directly.
• Push Notifications: You may manage push notification preferences through your device or browser settings.
• Personalized Advertising: You may opt out of interest-based advertising as described in Section 8.3 of this Policy.

Opt-out requests may take up to ten (10) business days to be processed. During that period, you may still receive marketing communications that were already in progress prior to your request.

15. FTC Compliance and Consumer Protection

We are committed to complying with the Federal Trade Commission (FTC) Act and all applicable federal consumer protection laws. We will not engage in unfair or deceptive practices related to the collection, use, or disclosure of your personal information. Our privacy practices are reviewed regularly to ensure ongoing compliance with FTC guidelines and regulations.

If you believe we have engaged in any unfair or deceptive privacy practices, you have the right to file a complaint with the FTC at www.ftc.gov/complaint.

16. How to File a Privacy Complaint

If you have concerns about how we handle your personal information, we encourage you to contact us first so that we can address your concerns directly. You may reach our privacy team by email at [email protected].

We will investigate and respond to your complaint within a reasonable timeframe. If you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority. Depending on your location, the relevant authority may be:

• California Residents: California Privacy Protection Agency (CPPA) — cppa.ca.gov
• All U.S. Residents: Federal Trade Commission (FTC) — www.ftc.gov/complaint
• State Attorney General Offices: Depending on your state of residence, you may also file a complaint with your state's attorney general office.

17. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time. When we make material changes, we will notify you by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to the email address associated with your account (where applicable)
• Displaying a prominent notice on our website

Your continued use of our website and services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us using the information below. We are committed to addressing your inquiries promptly and transparently.

We value your trust and are dedicated to safeguarding your privacy. Thank you for taking the time to read our Privacy Policy.