Privacy Policy

This Privacy Policy describes how Giordanos ("we," "us," or "our") collects, uses, discloses, and protects the personal information of visitors and customers who access or use our website located at tastygiordanos.digital (the "Website") and any related services, features, or content we offer (collectively, the "Services"). We are committed to protecting your privacy and handling your personal information with transparency, integrity, and in full compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

Please read this Privacy Policy carefully. By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please discontinue use of our Website and Services immediately.

For any questions, concerns, or requests relating to this Privacy Policy, you may contact us at:

1. Scope and Applicability

This Privacy Policy applies to all individuals who interact with Giordanos through our Website, mobile platforms, online ordering systems, loyalty programs, promotional campaigns, social media pages, customer support channels, and any other digital touchpoints we operate. This policy governs the collection and processing of personal information from residents of the United States, including but not limited to residents of California who may have additional rights under the CCPA/CPRA.

Our Website and Services are directed exclusively to individuals who are 18 years of age or older. We do not knowingly collect, process, or retain personal information from individuals under the age of 18. If you are a parent or guardian and believe that a minor has submitted personal information to us, please contact us immediately so we can take appropriate corrective action.

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked to or from our Website. We encourage you to review the privacy policies of any third-party services you access through links on our Website.

2. Information We Collect

We collect various types of personal information in connection with your use of our Website and Services. The categories of personal information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our loyalty program, subscribe to our newsletter, or contact us directly, we may collect:

• Full name
• Email address
• Phone number
• Mailing address and delivery address
• Date of birth (where required for promotional or verification purposes)
• Username and password (stored in encrypted form)
• Profile photo or avatar (if voluntarily uploaded)

2.2 Payment and Financial Information

When you make a purchase through our Website or online ordering platform, we collect payment-related information necessary to process your transaction, including:

• Credit card or debit card details (card number, expiration date, CVV — processed securely through third-party payment processors)
• Billing address
• Transaction history and order details
• Gift card or promotional code information

We do not store full payment card numbers on our servers. All payment processing is handled by PCI-DSS compliant third-party processors.

2.3 Order and Transaction Information

We collect information related to the products and services you purchase or inquire about, including:

• Order history, including items ordered, order frequency, and spending patterns
• Delivery preferences and special instructions
• Feedback, ratings, and reviews you submit regarding our food or services
• Loyalty program points balance and redemption history

2.4 Usage Data and Technical Information

When you visit our Website, we automatically collect certain technical information through cookies, pixels, log files, and similar tracking technologies, including:

• Internet Protocol (IP) address
• Browser type and version
• Operating system and device type
• Referring URL and exit pages
• Pages viewed, links clicked, and time spent on each page
• Date and time of access
• Search queries entered on our Website
• Session identifiers and clickstream data

2.5 Device Information

We may collect information about the device you use to access our Website, including:

• Device model and manufacturer
• Unique device identifiers (e.g., IDFA, Android Advertising ID)
• Mobile network information
• Screen resolution and display settings
• Language and timezone settings

2.6 Location Information

With your permission, we may collect precise or approximate geolocation data to facilitate order delivery, identify nearby restaurant locations, and provide location-based promotions. You may disable location sharing at any time through your device settings or browser preferences.

2.7 Communications and Customer Support Data

When you contact our customer support team or communicate with us via email, chat, or other channels, we collect:

• Content of your messages and inquiries
• Attachments or media you share with us
• Records of previous interactions and resolutions
• Survey responses and feedback submissions

2.8 Social Media and Third-Party Platform Data

If you choose to log in to our Website using a third-party account (such as Facebook, Google, or Apple), or if you interact with our social media pages, we may receive certain information from those platforms, subject to your privacy settings on those platforms, including:

• Social media username or profile name
• Profile picture
• Email address associated with the social media account
• Public posts, mentions, or tags that reference Giordanos

2.9 Information from Third Parties

We may also receive personal information about you from third-party sources, including marketing partners, data brokers, delivery platform partners, advertising networks, and analytics providers, which we may combine with information we have already collected about you.

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including:

3.1 Providing and Improving Our Services

• Processing and fulfilling your food orders, including delivery and pickup arrangements
• Creating and managing your customer account and loyalty program membership
• Personalizing your experience on our Website based on your preferences and order history
• Improving the functionality, design, and content of our Website and Services
• Conducting internal research, data analysis, and product development

3.2 Customer Communications

• Sending order confirmations, receipts, and delivery status updates
• Responding to your inquiries, complaints, and customer support requests
• Notifying you about changes to our menu, policies, or terms of service
• Providing important safety or security alerts related to your account

3.3 Marketing and Promotional Activities

• Sending promotional emails, newsletters, and special offers tailored to your preferences
• Notifying you about loyalty program rewards, points balances, and exclusive member deals
• Displaying targeted advertisements on our Website and third-party platforms
• Conducting contests, sweepstakes, and other promotional campaigns
• Analyzing the effectiveness of our marketing campaigns and advertising spend

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any promotional email, adjusting your account notification preferences, or contacting us directly at [email protected]. Please note that opting out of marketing communications does not affect transactional or service-related communications.

3.4 Analytics and Performance Monitoring

• Analyzing traffic patterns, user behavior, and engagement metrics to improve our Website performance
• Monitoring system performance, identifying bugs, and resolving technical issues
• Generating aggregated, anonymized statistical reports for business intelligence purposes

3.5 Legal Compliance and Safety

• Complying with applicable federal and state laws, regulations, and legal obligations
• Enforcing our Terms of Service and other agreements
• Detecting, investigating, and preventing fraud, unauthorized access, and other illegal or harmful activities
• Protecting the rights, property, and safety of Giordanos, our customers, and the public
• Responding to lawful requests from government authorities, courts, or law enforcement agencies

3.6 Business Operations

• Facilitating internal accounting, auditing, and financial operations
• Managing supplier and vendor relationships
• Supporting mergers, acquisitions, or other business restructuring activities

4. How We Share Your Information

We do not sell your personal information to third parties for their independent marketing purposes. However, we may share your personal information with the following categories of recipients in the circumstances described below:

4.1 Service Providers and Business Partners

We share personal information with trusted third-party companies and individuals who perform services on our behalf, including:

• Payment processors: To securely handle credit and debit card transactions
• Delivery and logistics partners: To fulfill food delivery orders
• Cloud hosting and infrastructure providers: To store and process data securely
• Email marketing platforms: To send promotional and transactional emails
• Analytics providers: Such as Google Analytics, to analyze Website traffic and user behavior
• Customer support software providers: To manage customer service interactions
• Advertising networks: To serve targeted advertisements on our behalf

These service providers are contractually obligated to use your personal information only for the purposes for which it was shared and to maintain appropriate security standards.

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a subpoena, court order, legal process, or other governmental request
• Enforce our Terms of Service or protect our rights, property, or safety
• Investigate potential violations of law or respond to claims that content on our Website violates the rights of others
• Protect the personal safety of our users, employees, or the public

4.3 Business Transfers

In the event that Giordanos undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the successor entity as part of that transaction. We will notify you via email or prominent notice on our Website if your personal information becomes subject to a different privacy policy as a result of such a transaction.

4.4 With Your Consent

We may share your personal information with third parties when you have provided explicit consent to do so, such as when participating in co-branded promotions or referral programs.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other business purposes without restriction.

5. Cookies and Tracking Technologies

Our Website uses cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to collect and store information about your interactions with our Website. These technologies help us provide a more personalized and efficient user experience.

5.1 Types of Cookies We Use

5.2 Managing Cookies

You can control and manage cookies through your browser settings. Most web browsers allow you to refuse cookies or delete existing cookies from your device. However, please note that disabling certain cookies may affect the functionality of our Website and your ability to use certain features, such as online ordering or account management. For more detailed information about our use of cookies and how to manage your preferences, please refer to our Cookie Policy.

5.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, our Website does not respond to DNT signals, as there is no uniform industry standard for how DNT signals should be interpreted. We will update this section if a standard is adopted in the future.

6. Data Security

We take the security of your personal information seriously and implement a comprehensive set of technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, loss, or destruction.

6.1 Security Measures We Employ

• Encryption: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS) protocol. Sensitive data such as passwords are stored using strong cryptographic hashing algorithms.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. We implement role-based access controls and multi-factor authentication for internal systems.
• Network Security: We maintain firewalls, intrusion detection systems, and regular vulnerability assessments to protect our network infrastructure.
• Payment Security: We comply with Payment Card Industry Data Security Standards (PCI-DSS) for the processing of payment card information.
• Regular Audits: We conduct periodic security audits, penetration testing, and risk assessments to identify and remediate potential vulnerabilities.
• Employee Training: Our employees receive regular training on data protection best practices and our internal privacy and security policies.

6.2 Data Breach Response

In the event of a data breach that affects your personal information, we will notify you in accordance with applicable federal and state data breach notification laws. We maintain an incident response plan designed to minimize the impact of any security incident and will work diligently to investigate, contain, and remediate any breach.

Despite our best efforts, no method of data transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information, and you use our Services at your own risk. We encourage you to use strong, unique passwords for your account and to notify us immediately if you suspect any unauthorized activity.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.

7.1 Rights Available to All U.S. Residents

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Correction: You have the right to request that we correct inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where retention is required by law or necessary to complete a transaction you requested).
• Right to Opt Out of Marketing: You have the right to opt out of receiving marketing communications from us at any time.

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you have additional privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

• Right to Know and Access: You may request disclosure of the personal information we have collected, used, disclosed, and sold about you over the past 12 months.
• Right to Data Portability: You have the right to receive a copy of your personal information in a portable and readily usable format, to the extent technically feasible.
• Right to Opt Out of Sale or Sharing: Although we do not sell personal information in the traditional sense, to the extent our use of advertising cookies or cross-context behavioral advertising constitutes a "sale" or "sharing" under the CPRA, you have the right to opt out.
• Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit our use of sensitive personal information to what is necessary to perform the Services you requested.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality of goods or services as a result of your exercise of privacy rights.
• Shine the Light Law: California residents may also request information about our disclosure of personal information to third parties for their direct marketing purposes under California's Shine the Light Law (Cal. Civ. Code § 1798.83).

7.3 How to Exercise Your Rights

To exercise any of the rights described in this section, please submit a verifiable consumer request to us using the following contact information:

We will acknowledge receipt of your request within 10 business days and respond to your request within 45 days. If we require additional time, we will notify you of the reason and the extension period (up to an additional 45 days). We may need to verify your identity before processing your request and may ask you to provide certain identifying information. We will not discriminate against you for exercising your privacy rights.

You may designate an authorized agent to submit privacy requests on your behalf. The authorized agent must provide written authorization from you, and we may require you to verify your identity directly with us.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods we apply depend on the type of information and the purpose for which it was collected:

When personal information is no longer required for any of these purposes, we will securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.

9. Children's Privacy

Our Website and Services are intended exclusively for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. We do not knowingly allow minors to register for accounts, make purchases, or use our Services.

If we learn that we have inadvertently collected personal information from a person under the age of 18, we will take prompt steps to delete that information from our records. If you are a parent or guardian and have reason to believe that your child has provided personal information to us, please contact us immediately at [email protected] so that we can investigate and take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC's COPPA Rule. We do not direct any content specifically at children and do not knowingly engage in any marketing or advertising activities targeted at minors.

10. International Data Transfers

Giordanos is based in the United States and primarily processes personal information within the United States. If you access our Website from outside the United States, please be aware that your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our Website or Services from outside the United States, you acknowledge and consent to the transfer of your personal information to the United States for processing in accordance with this Privacy Policy. We will take appropriate safeguards to ensure that your personal information receives adequate protection in accordance with applicable privacy laws, including the use of contractual protections where required.

If you are located in a jurisdiction with specific data transfer requirements (such as the European Economic Area or the United Kingdom), please note that we may rely on standard contractual clauses, data processing agreements, or other lawful transfer mechanisms to ensure compliance. Please contact us at [email protected] for more information about our international data transfer practices.

11. Third-Party Links and Services

Our Website may contain links to third-party websites, applications, or services that are not owned or controlled by Giordanos. This Privacy Policy applies solely to information collected by our Website and does not govern the privacy practices of any third party. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We encourage you to review the privacy policies of any third-party websites or services that you visit or use. The inclusion of a link on our Website does not imply our endorsement of the linked site or its privacy practices.

12. Your California Privacy Rights — Additional Disclosures

In addition to the rights described in Section 7, California residents have the following rights under the CCPA/CPRA:

12.1 Categories of Personal Information Collected

Over the past 12 months, we have collected the following categories of personal information as defined under the CCPA:

• Identifiers (e.g., name, email address, IP address, account username)
• Customer records information (e.g., name, address, phone number, payment information)
• Commercial information (e.g., purchase history, loyalty program data)
• Internet or other electronic network activity information (e.g., browsing history, search queries)
• Geolocation data (with your consent)
• Inferences drawn from the above information to create a profile about consumer preferences

12.2 Purposes for Collection

We collect the above categories of personal information for the business and commercial purposes described in Section 3 of this Privacy Policy.

12.3 "Do Not Sell or Share My Personal Information"

Under the CPRA, California residents have the right to opt out of the "sale" or "sharing" of their personal information. While we do not sell personal information for monetary consideration, certain sharing activities related to targeted advertising may constitute "sharing" under the CPRA. To exercise your right to opt out, please contact us at [email protected] or adjust your cookie preferences through our cookie management tool on the Website.

13. How to File a Complaint

If you believe that we have not handled your personal information in accordance with this Privacy Policy or applicable law, you have the right to file a complaint. We encourage you to first contact us directly so that we may attempt to resolve your concern:

If you are a California resident and are not satisfied with our response, you may file a complaint with the California Privacy Protection Agency (CPPA):

You may also file a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive practices related to privacy:

Residents of other states may also have the right to file complaints with their state's attorney general office or consumer protection agency regarding privacy violations.

14. Changes to This Privacy Policy

We reserve the right to update, modify, or replace this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will provide notice by:

• Posting the updated Privacy Policy on our Website with a revised "Last Updated" date
• Sending an email notification to registered account holders
• Displaying a prominent notice on our Website homepage

Your continued use of our Website or Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you do not agree with the changes, you should discontinue use of our Services and may request deletion of your account.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or your privacy rights, please do not hesitate to contact our privacy team using the information below. We are committed to responding to all privacy inquiries in a timely and helpful manner.

We will acknowledge your inquiry within 10 business days and make every effort to resolve your concern promptly and satisfactorily. For formal privacy rights requests under the CCPA/CPRA or other applicable laws, please indicate the nature of your request clearly in your communication so that we can process it efficiently.