Privacy Policy for caferoyalesf.com
1. Introduction
At Café Royale San Francisco (“Café Royale”, “we”, “us”, or “our”), accessible via caferoyalesf.com, we deeply value your privacy and are committed to protecting your personal data with the highest level of transparency, accountability, and care. This Privacy Policy is designed to inform you about how we collect, use, disclose, and safeguard your personal data when you interact with our website. We adhere to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Our Role as Data Controller
This Privacy Policy applies to all individuals who access or use caferoyalesf.com and related services, communications, and functionalities. Café Royale acts as the “data controller” under GDPR with regard to the personal data collected through the website. As a data controller, we determine the purposes and means of processing your personal data according to applicable legal principles.
3. Categories of Personal Data We Collect
We collect and process various categories of personal data depending on your interactions with our website:
a. Usage Data
This includes data automatically collected about your interactions, such as IP address, browser type and version, geographic location, referral source, length of visit, pages viewed, and session information.
b. Account Data
If you create an account or place an order, we may collect your full name, billing and delivery address, email address, and phone number.
c. Profile Data
Information you provide to customize your experience such as saved preferences, purchase history, product reviews, and behavioral indicators.
d. Communication Data
All communications sent via forms, emails to [email protected], and customer service interactions, including inquiries, support requests, and related correspondence.
e. Technical Data
Collected from your device, such as operating system, device type, language settings, browser plug-in types, screen resolution, and other system configurations.
f. Transaction Data
Details of products and services you purchase through caferoyalesf.com, payment methods, billing information (excluding full credit card details), and delivery tracking.
g. Preference Data
Includes your marketing and communication preferences, product interests, user consents, and opt-out selections relating to promotional materials.
4. Legal Bases for Processing Personal Data
We process personal data under the following lawful bases, depending on the nature of the data and context of collection:
– Contractual Necessity: To fulfill obligations related to orders or services you request.
– Consent: Where you have actively provided approval (e.g., for marketing emails or cookies).
– Legitimate Interests: To improve our website functionality, ensure security, and grow our business, provided such interests do not override your rights.
– Legal Obligation: Where processing is required under applicable laws or regulatory obligations.
5. Your Rights Under GDPR and CCPA
Depending on your residency and applicable privacy laws, you may have the following rights with respect to your personal data:
– Right of Access: Obtain confirmation about whether we process your data and request a copy.
– Right of Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to exemptions.
– Right to Restriction: Request limitation on data processing under certain conditions.
– Right to Data Portability: Receive your data in a structured, machine-readable format or request transfer to another controller.
– Right to Object: Object to the processing of your data under certain circumstances, including direct marketing.
– Rights under CCPA: California users may also request a list of categories of personal data we have collected, disclosed, or sold in the preceding 12 months, and may opt out of the sale of personal data.
You may exercise these rights by contacting us at [email protected].
6. Security Measures
We implement organizational, technical, and administrative measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including:
– Secure Sockets Layer (SSL) encryption for data transmission
– Strict access controls and role-based data permissions
– Secure data storage and routine backups
– Employee privacy and cybersecurity training
– Intrusion detection and monitoring protocols
Despite these efforts, no method of transmission over the internet or method of storage is entirely secure, and we cannot guarantee absolute security.
7. International Data Transfers
Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including jurisdictions that may not provide the same level of data protection. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Binding corporate rules, where applicable
– Explicit consent where required
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations. Our retention framework includes:
– Account Data: retained for as long as the account remains active, plus up to 7 years for compliance purposes.
– Transaction Data: stored for 7 years to meet tax and legal requirements.
– Communication Data: held for up to 24 months for support and quality assurance.
– Technical and Usage Data: retained for 12 to 24 months for analytics and website optimization.
– Consent and Preference Data: retained until the user revokes or updates preferences.
9. Cookie Policy
We use cookies and similar tracking technologies on caferoyalesf.com to enhance user experience, analyze performance, and provide personalized services. The cookies we use include:
– Essential Cookies: Required for site functionality, such as navigation and checkout processes.
– Functional Cookies: Remember your selections and enhance personalization (e.g., language settings).
– Performance Cookies: Collect aggregate data on website usage to help us understand user behavior and improve navigation.
– Analytics Cookies: Provided by trusted vendors like Google Analytics to track and report on website traffic.
– Marketing Cookies (only with consent): Track your browsing habits to deliver relevant ads on third-party platforms.
10. Cookie Management and Compliance
We obtain explicit user consent for non-essential cookies in compliance with GDPR. Upon your first visit to the website, a banner allows you to accept or manage your cookie preferences. You may also revoke or modify your cookie settings at any time via our cookie preferences link or by configuring your browser to block cookies.
In compliance with CCPA, California residents may opt out of the sale of personal data and manage cookie settings accordingly.
11. Children’s Privacy
We do not intentionally collect or process personal data from children under the age of 13. If we become aware that we have inadvertently gathered data from a minor, we will take appropriate measures to delete such data. Parents or legal guardians who believe their child has provided personal data may contact us at [email protected].
12. Policy Updates and Modifications
We reserve the right to amend this Privacy Policy at our discretion and at any time. When changes are made, we will update the content available on caferoyalesf.com and may notify you through direct communication if material modifications are introduced. Continued use of our website constitutes your acceptance of any revisions.
13. Contact Information
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: caferoyalesf.com
We are committed to honoring your privacy rights and resolving any concerns you may have in a timely and respectful manner.
This Privacy Policy reflects our dedication to protecting your data and ensuring full compliance with GDPR, CCPA, and other applicable privacy regulations.