Privacy Policy

Effective Date: October 26, 2023

The Daily Grind Cafe ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our cafe, use our website (thedailygrindcafe.com), or otherwise interact with us. This policy is crafted to comply with applicable data protection regulations and to ensure transparency in our data handling practices.

1. Information We Collect

We collect several types of information to provide and improve our services:

• Personal Information: This includes your name, email address, phone number, postal address, and any other information you voluntarily provide when you make a reservation, place an order, sign up for our newsletter, participate in a contest or survey, or contact us directly.
• Payment Information: When you make a purchase, we collect payment information, such as your credit card number, billing address, and other financial details. This information is processed securely by our payment processors. The Daily Grind Cafe adheres to PCI DSS standards to ensure the safety and security of your payment data.
• Usage Data: We automatically collect information about your interactions with our website, such as your IP address, browser type, operating system, referring URLs, pages visited, and the dates/times of your visits. This information helps us analyze trends, administer the site, and improve user experience.
• Cookies and Similar Technologies: We use cookies, web beacons, and other tracking technologies to collect information about your browsing behavior. Cookies are small data files stored on your device that enable us to recognize you and remember your preferences. You can control the use of cookies through your browser settings. See our Cookies Policy for more information.
• Social Media Information: If you interact with us on social media platforms (e.g., Facebook, Instagram), we may collect information about your profile and posts, subject to the platform's privacy policies.

2. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing and Improving Services: We use your information to fulfill orders, process payments, manage reservations, respond to inquiries, and personalize your experience at The Daily Grind Cafe. We continuously analyze data to improve our services, website functionality, and overall customer satisfaction.
• Marketing Communications: With your consent, we may send you newsletters, promotional emails, and other marketing communications about our latest offerings, special events, and upcoming promotions. You can opt-out of receiving these communications at any time by following the unsubscribe instructions provided in the email.
• Analytics and Research: We use aggregated and anonymized data for statistical analysis, market research, and to gain insights into customer preferences and trends. This helps us make informed decisions about our business strategy and product development.
• Legal Compliance: We may disclose your information to comply with applicable laws, regulations, legal processes, or governmental requests. This includes responding to subpoenas, court orders, or other legal obligations.
• Protection of Rights: We may use your information to protect our rights, property, and safety, as well as the rights, property, and safety of our customers and others. This includes detecting, preventing, and addressing fraud, security breaches, or other illegal activities.

3. How We Share Your Information

We may share your information with the following categories of recipients:

• Service Providers: We engage third-party service providers to assist us with various functions, such as payment processing, email marketing, data analytics, and customer support. These service providers have access to your information only to the extent necessary to perform their services and are obligated to protect your information in accordance with our instructions and applicable laws. Examples of service providers include payment gateways like Stripe, email marketing platforms like Mailchimp, and cloud storage providers like Amazon Web Services.
• Business Partners: We may share your information with our business partners to offer you products, services, or promotions that may be of interest to you. This includes co-branded promotions or joint ventures where we collaborate with other companies to provide enhanced offerings. We will obtain your consent before sharing your information with business partners for marketing purposes.
• Legal Authorities: We may disclose your information to legal authorities if required to do so by law or in response to a valid legal request, such as a subpoena, court order, or government investigation. We will make reasonable efforts to notify you of such disclosures, unless prohibited by law.
• Affiliates: We may share your information with our affiliates, subsidiaries, or parent companies for internal business purposes, such as data analysis, marketing, and operational efficiency. All affiliated entities are bound by this Privacy Policy and are committed to protecting your information in accordance with applicable data protection regulations.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity as part of the transaction. We will notify you via email or prominent notice on our website of any such change in ownership or control of your information.

4. Data Security

We implement reasonable security measures to protect your personal information from unauthorized access, use, or disclosure. These measures include:

• Encryption: We use encryption technology to protect sensitive data, such as payment information, during transmission and storage. We employ industry-standard encryption protocols, such as SSL/TLS, to secure your data.
• Access Controls: We restrict access to your personal information to authorized personnel who need it to perform their job duties. We use role-based access controls to ensure that only individuals with the appropriate permissions can access specific data.
• Firewalls: We use firewalls to protect our systems from unauthorized access and cyber threats. Firewalls act as a barrier between our internal network and the external internet, preventing unauthorized access to our data.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks. We also engage third-party security experts to conduct penetration testing and assess the effectiveness of our security measures.
• Employee Training: We provide regular training to our employees on data security best practices and privacy compliance. This training covers topics such as phishing awareness, password security, and data handling procedures.

Despite our best efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach, we will notify you as required by applicable law.

5. Your Rights

You have certain rights regarding your personal information, including:

• Access: You have the right to access the personal information we hold about you.
• Correction: You have the right to request that we correct any inaccurate or incomplete information.
• Deletion: You have the right to request that we delete your personal information, subject to certain exceptions.
• Objection: You have the right to object to the processing of your personal information for certain purposes, such as direct marketing.
• Restriction: You have the right to request that we restrict the processing of your personal information in certain circumstances.
• Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

To exercise these rights, please contact us at privacy@dailygrindcafe.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We consider factors such as the nature of the data, the purpose for which it was collected, and legal obligations when determining data retention periods. For example, we may retain payment information for a certain period to comply with accounting and tax regulations.

7. Children's Privacy

Our website and services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@dailygrindcafe.com. We will take steps to delete the information as soon as possible.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post the revised Privacy Policy on our website and update the effective date. We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date constitutes your acceptance of the revised Privacy Policy.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

The Daily Grind Cafe
456 Elm Street
Lakeside, CA 92040
Phone: (619) 555-7890
Email: privacy@dailygrindcafe.com

Data Protection Officer: Dr. Anya Sharma, PhD