Café Zupas Privacy Policy

Café Zupas (also referred to herein as "we," "us" or "our") has made this privacy policy and notice at collection (the "Policy") available to our Customers (also referred to herein as "you" or "your") in an effort to provide disclosure about what Customer data is collected when Customers use our website, mobile application, social media pages, communication tools, and other online services, tools or programs (the "Online Services") or avail themselves of the products or services at our various physical locations ("Physical Services") (collectively "Services"), and how that data (referred to herein as "Customer Data") may subsequently be used by us and by other third parties who are involved in providing the Services. By using these Services, you are consenting (where allowed by applicable law) to the practices described in this Privacy Policy as well as our Terms & Conditions, incorporated here by reference.

Gathering and analyzing Customer Data gives us the feedback we need to improve our Customer service. Our ability to serve you and other Customers is enhanced by our understanding of how you use our Services; however, we also believe that each Customer should enjoy a reasonable expectation of privacy when using our Services. We hope that your review of this Policy will help you better understand the data-related risks of using the Services so that you can make informed decisions about how to enjoy the convenience and benefits of our Services in light of those risks. If you determine that the data related risks outweigh the benefits of the Services, then please do not use the Services. Again, your continued use of these Services is considered consent to the practices described in this Privacy Policy where allowed by applicable law.

What information do we process through our Services and how is it processed?
Generally speaking, two types of customer information will be processed by us or third parties we work with when you use our Services: (1) personal information which is Customer Data that may be linked directly to your identity (commonly referred to in the industry as "Personally Identifiable Information"); and (2) "Anonymized Data" which is Customer Data that does not directly identify you and which is generally collected by automated means.

Personally Identifiable Information is generally processed when you access our Services or voluntarily provide such information in order to use the Services. For example, to place an online order of food, you may provide information such as your name, contact information like a phone number or email address, delivery and/or billing addresses, and payment information to us or third parties we work with. Similar information may be processed when you avail yourself of our Physical Services. When you choose to create an account with us or you participate in our Customer loyalty program or other programs, contests, marketing events, and promotions, you may provide information such as your name, an email, address, phone number, birthdate, account credentials, and/or any other information that we request or collect in order to effectively administer those programs and events. We or third parties we work with may also process any information you choose to provide us with in communications regarding your order, product or service feedback, etc.

When you download and use our mobile application, we may also process (in addition to the above, where applicable) your location to help you determine your proximity to one of our physical locations, your transaction history and preferences, and any other information that may be shared with us or applicable third parties by your device. When you apply for a job online, you will be asked to provide more detailed Personally Identifiable Information that we will use to evaluate your qualifications for employment positions. If you participate in our SMS Short Code program ("Short Code Program"), we may also process Customer Data such as the content of any text message responses to us, any user or screen name you may provide, and/or your opt-out preferences. We may also process Customer Data such as device availability for messaging, messaging history, your carrier, the country associated with the phone, message delivery status, and/or message error codes as part of the Short Code Program. Please see our Terms & Conditions for further details regarding use of the Short Code Program.

When you browse our website and/or or engage with our marketing, we may also process information about the individual web pages or products that you view or what you click on, your purchase history with us, what websites or search terms referred you to our website, your location to help you determine your proximity to one of our physical locations, information about how you interact with our website, and/or your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. We may also link information we have collected, including contact information, preferences, transaction history (online or in person), etc., to your account(s) or loyalty number(s) to provide us with analytics, improve our Services, and provide you with more personalized experiences, messaging, and advertising. Please note that several of these features of our Services requiring or requesting information are administered by third-party Providers and therefore may also be subject to separate policies, terms and conditions of the applicable Provider. For more information see "Who is your information shared with?" below.

Anonymized Customer Data ("Anonymized Data") is generally collected either when you avail yourself of our Physical Services and/or by automated means without reference to your personal identity as you use the Online Services. For example, as you use the Online Services we or third parties we work with may collect anonymous information about how you accessed and used the Online Services, what kind of device or browser you are using to access the Online Services, the location of devices so used, and the domain names and internet protocol addresses associated with your access of the Online Services. Other Anonymized Data may be captured, aggregated, and/or tied to an anonymous identifier when you avail yourself of our Physical Services, such as methods of payment, numbers of visits, or receipt details such as the amount of a menu item purchased. This data is useful to us (and to our Providers) in order to ensure that the Services operate effectively, to identify and prevent any fraudulent activity, and to analyze and respond to general customer behaviors and demands. While Anonymized Data may not be collected, used or shared with any intent to identify Customers, you should be aware that persons may be able to combine such data with other data reference points to "re-personalize" the data. You should appreciate the risk that unauthorized persons or third-parties may in fact do so. Where Anonymized Data in our care consists of Personally Identifiable Information that has been deidentified, we hereby publicly commit to maintaining and using that deidentified data without attempting to reidentify the data.

We may also process Customer Data through the use of cookies and/or various related technologies including website applications, pixels, beacons, tags, etc. (hereinafter collectively "cookies"), as most online services do. While the exact cookies may change from time to time, we or those we work in connection with may employ cookies:

to improve the functionality and/or security of our website
to sync information with partners and third parties as well as internally to better facilitate our business functions, including marketing, diagnostics, and/or analytics
to facilitate advertising and communications, to measure or test the efficacy of advertising and communications, and/or to provide you with advertising and communications relevant to you
to save your preferences (such as language) or your purchase history with us
to better understand your visits to the website, including the individual web pages or products that you view, how you interact with the website, and/or what websites or search terms referred you to the website
to better understand the devices you use to access our website, your location, and/or to distinguish between different visitors to the website

By using this website and/or availing yourself of the Services you consent, where allowed by applicable law(s), to the use of cookies (including related technologies) as set out herein. More information on how you may be able to limit and/or opt-out of our use of some or all of these cookies is included below under the section titled "How can I limit the amount of Customer Data that I share?".

Sensitive Data. What "sensitive" Personally Identifiable Information is defined as depends on applicable law(s) but may include precise geolocation, account credentials, information about religious beliefs, health data or genetic data, and more. We or third parties we work with may process information such as account log-in information and passwords to provide the goods/services that you have requested, and we may also process your precise geolocation upon request to help you determine your proximity to one of our physical locations. We do not disclose or collect sensitive Personally Identifiable Information for any other purposes, nor do we collect or process it with the purpose of inferring characteristics about you or other consumers. Where applicable, how to limit / opt-out of the use of this information is addressed below.

Café Zupas is not responsible for any data collected by third parties’ cookies from sites or Services other than Café Zupas’ own.

Café Zupas does not intend to offer its products or Services to and/or monitor natural persons in the European Union, European Economic Area, United Kingdom, or Switzerland.

What do we do with Customer Data?
We use Personally Identifiable Information to provide and improve our Services to you on an individual basis, and we use Anonymized Data to provide and improve our Services at a more general Customer level. Specifically, in order to provide and improve our Services to you and other Customers, we anticipate using Customer Data in any of the following manners:

To facilitate and process Customer transactions with Café Zupas; To register and maintain an account for you to use the Services; To promote and administer Café Zupas Customer programs (such as loyalty, catering, and fundraising programs), as well as other contests and activities; To communicate with Customers regarding Café Zupas products and services, including through email, SMS, our Short Code Program, push notifications, and/or content cards, where applicable; To provide personalized advertising, products or services, and communications; To help us better understand Customer preferences and concerns; To improve our Customer service and support; To customize your Online Services; To improve the functionality and use of our Services; To comply with applicable legal requirements and industry standards; In other ways which are disclosed at the time you voluntarily provide such information (such as for contests, promotions, job applications, etc.). Where you have account(s) or loyalty number(s) with us, some of the information collected for these purposes may be tied to those accounts or loyalty numbers. Please also note that several of these uses are administered by or with third-party Providers (some of which are identified below) and therefore may also be subject to the separate policies, terms and conditions of the applicable Provider. Café Zupas is not responsible for any data collected by third parties from sites or Services other than Café Zupas’ own.

Customer Data obtained through the Short Code Program will not be shared with any third parties for their marketing purposes or for purposes not related to the Services.

Personally Identifiable Information is generally retained for as long as is reasonably necessary to fulfill the purposes for which it was collected, including the fulfillment of purchases, marketing, and/or our own internal statistics and functions.

Who is your information shared with?
The practicalities of operating the Services necessitate that we reserve our right to share Customer Data with: (1) third parties with whom we contract to administer the Services, or that otherwise support our business; (2) affiliated and/or successor business entities; and (3) as required by law or government action. Each of these situations is described below in more detail.

• Third Party Providers ("Providers"). Since Café Zupas is in the restaurant rather than tech business, we frequently rely on Providers to help us provide the Services and we may share the Personally Identifiable Information we collect from you (as set out above) to facilitate that. For example, a Provider developed and operates our mobile application. In many cases, this means that the Customer will be providing Customer Data directly to the Provider in order to facilitate business with Café Zupas, in which case the Provider will have its own separate policies, terms or conditions with respect to Customer Data and this Policy will not apply to such Providers, nor will Café Zupas be responsible for the actions or inactions of such Providers. Examples of such Providers include, but are not limited to, the following: Session M. (catering mobile application and online catering accounts); DoorDash, Inc. (food delivery); UberEats (food delivery); Grubhub (food delivery); Zenapply (online job applications); and SurveyMonkey, Inc. (customer feedback). We also generally use Providers for our customer data platform, for advertising and customer communications, for payment processing and encryption, and more. In addition, we reserve the right to share aggregated, Anonymized Data with other parties at our discretion, where allowed by applicable law. Providers are likely to change from time to time and if you are directed to any third-party platform while using the Online Services, please be aware that this Policy will not apply to such a platform, and that the third-party operating the platform is likely to have a separate privacy policy. Such third-party websites are not in our control, and we are not responsible for them. You visit them at your own risk, and we encourage you to read their privacy policies. For example, you may use a third-party payment option to pay for orders. The privacy policy and practices of that third party payment provider will apply to your Personally Identifiable Information. In addition, your browser may already contain cookies placed by third-party sites, including various social media platforms. We are not responsible for the Personally Identifiable Information such cookies may collect or what they may do with it. Nor are we responsible for any Personally Identifiable Information collected by third parties’ cookies from sites other than our own.

• Please be aware that when you request delivery of our products via a third-party service, we will need to share your personal contact information (including your name, address and phone number) with such third-party in order for them to complete the delivery. We are not responsible for the use or misuse of such information by the third-party, or their agents and contractors.

• Affiliated Business & Company Reorganizations. Café Zupas reserves the right to share Customer Data with other businesses that are either owned by, or under common control or ownership with, Café Zupas. In the event of a sale, merger, reorganization, or bankruptcy of Café Zupas, the Customer Data will be considered to be an asset of the company that is expected to be transferred to the successor entity which results from such a transaction, and under such circumstances Café Zupas is likely to so transfer the Customer Data.

• Compliance with Law. We also reserve the right to use or disclose any Customer Data as needed to satisfy any law, regulation or legal request, to cooperate in any law enforcement or similar investigation, or to protect the rights, property or safety of Café Zupas, Customers or others.

How do we protect your information?
Unauthorized use of Customer Data is a serious risk to both our Customers and to our business. In appreciation of that risk, we use reasonable technical and administrative security measures designed to reduce the risk of any unauthorized use or disclosure of Customer Data. Those measures include physical security, data encryption, advanced endpoint security and device segmentation.

You must be aware that while the security measures we implement are intended to minimize the risk of unauthorized use or disclosure of Customer Data, we cannot warrant or guaranty that such measures will prevent a security breach from occurring; indeed, many reputable companies have suffered such breaches despite their use of industry standard security measures. Our Providers may also be targets of such breaches, and we may have limited to no ability to monitor or protect their systems. Therefore, when you use the Services you must understand that you are assuming the risk that your Customer Data is vulnerable to unauthorized use or disclosure arising from security breaches. You are also responsible for safeguarding any passwords or payment information which you use in connection with the Services; if you believe that such information is being used in an unauthorized fashion, you must notify us immediately.

How can I limit the amount of Customer Data that I share?
There are several ways in which you may limit the amount of Customer Data that is transmitted when you use the Services; however, you must understand that limiting the amount of Customer Data shared may also limit the amount of Services which can be provided to you. For example, you may limit the amount of data collected on the location of the device you use to access the Online Services/opt-out of location sharing by accessing your device settings and withdrawing permission for the device to transmit such data; however, if such permission is withdrawn, then our Online Services will not be able to identify nearby restaurant locations. Similarly, most internet browsers will allow you to limit or remove cookies and/or related technologies (as discussed above) which are sent to your device or fired when you visit our website; however, without accepting or allowing cookies and other such technologies you may not be able to use all of the website's features.

You may also delete your account with us as set out in the "Account data deletion" section below.

For information on how to opt out of our Short Code Program, see our Terms and Conditions.

Café Zupas does not sell Personally Identifiable Information for monetary consideration. However, to the extent that applicable sharing may be defined as a sale or if it is shared with a third party for, e.g., cross-context behavioral advertising, you may opt out of the applicable sale or sharing of your information by contacting us at info@cafezupas.com with your request.

Some web browsers incorporate a "Do Not Track" or similar feature (such as Global Privacy Control signals, see https://globalprivacycontrol.org/) that signal to websites that you visit that you do not want to have your online activity tracked. Our Site works to recognize "Do Not Track" flags and Global Privacy Control signals where required to do so by applicable law(s).

Once you have shared Customer Data with us or our Providers, you may have the right to request that such information be provided, modified, or deleted, etc., by contacting us, as noted below under "Your Privacy Rights". Please note that while Café Zupas will consider such requests, we may not be able to grant all of them depending on applicable law and our legal rights. We may also not be able to provide, modify or delete Customer Data possessed by applicable third parties, and you may have to contact them directly in the event that you request any such actions.

Children’s Privacy
Our website, products and Services are not intended for use by minors, as defined by applicable law, and the website is not intended to collect Personally Identifiable Information from minors. We do not knowingly sell or share information from minors. Consistent with the requirements of applicable law, if it is determined that any Personally Identifiable Information has been inadvertently collected on any minors without the necessary consent, we will immediately take steps to ensure that such information is deleted, or in the alternative, that any necessary consent is obtained for the use, storage, etc. of such information. Any minors as defined under applicable law must seek and obtain parent or guardian permission to use or avail themselves of Café Zupas products and/or services, including the Services described herein. If you believe that we might have any Personally Identifiable Information from or about a minor as defined by applicable law, please contact us at info@cafezupas.com.

Your Privacy Rights
Under various U.S. data privacy laws, where applicable, you may have certain rights as a Consumer. These rights may include:
the right to know about Personally Identifiable Information collected in connection with you, which information is in part provided herein;
the right to access your collected Personally Identifiable Information (including, where applicable, a list of third parties your Personally Identifiable Information has been disclosed to);
the right to have your Personally Identifiable Information deleted (though some exceptions may apply) or corrected (if inaccurate);
the right to data portability;
the right to restrict use or processing of your Personally Identifiable Information, including (where applicable) to limit use and disclosure of sensitive Personally Identifiable Information or, to opt-out of certain processing such as, the sale or applicable sharing of your Personally Identifiable Information (as addressed above);
the right to restrict, opt-out of, or question the results of any applicable automated decision-making or profiling;
the right to withdraw consent, where applicable. Withdrawing consent will not affect the lawfulness of any applicable processing of Personally Identifiable Information conducted in reliance on other lawful grounds other than consent and/or prior to your withdrawal.

Your rights may also include the right to non-discrimination, which means that you cannot be discriminated against because you exercise any of your applicable rights. Café Zupas will not discriminate against you because of the exercise of your rights.

To exercise any of your rights or to learn more about them, including which may be applicable to you, please contact us (or have your authorized agent contact us) at info@cafezupas.com or as set out below. Upon receiving such a request, and depending on which of your right(s) you wish to exercise, we may ask that you provide sufficient verifying information. This may be done, for example, by asking you to confirm information that you have already provided to us. If your request is denied or if you feel that your Personally Identifiable Information has not been handled appropriately according to applicable law(s), you may be able to appeal that decision. To do so, please include "APPEAL" in the subject or attention line of your email and/or written communication. For more information, contact Café Zupas as set out below.

Account data deletion
Where applicable, you can perform action(s) to delete your entire account data. After 90 days of account deletion by the user, the data will be permanently removed from our servers.

Data Deletion Steps:
Go to Profile & Preferences under Account Settings
Select Delete Account Tab
Click on Delete Account button to delete account
After confirmation by the user, user will be logged out and account data will be soft deleted and after 90 days, permanently erased from our servers.

Changes to our Privacy Policy
We reserve the right to update or change this Policy at any time. Where required by applicable law, we may notify Customers affected by any material change with respect to any prospectively collected Personally Identifiable Information and provide a reasonable opportunity for Consumers to withdraw consent to any further materially different processing of previously collected Personally Identifiable Information under the changed policy.

The date this Policy was last revised is at the top of this page. You are responsible for periodically reviewing the Online Services and/or this Policy to check for any updates or changes.

Contact Us
If there are any questions regarding this Policy, please contact Café Zupas by email at info@cafezupas.com, by the phone numbers of any of our various locations, or by mailing our corporate offices at 460 W Universal Circle, Sandy, Utah 84070, attn: Data Privacy.

By submitting your information to Café Zupas through our Contact page, you are giving us permission to contact you directly using the information provided.