Privacy Policy

At Dion's Fresh ("Dion's," "we," "us," or "our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website dionsfresh.rest, place orders, sign up for our services, or otherwise interact with us. Please read this policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

This Privacy Policy applies to all users of the Dion's Fresh website, mobile platform, and any related services we operate. It covers personal data collected both online and offline in connection with your relationship with our food business.

We are subject to applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission (FTC) Act, and other applicable federal and state consumer protection statutes. If you are a California resident, please pay particular attention to Section 10 below, which outlines your specific rights under the CCPA/CPRA.

1. Who We Are

Dion's Fresh is a food business operating in the United States. We are dedicated to delivering fresh, high-quality food products and experiences to our valued customers. For the purposes of this Privacy Policy, Dion's Fresh is the data controller responsible for the personal information we collect and process.

2. Information We Collect

We collect various types of information in connection with your use of our services. This information falls into several categories:

2.1 Personal Information You Provide Directly

When you interact with Dion's Fresh — whether by placing an order, creating an account, signing up for our newsletter, or contacting our customer service — you may provide us with personal information, including but not limited to:

• Identity Information: Full name, username, or similar identifiers.
• Contact Information: Email address, phone number, billing address, delivery address, and other postal address details.
• Account Credentials: Username and password for your Dion's Fresh account.
• Payment Information: Credit or debit card numbers, billing information, and transaction history. Note that full payment card details are processed by our third-party payment processors and are not stored on our servers.
• Order Information: Details about the food products you order, dietary preferences, special instructions, and purchase history.
• Communication Data: Any messages, feedback, reviews, or other content you send to us, including customer support inquiries.
• Marketing Preferences: Your preferences for receiving marketing communications from us.

2.2 Information We Collect Automatically

When you visit our website or use our digital services, we automatically collect certain technical and usage information, including:

• Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), unique device identifiers, and mobile network information.
• Usage Data: Pages viewed, links clicked, time spent on each page, referral URL (the website that directed you to ours), search queries made on our website, and navigation patterns.
• Log Data: Server logs that record information about your access and use of our services, including timestamps, error reports, and activity logs.
• Location Data: General geographic location inferred from your IP address, or more precise location data if you grant us permission through your device settings (for example, to enable delivery services).
• Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please see Section 8 (Cookie Usage) for more details.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Social Media Platforms: If you connect your social media account to our services or interact with our social media pages, we may receive information such as your profile name, profile picture, and publicly available data.
• Payment Processors: Confirmation and transaction status information from our payment service providers.
• Analytics Providers: Aggregated and anonymized data from analytics services that help us understand how users interact with our website.
• Delivery Partners: Information shared by third-party delivery platforms or partners related to your orders and delivery preferences.
• Review Platforms: Publicly available reviews and feedback you post about Dion's Fresh on third-party review websites.

2.4 Sensitive Information

We do not intentionally collect sensitive personal information such as government-issued identification numbers, racial or ethnic origin, political opinions, religious beliefs, or genetic/biometric data. However, if you voluntarily provide us with information about dietary restrictions, allergies, or health-related food preferences, we treat this data with the utmost care and use it solely to fulfill your orders and ensure your safety.

3. How We Use Your Information

We use the information we collect for a variety of purposes, all directed at providing and improving our services. Specifically, we use your information for the following purposes:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, including payment processing and delivery coordination.
• Creating and managing your customer account.
• Communicating with you about your orders, including order confirmations, status updates, and delivery notifications.
• Providing customer support and responding to your inquiries and complaints.
• Personalizing your experience, such as remembering your preferences and past orders.

3.2 Analytics and Service Improvement

• Analyzing how users interact with our website and services to identify trends and areas for improvement.
• Conducting internal research and development to improve our menu, services, and technology platforms.
• Monitoring and analyzing traffic patterns, usage statistics, and performance metrics.
• Testing new features, products, and services before general rollout.

3.3 Marketing and Promotions

• Sending you promotional emails, newsletters, special offers, and information about new menu items or services — but only where you have opted in to receive such communications or where we have a legitimate interest in marketing similar products to existing customers, consistent with applicable law.
• Displaying personalized advertising on our website and third-party platforms based on your browsing and purchase history.
• Running loyalty programs, contests, sweepstakes, or surveys, where you have chosen to participate.
• Segmenting our customer base to send relevant and targeted communications.

3.4 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal processes, including food safety and health regulations.
• Enforcing our Terms of Service, contracts, and other legal agreements.
• Preventing fraud, abuse, security incidents, and other potentially harmful or illegal activities.
• Protecting the rights, property, and safety of Dion's Fresh, our customers, employees, and the public.
• Responding to lawful requests and legal orders from government authorities or law enforcement agencies.

3.5 Business Operations

• Managing our internal records and accounting functions.
• Conducting due diligence in connection with business transactions such as mergers, acquisitions, or asset sales.
• Generating aggregated, anonymized data reports for business analysis and strategic planning.

4. How We Share Your Information

We do not sell your personal information to third parties for their own direct marketing purposes. However, we do share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist us in operating our website, fulfilling orders, and providing services to you. These service providers are authorized to use your personal information only as necessary to perform these functions on our behalf and are bound by contractual obligations to keep your information confidential and secure. Categories of service providers include:

• Payment processing companies (e.g., credit card processors and fraud prevention services)
• Delivery and logistics partners
• Cloud computing and data hosting providers
• Email and SMS communication platforms
• Website analytics providers (e.g., Google Analytics)
• Customer relationship management (CRM) software providers
• IT security and cybersecurity firms
• Legal, financial, and accounting advisors

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to:

• Comply with applicable laws or respond to valid legal requests (such as a court order, subpoena, or government inquiry).
• Protect and defend the rights or property of Dion's Fresh.
• Prevent or investigate potential wrongdoing in connection with our services.
• Protect the personal safety of our customers, employees, or the public.
• Comply with food safety and health inspection requirements mandated by federal, state, or local authorities.

4.3 Business Transfers

In the event that Dion's Fresh undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website of any such change in ownership or control of your personal information, and we will inform you of any choices you may have regarding your data.

4.4 With Your Consent

We may share your personal information with third parties for purposes not described in this Privacy Policy when we have your explicit consent to do so. You may withdraw your consent at any time by contacting us at [email protected].

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes. This type of data sharing does not constitute a "sale" of personal information under applicable privacy laws.

5. Data Security

Protecting your personal information is a top priority for us. We implement a comprehensive range of technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

5.1 Technical Safeguards

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate need to access it in the course of their job functions.
• Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and other cybersecurity tools to monitor for and protect against unauthorized access.
• Password Hashing: User account passwords are stored using industry-standard cryptographic hashing algorithms.

5.2 Administrative Safeguards

• Regular staff training on data privacy and security best practices.
• Internal policies governing data handling, access, and disposal.
• Regular reviews of our privacy and security practices.
• Due diligence assessments of third-party vendors who handle personal data on our behalf.

5.3 Physical Safeguards

• Secure facilities with restricted physical access for servers and systems storing personal data.
• Secure disposal and destruction of physical records containing personal information.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law, including applicable state breach notification laws.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

When your personal information is no longer needed, we will securely delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and facilitating their exercise in a timely and efficient manner.

7.1 General Rights (All Users)

• Right to Access: You have the right to request a copy of the personal information we hold about you, along with information about how we use and share it.
• Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Deletion: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain it for legal compliance).
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails, or by contacting us directly.
• Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to transfer it to another service provider where technically feasible.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

7.2 California Residents — Additional Rights Under CCPA/CPRA

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which that information was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: Subject to certain exceptions, you have the right to request that we delete personal information we have collected about you.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To exercise this right, click the "Do Not Sell or Share My Personal Information" link available on our website.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to only what is necessary to perform the requested service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive a different price or quality of goods or services as a result of exercising your privacy rights.

To submit a California privacy rights request, please contact us at [email protected] or visit our website at dionsfresh.rest. We will respond to verifiable consumer requests within 45 days, with an extension of an additional 45 days where reasonably necessary.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request by:

• Email: [email protected]
• Website: dionsfresh.rest

We may need to verify your identity before processing your request. This is to ensure the security of your personal information and to prevent unauthorized access. We will not use the information you provide to verify your identity for any purpose other than verification.

8. Cookie Usage

Our website uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage) to enhance your browsing experience, analyze website traffic, and support our marketing efforts.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They allow the website to recognize your device and remember information about your visit, such as your preferred language, login status, and items in your cart.

8.2 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for our website to function properly and cannot be disabled. They include cookies that enable you to navigate the site and use its features, such as accessing secure areas or completing your food order.
• Performance and Analytics Cookies: These cookies collect information about how visitors use our website — for example, which pages are visited most frequently — to help us improve the site's performance and user experience.
• Functionality Cookies: These cookies allow the website to remember choices you make (such as your preferred location for delivery or saved order preferences) and provide enhanced, more personalized features.
• Marketing and Advertising Cookies: These cookies are used to track visitors across websites and display relevant advertisements based on your browsing interests and behavior. They are set by our advertising partners with our permission.

8.3 Managing Your Cookie Preferences

You have the right to decide whether to accept or reject cookies (except for strictly necessary cookies). You can set or modify your web browser controls to accept or refuse cookies. You can also manage your cookie preferences through our cookie consent tool available on our website. Please note that if you choose to reject certain cookies, your experience on our website may be limited.

For more detailed information about the cookies we use, including a full list of cookies and their purposes, please review our full Cookie Policy available at dionsfresh.rest.

9. Children's Privacy

We do not knowingly collect personal information from children under the age of 18. Our services are not directed to minors, and we ask that individuals under the age of 18 do not provide any personal information to us or use our services without parental consent and supervision.

If we become aware that we have inadvertently collected personal information from a child under 18 without verifiable parental consent, we will take steps to promptly delete that information from our records. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at [email protected] so that we can take appropriate action.

We comply with the Children's Online Privacy Protection Act (COPPA), which imposes requirements on the online collection of personal information from children under 13 in the United States.

10. International Data Transfers

Dion's Fresh operates in the United States, and your personal information is primarily collected, processed, and stored within the United States. However, in some cases, we may transfer your personal information to third-party service providers or business partners who operate in other countries. These may include countries that do not have data protection laws equivalent to those in your jurisdiction.

When we transfer personal information internationally, we take steps to ensure that your data receives an adequate level of protection. These steps may include:

• Entering into data processing agreements with our service providers that include appropriate data protection clauses.
• Ensuring that transfers are made to countries that have been deemed to provide an adequate level of data protection.
• Implementing other appropriate safeguards, such as standard contractual clauses or binding corporate rules where required.

By using our website and services and providing us with your personal information, you acknowledge and consent to the transfer, processing, and storage of your information in the United States and other countries as described in this Privacy Policy.

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by Dion's Fresh. This Privacy Policy does not apply to those third-party services, and we are not responsible for the privacy practices of those websites or platforms. We encourage you to read the privacy policies of any third-party services you visit before providing your personal information.

For example, when you click on a social media "share" button or access a linked delivery platform, you will be directed to a third-party site with its own privacy policy. Dion's Fresh is not responsible for the data practices of these third parties.

12. How to File a Complaint

If you are not satisfied with our response to a privacy concern, or if you believe we have not complied with applicable privacy laws, you have the right to file a complaint with the appropriate data protection or consumer protection authority.

12.1 United States — Federal and State Authorities

• Federal Trade Commission (FTC): The FTC enforces consumer protection laws, including those related to unfair or deceptive practices in data handling. You may file a complaint at:
  https://www.ftc.gov/complaint
• California Privacy Protection Agency (CPPA): If you are a California resident, you may file a complaint with the CPPA, the agency responsible for enforcing the CCPA/CPRA:
  https://cppa.ca.gov
• State Attorney General: Residents of states with applicable privacy laws may also file a complaint with their state Attorney General's office.

12.2 Contact Us First

Before filing a formal complaint with a regulatory authority, we encourage you to contact us directly so that we have the opportunity to address your concerns. We take all privacy complaints seriously and will do our best to resolve your issue promptly and fairly.

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that users do not wish to be tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to browser DNT signals. However, you may still manage your tracking preferences through our cookie consent tool and by adjusting your browser settings.

California residents should also be aware of their rights under the California "Shine the Light" law (California Civil Code Section 1798.83), which permits users to request information about how we share certain personal information with third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes to this Privacy Policy, we will notify you by:

• Posting the revised Privacy Policy on our website at dionsfresh.rest with an updated "Last Updated" date.
• Sending you an email notification (if you have provided us with your email address and such change materially affects your rights).
• Displaying a prominent notice on our website for a reasonable period following the change.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of our website and services after the posting of any changes to this Privacy Policy constitutes your acceptance of those changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We have a dedicated team ready to assist you with any privacy-related matters.

We will make every effort to respond to all legitimate inquiries within 30 days of receipt. For California residents making CCPA/CPRA requests, we will respond within 45 days, with a possible extension of an additional 45 days where reasonably necessary.