Privacy Policy

Effective Date: May 20, 2026 | Last Updated: May 20, 2026

Welcome to Papa Ginos. We are deeply committed to protecting your privacy and handling your personal information with transparency, integrity, and care. This Privacy Policy explains how Papa Ginos ("we," "us," "our," or "the Company") collects, uses, discloses, and safeguards your personal information when you visit our website at papaginos.rest, place an order, interact with our services, or otherwise communicate with us.

Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the practices described in this document. If you do not agree with the terms of this Privacy Policy, please discontinue use of our website and services immediately.

This Privacy Policy applies to all users of our website and services located in the United States. We comply with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable consumer protection regulations.

1. About Us

Papa Ginos is a food service business operating in the United States. We provide food ordering, delivery, catering, and related services through our website and other channels.

Company Name	Papa Ginos
Website	papaginos.rest
Email	[email protected]

For all privacy-related inquiries, please contact us using the contact information provided above or refer to Section 16 of this policy for detailed instructions.

2. Information We Collect

We collect various categories of personal information depending on how you interact with our website and services. The categories of information we collect include, but are not limited to, the following:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or contact us directly, we may collect:

Full name
Email address
Phone number
Billing and shipping/delivery address
Date of birth (where applicable, particularly for age verification purposes)
Username and password for account creation
Profile photo or avatar (if you choose to upload one)

2.2 Payment and Financial Information

When you make a purchase or complete a transaction through our website, we collect payment-related information including:

Credit card or debit card number (last four digits only — full card details are processed by our third-party payment processors)
Billing address associated with your payment method
Transaction ID and order history
Refund and dispute records

Note: Full payment card details are never stored on our servers. All payment processing is handled by PCI-DSS compliant third-party payment processors.

2.3 Order and Transaction Data

We collect information related to your orders and transactions, such as:

Items ordered, including food and beverage selections
Order date, time, and frequency
Special instructions or dietary preferences
Delivery preferences and instructions
Order status and fulfillment records

2.4 Usage Data and Website Interaction

When you visit our website, we automatically collect certain technical information through cookies, web beacons, and similar tracking technologies, including:

IP address
Browser type and version
Operating system and device type
Referring website or source URL
Pages visited, time spent on pages, and navigation patterns
Search queries performed on our website
Links clicked and features accessed
Time and date of your visit
Session duration and frequency of visits

2.5 Device Information

We may collect information about the device you use to access our services, including:

Device identifiers (e.g., mobile device ID, advertising ID)
Hardware model and specifications
Mobile network information
Geographic location data (with your permission or as derived from your IP address)
Screen resolution and display settings

2.6 Communications and Customer Support Data

If you contact us for customer support, leave a review, or communicate with us through any channel, we may collect:

The content of your messages, emails, or comments
Records of communications and correspondence
Customer service tickets and resolution notes
Feedback, survey responses, and ratings

2.7 Marketing and Preference Data

If you engage with our marketing communications or promotional programs, we may collect:

Email marketing preferences and opt-in/opt-out history
Promotional code usage
Loyalty program data and points balance
Favorite menu items and dietary preferences (where voluntarily provided)

2.8 Information Collected from Third Parties

We may receive information about you from third-party sources, such as:

Social media platforms (if you connect your social accounts or log in through a third-party service)
Online review platforms
Delivery and logistics partners
Analytics and advertising service providers
Publicly available databases

3. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes. The specific purposes include:

3.1 Providing and Improving Our Services

Processing and fulfilling food orders, including delivery and pickup coordination
Managing your account and providing account-related services
Communicating order confirmations, updates, and delivery notifications
Responding to customer service inquiries and resolving disputes
Improving our menu offerings, website functionality, and overall user experience
Conducting internal quality assurance and business operations

3.2 Analytics and Performance Monitoring

Analyzing website traffic, user behavior, and engagement patterns
Understanding which menu items, promotions, and features are most popular
Conducting market research and business performance analysis
Measuring the effectiveness of our marketing campaigns
Improving our website design, layout, and navigation based on usage data

3.3 Marketing and Promotional Communications

Sending promotional emails, newsletters, and special offers (with your consent or where permitted by law)
Personalizing marketing content based on your order history and preferences
Administering loyalty programs, sweepstakes, and promotional contests
Retargeting advertising on third-party platforms based on your interactions with our website

You may opt out of marketing communications at any time by following the unsubscribe link in any email we send you, or by contacting us directly at [email protected].

3.4 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from law enforcement or government authorities
Preventing fraud, abuse, and unauthorized access to our systems
Protecting the safety and security of our customers, employees, and operations
Enforcing our Terms of Service and other applicable agreements

3.5 Payment Processing and Financial Management

Processing payments, refunds, and credits
Detecting and preventing fraudulent transactions
Maintaining accurate financial records as required by law

4. Legal Bases for Processing Your Information

Under applicable United States law, including the FTC Act and state-specific privacy laws such as the CCPA/CPRA, we process your personal information on the following legal bases:

Contractual Necessity: Processing is necessary to fulfill your orders and deliver our services.
Legitimate Business Interests: We process data for fraud prevention, security, analytics, and improving our services.
Legal Obligation: We may process data to comply with applicable laws and regulations.
Consent: For marketing communications and certain cookie-based tracking, we rely on your consent, which you may withdraw at any time.

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for their own direct marketing purposes. However, we may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share personal information with trusted third-party service providers who assist us in operating our business. These parties are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy. Categories of service providers include:

Payment Processors: To securely process credit card and payment transactions
Delivery and Logistics Partners: To fulfill food delivery orders
Cloud Hosting and IT Infrastructure Providers: To store and manage our data and website
Email Marketing Platforms: To send transactional and promotional emails
Analytics Providers: Such as Google Analytics, to help us understand website usage
Customer Service Tools: To manage support tickets and communications
Fraud Detection Services: To identify and prevent fraudulent activities

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or governmental request
Protect and defend the rights or property of Papa Ginos
Prevent or investigate possible wrongdoing in connection with our services
Protect the personal safety of users of our services or the public

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity. We will notify you via email and/or a prominent notice on our website prior to your information being transferred and becoming subject to a different privacy policy.

5.4 With Your Consent

We may share your personal information with third parties when you have given us your express consent to do so, such as when you participate in a co-branded promotion or third-party integration.

6. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements.

6.1 Types of Cookies We Use

Essential Cookies: Necessary for the basic functioning of our website, including maintaining your shopping cart and login session.
Performance and Analytics Cookies: Used to collect information about how visitors use our site, helping us improve website performance and content.
Functional Cookies: Allow us to remember your preferences, such as saved delivery addresses or menu favorites.
Marketing and Advertising Cookies: Used to deliver relevant advertisements and measure the effectiveness of advertising campaigns across the web.

6.2 Managing Your Cookie Preferences

You may manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For a detailed explanation of the cookies we use and how to opt out, please refer to our Cookie Policy.

You can also opt out of interest-based advertising by visiting:

7. Data Security

The security of your personal information is of utmost importance to us. We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

7.1 Security Measures We Employ

Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS technology. Sensitive data such as payment information is encrypted both in transit and at rest.
Access Controls: Access to personal information is restricted to authorized employees and contractors who require access to perform their job functions.
Firewalls and Intrusion Detection: We maintain industry-standard firewalls and intrusion detection systems to protect our network infrastructure.
Regular Security Audits: We conduct periodic reviews and assessments of our security practices and systems.
Employee Training: Our staff receives regular training on data privacy and security best practices.
PCI DSS Compliance: Our payment processing infrastructure complies with Payment Card Industry Data Security Standards.

7.2 Data Breach Response

In the event of a data breach that is reasonably likely to result in harm to affected individuals, we will notify affected users in accordance with applicable state breach notification laws, including those of the state where the breach occurs. Notifications will be provided via email and/or prominent notice on our website, and, where required by law, to the relevant state Attorney General's office or data protection authority.

Important: While we take all reasonable precautions to protect your personal information, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Privacy Rights

Depending on your state of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

8.1 Rights Available to All U.S. Residents

Right to Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
Right to Correction: You may request that we correct inaccurate or incomplete personal information we hold about you.
Right to Deletion: You may request that we delete personal information we have collected from you, subject to certain exceptions required by law (e.g., completing a transaction, complying with legal obligations).
Right to Opt Out of Marketing: You have the right to opt out of receiving promotional communications from us at any time.

8.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

Right to Know: The right to know what personal information we collect, use, disclose, and sell about you.
Right to Delete: The right to request deletion of personal information we have collected from you.
Right to Correct: The right to request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information as defined under CCPA/CPRA.
Right to Limit Use of Sensitive Personal Information: The right to limit our use of your sensitive personal information to what is necessary to perform the services you requested.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality for exercising your rights.
Right to Data Portability: The right to receive your personal information in a portable, usable format.

8.3 How to Exercise Your Rights

To exercise any of your privacy rights, please submit a request to us using one of the following methods:

Email: [email protected]
Website: papaginos.rest (contact form)

We will acknowledge receipt of your request within 10 business days and respond to verified requests within 45 calendar days of receipt. If we require additional time, we will inform you of the reason and the extension period (up to an additional 45 days) as permitted by applicable law.

We may need to verify your identity before processing your request. Verification may include confirming your email address, account credentials, or other information we have on file. We will not require you to create an account solely to submit a privacy request.

You may also designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require written proof of the agent's authorization and may still require direct verification from you.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

Category of Data	Retention Period
Account information and profile data	Duration of account plus 3 years after account closure
Order history and transaction records	7 years (for tax and financial compliance)
Payment records (limited data)	7 years (as required by financial regulations)
Customer service communications	3 years from date of last interaction
Marketing preferences and opt-out records	Indefinitely (to honor opt-out requests)
Website usage and analytics data	26 months (anonymized after 13 months)
Cookie and tracking data	As specified in our Cookie Policy (typically 1–2 years)

When personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our internal data management procedures.

10. Children's Privacy

Age Requirement: Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 18.

We do not knowingly collect, use, or disclose personal information from children under the age of 18. Our services, including food ordering and account creation, are designed for adults. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our records.

We also comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently collected information from a child under 13, we will delete such information immediately.

11. International Data Transfers

Papa Ginos is a United States-based business, and our primary operations, data storage, and processing take place within the United States. However, some of our third-party service providers may be located in or operate from other countries.

If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and database operations are located. The data protection laws of the United States may differ from those of your home country.

By using our services, you consent to the transfer of your information to the United States and to our use and disclosure of information about you as described in this Privacy Policy. We take appropriate steps to ensure that any international transfers of personal data are conducted in compliance with applicable law and that adequate protections are in place.

12. Third-Party Websites and Links

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Papa Ginos. This Privacy Policy applies only to our website and services. When you click on a link to a third-party website, you will be directed to that third party's website. We strongly encourage you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. Our inclusion of a link to a third-party website does not imply our endorsement or sponsorship of that website or its operators.

13. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As such, our website does not currently respond to DNT signals from browsers.

However, you can manage your tracking preferences through our cookie management settings and by adjusting your browser's cookie settings. For more information, please refer to our Cookie Policy.

14. California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents who have an established business relationship with us may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected] with "California Shine the Light Request" in the subject line. We will respond to such requests within 30 days.

15. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or data handling procedures. When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the top of this page
Post a notice on our website homepage or in a prominent location
Send an email notification to registered users (where required by law or deemed appropriate)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated Privacy Policy.

16. How to File a Privacy Complaint

If you have a concern or complaint about how we have handled your personal information, we encourage you to contact us directly first so that we have an opportunity to address your concern.

16.1 Contact Us Directly

Please send your privacy complaint or concern to:

Company	Papa Ginos — Privacy Team
Email	[email protected]
Website	papaginos.rest

We will acknowledge your complaint within 5 business days and provide a substantive response within 30 calendar days.

16.2 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response, you have the right to file a complaint with the appropriate regulatory authority. Depending on your location, this may include:

Federal Trade Commission (FTC):
The FTC enforces federal consumer protection laws, including those related to privacy and data security.
Website: www.ftc.gov/contact
Report Fraud: reportfraud.ftc.gov
California Privacy Protection Agency (CPPA):
For California residents with concerns under the CCPA/CPRA.
Website: cppa.ca.gov
State Attorney General's Office:
Most U.S. states have an Attorney General who handles consumer protection complaints. Please visit the website of your state's Attorney General for more information.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are committed to resolving any privacy-related issues promptly and transparently.

Privacy Contact Information

Company: Papa Ginos
Email: [email protected]
Website: papaginos.rest

When contacting us about a privacy matter, please include the following information to help us respond as efficiently as possible:

Your full name and email address associated with your account (if applicable)
A clear description of your request or concern
The specific right you wish to exercise (if applicable)
Any relevant order numbers or account identifiers