Privacy Policy

Effective Date: May 22, 2026 | Last Updated: May 22, 2026

This Privacy Policy describes how Papa Ginos ("we," "us," "our," or the "Company") collects, uses, discloses, and protects your personal information when you visit our website at papa-ginos.rest, place orders online, interact with our services, or otherwise engage with us. Please read this policy carefully to understand our practices regarding your personal data and how we treat it.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our website or services.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in commerce.

1. About Us

Papa Ginos is a food service business operating in the United States. We are committed to protecting your privacy and handling your personal information responsibly and transparently.

Company Name	Papa Ginos
Website	papa-ginos.rest
Email Address	[email protected]
Country of Operation	United States

2. Information We Collect

We collect various types of information in connection with your use of our website and services. The categories of personal information we collect include the following:

2.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or contact us, we may collect personally identifiable information, including but not limited to:

Full name
Email address
Phone number
Billing and delivery address (street address, city, state, ZIP code)
Username and password (stored in encrypted format)
Profile photo (if you choose to provide one)
Date of birth (for age verification purposes)
Payment information (processed securely through third-party payment processors)

2.2 Order and Transaction Information

When you place an order through our website, we collect information about the transaction, including:

Items purchased and order history
Special instructions or dietary preferences you provide
Payment method type (e.g., credit card, debit card, digital wallet)
Transaction amounts and dates
Delivery and pickup preferences
Loyalty program participation and reward points

2.3 Usage Data and Technical Information

When you visit our website, we automatically collect certain technical information about your device and browsing activities, including:

Internet Protocol (IP) address
Browser type, version, and language settings
Operating system and device type
Referring website URLs
Pages visited and time spent on each page
Clickstream data and navigation patterns
Date and time of your visit
Search queries entered on our website
Error logs and crash reports

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your experience on our website. Please refer to Section 8 of this Privacy Policy for detailed information about our use of cookies and how to manage your cookie preferences.

2.5 Location Data

With your consent, we may collect your precise or approximate geographic location to provide location-based services, such as finding the nearest Papa Ginos location, estimating delivery times, or personalizing your experience. You can disable location services at any time through your device settings or browser preferences.

2.6 Communications and Customer Support Data

When you contact us via email, phone, online chat, or through our website forms, we collect the content of your communications, including:

Feedback, complaints, and inquiries
Customer service interaction records
Survey responses and reviews you submit
Social media interactions and mentions

2.7 Information from Third Parties

We may receive information about you from third-party sources, including:

Social media platforms when you choose to connect your account or log in through social media
Third-party delivery platforms and food ordering services
Analytics providers and advertising partners
Payment processors and fraud detection services
Marketing and promotional partners

3. How We Use Your Information

We use the personal information we collect for the following legitimate business purposes:

3.1 Providing and Improving Our Services

Processing your orders, payments, and deliveries
Creating and managing your account
Responding to your inquiries, complaints, and customer support requests
Personalizing your experience and providing tailored menu recommendations
Improving the functionality, design, and content of our website
Conducting research and analysis to enhance our food offerings and service quality
Managing loyalty programs and reward points

3.2 Communications and Marketing

Sending order confirmations, receipts, and delivery status updates
Providing important service announcements and policy updates
Sending promotional emails, newsletters, and special offers (with your consent where required)
Delivering targeted advertising based on your preferences and browsing history
Conducting surveys and soliciting feedback to improve our services
Notifying you about new menu items, seasonal specials, and events

3.3 Analytics and Business Intelligence

Analyzing website traffic and user behavior to understand how our services are used
Measuring the effectiveness of our marketing campaigns and promotions
Generating aggregate, anonymized statistical reports about our customer base
Conducting A/B testing and product development research

3.4 Legal Compliance and Safety

Complying with applicable federal and state laws and regulations
Preventing fraud, unauthorized access, and other illegal activities
Enforcing our Terms of Service and other agreements
Protecting the rights, property, and safety of Papa Ginos, our customers, and the public
Responding to lawful requests from courts, law enforcement, and government authorities

4. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers who assist us in operating our website and delivering our services. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures. Our service providers include:

Payment processors (e.g., Stripe, Square, PayPal) for secure payment processing
Delivery service partners for fulfilling food delivery orders
Cloud hosting and infrastructure providers for website hosting and data storage
Email marketing platforms for sending promotional communications
Analytics providers (e.g., Google Analytics) for website analytics
Customer support platforms for managing support tickets and inquiries
Fraud prevention services for detecting and preventing unauthorized transactions
Advertising networks for delivering targeted advertisements

4.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation, court order, subpoena, or government request
Enforce our Terms of Service or other agreements
Protect the rights, property, or personal safety of Papa Ginos, our employees, customers, or the public
Investigate, prevent, or take action regarding illegal activities, fraud, or security threats

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website prior to such a transfer and inform you of any changes to this Privacy Policy.

4.4 With Your Consent

We may share your information with third parties for purposes not described in this policy when we have obtained your explicit consent to do so.

4.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

California Residents: Under the CCPA/CPRA, we do not "sell" or "share" your personal information as those terms are defined under California law. California residents have additional rights described in Section 10 of this Privacy Policy.

5. Data Security

We take the security of your personal information seriously and implement a range of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction.

5.1 Technical Security Measures

Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers. Sensitive data, such as passwords and payment information, is encrypted at rest using industry-standard encryption algorithms.
Secure Payment Processing: We do not store full credit card numbers on our servers. Payment information is processed by PCI-DSS compliant third-party payment processors.
Access Controls: We limit access to your personal information to authorized employees, contractors, and service providers who need the information to perform their job functions.
Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and other network security technologies to protect our systems from unauthorized access.
Regular Security Audits: We conduct regular security assessments and vulnerability testing of our systems and applications.

5.2 Administrative Security Measures

Employee training on data privacy and security best practices
Strict data access policies and need-to-know principles
Confidentiality agreements with employees and contractors
Incident response plans for addressing potential data breaches

5.3 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable regulatory authorities as required by applicable law. Notifications will be made in a timely manner and will include information about the nature of the breach, the data affected, and the steps we are taking to address it.

Please Note: No method of data transmission or storage is completely secure. While we strive to protect your personal information using commercially reasonable means, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Category of Data	Retention Period
Account and profile information	Duration of account plus 3 years after account closure
Order and transaction records	7 years (for tax and accounting compliance)
Payment information	As required by PCI-DSS standards and applicable law
Marketing preferences and communications	Until you opt out or request deletion
Website usage and analytics data	Up to 26 months
Customer support records	3 years from the date of last interaction
Legal and compliance records	As required by applicable law (typically 5–7 years)
Cookie and tracking data	Session cookies: deleted when browser closes; Persistent cookies: up to 24 months

When your personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our data retention policies.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights and have established processes to facilitate your requests.

7.1 General Rights Available to All Users

Right to Access: You have the right to request access to the personal information we hold about you, including the categories of data collected and how it is used.
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
Right to Deletion: You have the right to request that we delete your personal information, subject to certain legal exceptions (e.g., data required for legal compliance or fraud prevention).
Right to Opt-Out of Marketing: You can unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly.
Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

7.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know: The right to know what personal information we have collected, used, disclosed, or sold about you over the past 12 months.
Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: The right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information.
Right to Limit Use of Sensitive Personal Information: The right to limit our use and disclosure of sensitive personal information to purposes specified under the CPRA.
Right to Non-Discrimination: The right not to be discriminated against for exercising your CCPA/CPRA rights. We will not deny you goods or services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

To exercise your California privacy rights, you or your authorized agent may submit a request by:

Emailing us at: [email protected]
Visiting our website: papa-ginos.rest

We will verify your identity before processing your request and respond within 45 days of receipt. We may extend this period by an additional 45 days when reasonably necessary, with prior notice.

7.3 How to Submit a Privacy Request

To exercise any of your privacy rights, please contact us using the information provided in Section 12 of this Privacy Policy. To protect your privacy and security, we may need to verify your identity before processing your request. We will not charge a fee for responding to your request unless it is excessive, repetitive, or manifestly unfounded.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver personalized content and advertisements.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling core functions such as security, network management, and account authentication. You cannot opt out of these cookies.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and any error messages encountered. This information helps us improve the performance of our website.
Functionality Cookies: These cookies allow our website to remember choices you make (such as your preferred language, delivery address, or saved menu items) to provide a more personalized experience.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to your interests. They also limit the number of times you see an advertisement and help us measure the effectiveness of our advertising campaigns.

8.2 Managing Your Cookie Preferences

You can manage your cookie preferences through your browser settings or through our cookie consent tool available on our website. Most web browsers allow you to refuse or accept cookies, delete existing cookies, and set preferences for certain websites. Please note that disabling certain cookies may affect the functionality of our website.

For more detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

8.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no universally accepted standard for responding to DNT signals. Our website does not alter its data collection and use practices in response to DNT signals at this time. We will continue to monitor developments in this area.

9. Children's Privacy

Our website and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, and we do not direct our services to children.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

We also comply with applicable state laws regarding the privacy of minors between the ages of 13 and 17, including California's laws protecting the privacy of minors online.

10. International Data Transfers

Papa Ginos is a United States-based business, and your personal information is primarily collected, stored, and processed in the United States. If you are accessing our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

The United States and other countries may have data protection laws that differ from the laws of your country. By using our services, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

When transferring data internationally, we implement appropriate safeguards to ensure that your personal information receives an adequate level of protection, including:

Standard contractual clauses approved by applicable data protection authorities
Data processing agreements with our international service providers
Compliance with applicable U.S. federal and state privacy laws

11. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated or controlled by Papa Ginos. These third-party services have their own privacy policies, and we are not responsible for their privacy practices or content.

When you click on a third-party link or access a third-party service through our website, you will be subject to that third party's privacy policy and terms of service. We encourage you to review the privacy policies of any third-party websites or services you visit.

We are not responsible for the privacy practices, security measures, or content of any third-party websites or services, including but not limited to third-party delivery platforms, social media platforms, and payment processors.

12. Marketing Communications

With your consent (where required by applicable law), we may send you promotional emails, text messages, push notifications, and other marketing communications about our products, services, special offers, and events.

12.1 Opting Out of Marketing

You can opt out of receiving marketing communications from us at any time by:

Clicking the "unsubscribe" or "opt-out" link at the bottom of any marketing email
Replying "STOP" to any marketing text messages
Adjusting your notification settings in your account preferences
Contacting us directly at [email protected]

Please note that even if you opt out of marketing communications, you will continue to receive transactional communications related to your orders, account, and other service-related matters.

12.2 Loyalty Program

If you participate in our loyalty rewards program, we will use your personal information to manage your account, track your points, and send you personalized offers and rewards. You may withdraw from our loyalty program at any time by contacting us at [email protected].

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or the way we handle personal information. When we make material changes to this policy, we will:

Post the updated Privacy Policy on our website with a new effective date
Send an email notification to registered users when changes are significant
Display a prominent notice on our website homepage for a reasonable period

Your continued use of our website and services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Filing a Complaint with a Data Protection Authority

If you have concerns about our data processing practices that we have not adequately addressed, you have the right to file a complaint with the appropriate regulatory authority.

14.1 Federal Trade Commission (FTC)

In the United States, the Federal Trade Commission (FTC) has authority to take action against unfair or deceptive practices related to consumer privacy. You can file a complaint with the FTC at:

Website: www.ftc.gov/complaint
Phone: 1-877-382-4357 (1-877-FTC-HELP)
Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Residents — California Privacy Protection Agency (CPPA)

California residents may file privacy complaints with the California Privacy Protection Agency (CPPA) or the California Attorney General's office:

California Privacy Protection Agency: cppa.ca.gov
California Attorney General: oag.ca.gov/privacy/ccpa

14.3 Other State Privacy Authorities

Residents of other U.S. states with applicable privacy laws may contact their state's attorney general's office or relevant consumer protection agency to file a privacy complaint.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us. We are committed to addressing your inquiries promptly and transparently.

Privacy Contact Information

Company Name:	Papa Ginos
Website:	papa-ginos.rest
Email:	[email protected]

We will respond to all privacy-related inquiries within a reasonable timeframe, and no later than the period required by applicable law (generally 45 days for verified consumer rights requests under the CCPA/CPRA).

For California residents submitting requests under the CCPA/CPRA, please indicate in your communication that you are a California resident and specify the nature of your request (e.g., access, correction, deletion, or opt-out). We may ask you to provide additional information to verify your identity before processing your request.