Privacy Policy

This Privacy Policy describes how Giordanos ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at giordanos.rest, place orders, make reservations, or otherwise interact with our services. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and care.

By accessing or using our website, placing an order, subscribing to our newsletter, or otherwise engaging with our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with the practices described herein, please discontinue use of our website and services.

This Privacy Policy is governed by applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable federal and state statutes. We comply with all applicable data protection regulations to ensure your rights are protected.

1. About Us

Giordanos is a food service business operating in the United States. We provide restaurant services, online food ordering, catering, and related food and beverage experiences. For all privacy-related inquiries, you may contact us using the details below:

2. Information We Collect

We collect various categories of personal information in order to provide you with the best possible dining and ordering experience. The information we collect depends on how you interact with us and what services you use.

2.1 Personal Identification Information

When you create an account, place an order, make a reservation, or contact us, we may collect the following personal identification information:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Billing address
• Date of birth (for age verification purposes or promotional offers)
• Username and password (for account holders)
• Profile preferences such as dietary restrictions or favorite menu items

2.2 Payment and Financial Information

When you place an order or make a purchase through our website or affiliated platforms, we collect payment-related information. This may include:

• Credit card or debit card number (last four digits only, as full card data is processed by our payment processors)
• Billing name and address
• Transaction amount and date
• Payment method type (e.g., Visa, Mastercard, PayPal)

We do not store full credit card numbers on our servers. All payment processing is handled by PCI-DSS-compliant third-party payment processors.

2.3 Usage and Behavioral Data

We automatically collect certain information about how you interact with our website and digital services. This includes:

• Pages you visit and the order in which you visit them
• Items you view, add to cart, or purchase
• Links you click
• Time spent on pages
• Search queries entered on our website
• Referring website or URL (the website from which you came to ours)
• Exit pages
• Frequency and duration of visits

2.4 Device and Technical Information

We collect technical information about the device and browser you use to access our website:

• IP address
• Browser type and version
• Operating system and version
• Device type (desktop, mobile, tablet)
• Screen resolution
• Device identifiers
• Time zone settings
• Language preferences

2.5 Location Data

With your permission, we may collect your geolocation data to facilitate food delivery, show nearby restaurant locations, or provide location-relevant offers. You can disable location tracking through your browser or device settings at any time.

2.6 Communications Data

If you contact us via email, phone, contact form, live chat, or social media, we collect the content of those communications, including your name, contact details, and the substance of your inquiry or feedback. We may record phone calls for quality assurance and training purposes, where permitted by applicable law.

2.7 Marketing and Preference Data

We collect information about your marketing preferences, including whether you have opted in or out of receiving promotional emails, SMS messages, or push notifications, as well as your responses to surveys, promotions, and loyalty programs.

2.8 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing activity on our website. Please refer to Section 8 of this Privacy Policy for detailed information about our use of cookies.

3. How We Use Your Information

We use the personal information we collect for a variety of purposes, all of which are aimed at providing you with exceptional service and improving your overall experience with Giordanos. Specifically, we use your information for the following purposes:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders and delivery requests
• Managing restaurant reservations and bookings
• Processing payments and issuing receipts or invoices
• Creating and managing your customer account
• Sending order confirmations, delivery updates, and related communications
• Providing customer support and responding to your inquiries or complaints
• Managing loyalty programs, rewards, and promotional offers

3.2 Analytics and Business Intelligence

• Analyzing website traffic, user behavior, and ordering patterns to improve our services
• Understanding customer preferences to enhance menu offerings
• Measuring the effectiveness of our marketing campaigns
• Generating aggregate statistical reports about our customer base
• Conducting market research and customer satisfaction surveys

3.3 Marketing and Promotional Communications

• Sending promotional emails, newsletters, and special offers (with your consent where required)
• Delivering personalized recommendations based on your order history and preferences
• Serving targeted advertisements on third-party platforms
• Notifying you about seasonal promotions, new menu items, and events
• Running contests, sweepstakes, and loyalty reward programs

You have the right to opt out of marketing communications at any time. Every promotional email we send includes an unsubscribe link. You may also contact us directly at [email protected] to opt out.

3.4 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations
• Responding to legal process, court orders, or government requests
• Enforcing our Terms of Service and other legal agreements
• Protecting the rights, property, and safety of Giordanos, our customers, and the public
• Detecting, preventing, and addressing fraud, security incidents, and other illegal activities

3.5 Operational Improvements

• Maintaining and improving the technical functionality of our website
• Testing new features, technologies, and website designs
• Troubleshooting errors, bugs, and technical issues
• Ensuring website security and preventing unauthorized access

4. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information with trusted partners and service providers in the following circumstances:

4.1 Service Providers and Vendors

We work with carefully selected third-party companies that perform services on our behalf. These service providers are contractually obligated to use your information only for the purposes we specify and to protect it in accordance with applicable privacy laws. Categories of service providers include:

• Payment processors – to securely process credit card and other payment transactions
• Delivery partners – to fulfill food delivery orders to your location
• Email marketing platforms – to send promotional emails and newsletters on our behalf
• Analytics providers – to help us understand website usage and customer behavior (e.g., Google Analytics)
• Cloud hosting and IT services – to store and manage our data securely
• Customer support tools – to manage and respond to customer inquiries
• Advertising platforms – to deliver targeted digital advertising

4.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your personal information may be transferred to the successor entity. We will notify you of any such change through a prominent notice on our website or via email, and you will have an opportunity to exercise your privacy rights.

4.3 Legal Requirements and Law Enforcement

We may disclose your personal information if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Protect and defend the rights or property of Giordanos
• Prevent or investigate possible wrongdoing in connection with our services
• Protect the personal safety of users of our services or the public
• Protect against legal liability

4.4 With Your Consent

We may share your information with third parties in other situations with your explicit consent. You may withdraw your consent at any time by contacting us at [email protected].

4.5 Aggregated and Anonymized Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other business purposes. This data does not constitute personal information and is not subject to this Privacy Policy.

5. Data Security

We take the security of your personal information seriously and implement a variety of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction.

5.1 Technical Security Measures

• SSL/TLS encryption for all data transmitted between your browser and our website
• Encryption of sensitive data at rest
• Secure, firewalled servers hosted in certified data centers
• Regular security audits, vulnerability assessments, and penetration testing
• Multi-factor authentication for administrative access to our systems
• Intrusion detection and prevention systems

5.2 Administrative and Organizational Measures

• Access to personal data is restricted to employees and contractors who need it to perform their job functions
• All staff with access to personal data are trained in data protection best practices
• Confidentiality agreements are in place for all personnel handling personal data
• We have incident response plans in place to address data breaches promptly

5.3 Limitations

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law, including within the timeframes mandated by state breach notification statutes.

6. Your Privacy Rights

Depending on your state of residence, you may have specific rights regarding your personal information. We honor these rights as required by applicable United States law, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) for California residents.

6.1 Right to Know and Access

You have the right to request information about the personal data we have collected about you, including the categories of data collected, the purposes for which it is used, the categories of third parties with whom it is shared, and the specific pieces of personal information we hold about you.

6.2 Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. We will take reasonable steps to verify the corrected information before making any updates.

6.3 Right to Deletion

You have the right to request that we delete the personal information we have collected about you, subject to certain exceptions. We may retain certain data where required by law, to complete transactions, to detect and prevent fraud, or to comply with legal obligations.

6.4 Right to Data Portability

Where technically feasible, you have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format so that you may transfer it to another service provider.

6.5 Right to Opt Out of Sale or Sharing

Under the CCPA/CPRA, California residents have the right to opt out of the sale or sharing of their personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense; however, we may share data with advertising partners. California residents may exercise their opt-out rights by contacting us at [email protected].

6.6 Right to Limit Use of Sensitive Personal Information

Under the CPRA, California residents have the right to limit our use and disclosure of sensitive personal information (such as precise geolocation data, payment card information, and account credentials) to only what is necessary to perform the services you have requested.

6.7 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge you a different price, provide a lower quality of service, or suggest that you will receive inferior treatment for exercising your rights under applicable privacy laws.

6.8 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us by:

• Emailing us at: [email protected]
• Visiting our website: giordanos.rest

We will respond to verifiable requests within 45 days of receipt, as required by the CCPA/CPRA. If we need additional time, we will notify you within the initial 45-day period and explain the reason for the extension. We may need to verify your identity before processing your request to protect your information from unauthorized access.

You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written proof of authorization, and we may still require you to verify your identity directly with us.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods vary depending on the type of data and the purpose for which it is held:

When personal information is no longer required, we securely delete or anonymize it so that it can no longer be associated with you. In some cases, data may be retained in backup systems for a short period after deletion from primary systems.

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, personalize content, and serve targeted advertising. This section provides a brief overview of our use of cookies. For full details, please refer to our dedicated Cookie Policy available on our website.

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit, such as your preferences and shopping cart contents.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly. These cannot be disabled without affecting website functionality.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data (e.g., Google Analytics).
• Functional Cookies: Remember your preferences, such as language settings, saved addresses, and login status.
• Marketing and Advertising Cookies: Track your activity across websites to deliver personalized advertisements and measure campaign effectiveness.
• Social Media Cookies: Placed by social media platforms to enable social sharing features and track engagement.

8.3 Managing Cookies

You can control and manage cookie settings through your browser settings or our cookie consent tool on the website. Please note that disabling certain cookies may impact the functionality of our website and your user experience. To learn more or to opt out of specific cookie types, please visit our full Cookie Policy page or contact us at [email protected].

9. Children's Privacy

In compliance with the Children's Online Privacy Protection Act (COPPA) and applicable state laws, we do not knowingly collect, use, or disclose personal information from children under 13 years of age without verifiable parental consent. Individuals between the ages of 13 and 17 are also not intended users of our services.

If we discover that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take immediate steps to delete such information from our systems. If you believe we may have collected information from a child under 13, please contact us immediately at [email protected].

Parents and guardians who have questions or concerns about our data practices relating to minors are encouraged to contact us directly. We take children's privacy extremely seriously and are committed to complying with all applicable laws protecting minors' personal information.

10. International Data Transfers

Giordanos is based in the United States, and all personal information we collect is primarily processed and stored on servers located within the United States. However, some of our third-party service providers, technology partners, and vendors may be located in other countries, which means your personal information may be transferred to and processed in countries outside of the United States.

When we transfer personal information internationally, we take appropriate steps to ensure that your data is protected in accordance with applicable United States privacy laws and that equivalent safeguards are in place, including:

• Entering into data processing agreements with third parties that include standard contractual clauses or equivalent protections
• Ensuring third-party recipients adhere to appropriate data security standards
• Limiting international transfers to countries with adequate data protection frameworks where possible

If you are located outside of the United States and choose to use our services, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country. By using our services, you consent to such transfer and processing.

11. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, delivery apps, and other online services that are not owned or controlled by Giordanos. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of third-party websites and encourage you to review the privacy policies of any third-party sites you visit.

Third-party integrations we commonly use may include, but are not limited to, food delivery platforms (such as DoorDash, Uber Eats, Grubhub), payment processors (such as Stripe or Square), social media platforms (such as Facebook, Instagram, and Twitter/X), and mapping services (such as Google Maps). Each of these third parties operates under its own privacy policy and data practices.

12. California-Specific Privacy Rights (CCPA/CPRA)

If you are a resident of California, you are entitled to specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In addition to the rights described in Section 6, California residents have the following additional protections:

12.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email address, IP address, phone number)
• Commercial information (purchase history, order records)
• Internet or other electronic network activity (browsing behavior, interaction with our website)
• Geolocation data (with your consent)
• Inferences drawn from the above to create a customer profile

12.2 Do Not Sell or Share My Personal Information

California residents have the right to opt out of the sale or sharing of their personal information. While we do not sell personal information in the traditional sense, we may share certain data with advertising partners in ways that could be considered "sharing" under the CPRA. To exercise this right, contact us at [email protected] with the subject line "Do Not Sell or Share My Personal Information."

12.3 Shine the Light Law

Under California's "Shine the Light" law (Civil Code Section 1798.83), California residents who have an established business relationship with us may request a list of the categories of personal information disclosed to third parties for their direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. To make such a request, please contact us at [email protected].

13. Filing a Privacy Complaint

If you have concerns about how we handle your personal information and believe we have not addressed your concerns adequately, you have the right to file a complaint with the appropriate regulatory authority.

13.1 Filing a Complaint with Us First

We encourage you to contact us first so that we can attempt to resolve your concern directly:

• Email: [email protected]
• Website: giordanos.rest

We will acknowledge your complaint within 10 business days and aim to provide a full response within 30 days.

13.2 Regulatory Authorities

If you are unsatisfied with our response, you may contact the following regulatory bodies:

• Federal Trade Commission (FTC) – for general consumer protection concerns:
  www.ftc.gov/contact | 1-877-FTC-HELP (1-877-382-4357)
• California Privacy Protection Agency (CPPA) – for California residents with CCPA/CPRA concerns:
  cppa.ca.gov
• State Attorney General – residents may contact their state Attorney General's office for privacy-related complaints.

14. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, technology, legal requirements, or regulatory guidance. When we make material changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on our website with a new "Last Updated" date
• Send a notification email to registered account holders where appropriate
• Display a prominent notice on our website homepage

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

15. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please do not hesitate to reach out to us. We are committed to addressing your privacy concerns promptly and transparently.

This Privacy Policy was last reviewed and updated on May 16, 2026. It applies to all personal information collected through giordanos.rest and any associated services provided by Giordanos in the United States.