Privacy Policy
Bistro du Soleil (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the confidentiality, integrity, and availability of your personal information. This Privacy Policy outlines how we collect, use, store, and safeguard your data when you interact with our website bistrodusoleil.com and our related services. We are dedicated to preserving your trust and complying with all applicable privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
We value the privacy and security of every individual who visits bistrodusoleil.com or communicates with our team. We adhere to a privacy-first approach in designing our services and data practices, ensuring transparency, fairness, and accountability in how we process personal data.
2. Scope of Policy and Data Controller
This Privacy Policy applies to all personal data collected through bistrodusoleil.com and our digital communications. The data controller for collected personal data is Bistro du Soleil, and inquiries regarding data processing may be directed to [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Information about how you interact with our website, including browser type, IP address, pages viewed, session duration, links clicked, referring URLs, and cookies used to identify repeat visits.
b. Account Data
Personal information provided during account creation or purchases, such as your full name, email address, billing and shipping addresses, and phone number.
c. Profile Data
Data generated from your interactions with our services, including dining preferences, order history, behavioral patterns, and saved selections.
d. Communication Data
Documents and records of correspondence with us, such as email messages, feedback, support inquiries, contact forms, and any attachments or content shared.
e. Technical Data
Details about the device you use to access bistrodusoleil.com, including device type, operating system, browser settings, time zone, and language preferences.
f. Transaction Data
Information regarding purchases made through our website, including payment method, transaction status, order details, and delivery information. We do not store full credit card numbers; payments are handled securely via third-party processors.
g. Preference Data
Information about your preferences or consents, such as marketing communication opt-ins, notification settings, and interests related to our products and services.
4. Legal Bases for Processing Personal Data
We process your personal data under the following lawful bases in accordance with the GDPR:
– Consent: Where you have provided explicit permission for us to process your data, such as receiving newsletters or promotional offers.
– Contract: Where the processing is necessary to perform a contract with you, such as fulfilling an order.
– Legal Obligation: Where we are legally required to collect, retain, or disclose certain data.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving website functionality, ensuring security, or analyzing usage trends, provided such interests do not override your fundamental rights and freedoms.
5. Your Rights
You have certain rights regarding your personal data under GDPR and CCPA:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You can request deletion of your data under certain conditions.
– Right to Restrict Processing: You may request suspension of processing where contested or unlawful.
– Right to Data Portability: You may receive your data in a structured, commonly used, machine-readable format.
– Right to Object: You can object to certain types of processing, including direct marketing.
– Rights under CCPA: California residents may also request disclosure of data collected, opt-out of the sale of personal information, and request deletion of their personal data.
To exercise your rights, please contact us at [email protected]. We will respond to valid requests in accordance with applicable laws.
6. Security Measures
We deploy robust physical, administrative, and technical safeguards to protect your personal data, including:
– Data encryption in transit and at rest.
– Strict role-based access controls.
– Periodic security audits and vulnerability scans.
– Business continuity and disaster recovery systems.
– Regular employee privacy and data protection training.
While we strive to maintain the highest standards of data security, no transmission over the internet can be guaranteed to be fully secure. We encourage users to take precautionary measures to protect their data.
7. International Data Transfers
When transferring personal data outside of the European Economic Area (EEA) or California, we implement adequate safeguards pursuant to applicable data protection laws. These safeguards may include Standard Contractual Clauses approved by the European Commission or reliance on regulatory frameworks such as the EU-U.S. Data Privacy Framework where applicable.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law:
– Usage Data: Retained for up to 12 months for analytics and performance reviews.
– Account and Profile Data: Retained for the duration of the customer relationship, plus 2 years for administrative or legal purposes.
– Communication Records: Retained for 3 years for customer service quality assurance and legal compliance.
– Transaction Data: Retained for 7 years for tax and accounting obligations.
– Marketing Preferences: Retained until you opt out or withdraw consent.
We will securely delete or anonymize data after retention periods expire.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your experience, analyze usage patterns, and personalize content. We employ the following types of cookies:
– Essential Cookies: Required for core website functionality and secure operation.
– Functional Cookies: Enable enhanced features such as remembering user settings and preferences.
– Analytics Cookies: Collect aggregated data to understand how users interact with our website.
– Performance Cookies: Help assess the effectiveness of content and improve loading times.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, users are provided with clear notice and the ability to manage cookie preferences through a consent banner upon visiting bistrodusoleil.com. You may withdraw or modify consent at any time via the cookie settings link on our website. You may also manage or block cookies via your browser settings.
11. Special Protections for Children
We do not knowingly collect, solicit, or store personal data from individuals under the age of 13. If we become aware of having collected such data without verified parental consent, we will promptly delete it. Parents or guardians who believe their child may have provided information to us should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in legislation, our practices, or user feedback. Substantial changes will be communicated to our users via the website or email to ensure transparency.
13. Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Email: [email protected]
Website: https://bistrodusoleil.com
We are committed to full compliance with applicable data privacy frameworks and welcome your feedback or inquiries regarding your rights and our practices.