Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: December 2024

1. Introduction

At Dions, we are committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy outlines our practices regarding the collection, use, storage, and disclosure of personal data when you use our food services, visit our website, or interact with our business.

This policy applies to all services offered by Dions, including our restaurant operations, online ordering system, delivery services, catering offerings, loyalty programs, and any digital platforms we operate. By using our services, creating an account, placing orders, or providing your information, you agree to the terms outlined in this Privacy Policy.

Our Commitment: We never sell your personal data to third parties for their marketing purposes. Your trust is fundamental to our business, and we are dedicated to transparent, responsible data handling practices that respect your privacy rights.

If you have questions about this policy or our privacy practices, please contact us using the information provided in Section 13.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our services:

  • Personal Identification: Name, email address, phone number, postal address, date of birth
  • Account Information: Username, password, order history, dietary preferences, allergen information
  • Food Service Specific Data:
    • Delivery addresses and location data for order fulfillment
    • Allergen information and dietary restrictions (vegan, vegetarian, gluten-free, halal, kosher)
    • Special dietary requirements and food preferences
    • Favorite orders and customization preferences
    • Loyalty program participation and rewards data
    • Table reservation information and party size
    • Catering event details, guest count, and special requirements
  • Payment Information: Credit/debit card details, billing address (stored in encrypted format through secure payment processors)
  • Communication Data: Contact form submissions, customer reviews, feedback, support inquiries
  • Marketing Preferences: Newsletter subscriptions, promotional communications consent, preferred contact methods

2.2 Automatically Collected Information

When you visit our website or use our digital services, we automatically collect certain information:

  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, search queries, referral sources
  • Cookie Data: Session identifiers, user preferences, authentication tokens, analytics data
  • Location Information: Approximate location derived from IP address for delivery zone determination
  • Order Tracking Data: Delivery status, preparation times, driver location (when applicable)

2.3 Information from Third Parties

We may receive information from external sources:

  • Social Media: Profile information if you connect social media accounts to our services
  • Payment Processors: Transaction confirmations and fraud prevention data
  • Delivery Partners: Delivery confirmation and customer feedback
  • Marketing Partners: Campaign performance data and demographic information (anonymized)
  • Review Platforms: Public reviews and ratings you post about our services

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Fulfilling food orders, coordinating preparation and delivery
  • Account Management: Creating and maintaining user accounts, authentication, password resets
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Quality Improvement: Analyzing service performance, optimizing delivery routes, improving food quality
  • Personalization: Customizing menu recommendations based on dietary preferences and order history

3.2 Communication

  • Order Communications: Confirmations, preparation updates, delivery notifications, receipt emails
  • Customer Support: Responding to questions, feedback, and service requests
  • Important Notices: Policy changes, service updates, security alerts
  • Marketing Communications: Promotional offers, new menu items, special events (with explicit consent only)
  • Loyalty Program: Rewards notifications, points balance updates, exclusive offers

3.3 Marketing and Analytics

  • Personalized Advertising: Showing relevant offers based on preferences and order history
  • Traffic Analysis: Understanding website usage patterns and popular menu items
  • Campaign Effectiveness: Measuring marketing campaign performance and ROI
  • Market Research: Developing new menu items and services based on customer preferences
  • Business Intelligence: Analyzing trends to improve operations and customer experience

3.4 Legal Compliance

  • Legal Requests: Responding to court orders, subpoenas, and law enforcement requests
  • Fraud Prevention: Detecting and preventing fraudulent activities and security threats
  • Safety Protection: Protecting the rights, property, and safety of customers, employees, and the public
  • Dispute Resolution: Resolving legal disputes and enforcing our terms of service
  • Regulatory Compliance: Meeting food safety, health department, and business licensing requirements

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our business:

  • Payment Processors: Secure transaction processing and fraud prevention (e.g., Stripe, Square)
  • Delivery Partners: Third-party delivery services for order fulfillment and tracking
  • Cloud Storage Providers: Secure data storage and backup services (e.g., AWS, Google Cloud)
  • Email Services: Marketing campaign management and transactional email delivery
  • Analytics Tools: Website usage analysis and performance monitoring (e.g., Google Analytics)
  • Customer Support: Help desk and customer service platform providers
  • Food Safety Compliance: Third-party auditing and compliance monitoring services

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • Court Orders: Compliance with valid court orders and subpoenas
  • Legal Compliance: Meeting legal obligations under applicable laws and regulations
  • Rights Protection: Protecting our intellectual property, trade secrets, and business interests
  • Public Safety: Responding to emergencies and protecting public health and safety
  • Law Enforcement: Cooperating with legitimate law enforcement investigations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Asset Transfer: Customer information may be transferred as part of business assets
  • Customer Notification: We will notify customers before any ownership transfer
  • Policy Compliance: New owners must comply with existing privacy commitments
  • Opt-out Rights: Customers may request data deletion before transfer completion

4.4 With Your Consent

We will share your information for other purposes only with your explicit consent, such as:

  • Participating in customer testimonials or case studies
  • Sharing feedback with partner restaurants or suppliers
  • Including you in promotional materials or social media campaigns

5. Data Security

5.1 Technical Measures

We implement comprehensive technical safeguards to protect your information:

  • Encryption: SSL/TLS encryption for all data transmission and AES-256 encryption for stored sensitive data
  • Firewall Systems: Advanced firewall protection and intrusion detection systems
  • Access Control: Role-based access controls limiting data access to authorized personnel only
  • Monitoring: 24/7 security monitoring and automated threat detection
  • Data Backups: Regular encrypted backups stored in geographically separate secure locations
  • Network Security: Secure network architecture with segmented systems and VPN access
  • Payment Security: PCI DSS compliant payment processing with tokenization

5.2 Organizational Measures

Our organizational security practices include:

  • Employee Training: Regular security awareness training for all staff members
  • Data Handling Procedures: Strict protocols for accessing, processing, and storing personal data
  • Third-party Agreements: Comprehensive confidentiality and security agreements with all service providers
  • Incident Response: Detailed security incident response plan with rapid notification procedures
  • Security Audits: Regular internal and external security assessments and penetration testing
  • Background Checks: Security screening for employees with access to sensitive data

5.3 Your Responsibilities

You can help protect your information by:

  • Strong Passwords: Using complex, unique passwords for your account
  • Password Protection: Never sharing your login credentials with others
  • Secure Logout: Logging out of your account on shared or public computers
  • Phishing Awareness: Being cautious of suspicious emails or links claiming to be from Dions
  • Immediate Reporting: Contacting us immediately if you suspect unauthorized account access
  • Software Updates: Keeping your devices and browsers updated with the latest security patches

Security Breach Notification: In the unlikely event of a data breach that affects your personal information, we will promptly notify you and relevant authorities within 72 hours of discovery, as required by applicable laws.

6. Cookies and Tracking Technologies

We use various tracking technologies to enhance your experience and analyze website usage:

Cookie Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart contents Session (deleted when browser closes)
Functional Cookies User preferences, language settings, delivery location Up to 1 year
Analytics Cookies Usage analysis, performance measurement, site improvement Up to 2 years
Marketing Cookies Personalized advertising, campaign measurement Up to 1 year

Tracking Technologies Used:

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising measurement and retargeting
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for enhanced functionality
  • Session Storage: Temporary data storage for single browsing sessions

Cookie Management: You can control cookies through your browser settings. Most browsers allow you to accept, reject, or delete cookies. However, disabling certain cookies may affect website functionality, including the ability to place orders or access account features. You can also opt out of personalized advertising through industry opt-out pages.

7. Your Rights (GDPR/CCPA Compliance)

Under applicable privacy laws, you have the following rights regarding your personal data:

  • 7.1 Right of Access - Request access to view your personal data we maintain
  • 7.2 Right to Rectification - Request correction of inaccurate or incomplete data
  • 7.3 Right to Erasure (Right to be Forgotten) - Request deletion of your personal data
  • 7.4 Right to Restrict Processing - Request limitation on how we use your data
  • 7.5 Right to Data Portability - Receive your data in a machine-readable format
  • 7.6 Right to Object - Object to processing, especially for marketing purposes
  • 7.7 Right Against Automated Decision-Making - Opt out of automated profiling decisions

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the methods outlined in Section 13. We will respond to your request within 30 days and may require verification of your identity to protect your privacy. Some rights may be limited by legal obligations or legitimate business interests, which we will explain in our response.

No Discrimination: We will not discriminate against you for exercising your privacy rights. You will receive the same quality of service regardless of your privacy choices.

8. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16 without parental consent.

Parental Notification: If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We will promptly investigate and delete any such information from our systems.

Age Verification: We may implement age verification measures for certain services, particularly those involving alcohol delivery or age-restricted promotions.

Educational Programs: Any educational or community programs involving minors will require explicit parental consent and supervision in accordance with applicable child protection laws.

9. International Data Transfers

9.1 Protection Measures

When we transfer data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: Transfers to countries with EU-approved data protection standards
  • Standard Contractual Clauses (SCC): EU-approved contract terms for international transfers
  • Data Processing Agreements: Comprehensive agreements with international service providers
  • Security Measures: Enhanced encryption and access controls for international transfers
  • Compliance Audits: Regular audits of international partners' data protection practices

9.2 Transfer Destinations

We may transfer your data to the following regions with appropriate safeguards:

  • United States: Cloud storage and data processing services
  • European Union: Analytics and customer support services
  • Other Countries: As needed for business operations, always with appropriate protection measures

10. Data Retention Periods

We retain your information only as long as necessary for the purposes outlined in this policy:

Information Type Retention Period Reason
Account information 6 months after account deletion Legal obligations, dispute resolution
Order and purchase history 7 years Tax and accounting requirements
Marketing consent records 3 months after withdrawal Consent record keeping for compliance
Website usage logs Up to 2 years Security monitoring and analytics
Customer support records 3 years Service quality improvement
Payment transaction data 7 years Financial regulations and auditing
Food safety records 5 years Health department compliance

Safe Data Disposal

When data retention periods expire, we ensure secure disposal through:

  • Electronic Deletion: Complete removal of data using industry-standard deletion methods that make recovery impossible
  • Physical Record Destruction: Secure shredding of any physical documents containing personal information
  • Backup Data Removal: Deletion from all backup systems and archived copies
  • Disposal Documentation: Maintaining records of data disposal for compliance verification

11. Third-Party Links

Our website and services may contain links to external websites, social media platforms, and third-party services. This Privacy Policy does not apply to these external sites.

Third-Party Responsibility: We are not responsible for the privacy practices, data collection, or content of third-party websites. These sites operate independently and may have different privacy policies and terms of service.

Review Policies: We encourage you to review the privacy policies of any third-party websites before providing your personal information. Pay particular attention to how they collect, use, and protect your data.

Your Responsibility: When clicking on third-party links or using external services, you do so at your own discretion and risk. Be cautious about sharing personal information on external platforms.

12. Policy Changes

12.1 Change Notification

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make changes, we will notify you through:

  • Website Notice: Prominent announcement on our website homepage
  • Email Notification: Direct email to registered users about significant changes
  • Account Notification: Pop-up notification when you log into your account
  • Consent for Significant Changes: Explicit consent may be required for material changes that affect how we use your data

12.2 Checking for Changes

To stay informed about our privacy practices:

  • Latest Version: The most current version is always available on our website
  • Update Date: Check the 'Last Updated' date at the top of this policy
  • Continued Use: Continued use of our services after policy changes constitutes acceptance
  • Disagreement: If you disagree with changes, you may stop using our services or contact us to discuss your concerns

13. Contact Information

Contact Details

  • Company: Dions
  • Address: 2556 15th St, Denver, CO 80211, USA
  • Phone: +1 303-455-9463
  • Email: [email protected]
  • Business Hours: Monday-Friday 9:00 AM - 6:00 PM MST
  • Privacy Questions: [email protected]

Response Commitment: We will respond to all privacy-related inquiries within 3 business days. For urgent matters involving data security or unauthorized access, please call our customer service line immediately.

13.1 Complaints and Concerns

If you have concerns about our privacy practices:

  • Contact Us First: Please reach out to us directly for the fastest resolution
  • Supervisory Authority: If you're unsatisfied with our response, you may contact your local privacy regulator:
    • EU Residents: Your local Data Protection Authority
    • California Residents: California Attorney General's Office
    • Other US Residents: Federal Trade Commission (FTC)

14. Withdrawal of Consent

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications at any time through:

  • Email Unsubscribe: Click the unsubscribe link in any marketing email
  • Account Settings: Update your communication preferences in your account dashboard
  • Customer Support: Contact our customer service team to update your preferences
  • Immediate Effect: Changes will be processed within 48 hours

14.2 Account Deletion

To permanently delete your account and associated data:

  1. Log into your account and navigate to Account Settings
  2. Select "Delete Account" and confirm your decision
  3. We will send a confirmation email with a final deletion link
  4. Click the link within 7 days to complete permanent deletion
  5. Some data may be retained for legal compliance as outlined in Section 10

Note: Account deletion is permanent and cannot be undone. You will lose access to order history, loyalty points, and saved preferences.

15. Conclusion

At Dions, protecting your privacy is not just a legal obligation—it's fundamental to the trust relationship we build with every customer. We understand that when you choose our food services, you're not just ordering a meal; you're trusting us with your personal information, dietary preferences, and family's safety.

Our commitment extends beyond compliance with privacy laws. We continuously invest in security technologies, train our staff on data protection best practices, and regularly review our procedures to ensure your information remains secure. Whether you're ordering your favorite pizza for a family dinner or planning a large catering event, you can trust that your privacy is our priority.

We believe in transparency and encourage you to contact us with any questions about this policy or our privacy practices. Your feedback helps us improve our services and better protect your information. Thank you for choosing Dions and trusting us with your dining experience.

Remember to check this page periodically for updates. We're committed to keeping you informed about how we protect and use your information as our services and technology evolve.

This Privacy Policy was last updated in December 2024.