Privacy Policy

Effective Date: May 28, 2026 | Last Updated: May 28, 2026

This Privacy Policy explains how Dions ("we," "us," "our," or "the Company") collects, uses, discloses, retains, and protects information about you when you visit our website at cafe-dions.digital, place orders, interact with our services, or otherwise engage with us. We are committed to protecting your privacy and handling your personal information with transparency, integrity, and in full compliance with applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant federal and state regulations.

Please read this Privacy Policy carefully before using our website or services. By accessing cafe-dions.digital, submitting an order, signing up for our newsletter, or otherwise interacting with Dions, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our website and services.

1. Who We Are

Dions is a food service business operating in the United States. We provide customers with food and beverage products, online ordering capabilities, catering inquiries, loyalty programs, and related services through our digital platforms and physical locations.

Company Name	Dions
Website	cafe-dions.digital
Email Address	[email protected]

For all privacy-related inquiries, requests, or concerns, please contact us using the details provided above or as further described in Section 13 of this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

All visitors to the website cafe-dions.digital
Customers who place orders online or through any affiliated ordering platform
Individuals who register for a loyalty or rewards account
Subscribers to our email newsletters, promotional communications, or SMS marketing
Individuals who contact us via email, phone, social media, or web forms
Anyone who participates in surveys, contests, or promotional events organized by Dions

This policy does not apply to third-party websites, platforms, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

3. Information We Collect

We collect various categories of personal information depending on your interaction with us. The following subsections describe the types of data we may collect.

3.1 Personal Identification Information

When you create an account, place an order, or contact us, we may collect:

Full name
Email address
Phone number
Mailing or delivery address (including street address, city, state, and ZIP code)
Date of birth (where required for age verification or promotional purposes)
Username and password for account access

3.2 Transaction and Order Information

When you place an order or make a purchase through our platform, we collect:

Order history, including items purchased, quantities, and prices
Billing and payment information (note: full payment card numbers are processed by PCI-compliant third-party payment processors and are not stored on our servers)
Special instructions or dietary preferences associated with your order
Delivery or pickup preferences
Refund and return records

3.3 Usage Data and Online Activity

When you visit or interact with cafe-dions.digital, we automatically collect certain information about your browsing behavior, including:

Pages viewed and time spent on each page
Links clicked within our website
Search terms entered on our website
Referring URLs (the website that directed you to our site)
Session duration and frequency of visits
Shopping cart abandonment data

3.4 Device and Technical Information

We automatically collect technical information from your device when you access our website, including:

IP address
Browser type and version
Operating system and device type (desktop, mobile, tablet)
Screen resolution
Language settings
Time zone settings
Unique device identifiers

3.5 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage objects, and similar technologies to collect information about your interactions with our website. Please refer to Section 9 of this Privacy Policy for detailed information about our use of cookies and your choices regarding cookie settings.

3.6 Communications and Correspondence

When you contact us by email, phone, or through any contact form, we may collect:

The content of your message or inquiry
Your contact details as provided in the communication
Records of correspondence for quality and compliance purposes

3.7 Marketing Preferences

We collect your preferences regarding promotional emails, SMS messages, and other marketing communications, including your opt-in and opt-out choices.

3.8 Information From Third Parties

We may receive information about you from third-party sources, such as:

Social media platforms (if you choose to link your account or interact with our social media content)
Online advertising networks and analytics providers
Third-party food delivery platforms that process orders on our behalf
Fraud prevention and identity verification services

4. How We Use Your Information

Dions uses the information we collect for the following purposes:

4.1 Service Provision and Order Fulfillment

Processing and fulfilling food orders placed online or through affiliated platforms
Arranging delivery or facilitating in-store/curbside pickup
Managing and maintaining your customer account
Responding to your inquiries, complaints, or support requests
Processing refunds, returns, or adjustments to orders

4.2 Payment Processing

Verifying payment information through our PCI-compliant payment processors
Detecting and preventing fraudulent transactions
Maintaining records of financial transactions as required by law

4.3 Website Improvement and Analytics

Analyzing how visitors use our website to improve user experience and interface design
Monitoring website performance, uptime, and technical errors
Conducting A/B testing and other research to enhance our digital offerings
Understanding customer preferences to refine our menu and service offerings

4.4 Marketing and Promotional Communications

Sending you promotional emails, special offers, or newsletters if you have opted in to receive them
Delivering personalized recommendations based on your order history
Conducting retargeting campaigns via third-party advertising platforms
Managing loyalty programs and notifying you of rewards or points earned

You have the right to opt out of marketing communications at any time. Instructions for opting out are provided in Section 11 of this Privacy Policy.

4.5 Legal Compliance and Safety

Complying with applicable federal, state, and local laws and regulations
Responding to lawful requests from law enforcement or government authorities
Enforcing our Terms of Service and other contractual agreements
Protecting the rights, property, and safety of Dions, our customers, and the public
Investigating potential violations of our policies or applicable laws

4.6 Business Operations

Internal record keeping, accounting, and auditing purposes
Employee training and quality assurance
Evaluating and executing potential business partnerships, mergers, or acquisitions

5. Sharing Your Information With Third Parties

We do not sell your personal information in the traditional sense of selling data. However, as outlined below, we may share your information with certain third parties for legitimate business purposes. California residents should note that certain sharing practices may qualify as a "sale" or "sharing" under the CCPA/CPRA, and your rights regarding such sharing are described in Section 10.

5.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business. These providers are authorized to use your information only as necessary to perform services on our behalf and are contractually bound to maintain appropriate confidentiality and security. Categories of service providers include:

Payment processors: Companies that securely process credit card and other payment transactions
Delivery platform partners: Third-party delivery services that fulfill orders on our behalf
Cloud hosting and IT services: Providers who host our website and databases
Email and SMS marketing platforms: Services used to send you communications you have consented to receive
Analytics providers: Such as Google Analytics, which help us understand website traffic and user behavior
Customer relationship management (CRM) tools: Platforms used to manage customer accounts and interactions
Fraud prevention services: Companies that help verify identity and detect fraudulent activity

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information when required to do so by law or in response to valid legal process, including:

Compliance with subpoenas, court orders, or legal obligations
Cooperation with law enforcement agencies during investigations
Protecting the rights and safety of our customers, employees, or the general public
Defending against legal claims or protecting our legal rights

5.3 Business Transfers

In the event that Dions undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website if such a transfer results in a material change to this Privacy Policy.

5.4 Advertising Partners

We may share certain usage data and device identifiers with online advertising networks to deliver targeted advertisements on third-party websites and social media platforms. These partners operate under their own privacy policies and may use cookies or similar technologies to collect information about your online activities. You may opt out of interest-based advertising as described in Section 9.

5.5 With Your Consent

We may share your information with additional third parties when you have provided your explicit consent to do so, such as when participating in co-branded promotions or partnerships.

6. Data Security

Dions takes the security of your personal information seriously and has implemented reasonable technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Safeguards

SSL/TLS encryption for all data transmitted between your browser and our servers
Secure, encrypted storage for sensitive personal information
Firewalls and intrusion detection systems to prevent unauthorized access
Regular software updates and security patching
PCI DSS-compliant payment processing to protect financial data

6.2 Administrative Safeguards

Access to personal information is restricted to employees and contractors who need it to perform their job functions
All staff members who handle personal data undergo privacy and security training
Confidentiality agreements are in place with employees and third-party vendors
We conduct periodic security risk assessments and audits

6.3 Data Breach Response

In the event of a data breach that poses a risk to your personal information, we will notify affected individuals and relevant authorities in accordance with applicable state and federal breach notification laws, including applicable state data breach notification statutes. We will provide timely notification containing information about the nature of the breach, the data affected, and steps you can take to protect yourself.

Important: While we implement strong security measures, no method of data transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Category of Data	Retention Period
Customer account information	Duration of account, plus 3 years after account closure
Order and transaction records	7 years (for tax and legal compliance purposes)
Marketing and communication preferences	Until you opt out, plus 2 years for record-keeping
Website usage and analytics data	Up to 26 months (varies by analytics provider settings)
Customer service correspondence	3 years from date of last communication
Payment data (partial, tokenized)	As required by PCI DSS and applicable law
Legal claims or dispute records	Duration of legal obligation or proceedings

When personal data is no longer required for its original purpose and there is no legal basis for retention, we will securely delete or anonymize the information.

8. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.

8.1 Rights Under California Law (CCPA/CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as how we have used, shared, or disclosed that information.
Right to Delete: You have the right to request that we delete personal information we have collected about you, subject to certain legal exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information with third parties for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to certain permitted purposes.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide you a different level of quality for exercising your privacy rights.
Right to Data Portability: You have the right to receive your personal information in a portable, readily usable format that allows you to transmit it to another entity.

8.2 General Privacy Rights (All Users)

Regardless of your state of residence, we are committed to providing all users with the following capabilities:

Access: You may request a copy of the personal information we hold about you by contacting us at [email protected].
Correction: If any information we hold about you is inaccurate or incomplete, you may request that we update or correct it.
Deletion: You may request that we delete your personal information from our records, subject to our legal obligations to retain certain data.
Opt Out of Marketing: You may opt out of receiving marketing emails, SMS messages, or other promotional communications at any time.
Account Closure: If you have registered an account, you may request closure of your account at any time.

8.3 How to Submit a Privacy Rights Request

To exercise any of the rights described above, please submit a verifiable request by:

Email: [email protected] with the subject line "Privacy Rights Request"
Website: cafe-dions.digital (contact form)

We will respond to all verifiable requests within 45 days of receipt. If we require additional time, we will notify you in writing within the initial 45-day period and explain the reason for the extension. We may need to verify your identity before processing your request to ensure your information is not disclosed to unauthorized parties.

9. Cookies and Tracking Technologies

Dions uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing efforts. This section provides an overview of our cookie practices.

9.1 Types of Cookies We Use

Strictly Necessary Cookies: These are essential for the website to function properly, including enabling you to add items to your cart, log in to your account, and complete purchases. These cookies cannot be disabled.
Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most frequently and whether users receive error messages. We use tools such as Google Analytics for this purpose.
Functional Cookies: These cookies remember your preferences and choices (such as your saved address or language settings) to provide a more personalized experience.
Marketing and Targeting Cookies: These cookies are used to deliver advertisements relevant to your interests and to measure the effectiveness of our marketing campaigns. They may be set by us or by third-party advertising partners.

9.2 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified when new cookies are set. Please note that disabling certain cookies may affect the functionality of our website.

For more information about interest-based advertising and how to opt out, you may visit:

For a full description of our cookie practices, please refer to our dedicated Cookie Policy available on cafe-dions.digital.

10. Do Not Sell or Share My Personal Information

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to opt out of the sale or sharing of their personal information. While Dions does not sell personal information for monetary compensation, certain disclosures of information to advertising partners for cross-context behavioral advertising may qualify as "sharing" under California law.

To opt out of the sale or sharing of your personal information, please contact us at [email protected] with the subject line "Do Not Sell or Share My Personal Information." We will honor your request within the timeframe required by applicable law and will not discriminate against you for making this request.

11. Marketing Communications and Opt-Out

With your consent, we may send you promotional emails, SMS messages, push notifications, or other marketing communications about our products, special offers, events, and loyalty program updates.

11.1 How to Opt Out

Email marketing: Click the "Unsubscribe" link at the bottom of any promotional email you receive from us.
SMS marketing: Reply "STOP" to any SMS message we send you.
Account settings: Update your communication preferences in your Dions account dashboard (if applicable).
Email us directly: Send a request to [email protected] requesting removal from all marketing lists.

Please note that even after opting out of marketing communications, you may still receive transactional or service-related communications, such as order confirmations, delivery updates, and account security notifications. These messages are necessary to fulfill your orders and maintain your account.

12. Children's Privacy

Age Restriction: Our website and services are intended exclusively for individuals who are 18 years of age or older.

Dions does not knowingly collect, use, or disclose personal information from individuals under the age of 18. Our website is not directed at children, and we do not knowingly market our services to minors.

If you are a parent or legal guardian and believe that your child under the age of 18 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon receiving notice, we will take prompt steps to verify the claim and, if confirmed, will delete the child's personal information from our records as quickly as reasonably practicable.

We comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal information from children under the age of 13 without verifiable parental consent. Our practices exceed COPPA requirements by applying an 18-year minimum age threshold across all our digital services.

13. International Data Transfers

Dions is a United States-based business, and all of our primary data processing activities take place within the United States. However, some of our third-party service providers — including cloud hosting services, analytics platforms, and marketing tools — may process or store data on servers located outside of the United States.

If your personal information is transferred internationally, we take steps to ensure that such transfers are conducted in compliance with applicable laws and that your information is afforded an appropriate level of protection. This may include implementing contractual data protection clauses with our service providers or relying on other lawful transfer mechanisms.

By using our website and services, you acknowledge and consent to the potential transfer of your information to countries outside of your country of residence, including countries that may not provide the same level of data protection as your home country. We will always implement safeguards to protect your personal information regardless of where it is processed.

14. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or services not operated or controlled by Dions. These may include food delivery platforms, payment processors, or social media sharing buttons. We have no control over and assume no responsibility for the content, privacy policies, or data practices of any third-party services.

We strongly encourage you to review the privacy policy of every website or service you visit before providing any personal information. The inclusion of a link to a third-party website does not constitute an endorsement of that site's privacy practices by Dions.

15. FTC Act Compliance and Consumer Protection

Dions is committed to fair and transparent data practices in accordance with the Federal Trade Commission Act (FTC Act) and associated FTC regulations and guidance. We do not engage in deceptive or unfair practices regarding the collection, use, or sharing of your personal information. Our privacy representations are accurate, and we take meaningful steps to fulfill our privacy commitments.

If you believe that our data practices are unfair, deceptive, or in violation of applicable consumer protection laws, you have the right to file a complaint with the Federal Trade Commission (FTC) at ftc.gov/complaint or by calling 1-877-FTC-HELP (1-877-382-4357).

16. How to File a Privacy Complaint

If you have concerns about how Dions handles your personal information, we encourage you to contact us first so we can address your concerns directly.

16.1 Contact Dions Directly

Send your concern or complaint to:

Email	[email protected]
Subject Line	Privacy Complaint
Website	cafe-dions.digital

We will acknowledge your complaint within 10 business days and will work to resolve it within 30 days. If a more complex investigation is required, we will keep you informed of the progress.

16.2 Regulatory Authorities

If your concern is not satisfactorily resolved by contacting us directly, you may escalate your complaint to the relevant regulatory authority. Depending on your location and the nature of your complaint, relevant authorities include:

Federal Trade Commission (FTC): ftc.gov/complaint — for complaints regarding unfair or deceptive data practices
California Privacy Protection Agency (CPPA): cppa.ca.gov — for California residents with CCPA/CPRA-related complaints
California Attorney General: oag.ca.gov/privacy — for privacy-related concerns under California law
Your state Attorney General's office — for privacy complaints under your state's consumer protection laws

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technology. When we make material changes to this Privacy Policy, we will:

Update the "Last Updated" date at the top of this page
Post a prominent notice on our website homepage or at the point of data collection
Send an email notification to registered users if the changes significantly affect their rights

Your continued use of our website or services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically to stay informed of how we are protecting your information.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact our privacy team:

Company	Dions
Website	cafe-dions.digital
Email	[email protected]
Privacy Request Subject	Privacy Policy Inquiry / Privacy Rights Request

We are committed to working with you to resolve any privacy-related concerns promptly and in good faith.

Summary of Key Rights: You have the right to access, correct, delete, and port your personal data. You may opt out of marketing communications and, where applicable under California law, opt out of the sale or sharing of your personal information. To exercise any of these rights, contact us at [email protected].

This Privacy Policy was last reviewed and updated on May 28, 2026. All provisions are effective as of this date.