Privacy Policy

Effective Date: June 29, 2026  |  Last Updated: June 29, 2026

1. Introduction and Our Commitment to Privacy

At Giordano's Grill, we are deeply committed to protecting the privacy and security of our customers, website visitors, and anyone else who interacts with our business. We understand that when you share personal information with us — whether to place a food order, make a reservation, or simply browse our menu — you are placing trust in us, and we take that responsibility seriously.

This Privacy Policy has been drafted in compliance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other relevant federal and state consumer protection regulations. Whether or not you are a California resident, we extend strong privacy protections to all of our users across the United States.

By accessing our website at giordanosgrill.rest, placing an order, signing up for our newsletter, or otherwise engaging with our digital or physical services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms herein, please refrain from using our website or services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this page periodically. Your continued use of our website following any updates constitutes your acceptance of the revised policy.

2. Who We Are and How to Contact Us

This Privacy Policy applies to the data processing activities of Giordano's Grill. Below are our contact details for all privacy-related matters:

For all privacy inquiries, data access requests, deletion requests, or complaints, please contact us at [email protected]. We are committed to responding to all legitimate privacy requests in a timely manner, consistent with applicable law.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. The following sections provide a detailed breakdown of the types of data we may collect.

3.1 Personal Identification Information

When you interact with us through our website, place an online order, create an account, or communicate with us directly, we may collect the following personal identification details:

• Full name
• Email address
• Phone number
• Billing and delivery addresses (including street address, city, state, and ZIP code)
• Account username and password (stored in encrypted form)
• Date of birth (where required for age verification or promotional purposes)
• Payment information (credit/debit card details, processed through secure third-party payment processors — we do not store full card numbers)
• Dietary preferences and food allergies (where voluntarily provided)

3.2 Transaction and Order Information

When you place an order through our website or other online platforms, we collect:

• Details of food items ordered
• Order history and purchase frequency
• Special instructions or customizations
• Transaction amounts and payment status
• Delivery or pickup preferences
• Promo codes or loyalty rewards used

3.3 Usage Data and Website Analytics

When you visit our website at giordanosgrill.rest, we automatically collect certain technical information about your visit, including:

• IP address
• Browser type and version
• Operating system
• Referring URL (the website that directed you to ours)
• Pages visited on our website and the order in which they were viewed
• Time and duration of visits
• Clickstream data
• Search queries entered on our website
• Error logs and performance data

3.4 Device Information

We may collect information about the device you use to access our website, including:

• Device type (desktop, mobile, tablet)
• Device identifiers (such as advertising ID, where applicable)
• Screen resolution and display settings
• Mobile network information
• Hardware model and firmware version

3.5 Cookie and Tracking Technology Data

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect data about your browsing behavior on our website. This includes session data, preferences, and marketing attribution data. For more detailed information about how we use cookies and how you can manage your preferences, please refer to Section 10 of this Privacy Policy (Cookie Usage).

3.6 Communications Data

When you contact us by email, through our website contact form, or via social media, we collect the content of those communications, your contact details, and any other information you choose to share with us. This includes:

• Customer service inquiries and our responses
• Feedback and reviews submitted to us
• Responses to surveys or promotional campaigns
• Social media messages and comments directed at our official pages

3.7 Marketing and Preference Data

If you sign up for our mailing list, loyalty program, or promotional offers, we collect:

• Marketing preferences and opt-in/opt-out status
• Email open rates and click-through data
• Preferences for specific food categories, cuisines, or menu items
• Response to marketing campaigns or promotions

3.8 Information Collected from Third Parties

We may also receive personal information about you from third parties, including:

• Online ordering and delivery platforms (e.g., DoorDash, Uber Eats, Grubhub) when you order through those services
• Payment processors and financial institutions
• Social media platforms when you interact with our social media pages or use social login features
• Analytics and advertising partners
• Publicly available sources

4. How We Use Your Information

We use the personal information we collect for a variety of purposes, all of which are directed at providing you with a better dining experience and improving our business operations.

4.1 Service Provision and Order Fulfillment

The primary reason we collect personal information is to fulfill your orders and provide you with our food and beverage services. Specifically, we use your information to:

• Process and confirm your food orders and payments
• Coordinate delivery or in-store pickup
• Communicate order status updates, including confirmation, preparation, and delivery notifications
• Manage your account and loyalty program membership
• Respond to customer inquiries and provide customer support
• Handle refunds, returns, or complaints
• Accommodate dietary preferences and food allergy requests

4.2 Website Improvement and Analytics

We analyze usage data to better understand how visitors interact with our website and to continuously improve our digital presence:

• Monitor website traffic and usage patterns
• Diagnose technical issues and improve website performance
• Test new features and content before full deployment
• Personalize your browsing experience
• Optimize menu presentation, online ordering flow, and checkout process

4.3 Marketing and Promotions

With your consent, or where otherwise permitted by law, we may use your personal information to:

• Send promotional emails, newsletters, and special offers
• Inform you about new menu items, seasonal specials, and events
• Deliver personalized offers based on your order history and preferences
• Run loyalty programs and reward campaigns
• Conduct surveys to gather feedback on our products and services
• Display targeted advertisements on third-party platforms

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send you, or by contacting us at [email protected].

4.4 Legal Compliance and Safety

We may use your personal information as necessary to:

• Comply with applicable federal and state laws and regulations
• Respond to lawful requests from law enforcement or government agencies
• Enforce our Terms of Service and other policies
• Prevent, detect, and investigate fraudulent activities or security breaches
• Protect the rights, property, and safety of our business, employees, customers, and the public

4.5 Business Operations

We also use personal information to support our internal business operations, including:

• Accounting, auditing, and financial reporting
• Staff training and quality assurance
• Business planning and strategic decision-making
• Technology maintenance and cybersecurity

5. Sharing Your Information with Third Parties

We do not sell your personal information to third parties. However, we may share your data with select third parties under the following circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party companies and individuals to assist us in operating our website and delivering our services. These service providers are given access to your personal information only to the extent necessary to perform their functions and are contractually obligated to protect your data. Categories of service providers include:

• Payment Processors: Secure payment gateway providers who handle credit card and payment transactions on our behalf
• Delivery Platforms: Third-party food delivery services (such as DoorDash, Uber Eats, or Grubhub) when you order through those channels
• Email Marketing Providers: Platforms we use to send marketing communications and newsletters
• Analytics Providers: Companies such as Google Analytics that help us understand website usage
• IT and Hosting Providers: Companies that host our website and provide technical infrastructure
• Customer Support Software: Tools we use to manage and respond to customer inquiries

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or government request
• Cooperate with federal, state, or local law enforcement agencies
• Enforce our agreements or policies
• Investigate, prevent, or take action regarding illegal activities, suspected fraud, or threats to safety

5.3 Business Transfers

In the event that Giordano's Grill undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity as part of that transaction. We will notify you of any such change in ownership or control of your personal information through a notice on our website or by email, where appropriate.

5.4 Aggregate and Anonymized Data

We may share aggregated, anonymized, or de-identified data with third parties for research, marketing, analytics, or other business purposes. This data cannot be used to identify any individual person and is not subject to the protections described in this Privacy Policy.

5.5 With Your Consent

Outside of the categories described above, we will only share your personal information with third parties when you have given us explicit consent to do so.

6. Data Security

Protecting your personal information is a priority for us. We implement a range of technical, administrative, and physical security measures designed to safeguard your data against unauthorized access, disclosure, alteration, or destruction.

6.1 Security Measures We Employ

• SSL/TLS Encryption: Our website uses Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers
• Password Hashing: Account passwords are stored using industry-standard cryptographic hashing algorithms — we never store passwords in plain text
• Access Controls: Access to personal data is restricted to employees and service providers who have a legitimate business need to access it
• Secure Payment Processing: Payment card data is processed by PCI DSS-compliant payment processors; we do not store full credit card numbers on our servers
• Regular Security Audits: We conduct periodic reviews of our data collection, storage, and processing practices
• Firewall and Intrusion Detection: We deploy firewalls and monitoring systems to detect and prevent unauthorized access to our systems
• Employee Training: Our staff are trained on data privacy and security best practices

6.2 Limitations of Security

While we take data security very seriously, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable federal and state breach notification laws, including those applicable in the state where you reside.

7. Your Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information. We are committed to honoring these rights to the fullest extent required by law.

7.1 Rights Available to All US Residents

Regardless of your state of residence, you have the following general rights:

• Right to Access: You may request a copy of the personal information we hold about you
• Right to Correction: You may request that we correct inaccurate or incomplete personal information
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications from us at any time

7.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a resident of California, the CCPA and its amendment, the CPRA, grant you the following additional rights with respect to your personal information:

• Right to Know: You have the right to know what categories of personal information we collect, the purposes for which it is used, and the categories of third parties with whom it is shared
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions (e.g., where retention is required by law or to complete a transaction)
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Data Portability: You have the right to receive your personal information in a portable, readily usable format
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information, but if this ever changes, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link on our homepage
• Right to Limit Use of Sensitive Personal Information: Where applicable, you have the right to limit the use and disclosure of sensitive personal information
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us by:

• Email: [email protected] with the subject line "Privacy Rights Request"

We will acknowledge receipt of your request within 10 business days and respond substantively within 45 days. If we require additional time (up to 90 days total), we will notify you of the extension and the reason for the delay.

To protect your privacy and security, we will take reasonable steps to verify your identity before fulfilling any access, deletion, or portability request. This may involve confirming your email address or other account information.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization from you, and we may require verification of your identity directly with you.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our general data retention guidelines are as follows:

When personal information is no longer required, we will securely delete or anonymize it in a manner consistent with industry best practices.

9. Children's Privacy

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13 without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete that information from our records.

Furthermore, given the nature of our business, which includes the sale of food and beverages (including potentially alcoholic items subject to state age restrictions), we strongly recommend that individuals under the age of 18 do not use our website or submit personal information without direct parental supervision and consent.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

10. Cookie Usage

Our website at giordanosgrill.rest uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and support our marketing activities.

10.1 What Are Cookies?

Cookies are small text files that are placed on your device by a website when you visit it. They allow the website to remember your actions and preferences (such as login status, language, or shopping cart contents) over a period of time, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another.

10.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our website, including enabling you to log in, add items to your cart, and complete checkout
• Performance and Analytics Cookies: Help us understand how visitors use our website so we can improve it. We may use Google Analytics or similar tools for this purpose
• Functionality Cookies: Allow our website to remember your preferences, such as saved addresses or recently viewed menu items
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across the web

10.3 Managing Your Cookie Preferences

You can control and manage cookies in several ways. Most web browsers allow you to refuse or accept cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at optout.aboutads.info or the Network Advertising Initiative (NAI) at optout.networkadvertising.org.

For more detailed information about the specific cookies we use and your options for managing them, please contact us at [email protected].

11. International Data Transfers

Giordano's Grill is based in the United States and our primary data processing activities take place within the United States. However, some of the third-party service providers we use (such as cloud hosting services, analytics platforms, or email marketing tools) may operate in other countries and may process your data outside of the United States.

When your information is transferred outside of the United States, we take steps to ensure that appropriate safeguards are in place to protect your personal information in accordance with applicable US law and the terms of our data processing agreements with those third parties. This may include contractual data transfer mechanisms, standard contractual clauses, or other legally recognized transfer mechanisms.

If you are located outside the United States and choose to use our website or services, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and operations are located. By using our services, you consent to the transfer of your information to the United States and acknowledge that privacy laws in the United States may differ from those in your home country.

12. Third-Party Links and Services

Our website may contain links to third-party websites, online ordering platforms, social media pages, or other external services that are not owned or controlled by Giordano's Grill. This Privacy Policy applies only to our website and services.

We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party platforms you visit or use in connection with our services, including food delivery apps, payment providers, and social media platforms.

13. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our website does not currently respond to browser-initiated DNT signals. However, we do honor opt-out preferences for cookies and marketing tracking as described in Section 10 of this policy.

14. FTC Compliance and Consumer Protection

We operate our privacy practices in compliance with the Federal Trade Commission Act (FTC Act) and the FTC's guidance on unfair or deceptive acts or practices. We are committed to:

• Being transparent about our data collection and use practices
• Collecting only the minimum amount of personal data necessary to provide our services
• Providing clear and accessible means for consumers to opt out of data collection and marketing
• Protecting consumer data from unauthorized access or misuse
• Honoring the commitments we make in this Privacy Policy

If you believe that we have engaged in any deceptive or unfair privacy practices, you have the right to file a complaint with the Federal Trade Commission as described in Section 15 below.

15. How to File a Privacy Complaint

We take all privacy concerns seriously and encourage you to contact us directly in the first instance so that we can address your complaint promptly.

15.1 Contact Us Directly

If you have a privacy concern, complaint, or believe that we have not complied with this Privacy Policy or applicable data protection law, please contact our privacy team at:

• Email: [email protected]
• Subject Line: Privacy Complaint

We will acknowledge your complaint within 5 business days and work to resolve it within 30 days. If the matter is complex, we will keep you informed of the progress and expected resolution timeframe.

15.2 Filing a Complaint with Regulatory Authorities

If you are not satisfied with our response to your privacy complaint, you have the right to escalate your complaint to the relevant regulatory authority:

16. Changes to This Privacy Policy

We reserve the right to update or revise this Privacy Policy at any time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes to this policy, we will:

• Update the "Last Updated" date at the top of this page
• Post a prominent notice on our website
• Where appropriate and required by law, notify you by email

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services following the posting of any changes constitutes your acceptance of those changes.

17. Governing Law

This Privacy Policy is governed by and shall be construed in accordance with the laws of the United States of America. To the extent that state law applies, the laws of the state in which our principal place of business is located shall govern, without regard to its conflict of law provisions. Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the applicable courts in the United States.

18. Summary of Key Privacy Rights