Privacy Policy for Tootsies Restaurants

1. Introduction

At Tootsies Restaurants (“we,” “us,” or “our”), accessible via https://tootsiesrestaurants.com, we recognize the paramount importance of your privacy and are dedicated to safeguarding the personal data you entrust to us. We are committed to maintaining transparency, integrity, and accountability in how we collect, use, and share your data. This Privacy Policy outlines the scope of our personal data practices and affirms our commitment to complying with applicable privacy laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of Policy and Role as Data Controller

This Privacy Policy applies to all users who access, browse, engage with, or submit information through tootsiesrestaurants.com or communicate with us via digital or physical means. For the purposes of GDPR and other data protection laws, Tootsies Restaurants acts as the “Data Controller” in relation to your personal data that we process, meaning we determine the purposes and means of its processing.

3. Categories of Data We Process

We may collect and process the following categories of personal data:

a. Usage Data
This includes technical information such as IP addresses, browser type and version, time zone settings, pages visited, session duration, referral sources, and other analytical data. It helps us optimize the functionality and performance of our website.

b. Account Data
If you create an account with us (e.g., to make a reservation or sign up for loyalty programs), we collect your name, postal address, email address, telephone number, and login credentials.

c. Profile Data
Profile Data encompasses your dining preferences, order history, feedback, and behavioral trends, which may be used to personalize services and offers.

d. Communication Data
This includes records of communications you have with us via contact forms, customer service emails, or other mediums, including transcripts, timestamps, and metadata.

e. Technical Data
Collected from your device or browser, this data includes device identifiers, operating systems, system configurations, language settings, screen resolution, and mobile network information.

f. Transaction Data
Information related to purchases or bookings you make through our website, including billing addresses, payment method details (processed via third-party secure payment providers), and delivery or service arrangements.

g. Preference Data
We collect consent statuses for marketing communication, as well as product and service interest indicators, which help us tailor experiences and outreach accordingly.

4. Legal Bases for Processing Personal Data

We process your personal data in accordance with the following lawful bases:

– Consent: Where required, we rely on your explicit consent to process data (e.g., for marketing or cookies).
– Contractual Necessity: To fulfill a contract with you (e.g., reservations or transactions).
– Legal Obligation: To comply with legal and regulatory requirements.
– Legitimate Interests: To deliver better services, enhance user experience, and maintain network security, always ensuring your fundamental rights and freedoms are respected.

5. Your Rights

Under GDPR and CCPA, you have several rights regarding your personal information:

– Right to Access: You may request access to your personal data and obtain confirmation of whether we process it.
– Right to Rectification: You may request corrections to any inaccurate or incomplete personal data.
– Right to Erasure: You can request deletion of your data, subject to applicable legal or contractual retention obligations.
– Right to Restriction: You may request a temporary or permanent suspension of the processing of all or part of your data.
– Right to Data Portability: Upon request, we can provide your data in a structured, commonly used, and machine-readable format for transfer to another data controller.
– Right to Object/Opt-Out: You may object to data use based on legitimate interests or withdraw consent at any time without impacting previously lawful processing.

To exercise your rights, contact us at: [email protected].

6. Security Measures

We implement industry-standard security safeguards to maintain the confidentiality, integrity, and availability of your personal data. These measures include encryption protocols, administrative access controls, employee training on data privacy practices, secure backups, and regular system audits.

7. International Data Transfers

Tootsies Restaurants may process or transfer your data to countries outside your jurisdiction, including the United States. When doing so, we employ safeguards consistent with GDPR requirements, including Standard Contractual Clauses and ensuring service providers adhere to appropriate data protection standards.

8. Data Retention

We retain personal data only for as long as necessary:

– Usage and Technical Data: Up to 24 months for analytical purposes.
– Account and Profile Data: For the duration of your active account plus 12 months post-deactivation.
– Transaction Data: Seven (7) years, in compliance with accounting and tax obligations.
– Communication Data: Twelve (12) months from last contact.
– Preference Data: Until consent is withdrawn or for up to 36 months for marketing purposes.

9. Cookie Policy

We use cookies and similar tracking technologies on tootsiesrestaurants.com to enhance user experience and analyze site performance. Categories include:

– Essential Cookies: Enable core site functionality (e.g., login, navigation).
– Functional Cookies: Remember your preferences and settings.
– Analytics Cookies: Collect aggregate data on website usage and user behavior.
– Performance Cookies: Monitor website efficiency and error tracking.

10. Cookie Management & Compliance

Upon your first visit to tootsiesrestaurants.com, you are presented with a cookie consent prompt, where you can accept all cookies or adjust your preferences. You may also manage cookie settings through your browser. In compliance with GDPR and CCPA, we obtain consent for non-essential cookies and honor browser-level “Do Not Track” signals in relevant jurisdictions.

11. Children’s Privacy

Tootsies Restaurants does not knowingly collect or solicit personal data from individuals under the age of 13. Any data inadvertently collected from children will be promptly deleted upon discovery. If you believe we may have collected data from a minor without parental consent, please contact us at [email protected].

12. Updates to this Policy

We may amend this Privacy Policy at our discretion to reflect changes in legal, technological, or operational practices. We will provide prominent notice of any material changes via our website. We encourage users to periodically review this policy to remain informed of updates.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights concerning your personal data, please contact our Data Protection Officer by emailing us at: [email protected].

We are committed to full compliance with applicable privacy regulations and will assist with any inquiries you may have regarding your data rights and our processing activities.