Privacy Policy

Last Updated: December 15, 2024

1. Introduction

Welcome to Dions ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. At Dions, we believe in transparency and want you to understand how we collect, use, and safeguard your information when you visit our website, place orders, or use our services.

This Privacy Policy covers all information collected through our website, mobile applications, delivery services, dine-in experiences, and catering operations. When you use our services, you trust us with your personal information, and we take that responsibility seriously.

Our Commitment: We never sell your personal data to third parties. Your information is used solely to provide you with the best possible dining and delivery experience.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

  • Personal Identification: Name, email address, phone number, billing and delivery addresses
  • Account Information: Username, password, order history, and account preferences
  • Order Information: Food preferences, dietary restrictions, allergen information, special requests
  • Payment Information: Credit card details, billing information (securely encrypted and stored)
  • Dietary Preferences: Vegetarian, vegan, gluten-free, halal, kosher, and other dietary requirements
  • Loyalty Program Data: Points, rewards, membership status, preferred locations
  • Reservation Information: Table bookings, party size, special occasions, seating preferences
  • Catering Details: Event information, guest count, menu selections, delivery instructions
  • Communication Records: Customer service interactions, feedback, reviews, and surveys
  • Marketing Preferences: Communication preferences, newsletter subscriptions, promotional opt-ins

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on site, click patterns, search terms
  • Location Data: Approximate location based on IP address, precise location (with permission) for delivery
  • Cookie Data: Session IDs, preferences, authentication tokens, analytics data
  • Order Patterns: Frequency of orders, favorite items, ordering times, seasonal preferences

2.3 Information from Third Parties

  • Social Media: Profile information if you connect your social accounts
  • Payment Processors: Transaction verification and fraud prevention data
  • Delivery Partners: Delivery status, driver information, GPS tracking data
  • Marketing Partners: Campaign performance data, demographic information
  • Third-party Apps: Information from food delivery platforms and reservation systems

3. How We Use Your Information

3.1 Service Provision

  • Order Processing: Preparing, cooking, and delivering your food orders
  • Account Management: Creating and maintaining your user account, authentication
  • Payment Processing: Secure transaction processing and billing
  • Delivery Services: Coordinating delivery logistics, tracking orders, driver dispatch
  • Customer Support: Responding to inquiries, resolving issues, providing assistance
  • Loyalty Programs: Managing rewards, points accumulation, and redemption
  • Quality Improvement: Analyzing service performance, food quality, customer satisfaction

3.2 Communication

  • Order Confirmations: Confirming receipt of orders, preparation status, delivery updates
  • Service Notifications: Important updates about our services, menu changes, location hours
  • Customer Support: Responding to questions, feedback, and service requests
  • Marketing Communications: Promotional offers, new menu items, special events (with consent)
  • Safety Communications: Food safety recalls, allergy alerts, health notifications

3.3 Marketing and Analytics

  • Personalization: Customizing menu recommendations based on order history
  • Promotional Campaigns: Targeted offers based on preferences and order patterns
  • Market Research: Understanding customer preferences for menu development
  • Performance Analytics: Website traffic analysis, user behavior insights
  • Campaign Effectiveness: Measuring success of marketing initiatives

3.4 Legal Compliance and Safety

  • Legal Requirements: Complying with food safety regulations, tax obligations
  • Fraud Prevention: Detecting and preventing fraudulent transactions
  • Security: Protecting against unauthorized access, cyber threats
  • Dispute Resolution: Handling customer complaints, chargebacks, legal matters
  • Health and Safety: Contact tracing if required by health authorities

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

  • Payment Processors: Stripe, PayPal, and other payment gateways for secure transaction processing
  • Delivery Services: Third-party delivery companies for order fulfillment and tracking
  • Cloud Storage Providers: AWS, Google Cloud for secure data storage and backup
  • Email Services: Mailchimp, SendGrid for marketing and transactional emails
  • Analytics Tools: Google Analytics, Facebook Pixel for website performance analysis
  • Customer Support: Help desk software and live chat services
  • Marketing Platforms: Social media advertising, email marketing, SMS services

4.2 Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • Court Orders: Responding to subpoenas, court orders, and legal processes
  • Government Requests: Complying with regulatory investigations and official requests
  • Law Enforcement: Cooperating with police investigations when legally required
  • Health Authorities: Sharing information for public health emergencies or food safety incidents
  • Rights Protection: Defending against legal claims, protecting intellectual property

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Customer information may be transferred to the new owner
  • We will notify customers before any transfer occurs
  • The new owner must honor this privacy policy
  • Customers will have the right to delete their accounts before transfer

4.4 With Your Consent

We may share information for other purposes with your explicit consent, such as:

  • Participating in customer testimonials or case studies
  • Sharing reviews on third-party platforms
  • Joint marketing campaigns with partner brands

5. Data Security

5.1 Technical Measures

  • Encryption: All data transmission uses SSL/TLS encryption (256-bit)
  • Secure Storage: Customer data encrypted at rest using AES-256 encryption
  • Firewalls: Advanced firewall systems protecting our servers and databases
  • Access Controls: Multi-factor authentication and role-based access for employees
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Backups: Regular encrypted backups stored in multiple secure locations
  • Payment Security: PCI DSS compliant payment processing

5.2 Organizational Measures

  • Employee Training: Regular security awareness training for all staff
  • Privacy Policies: Comprehensive data handling procedures and protocols
  • Confidentiality Agreements: All employees and contractors sign NDAs
  • Incident Response: Established procedures for security breach management
  • Regular Audits: Third-party security assessments and penetration testing
  • Data Minimization: Collecting only necessary information for business purposes

5.3 Your Security Responsibilities

  • Strong Passwords: Use unique, complex passwords for your account
  • Password Privacy: Never share your login credentials with others
  • Secure Logout: Always log out when using public or shared computers
  • Phishing Awareness: Be cautious of suspicious emails requesting personal information
  • Report Issues: Contact us immediately if you suspect unauthorized account access
  • Software Updates: Keep your devices and browsers updated with security patches

Security Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours and provide clear guidance on protective measures.

6. Cookies and Tracking Technologies

Cookie Type Purpose Duration
Essential Cookies Basic site functions, login state, shopping cart Session
Functional Cookies User preferences, language settings, location Up to 1 year
Analytics Cookies Usage analysis, performance optimization Up to 2 years
Marketing Cookies Personalized advertising, campaign tracking Up to 1 year

Tracking Technologies We Use

  • Google Analytics: Website traffic analysis and user behavior insights
  • Facebook Pixel: Social media advertising effectiveness measurement
  • Web Beacons: Email open rates and engagement tracking
  • Local Storage: Browser-based data storage for preferences
  • Session Storage: Temporary data storage during your visit

Cookie Management

You can control cookies through your browser settings:

  • Accept or reject cookies before they are stored
  • Delete existing cookies from your device
  • Block third-party cookies while allowing first-party cookies
  • Set notifications for when cookies are being used

Note: Disabling certain cookies may affect website functionality, including the ability to place orders, save preferences, or access your account.

7. Your Privacy Rights

Under applicable privacy laws (GDPR, CCPA, and others), you have the following rights regarding your personal information:

7.1 Right of Access

You can request a copy of all personal data we hold about you, including:

  • Account information and order history
  • Communication records and preferences
  • Payment and billing information
  • Usage data and analytics

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data:

  • Update your contact information and addresses
  • Correct dietary preferences and allergen information
  • Modify account settings and preferences

7.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and no other legal basis applies
  • Your data has been unlawfully processed
  • Deletion is required for compliance with legal obligations

7.4 Right to Restrict Processing

You can request limitation of how we use your data when:

  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction to deletion
  • We no longer need the data but you need it for legal claims

7.5 Right to Data Portability

You can receive your data in a structured, machine-readable format:

  • Download your order history and preferences
  • Transfer your data to another service provider
  • Receive data in common formats (JSON, CSV)

7.6 Right to Object

You can object to processing based on legitimate interests, including:

  • Direct marketing communications
  • Profiling for marketing purposes
  • Analytics and performance tracking

7.7 Right Against Automated Decision-Making

You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.

How to Exercise Your Rights: Contact us using the information in Section 13. We will respond to all requests within 30 days and may require identity verification for security purposes.

8. Children's Privacy

Dions is committed to protecting children's privacy online. Our services are not intended for children under 16 years of age:

  • Age Restriction: We do not knowingly collect personal information from children under 16
  • Parental Consent: If we learn that we have collected information from a child under 16, we will delete it immediately
  • Parent Notification: Parents who believe their child has provided us with information should contact us immediately
  • Account Deletion: We will promptly delete any accounts created by children under 16
  • Family Orders: Parents or guardians must place orders on behalf of minors

Parents: If you believe your child under 16 has provided us with personal information, please contact us immediately at [email protected] so we can remove the information from our systems.

9. International Data Transfers

9.1 Protection Measures

When transferring your data internationally, we implement appropriate safeguards:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws
  • Standard Contractual Clauses (SCC): EU-approved contracts ensuring data protection
  • Data Processing Agreements: Binding contracts with all international service providers
  • Security Measures: Encryption and access controls for all transfers
  • Regular Audits: Compliance monitoring of international partners

9.2 Transfer Destinations

Your data may be transferred to and processed in:

  • United States: Cloud storage and payment processing services
  • European Union: Analytics and marketing platforms
  • Other Countries: As necessary for service delivery with appropriate protections

Your Rights: You have the right to obtain information about international transfers and to object to transfers that don't provide adequate protection.

10. Data Retention Periods

Information Type Retention Period Reason
Account Information 6 months after account deletion Legal obligations, dispute resolution
Order History 7 years Tax and accounting requirements
Payment Information Until chargeback period expires Fraud prevention, payment disputes
Marketing Consent 3 months after withdrawal Consent record keeping
Website Usage Logs Up to 2 years Security monitoring, analytics
Customer Support Records 3 years Service quality improvement
Delivery Information 1 year Service optimization, dispute resolution
Loyalty Program Data Until account closure Program administration, rewards tracking

Safe Data Disposal

When data reaches the end of its retention period, we ensure secure disposal:

  • Electronic Deletion: Complete and unrecoverable removal from all systems
  • Physical Records: Secure shredding and destruction of paper documents
  • Backup Systems: Removal from all backup and archive systems
  • Third-party Systems: Coordinated deletion from partner systems
  • Disposal Records: Documentation of all data destruction activities

11. Third-Party Links and Services

Our website and mobile applications may contain links to third-party websites, services, or applications that are not operated by us:

  • External Links: Social media platforms, review sites, partner restaurants
  • No Control: We do not control these third-party services or their privacy practices
  • Independent Policies: Each third party has its own privacy policy and terms of service
  • Your Responsibility: Please review third-party privacy policies before providing information
  • Data Sharing: We are not responsible for how third parties collect or use your data
  • Security: We cannot guarantee the security of third-party services

Recommendation: Always read the privacy policies of external websites and applications before sharing personal information or creating accounts.

12. Policy Changes and Updates

12.1 Change Notification Process

We may update this Privacy Policy from time to time. When we make changes, we will notify you through:

  • Website Notice: Prominent banner on our homepage and throughout the site
  • Email Notification: Direct email to all registered users about significant changes
  • App Notifications: Push notifications through our mobile application
  • Account Dashboard: Notifications in your user account upon login
  • Explicit Consent: Required acceptance for material changes affecting your rights

12.2 Checking for Updates

To stay informed about privacy policy changes:

  • Latest Version: The current version is always available on our website
  • Last Updated Date: Check the "Last Updated" date at the top of this policy
  • Version History: Previous versions available upon request
  • Summary of Changes: We provide clear summaries of material updates

12.3 Your Options

When we update our policy:

  • Continued Use: Using our services after changes indicates acceptance
  • Objection Rights: You can object to changes that affect your data processing
  • Account Deletion: You can delete your account if you disagree with changes
  • Data Download: Request your data before account deletion

13. Contact Information

Get in Touch

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or need assistance with your account, please contact us:

Dions
751 Key Hwy, Baltimore, MD 21230, USA
+1 443-940-6610
[email protected]
Monday - Friday: 9:00 AM - 6:00 PM EST

Response Commitment: We will respond to all privacy-related inquiries within 3 business days and provide a full response within 30 days as required by law.

13.1 Filing Complaints

If you are not satisfied with our response to your privacy concerns:

  • First Step: Contact us directly using the information above
  • Escalation: Request to speak with our Privacy Officer
  • Regulatory Authority: You have the right to file a complaint with your local data protection authority
  • Legal Rights: You may have additional legal remedies under applicable privacy laws

14. Withdrawal of Consent

14.1 Marketing Communications

You can withdraw consent for marketing communications at any time:

  • Unsubscribe Links: Click unsubscribe in any marketing email
  • Account Settings: Update preferences in your user dashboard
  • Customer Support: Contact us to remove you from marketing lists
  • Text Messages: Reply "STOP" to any promotional SMS
  • Phone Calls: Request to be added to our do-not-call list

14.2 Account Deletion Process

To permanently delete your account and withdraw all consent:

  1. Log into your account dashboard
  2. Navigate to "Account Settings" or "Privacy Settings"
  3. Select "Delete Account" or "Close Account"
  4. Confirm your identity and reason for deletion
  5. Download any data you want to keep
  6. Confirm permanent deletion

Important Note: Some information may be retained for legal compliance even after account deletion, as specified in our data retention schedule (Section 10).

15. Conclusion

At Dions, protecting your privacy is fundamental to how we operate. We believe that trust is the foundation of every great customer relationship, and we work hard every day to earn and maintain that trust through transparent, responsible data practices.

This Privacy Policy reflects our commitment to:

  • Transparency: Clear, understandable explanations of our data practices
  • Control: Giving you meaningful choices about your personal information
  • Security: Implementing strong technical and organizational safeguards
  • Compliance: Meeting or exceeding all applicable privacy law requirements
  • Innovation: Continuously improving our privacy practices and technologies

We understand that privacy is personal, and different customers have different preferences and concerns. That's why we've built flexible controls into our services and why we're always available to discuss your specific privacy needs.

Your trust enables us to provide better service, develop new features, and create the dining experiences you love. In return, we promise to handle your information with the care and respect it deserves.

Questions or Concerns? We're here to help. Don't hesitate to contact us at [email protected] if you have any questions about this policy or how we handle your personal information.

Thank you for choosing Dions and for trusting us with your personal information. We look forward to serving you with great food and exceptional privacy protection.

This Privacy Policy was last updated on December 15, 2024. Please check back regularly for any updates or changes.