Privacy Policy
1. Introduction
At Fiddler’s Bistro (accessible at fiddlersbistro.com), we are firmly committed to protecting your personal data and upholding your rights to privacy and data protection. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, communicate with us, or use our services. We adhere to all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and strive to maintain the highest standards of ethical data processing.
2. Scope and Data Controller
This Privacy Policy applies to all personal data collected and processed by Fiddler’s Bistro through fiddlersbistro.com. For purposes of the GDPR, Fiddler’s Bistro is the Data Controller of your personal data. If you have questions regarding the collection or use of your data, please contact us at [email protected].
3. Categories of Data We Process
We collect and process various categories of personal data depending on your interaction with our website and services. These may include:
– Usage Data: Information such as your IP address, browser type, device identifiers, pages visited, time spent on the website, and navigation paths. This is collected through standard web analytics tools.
– Account Data: Information you voluntarily provide when creating an account, including your full name, billing and shipping addresses, email address, and telephone number.
– Profile Data: Data related to your website preferences, product interests, purchase history, and behavioral interactions with our website.
– Communication Data: Content and metadata of communications you send to us, such as inquiries, support requests, emails, or chat messages.
– Technical Data: Device-specific information such as operating system type, screen resolution, language settings, browser configuration, and other system settings.
– Transaction Data: Details concerning transactions you make through our website, including payment information (processed securely through third-party payment processors), delivery information, and order history.
– Preference Data: Your communication preferences, consent to marketing materials, and areas of expressed interest which you may indicate either directly or inferred from interactions.
4. Legal Bases for Processing
We process your personal data only when legally permitted. The lawful bases for our data processing may include:
– Consent: For sending marketing communications or where explicitly required by law, we rely on your express consent.
– Contract: Processing that is necessary for the performance of a contract with you, such as order fulfillment or provision of services.
– Legal Obligation: When we have a statutory obligation to retain or disclose certain data.
– Legitimate Interests: For processing necessary to pursue our legitimate business interests, such as improving our website, preventing fraud, and enhancing user experience—except where such interests are overridden by your fundamental rights.
5. Your Rights
We respect your rights under the GDPR and CCPA, and provide the following individual rights:
– Right of Access: Request information about how your data is processed and obtain a copy of your personal data.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to legal constraints.
– Right to Restriction: Request limits on how we use your data under certain conditions.
– Right to Data Portability: Request your data in a structured, machine-readable format and have it transferred to another organization.
– Right to Object: Object to processing based on legitimate interest or direct marketing.
– Right to Withdraw Consent: At any time, you may withdraw previously granted consent without affecting the lawfulness of prior processing.
To exercise these rights, email us at [email protected].
6. Security Measures
We implement stringent technical and organizational measures to secure your data, including:
– End-to-end encryption for sensitive transmissions
– Secure SSL/TLS protocols for website access
– Multi-factor authentication and access controls for internal systems
– Regular system audits and vulnerability assessments
– Role-based access control and employee privacy training
– Routine secure data backups
7. International Data Transfers
If your personal data is transferred outside your jurisdiction, we ensure adequate protection by:
– Using standard contractual clauses approved under GDPR
– Complying with the CCPA’s data minimization and security requirements
– Implementing supplementary security and data protection measures
– Ensuring data transfers are only made to countries with equivalent data protections or via approved mechanisms
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected and in accordance with applicable legal obligations. Retention periods include:
– Account & Transaction Data: Up to 7 years for legal and operational reasons
– Communication Data: 3 years from last interaction for support and reference
– Usage & Technical Data: 12–18 months for analytics and security
– Marketing Preference Data: Until consent is withdrawn or 2 years of inactivity
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance your experience. This includes:
– Essential Cookies: Required for basic site functionality and security
– Functional Cookies: Store your preferences (e.g., language, region)
– Analytical Cookies: Collect aggregated data for performance monitoring
– Performance Cookies: Improve responsiveness and page speed
10. Cookie Management and User Choice
We provide clear options to manage your cookie preferences in compliance with GDPR and CCPA. Users in applicable jurisdictions are presented with cookie consent tools upon their first visit. At any time, you may:
– Adjust cookie settings through our website’s preference center
– Use browser settings to delete or block cookies
– Opt-out of third-party analytics via providers (e.g., Google Analytics)
Please note that disabling certain cookies may affect website functionality.
11. Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If you are a parent or guardian and believe your child has submitted personal information to us, please contact [email protected] and we will take appropriate steps to remove such data from our systems.
12. Policy Updates
We may update this Privacy Policy from time to time to reflect legal changes or modified business practices. Significant changes will be communicated via appropriate channels, such as banner notifications on fiddlersbistro.com or an email to registered users. We encourage you to review this policy periodically to stay informed about our privacy practices.
13. Contact Us
If you have any questions, concerns, or wish to exercise your data rights under this policy, please email us at [email protected]. We are dedicated to responding promptly and transparently regarding any inquiries related to your personal data.
—
Fiddler’s Bistro is committed to upholding the principles of lawful, fair, and transparent data processing. We strive to earn your trust through accountability and your privacy is our priority. Please do not hesitate to reach out with any concerns or questions about how we handle your personal information.