Privacy Policy

At Roref Restaurant, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data.

Effective Date: August 30, 2025

Last Updated: August 30, 2025

1. Information We Collect

1.1 Personal Information

We may collect the following personal information when you interact with our services:

• Name and contact information (email, phone number, address)
• Reservation details and dining preferences
• Special dietary requirements or allergies
• Payment information (processed securely through third-party providers)
• Feedback and communication records

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our website
• Referral source and exit pages
• Cookie and tracking technology data

2. How We Use Your Information

We use your personal information for the following purposes:

• Processing and confirming reservations
• Providing dining services and accommodating special requests
• Communicating about your reservations and our services
• Improving our restaurant operations and customer experience
• Sending promotional materials and newsletters (with consent)
• Complying with legal and regulatory requirements
• Protecting against fraud and ensuring security

3. Legal Basis for Processing

We process your personal information based on:

• Contract Performance: To fulfill our dining services and reservations
• Legitimate Interests: For business operations, security, and improvement
• Consent: For marketing communications and optional services
• Legal Compliance: To meet regulatory and legal requirements

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted service providers who assist us in:

• Payment processing and financial services
• Reservation management systems
• Email marketing platforms
• Website hosting and analytics
• Customer service and communication tools

4.2 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes and government requests
• Protect our rights and property
• Ensure the safety of our guests and staff
• Prevent fraud or illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to confidentiality agreements.

5. Data Security

We implement appropriate security measures to protect your personal information:

• Encryption of sensitive data during transmission
• Secure storage systems with access controls
• Regular security audits and updates
• Staff training on data protection practices
• PCI DSS compliance for payment processing

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal and regulatory requirements
• Resolve disputes and enforce our policies
• Maintain business records and analytics

Generally, we retain reservation data for 3 years and marketing data until you opt out or request deletion.

7. Your Privacy Rights

Under applicable privacy laws, you have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing communications
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing

7.1 Exercising Your Rights

To exercise your privacy rights, please contact us using the information provided below. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. Please refer to our Cookie Policy for detailed information about our use of cookies and your choices.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries outside of Canada. When we transfer data internationally, we ensure adequate protection through appropriate safeguards such as standard contractual clauses.

12. Marketing Communications

12.1 Consent

We will only send you marketing communications if you have provided explicit consent or where we have a legitimate interest (such as following up on your dining experience).

12.2 Opting Out

You can unsubscribe from marketing communications at any time by:

• Clicking the unsubscribe link in our emails
• Contacting us directly
• Updating your preferences in your account (if applicable)

13. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your privacy rights, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification for significant changes
• Providing notice during your next visit to our restaurant

15. Compliance with Privacy Laws

We comply with applicable privacy laws, including:

• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Provincial privacy legislation in Ontario
• General Data Protection Regulation (GDPR) for EU residents
• California Consumer Privacy Act (CCPA) for California residents

This Privacy Policy was last updated on August 30, 2025, and is effective immediately. By using our services, you acknowledge that you have read and understood this Privacy Policy.