Last updated: December 26, 2019
Please note that BentoBox processes consumer personal information only on behalf of the Restaurant, pursuant to an agreement between BentoBox and the Restaurant.
Information collected in connection with your use of the Site may include:
Information you provide, such as:
Contact information, such as your first and last name, email address, street address, and phone number.
Transaction information, such as information about your payments and other details of meals, products, or services you have purchased from the Restaurant, and reservations you have made.
Payment details, such as payment card information, billing details, which our third party payment processor collects; we will not obtain access to individuals’ full payment card number.
Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
Other information that you provide to us voluntarily, or which reflects our offline interactions with you.
Information about your device’s hardware, such as model and screen resolution
Information about the software on your device, such as your browser type
Unique identifiers associated with your device, such as device identifier (e.g., Google Advertising ID or Apple ID for Advertising)
Information about the network to which you are connected and inferences we may draw from it, such as your IP address and general location information such as city, state or geographic area
Information about your use of and actions on the Site, such as pages you viewed, how long you spent on a page, navigation paths between pages, information about your activity on a page, links you click, access times, and length of access; and the website that referred you to the Site, if applicable
Information about your interaction with our emails, such as whether you opened our email and how long you had it open
Please see the “Targeted online advertising” section for information about how to exercise choice regarding the use of browsing behavior for purposes of targeted advertising.
How We Use Personal Information
To operate the Site. We use your personal information to:
provide, operate and improve the Site, including to develop new products and services
provide the services you request
contact you about the status of your orders or reservations
communicate with you about the Site, including by sending you announcements, updates, security alerts, and support and administrative messages
personalize your experience with the Site and our communications
provide support and maintenance for the Site, including by responding to your requests, questions and feedback
To send you marketing and promotional communications. The Restaurant may send you marketing communications. Please see the “Your Choices” section below for information about your choices regarding marketing communications.
To display advertisements. We work with advertising partners to display the Restaurant’s advertisements online. These advertisements are delivered by our advertising partners and may be targeted based on your use of the Site or your activity elsewhere online. To learn more about your choices in connection with advertisements, please see the section below titled “Targeted online advertising.”
For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) enforce the terms and conditions that govern the Service; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Personal Information
We may engage other companies and individuals to perform certain business-related functions on our behalf. Examples may include providing technical assistance, payment processing, billing, email management, customer service, marketing assistance, order fulfillment, delivery services, and reservation and online ordering systems. We authorize these parties to use personal information only as necessary to perform their functions.
We may disclose your information if required to do so by law, or in the good faith belief that such action or disclosure is necessary or appropriate to: (i) operate the Site, (ii) comply with any legal obligation, report unlawful activity, cooperate with law enforcement or public authorities (including for the purpose of meeting national security or law enforcement requirements), (iii) protect against legal liability, (iv) protect and defend our rights, property, personnel, suppliers, sponsors, agents or licensors, (v) protect the personal safety of vendors, users of the Site or the public, or (vi) comply when compelled to disclose personal information to other third parties by government authorities or as required by law or regulation, including, but not limited to, in response to court orders and subpoenas.
Opt out of Marketing Communications
You may opt out of marketing communications from the Restaurant by following such instructions as may be provided in the communication, or by otherwise contacting the Restaurant.
Cookies & Browser Web Storage
Targeted Online Advertising
Some of the third parties that collect information about users’ activities on or through the Site may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track
Some Internet browsers may be configured to send “Do Not Track” signals to visited websites. The Restaurant does not currently monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals, in connection with the Site.
How We Protect Your Information
BentoBox maintains commercially reasonable measures designed to protect your personal information in connection with your use of the Site. However, no security system is impenetrable and we cannot guarantee the security of your personal information.
International Data Transfers
The Site and its servers are located in the US, and we may have service providers located in other countries. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US or other locations outside of your country, where privacy laws may not be as protective as those in your country.
Important Notice for Individuals of the European Economic Area
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, BentoBox is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the EU-US Privacy Shield Framework, individuals have rights to access personal information and to limit use and disclosure of their personal information. You may request that we provide you with access to the personal information that we hold about you. You may also request to correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should contact us at firstname.lastname@example.org, with the subject line, “Privacy Shield.” If we receive a request to exercise rights under Privacy Shield from a user of the Site, we will direct that end-user to contact our client with the request. We will assist the client in fulfilling the request in accordance with their instructions.
We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
BentoBox’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, BentoBox remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless BentoBox proves that it is not responsible for the event giving rise to the damage.
BentoBox commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. Individuals in the European Union with Privacy Shield inquiries or complaints should first contact BentoBox at email@example.com with the subject line, “Privacy Shield”. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How to Contact Us
Additional Information for California Residents
This section applies only if the Restaurant’s privacy practices are governed by The California Consumer Privacy Act of 2018 (“CCPA”), and only with respect to the Site.
The California Consumer Privacy Act of 2018 (“CCPA”) requires the Restaurant to provide to California residents an explanation of how the Restaurant collects, uses and shares their personal information, and of the rights and choices the Restaurant offers to California residents regarding its handling of personal information.
Personal Information That We Collect, Use, and Share
Here is a summary of how we currently collect, use and share personal information, and how we have collected used and shared the information in the preceding 12 months.
Personal information we collect
CCPA categories (Definitions are available here)
Sources of personal information
Purposes for which we may collect and use personal information
Please note that we may also disclose personal information to comply with law, and for compliance, fraud prevention, and safety purposes; in the event of business transfers; and to our professional advisors, as further described above in the “How We Share Personal Information” section.
California Residents’ Privacy Rights
The CCPA grants California residents the following rights:
Information. You can request information about how the Restaurant has collected, used and shared your personal information during the past 12 months.
Access. You can request a copy of the personal information that the Restaurant maintain about you.
Deletion. You can ask the Restaurant to delete the personal information that the Restaurant has collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting the Restaurant from providing certain sensitive information in response to an access request and limiting the circumstances in which the Restaurant must comply with a deletion request. If the Restaurant denies your request, it will communicate its decision to you.
You are entitled to exercise the rights described above free from discrimination.
How to make a request. To request access to or deletion of personal information, contact the Restaurant via the contact information provided on the Site.
Identity verification. The CCPA requires the Restaurant to verify the identity of the individual submitting the request before providing a substantive response to the request.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. The Restaurant will require the authorized agent to have a written authorization confirming that authority.