Privacy Policy
At Marcos ("we," "us," "our," or "the Company"), we are deeply committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website marcos.rest, place orders, use our services, or interact with us in any way. We encourage you to read this document carefully. If you disagree with any terms of this Privacy Policy, please discontinue use of our website and services immediately.
This Privacy Policy applies to all information collected through our website (marcos.rest), our mobile applications, our in-store services, and any related services, sales, marketing, or events (collectively referred to as the "Services").
1. Who We Are
Marcos is a food service business operating in the United States. We provide restaurant and food-related services to our customers both online and in-person. As a data controller, we are responsible for the personal information we hold about you and are committed to handling it lawfully, fairly, and transparently.
| Company Name | Marcos |
|---|---|
| Website | marcos.rest |
| Email Address | [email protected] |
2. Information We Collect
We collect information about you in a variety of ways depending on how you interact with us. Below is a detailed breakdown of the categories of information we may collect.
2.1 Personal Information You Provide to Us
When you register for an account, place an order, make a reservation, sign up for our newsletter, contact us, participate in promotions, or otherwise use our Services, you may voluntarily provide us with personal information, including but not limited to:
- Identification Data: Full name, username, or similar identifier.
- Contact Data: Email address, phone number, billing address, delivery address, and postal code.
- Account Credentials: Username and password (stored in encrypted form).
- Payment Data: Credit card numbers, debit card numbers, bank account details, or other payment information. Note: We use third-party payment processors and do not store complete payment card information on our servers.
- Order and Transaction Data: Details of food items ordered, order history, delivery preferences, special dietary requirements, and purchase amounts.
- Communication Data: Messages, feedback, complaints, reviews, or any other content you send us via email, contact forms, or social media.
- Preference Data: Your food preferences, favorite orders, dietary restrictions, and allergen information that you voluntarily share with us.
- Marketing Preferences: Your preferences for receiving marketing communications from us and our third-party partners.
2.2 Information Collected Automatically
When you access or use our website and digital Services, we automatically collect certain technical information, including:
- Usage Data: Pages visited, links clicked, time spent on pages, referring URL, search queries made on our website, and browsing behavior within our Services.
- Device Information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), device identifiers, and screen resolution.
- Log Data: Server logs, error reports, and activity logs associated with your use of our Services.
- Location Data: General geographic location based on IP address. If you use our mobile applications and grant permission, we may collect more precise GPS-based location data for delivery purposes.
- Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies. Please see Section 8 (Cookie Usage) for more details.
2.3 Information Collected from Third Parties
We may receive information about you from third parties in the following circumstances:
- Social Media Platforms: If you log in to our Services using a social media account (e.g., Facebook, Google), we may receive basic profile information such as your name, email address, and profile picture.
- Delivery Partners: Third-party delivery services may share relevant order and location data with us to fulfill your orders.
- Analytics Providers: Third-party analytics tools may provide us with aggregated or de-identified information about website usage patterns.
- Marketing Partners: We may receive information from advertising networks or partners to enhance our marketing efforts and understand campaign performance.
- Payment Processors: Our payment processors may share transaction confirmation data and fraud detection alerts with us.
3. How We Use Your Information
We use the information we collect about you for the following purposes, relying on appropriate legal bases including your consent, the performance of a contract, compliance with legal obligations, and our legitimate business interests:
3.1 Service Provision and Order Fulfillment
- To process and fulfill your food orders, including preparation, packaging, and delivery or pickup coordination.
- To create and manage your account and provide access to our online ordering platform.
- To process payments and send transaction-related communications such as order confirmations, receipts, and delivery updates.
- To manage reservations, table bookings, and in-store dining experiences.
- To accommodate dietary restrictions, allergen requests, and food preferences you have shared with us.
- To respond to customer service inquiries, complaints, and support requests.
3.2 Analytics and Service Improvement
- To analyze usage patterns, trends, and preferences to improve our menu, website, and overall service quality.
- To monitor the performance and security of our website and applications.
- To conduct internal research and development to enhance and innovate our offerings.
- To generate statistical reports and analytics for business planning purposes.
3.3 Marketing and Communications
- To send you promotional emails, newsletters, special offers, discount codes, and information about new menu items or upcoming events — but only where you have consented or we have a legitimate interest to do so.
- To personalize your experience on our website by displaying relevant content, recommendations, and advertisements based on your interests and order history.
- To conduct surveys, contests, and loyalty program management.
- To retarget you with relevant advertisements on third-party platforms (such as Google Ads and Meta) based on your interactions with our website.
3.4 Legal Compliance and Safety
- To comply with applicable federal and state laws, including tax reporting obligations, food safety regulations, and consumer protection requirements.
- To enforce our Terms of Service and other legal agreements.
- To detect, prevent, and investigate fraudulent transactions, unauthorized access, and other potentially illegal activities.
- To protect the rights, property, and safety of Marcos, our customers, employees, and the public.
- To respond to legal process, court orders, and government requests as required by law.
4. Sharing Your Information with Third Parties
We do not sell your personal information to third parties. We may, however, share your information with trusted third parties under the following circumstances:
4.1 Service Providers and Business Partners
We work with third-party vendors and service providers who assist us in operating our business and delivering our Services. These parties are contractually obligated to protect your data and may only use it for the specific purposes we authorize. These include:
- Payment Processors: Such as Stripe, Square, or PayPal to securely process your payments.
- Delivery Partners: Third-party logistics and delivery companies to fulfill food delivery orders.
- Cloud and Hosting Providers: To store and process data on secure, US-based or compliant cloud infrastructure.
- Email Marketing Platforms: Such as Mailchimp or similar platforms to manage and send marketing communications.
- Analytics Providers: Such as Google Analytics to track website usage and performance.
- Customer Support Tools: Platforms that help us manage customer inquiries and support tickets.
- Point of Sale (POS) Systems: Software used to process in-store transactions.
4.2 Legal Requirements and Law Enforcement
We may disclose your personal information if we are required to do so by law, regulation, or legal process, including in response to a subpoena, court order, or other governmental request. We may also disclose information where we believe disclosure is necessary to protect our legal rights or comply with legal obligations under applicable US federal and state law.
4.3 Business Transfers
In the event that Marcos undergoes a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring or successor entity as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information with other third parties when you have given us your explicit consent to do so.
5. Data Security
We take the security of your personal information seriously and implement a range of technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption: All data transmitted between your browser and our website is protected using Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption. Payment information is encrypted using industry-standard protocols.
- Access Controls: Access to personal data is restricted to authorized employees and contractors who need it to perform their job functions. We enforce role-based access controls and the principle of least privilege.
- Password Security: User passwords are stored using strong cryptographic hashing algorithms. We never store passwords in plain text.
- Regular Security Audits: We conduct periodic security assessments and vulnerability testing of our systems and applications.
- Secure Payment Processing: We use PCI-DSS compliant third-party payment processors. Full payment card numbers are never stored on our servers.
- Incident Response: We maintain an incident response plan to promptly address and mitigate data breaches or security incidents.
- Employee Training: Our team members receive training on data protection best practices and privacy obligations.
6. Your Privacy Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights promptly and transparently.
6.1 Rights Under US Federal and State Law
As a US-based business, we comply with applicable federal consumer protection laws, including regulations enforced by the Federal Trade Commission (FTC) under the FTC Act, which prohibits unfair or deceptive practices related to consumer privacy.
For customers located in California, additional rights are granted under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). California residents have the following rights:
| Right | Description |
|---|---|
| Right to Know | You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business or commercial purpose for collecting it, and the categories of third parties with whom we share it. |
| Right to Delete | You have the right to request that we delete your personal information, subject to certain exceptions (such as where the data is necessary to complete a transaction or comply with a legal obligation). |
| Right to Correct | You have the right to request correction of inaccurate personal information we maintain about you. |
| Right to Opt-Out of Sale/Sharing | You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information, but we honor opt-out requests for data sharing used in targeted advertising. |
| Right to Limit Use of Sensitive Information | You have the right to limit our use of sensitive personal information (such as health/dietary data) to what is necessary to provide the requested services. |
| Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not be denied goods or services, charged different prices, or provided a lower quality of service for exercising your privacy rights. |
| Right to Data Portability | You may request to receive your personal information in a portable, structured, and machine-readable format. |
6.2 How to Exercise Your Rights
To exercise any of the rights described above, please submit a request by:
- Email: [email protected] with the subject line "Privacy Rights Request"
- Website: marcos.rest (via the contact form)
We will respond to verified requests within 45 days of receipt. If we require additional time (up to 90 days total), we will inform you of the reason and extension period in writing. We may need to verify your identity before processing your request to protect your information from unauthorized access.
You may designate an authorized agent to make a request on your behalf by providing written authorization or a power of attorney. We may still require you to verify your identity directly with us.
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting obligations. The criteria we use to determine retention periods include:
- Active Accounts: Personal information associated with active customer accounts is retained for the duration of your account and for a period of up to 3 years after your last interaction with our Services.
- Transaction Records: Order history and financial records are retained for a minimum of 7 years to comply with IRS requirements, state tax laws, and accounting standards.
- Marketing Data: If you have opted in to marketing communications, we retain your contact details until you opt out or request deletion.
- Usage and Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely as it no longer constitutes personal information.
- Legal Hold: Where personal data is subject to a legal hold, dispute, or regulatory investigation, we will retain that data for the duration required by the applicable legal process.
- Cookie Data: Cookie-derived data is retained in accordance with the lifespan of the specific cookies used. Session cookies are deleted when you close your browser; persistent cookies expire according to their set duration.
When personal information is no longer needed, we securely delete, destroy, or anonymize it in accordance with our data retention and disposal procedures.
8. Cookie Usage
Our website marcos.rest uses cookies and similar tracking technologies (such as web beacons, pixel tags, and local storage objects) to enhance your experience and collect usage data. Cookies are small text files stored on your device that help us recognize you and remember your preferences.
8.1 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the basic functioning of our website, such as maintaining your session while you browse and enabling secure log-in.
- Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics (e.g., Google Analytics).
- Functional Cookies: Remember your preferences and settings, such as your preferred language, location, or saved items in your cart.
- Targeting and Advertising Cookies: Used to deliver relevant advertisements to you on our website and third-party platforms based on your interests and browsing behavior.
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may affect the functionality of our website and your ability to place orders.
For more detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy available at marcos.rest.
9. Children's Privacy
Our Services are intended for use by individuals who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18.
In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without your consent, please contact us immediately at [email protected]. Upon verification, we will take prompt steps to delete such information from our records.
If we discover that we have inadvertently collected personal information from a minor under the age of 18, we will delete that information without undue delay. We encourage parents and guardians to monitor their children's internet usage and to help enforce this policy by instructing children not to provide personal information through our Services without parental consent.
10. International Data Transfers
Marcos is based in the United States and operates primarily within the United States. Your personal information is collected, stored, and processed in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country that may have different data protection laws than your country of residence.
When we transfer data to third-party service providers located outside the United States (for example, cloud hosting providers or analytics platforms with international operations), we ensure that appropriate contractual safeguards are in place, such as data processing agreements that require these parties to protect your information in accordance with applicable law.
By using our Services, you consent to the transfer of your information to the United States and to other countries where our service providers operate, subject to the protections described in this Privacy Policy.
11. Third-Party Websites and Links
Our website may contain links to third-party websites, applications, social media platforms, or services that are not operated or controlled by Marcos. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices or content of third-party websites. We strongly encourage you to review the privacy policies of any third-party websites you visit.
The inclusion of a link to a third-party website on our platform does not imply our endorsement of that website, its content, or its privacy practices.
12. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked across websites. At this time, our website does not respond to Do Not Track signals, as there is no industry-standard mechanism for compliance. However, you can adjust your cookie preferences as described in Section 8 of this Privacy Policy.
We will continue to monitor developments in DNT technology and applicable regulations and update this section accordingly.
13. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by:
- Updating the "Last Updated" date at the top of this Privacy Policy.
- Sending an email notification to the address associated with your account (for registered users).
- Displaying a prominent notice on our website homepage or during your next login.
Your continued use of our Services after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. How to File a Complaint
If you believe that your privacy rights have been violated or that we have not handled your personal information in accordance with this Privacy Policy or applicable law, we encourage you to first contact us directly so that we can address your concerns:
- Email: [email protected]
- Subject Line: Privacy Complaint
We are committed to resolving privacy complaints in a fair and timely manner. We will acknowledge your complaint within 10 business days and work with you to reach a resolution.
14.1 Complaints to the Federal Trade Commission (FTC)
If you are not satisfied with our response to your complaint, or if you believe we have engaged in unfair or deceptive privacy practices, you have the right to file a complaint with the Federal Trade Commission (FTC), the primary federal consumer protection authority in the United States:
600 Pennsylvania Avenue NW
Washington, DC 20580
Website: www.ftc.gov
Complaint Portal: reportfraud.ftc.gov
Phone: 1-877-FTC-HELP (1-877-382-4357)
14.2 Complaints by California Residents — California Attorney General
California residents who have privacy concerns may also contact the California Attorney General's office, which enforces the CCPA/CPRA:
Website: oag.ca.gov/privacy
Complaint Portal: Consumer Complaint Form
Phone: 1-800-952-5225
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please do not hesitate to contact our privacy team:
| Company | Marcos |
|---|---|
| [email protected] | |
| Website | marcos.rest |
We will make every effort to respond to your inquiry within a reasonable timeframe. For formal rights requests or complaints, please refer to Sections 6 and 14 of this Privacy Policy for specific procedures and response timelines.