Privacy Policy

This Privacy Policy describes how Anthony's Coal Fired Pizza ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects the personal information of individuals ("you," "your," or "users") who visit our website at acfp-eat.digital, place orders, subscribe to our services, or otherwise interact with us. We are committed to protecting your privacy and handling your personal data in a transparent, fair, and lawful manner in accordance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Federal Trade Commission Act (FTC Act).

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or engaging with any of our digital services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

For any questions, concerns, or requests related to your privacy, please contact us at:

1. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

• Our website located at acfp-eat.digital and any associated subdomains or microsites;
• Online ordering systems, reservation platforms, and loyalty programs operated by or on behalf of Anthony's Coal Fired Pizza;
• Email, telephone, or other electronic communications between you and our team;
• In-store digital interactions, including Wi-Fi access points and point-of-sale systems that link to our digital ecosystem;
• Third-party platforms and social media pages managed by Anthony's Coal Fired Pizza;
• Any mobile applications we may operate now or in the future.

This policy does not apply to the practices of third-party websites, platforms, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms before providing them with your personal information.

2. Information We Collect

We collect various categories of personal information depending on how you interact with us. The types of information we collect fall into the following broad categories:

2.1 Personal Identification Information

When you create an account, place an order, sign up for our newsletter, join our loyalty program, or contact us for customer support, we may collect:

• Full name (first and last);
• Email address;
• Phone number (mobile or landline);
• Billing and delivery address (street address, city, state, ZIP code);
• Date of birth (where required for age verification or loyalty program purposes);
• Username and password for account access;
• Profile picture or avatar (if voluntarily provided).

2.2 Payment and Financial Information

When you make a purchase or process a transaction on our platform, we collect payment-related information. However, please note that we do not store full credit or debit card numbers on our servers. Payment processing is handled by certified third-party payment processors who comply with the Payment Card Industry Data Security Standard (PCI-DSS). We may collect and retain:

• Last four digits of your payment card;
• Card type (Visa, Mastercard, American Express, etc.);
• Billing address associated with the payment method;
• Transaction identifiers and order reference numbers;
• Gift card balances and redemption history.

2.3 Order and Transaction History

We collect information about your orders and interactions with our menu, including:

• Items ordered, quantities, and customizations;
• Order frequency, timing, and preferred locations;
• Special instructions or dietary preferences you voluntarily disclose;
• Loyalty points earned, redeemed, and remaining balances;
• Promotional codes or discount coupons applied to your orders.

2.4 Usage Data and Technical Information

We automatically collect certain technical data whenever you visit our website or use our digital services, including:

• IP address and general geolocation derived from IP;
• Browser type and version (e.g., Chrome, Safari, Firefox);
• Operating system and device type (desktop, mobile, tablet);
• Referring URL (the website you visited before arriving at ours);
• Pages viewed, time spent on each page, and click-through patterns;
• Date and time of your visit;
• Search queries entered on our website;
• Error logs and crash reports.

2.5 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your experience on our website and gather analytical insights. Please refer to Section 9 of this policy for a detailed explanation of our cookie practices. By continuing to use our website, you consent to the use of cookies as described herein.

2.6 Communications and Customer Support Data

When you contact our customer support team, respond to our surveys, or communicate with us via email or social media, we may collect:

• Content of your messages, inquiries, complaints, and feedback;
• Attachments or photos you voluntarily share (e.g., images of food quality issues);
• Records of your communication history with us;
• Survey responses and ratings.

2.7 Social Media and Third-Party Platform Data

If you connect with us through social media platforms (such as Facebook, Instagram, or X/Twitter), or if you use social login features to access your account, we may receive certain information from those platforms in accordance with their privacy settings, including your public profile, name, email, and profile photo.

2.8 Information You Provide Voluntarily

You may choose to provide us with additional information at your discretion, such as dietary restrictions, allergies, occasion details (e.g., birthday celebrations), or other preferences that help us personalize your experience.

3. How We Use Your Information

We use the personal information we collect for a variety of business and operational purposes, all of which are aimed at providing you with a superior dining and digital experience. Specifically, we use your data for the following purposes:

3.1 Service Provision and Order Fulfillment

• Processing and fulfilling your food orders, whether for delivery, takeout, or dine-in;
• Communicating order confirmations, updates, and delivery status notifications;
• Managing your account and loyalty program membership;
• Processing payments and issuing refunds where applicable;
• Facilitating reservations and special event bookings.

3.2 Customer Support and Service Improvement

• Responding to your inquiries, complaints, and feedback in a timely manner;
• Investigating and resolving disputes related to orders or payments;
• Monitoring service quality and identifying areas for operational improvement;
• Training our customer service team using anonymized interaction data.

3.3 Analytics and Business Intelligence

• Analyzing website traffic, user behavior, and ordering patterns to optimize our digital platforms;
• Conducting internal research and development to improve our menu, pricing, and service delivery;
• Generating aggregated and anonymized reports for internal business planning purposes;
• Measuring the effectiveness of our marketing campaigns and promotional activities.

3.4 Marketing and Promotional Communications

With your consent or where permitted by applicable law, we may use your personal information to:

• Send you promotional emails, newsletters, and special offers about our menu items, deals, and events;
• Deliver targeted advertisements through our website, third-party websites, and social media platforms;
• Notify you about loyalty rewards, birthday offers, and personalized discounts;
• Conduct sweepstakes, contests, and promotional campaigns.

You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in any email or by contacting us at [email protected].

3.5 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations;
• Responding to lawful requests from law enforcement authorities, regulatory agencies, or courts;
• Detecting, preventing, and investigating fraudulent transactions, unauthorized access, and security breaches;
• Enforcing our Terms of Service and other applicable agreements;
• Protecting the rights, property, and safety of our company, employees, customers, and the public.

3.6 Personalization

• Tailoring your website experience based on your preferences and order history;
• Recommending menu items, promotions, or loyalty rewards relevant to your interests;
• Remembering your saved preferences, delivery addresses, and payment methods for faster checkout.

4. Legal Basis for Processing (Applicable U.S. State Laws)

While the United States does not have a single, comprehensive federal privacy law equivalent to the European Union's GDPR, several state laws govern how we collect and process personal information. We rely on the following legal justifications:

• Performance of a Contract: Processing your order and managing your account requires us to process your personal data to fulfill our contractual obligations to you;
• Consent: For marketing communications, optional cookies, and other non-essential data processing activities, we rely on your explicit or implied consent;
• Legitimate Business Interests: We process certain data to operate, improve, and secure our business, provided that such interests do not override your fundamental privacy rights;
• Legal Obligation: We process data where necessary to comply with applicable federal, state, and local law;
• Vital Interests: In exceptional circumstances, we may process data to protect the safety of individuals.

5. Data Sharing and Disclosure

We respect your privacy and do not sell your personal information to third parties for monetary compensation. However, we may share your data in the following limited and lawful circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party vendors and service providers who assist us in operating our business. These parties are contractually obligated to protect your data and may only use it for the specific purposes for which it was shared. Categories of service providers include:

• Payment Processors: To securely process online and in-store transactions;
• Delivery Partners: To fulfill delivery orders and communicate delivery updates;
• Email Marketing Platforms: To distribute newsletters, promotions, and transactional emails;
• Analytics Providers: Such as Google Analytics, to help us understand how users interact with our website;
• Cloud Hosting Providers: To securely store and manage our databases and digital infrastructure;
• Customer Support Tools: To manage support tickets and communication histories;
• Loyalty Program Administrators: To track and manage reward points and member benefits;
• Fraud Detection Services: To identify and prevent fraudulent activities on our platform.

5.2 Legal Requirements and Law Enforcement

We may disclose your personal information without prior notice if we believe in good faith that such disclosure is necessary to:

• Comply with a subpoena, court order, or other legal process;
• Respond to requests from government or law enforcement authorities;
• Protect the rights, property, or personal safety of Anthony's Coal Fired Pizza, our employees, customers, or the public;
• Prevent, detect, or investigate fraud, security breaches, or technically prohibited activities.

5.3 Business Transfers

In the event that Anthony's Coal Fired Pizza undergoes a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your personal information may be transferred to the acquiring entity or successor organization as part of the transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs, and you will have the right to request deletion of your data if the new entity's privacy practices differ materially from ours.

5.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that does not identify you personally with third parties for business intelligence, research, or marketing purposes. Such data does not constitute personal information and is not subject to this Privacy Policy.

5.5 With Your Consent

We may share your personal information with additional third parties if you have provided your explicit consent to such sharing at the time of data collection or thereafter.

6. California Privacy Rights (CCPA/CPRA)

If you are a resident of the State of California, you are entitled to additional privacy rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023. These rights include:

6.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which the information was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we share your information.

6.2 Right to Delete

You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted under the CCPA/CPRA (e.g., information needed to complete a transaction, detect security incidents, or comply with legal obligations).

6.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you, subject to verification of your identity and the accuracy of the correction.

6.4 Right to Opt Out of Sale or Sharing

We do not sell your personal information for monetary consideration. However, to the extent that sharing data with advertising or analytics partners may constitute a "sale" or "sharing" under the CCPA/CPRA, you have the right to opt out of such activity by contacting us at [email protected] or by adjusting your cookie preferences.

6.5 Right to Limit Use of Sensitive Personal Information

Under the CPRA, you may have the right to limit our use and disclosure of sensitive personal information (such as precise geolocation, health data, or financial account information) to purposes necessary to perform the requested service.

6.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices, or provide you with a different level or quality of service as a result of your exercise of privacy rights.

6.7 How to Submit a California Privacy Request

California residents may submit a verifiable consumer request by:

• Emailing us at: [email protected]

We will respond to verifiable consumer requests within 45 days of receipt. We may extend this period by an additional 45 days when reasonably necessary, with proper notice. You may designate an authorized agent to submit a request on your behalf, provided we can verify the agent's authorization.

7. Your Privacy Rights (All Users)

Regardless of your state of residence, all users of our website and services have the following rights with respect to their personal information:

7.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format where technically feasible.

7.2 Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You may also update your information directly through your account settings on our website.

7.3 Right to Deletion

You may request that we delete your personal information. Please note that we may be required to retain certain data for legal, regulatory, or legitimate business purposes, in which case we will inform you of the applicable retention period.

7.4 Right to Data Portability

Where technically feasible, you may request that we provide your personal information in a portable, machine-readable format so that you can transfer it to another service provider.

7.5 Right to Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred prior to the withdrawal.

7.6 Right to Object to Marketing

You have the right to object to the use of your personal information for direct marketing purposes at any time. You may exercise this right by unsubscribing from our emails or contacting us directly.

To exercise any of the above rights, please contact us at [email protected]. We will process your request in accordance with applicable law and within a reasonable timeframe.

8. Data Security

We take the security of your personal information seriously and implement a comprehensive range of technical, organizational, and administrative safeguards to protect your data against unauthorized access, loss, destruction, alteration, or disclosure. Our security measures include:

8.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols;
• Data Encryption at Rest: Sensitive personal data stored in our databases is encrypted using AES-256 or equivalent encryption standards;
• Firewalls and Intrusion Detection: We employ firewalls, intrusion detection systems, and continuous monitoring to detect and respond to security threats;
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, and all access is logged and audited;
• Two-Factor Authentication: Administrative access to our systems requires multi-factor authentication.

8.2 Organizational Safeguards

• Regular privacy and security training for all employees who handle personal data;
• Data minimization practices to ensure we only collect information that is necessary for our stated purposes;
• Third-party vendor assessments to ensure our service providers maintain adequate security standards;
• Documented incident response procedures in the event of a data breach.

8.3 Data Breach Notification

In the event of a data breach that is likely to affect your rights and interests, we will notify affected individuals and, where required by law, relevant regulatory authorities, in accordance with applicable state breach notification laws. Notification will be provided as soon as practicable and in the manner required by law.

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to provide you with a better online experience, understand how our site is used, and deliver personalized content and advertisements.

9.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently, to provide a better user experience, and to give website owners useful information about how the site is being used.

9.2 Types of Cookies We Use

9.3 Managing Cookie Preferences

You can manage or disable cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a warning before a cookie is stored. Please note that disabling certain cookies may impact the functionality of our website. For more information on managing cookies, visit www.allaboutcookies.org.

We may also use third-party analytics services, including Google Analytics, which places its own cookies on your device. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

10. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. The following general retention periods apply:

Once the applicable retention period expires, we securely delete or anonymize your personal information in accordance with our data retention and destruction procedures.

11. Children's Privacy

Our website and services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 18 for marketing purposes.

If you are under 18 years of age, please do not provide any personal information through our website or services. If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our records.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so that we can take appropriate action.

12. International Data Transfers

Anthony's Coal Fired Pizza is a United States-based business, and all personal information we collect is primarily processed and stored within the United States. If you are accessing our website from outside the United States, please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using our website or services, you consent to the transfer of your personal information to the United States and to the processing of your data in the United States in accordance with this Privacy Policy. We take appropriate measures to ensure that any international transfers of personal data are conducted in compliance with applicable law and that adequate protections are in place for your information.

If you are a resident of a country with specific data transfer requirements (such as the European Economic Area or United Kingdom), please contact us at [email protected] for more information about the safeguards we have implemented to protect your personal data during cross-border transfers.

13. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not operated by Anthony's Coal Fired Pizza. These links are provided for your convenience and informational purposes only. We have no control over the content, privacy practices, or security measures of third-party websites and are not responsible for their privacy policies or data handling practices.

We strongly encourage you to review the privacy policy of every website you visit, particularly before providing any personal information. The inclusion of a link on our website does not imply our endorsement of the linked site or its operator.

14. Do Not Track Signals

Some web browsers include a "Do Not Track" (DNT) feature that signals your preference not to be tracked across websites. Currently, there is no uniform standard for how websites should respond to DNT signals, and our website does not currently respond to DNT browser signals. We will continue to monitor developments in this area and update our practices as appropriate.

California users should note that, pursuant to California Business and Professions Code Section 22575, this disclosure is made in accordance with California Online Privacy Protection Act (CalOPPA) requirements regarding our response to DNT signals.

15. How to File a Complaint

If you have a concern about our data handling practices and we have not been able to resolve it to your satisfaction, you have the right to file a complaint with the appropriate data protection or consumer protection authority. In the United States, the following options are available:

15.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection and privacy enforcement. You may file a complaint at:

• Website: www.ftc.gov/complaint
• Phone: 1-877-FTC-HELP (1-877-382-4357)
• Mail: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

15.2 California Privacy Protection Agency (CPPA)

If you are a California resident and believe your CCPA/CPRA rights have been violated, you may file a complaint with the California Privacy Protection Agency:

• Website: cppa.ca.gov
• Email: [email protected]

15.3 State Attorneys General

Residents of other states may also contact their respective State Attorney General's office for guidance on filing a privacy-related complaint. Many state attorneys general have dedicated consumer protection divisions that handle privacy complaints.

15.4 Contacting Us First

We encourage you to contact us first at [email protected] before filing a formal complaint, as we are committed to resolving any concerns quickly and fairly.

16. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal requirements, or data processing activities. When we make material changes to this policy, we will:

• Post the updated Privacy Policy on this page with a revised "Last Updated" date;
• Send a notification email to registered users where the changes are material or significant;
• Display a prominent notice on our website homepage for a reasonable period following the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services following the posting of any changes constitutes your acceptance of the updated Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data handling practices, please do not hesitate to contact us. Our privacy team is committed to addressing your inquiries promptly and professionally.