top of page

Privacy Policy

Effective date: May 21, 2018

​

Cacao by Cipriani ("us", "we", or "our") operates the www.cacaobycipriani.com  website (the "Website").

​

We are committed to preserving the privacy, integrity and security of the personal information we hold about our customers and those who make contact with us. We have developed this Privacy Policy to explain how we manage and use this personal information and to ensure we comply with our legal obligations under applicable data protection laws.

​

It is important that you read this privacy policy carefully so that you are fully aware of how we collect and process personal information and the choices you have associated with that data.

​

We use your data to provide and improve the Website and to process information submitted to us by you. By using the Website, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.cacaobycipriani.com 

​

Definitions​

Website - The website address, www.cacaobycipriani.com , operated by Cacao by Cipriani

Personal Data - Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data - Usage Data is data collected automatically either generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit).

Cookies - Cookies are small pieces of data stored on your device (computer or mobile device).

Data Controller - Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers) - Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

Data Subject (or User) - Data Subject is any living individual who issuing our Website or has provided information to us and is the subject of Personal Data.

​

The Controller Of Your Personal Information​

Under applicable data protection laws, we are required to advise you who is the controller of your personal information. The controller of, and the person responsible for, the personal information covered by this Policy C Management S.a r.l. and/or Cipriani USA, Inc. 110 East 42nd St, 5th Floor, NY 10017

​

Information Collection And Use​

We collect several different types of information for various purposes as follows:

​

Types of Data Collected

​Personal Data​

While using our website, we may ask you to provide us with certain personally identifiable information ("Personal Data") that may be used to respond to questions you may have, provide our services to you, or allow you to subscribe to our newsletters and exciting promotional materials or offers. The personally identifiable information we collect may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Postal Address

  • Company

  • Payment Information

  • Images and video and audio data via security cameras located in public areas

  • Cookies and Usage Data

​

Usage Data​

We may also collect information how the Website is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type,browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

​

Tracking Cookies Data​

We use cookies and similar tracking technologies to track the activity on our Website and hold certain information.

​

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies,you may not be able to use some portions of our Website.

​

Examples of categories of Cookies we use:

​

Necessary Cookies -These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.

​

Performance Cookies: We use Performance cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.

​

Targeting Cookies: These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device.

​

Use of Data​

Cipriani uses the collected data for various purposes:

  • To allow us to manage your reservation;

  • To process gift certificates;

  • To process the purchase of products or goods from us on the Website;

  • To deliver catering or food orders to you from our locations;

  • To process payments received at our locations for meals and/or services provided.

  • To communicate with you [including sending you information about events and services which we think may be of interest to you and to which you have consented. You will be able to opt-out of such communications at any time];

  • To allow you to participate in interactive features of our Website when you choose to do so

  • To provide customer support

  • To gather analysis or valuable information so that we can improve our Website

  • To monitor the usage of our Website

  • To detect, prevent and address technical and/or security issues

 

Legal Basis for Processing Personal Data Under General Data Protection Regulation(GDPR)​

If you are from the European Economic Area (EEA), Cipriani legal basis for collecting and using the personal information described in thisPrivacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

​

Cipriani may process your Personal Data because:

​

It is necessary for the performance of a contract between us for the provision ofservices or in order to take steps at your request prior to entering into sucha contract (for example, making a reservation, booking an event, or thecommunications leading up to making a reservation or booking an event).

You have given us permission to do so. In the case of Marketing, all communications to you will be based on consent, which you are free to remove at any time.  

The processing is in our legitimate interests and it's not overridden by your rights. Examples of where we may use legitimate interests is in the collection of debts owed to us or the cyber security analysis of website logs to identify malicious activity. 

For payment processing purposes relative to the contract

In pursuit of our legitimate interests, to record CCTV footage to ensure the safety and security of our premises, staff and customers

To comply with the law

​

Retention of Data​

Cipriani will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Cipriani will also retain Website Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods.

​

Transfer Of Data​

Your information, including Personal Data, may be transferred to ? and maintained on ? computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

​

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

​

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

​

Cipriani will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

​

Sharing Of Data​

We will not disclose personal information we hold about you to any third party except where required by law or as follows:

​

(i) to companies in the Cipriani group;

(ii) to third parties who provide services to us, and act as data processors for us;

(iii) to professional advisers including lawyers, bankers, auditors and insurers;

Please note that we do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

​

Disclosure for Law Enforcement​

Under certain circumstances, Cipriani may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements​

Cipriani may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of Cipriani

  • To prevent or investigate possible wrongdoing in connection with the Website

  • To protect the personal safety of users of the Website or the public

  • To protect against legal liability

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Website.

​

Google Analytics

​

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

​

You can opt-out of having made your activity on the Website available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

http://www.google.com/intl/en/policies/privacy

 

Payments​

We may provide paid products and/or services within the Website.In that case, we use third-party services for payment processing (e.g. payment processors).

​

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

​

The payment processors we work with are:

​

PayPal

Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

 

Security Of Data

​

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

​

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

​

"Do Not Track" Signals

​

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

​

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

 

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

​

If you are a resident of the European Economic Area (EEA),you have certain data protection rights. Cipriani aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

​

In certain circumstances, you have the following data protection rights:

Access to your personal data: You may request access to a copy of your personal data.

Right to withdraw: Where you have given your consent for us to use your personal data, you may withdraw your consent at any time. Please contact us using the details located below or if you would like to withdraw your consent and we will delete your data in line with your right to erasure.

Rectification: You may ask us to rectify inaccurate information held about you. If you would like to update the data we hold about you, please contact us using the details below and provide the updated information.

Erasure: You may ask us to delete your personal data. If you would like us to delete the personal data we hold about you, please contact us using the details below, specifying why you would like us to delete your personal data.

​

Portability: You may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller.

​

Right to object: You may object to our processing of your personal data pursuant to this Privacy Policy. Please contact us using the details below, providing details of your objection.

​

Make a complaint: If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data in accordance with the General Data Protection laws you have the right to lodge a complaint at the Information Commissioner's Office (ICO) (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

 

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

​

Links To Other Sites

​

Our Website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

​

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

​

Children's Privacy

​

Our Website does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

​

Changes To This Privacy Policy

​

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

​

We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

​

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

​

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: gdpr@cipriani.com

bottom of page